As children, we learn to keep our valuables under close watch when we are in public. In the cyberworld, it’s harder to keep our most valuable assets protected. Unlike a wallet, our identity, data, and customers’ personally identifiable information (PII) are not tangible items that we can keep in our sight, knowing that as long as it’s in our hands, it’s not in someone else’s. Cybersecurity then, requires a different approach.

It seems every week, a major company, city, or hospital experiences an alarming security breach. The breaches may compromise privacy (hacked laptop/phone cameras, for example), data, or PII. Credit monitoring companies, phones, hospitals, and even entire cities  have been compromised or even taken hostage. Last week, it was Zoom, which left cameras vulnerable to being activated without permission (more about that problem as well as the fix here) . This NPR piece offers a terrifying read on the fifth domain (after land, air, water, and space) of the cyberworld.

Businesses and consumers increasingly rely on apps and software to get their everyday work done. For companies, this comes with a responsibility to protect customers, employees and sometimes patient information. So what’s a company to do?

Okay, so it’s a real problem. Now what?

We’re not here to scare you without offering solutions. While we’re talking about what businesses can do, we would be remiss not to address one important aspect of how you can protect yourself on a personal level. You can freeze your credit as well as that of your minor-aged kids. Here’s an article from the USA Today with more about how and why to take this step.

Customers trust companies with priceless personal information and sensitive company data daily and since that’s our main focus, here are some business-oriented tips. 

Password management: There are tools that offer super-secure ways to make sure your company passwords are accessible only to whom you want them to be. If you’ve ever tried to access a company account after the person who managed it is no longer with the company, you see the value here. Aside from the convenience, it’s a way to keep information super secure.

Policies and procedures: Make sure you have policies and procedures in place to prevent attacks. Train employees on good security etiquette. For most organizations, human error is by far the most likely source of mistakes that lead to breaches.

Insurance coverage: Should you experience a breach, having solid insurance coverage in place can make it a lot less painful by covering the financial loss. This article provides a lawyer’s guide to cybersecurity insurance coverage.

Penetration tests: Have third parties perform monthly security checks and an annual penetration test. 

Customer encryption: Encrypt all information at multiple levels. Encryption scrambles data so that it’s unreadable without the encryption key. This article on business cybersecurity says: 

“There are three ways to encrypt data: at rest, in motion and in use. Small businesses should be encrypting customer data at all three points, especially if those companies have e-commerce capabilities. Some of this is simple, like making sure your website is set up to allow only HTTPS transactions, a protocol that activates encryption. Other forms of encryption require expertise or support from a company that provides point-to-point encryption and tokenization technology, like Elavon.”

Conclusion

Any investment in your security is a wise investment indeed.

The post Cybersecurity—protecting company and customer information appeared first on PayReel .

To view our Partner blog, click here

Immigration is one of the hottest topics in politics and much of the White House’s rhetoric on the subject (including the latest announcement ) centers around employment. While employers may not make the policies, they do carry a great deal of responsibility in ensuring their employees are eligible to work in the United States.  

Let’s start with The Immigration Reform and Control Act (IRCA):

This is the foundation for the rest of the article. I-9 and E-Verify are simply tools to support compliance with the IRCA. Read the government info for the definitive legalese, but in a nutshell, this act prohibits employers from:

• Knowingly hiring unauthorized employees
• Keeping an unauthorized person employed once they know
• Knowingly falsifying an unauthorized individual’s paperwork
• Knowingly accepting falsified documents
• Discriminating against authorized workers due to national origin or citizenship status
• Refusing to honor appropriate documents

According to the U.S, Customs Control and Immigration , penalties for knowingly hiring or continuing to employ an unauthorized foreign national range from $375 to $16,000 per violation. 

Notably, these sanctions, as well as the burden to supply an I-9, do not apply to independent contractors (ICs). Since inappropriately classing workers as IC’s can lead to hidden immigration risks, we’ll do our customary shout-out to proper worker classification here.   

Form I-9

Form I-9 is a federal mandate for all employers. “Mandate” is short for: we’ll make you sorry if you don’t comply. An employer must submit the I-9 in accordance with the government’s guidelines . 

It has three sections. In the first, the employee confirms that he or she is authorized to work in the U.S. 

The second section is where employers confirm that they’ve examined the required documents to verify the employee’s identity and eligibility and that the documents appear genuine. This employer must be complete and sign this section within three days of the employee’s start date. 

Employers complete the third section if they need to reverify an employee’s work authorization status or if an employee is rehired within three years of when the Form I-­9 was originally completed.

Additionally, forms must be meticulously completed. Any inaccuracy can cause a fine. And yes, there are I-9 audits and they are on the rise.

Meeting the requirements of Form I-9 makes up the lion’s share of the administrative work when onboarding new or returning employees.

How does E-Verify work?

E-Verify is an additional tool to support employers with IRCA compliance. For certain federal contractors, using E-Verify is mandatory, but employers outside these parameters may choose to use E-Verify voluntarily in conjunction with Form I-9 . 

E-Verify allows employers to enter information into an online system and then compares the employee’s identification with government databases including the Department of Homeland Security and the Social Security Administration. 

When everything matches, the employee gets confirmed. If something doesn’t match, it comes back with a tentative non-confirmation (TNC). From there, the employee can follow a process to update the information that caused the mismatch. Even when everything checks out, there is a formalized process to update everything within the government records. If something doesn’t check out, it can trigger loss of employment or an immigration event. 

What are the challenges of using E-Verify?

Employers who choose to use E-Verify should know it increases the administrative burden within the company. Appropriate company representatives must be very knowledgeable and pass a test before implementing it in the workplace. Once implemented, it must be used consistently across all employees. This burden was particularly notable during the government shutdown, when E-Verify was inoperational , causing additional delays and headaches. 

Additionally, President Trump expressed concern that it may be too tough for some employers. On a Fox interview (around the 5-minute mark) on Sunday, he discussed the possibility of using E-Verify as part of his immigration plan, but said, “The one problem is E-Verify is so tough that in some cases, like farmers, they’re not – they’re not equipped for E-Verify. […] I used it when I built the hotel down the road on Pennsylvania Avenue. I use a very strong E-Verify system. And we would go through 28 people – 29, 30 people before we found one that qualified.”

Employers aren’t the only ones affected, this Washington Post article claims E-Verify may hurt legal workers. Here at PayReel, we’ve seen legal workers end up with a mismatch through the system. It takes at least one live visit to the Social Security Administration to clear it up. 

What now?

As long as we have people entering the country, we’ll be discussing the economics and ethics around immigration. 

Employers must develop an effective compliance program to minimize liability or hire a partner to take on the liability. 

About PayReel:

At PayReel , we minimize the time and effort it takes to get you ready for your project. Rely on PayReel to assume all of the risk associated with contingent workforce management and get back to the business at hand. We make sure everyone gets paid quickly and easily and have Client Relationship Managers on call around the clock to answer your questions. All you have to do is call 303-526-4900 or email us. The PayReel team makes live event, corporate media, and brand management payroll easier, faster, and seamless.

The post Immigration in the workplace: What you need to know to get it right appeared first on PayReel .

To view our Partner blog, click here

What used to be black and white, and is now suddenly gray all over? When marijuana use was simply illegal, employers could legally make employment decisions based on use alone. As states decriminalize the use of medical marijuana, recreational marijuana, and CBD oil, the conversation gets much more complicated. Nowhere is it more important to pay close attention than in the workplace.

What are some of the complicating factors?

Marijuana products are increasingly finding their way legally into workers’ lifestyles. While marijuana’s presence in the workplace isn’t new, several factors complicate today’s iteration of the conversation:

• Even as states decriminalize recreational use, federal laws ban marijuana production and use
• Hemp-extracted CBD oil —formulated with very low levels of THC—is legal to use in all 50 states
• Medical marijuana licenses provide legal protections for certain users
• Current drug testing methods focus largely on use and are limited in their ability to test for impairment

What do we do about workplace impairment?

Even in a world where some marijuana use is legal, employers are still required to manage impairment. Trends show a push toward treating cannabis more like alcohol and focusing efforts on impairment rather than on use.

For example, while employers can’t tell employees not to drink, they can require employees not to be drunk at work. Even if the drinking happened outside of the office, drunkenness in the workplace hinders workers’ ability to do their job. To varying degrees, and depending on the role (operating heavy machinery, for example), workplace impairment could affect the employee, company equipment, and the public.

Can we talk about legal stuff for a minute?

For every case that rules in favor of the employee, there’s one that rules in favor of the employer. As individual cases play out in the courtrooms, time will tell which ones set the precedent as the law of the land.

In California’s Ross v. Ragingwire case , the courts ruled in favor of the employer, citing the California Fair Employment and Housing Act (FEHA), which does not require employers to accommodate medical marijuana use.

On the other end of the spectrum, in Whitmire v. Wal-Mart Stores, Inc. , the court sided with an employee with a medical marijuana card. It determined that Walmart could not fire her simply for testing positive for marijuana metabolites. She was a legal user who claimed not to smoke at or before work. To justify her dismissal, Walmart would need to prove she was impaired at work—a much harder task. 

How do we update our policies to evolve with the times?

Black and white “zero tolerance” statements may not serve employers’ best interests anymore, but that doesn’t mean it’s a free for all. It’s really about updating your workplace policies and complying with best practices. Know the rules in your state and update your policies and procedures accordingly. Consider including a definition of workplace impairment and detailing progressive discipline policies to address the behavioral challenges.

Should employers identify signs of impairment (glassy eyes, changes in behavior, etc.), well-written policies and procedures can guide the response and remove as much subjectivity as possible.

What about hiring and firing?

Hiring and firing bring up challenges from both legal and operational standpoints. First, a note on the legal side: in most states that have decriminalized marijuana use, businesses are still legally able to fire workers who test positive. This is the case here in Colorado. On the other hand, in Maine (another state that has legalized recreational use) companies are no longer able to fire or refuse to hire someone for using marijuana outside work.

Even where employers can legally make hiring and firing decisions based on use, the same article indicates that some companies are still testing for other drugs but dropping marijuana in the pre-screening tests. The article quoted James Reidy, an employment lawyer, saying that some companies have a hard enough time filling positions and “don’t want to exclude a whole group of people.” Instead, “companies are thinking harder about the types of jobs that should realistically require marijuana tests. If a manufacturing worker, for instance, isn’t driving a forklift or operating industrial machinery, employers may deem a marijuana test unnecessary.”

The bottom line

Regardless of anyone’s personal feelings about cannabis, the conversation around marijuana use and workplace impairment is changing. This affects businesses whether they want to think about it or not. As always, there is no gray area in this simple fact: addressing changes proactively makes life better later.  

About PayReel:

At PayReel , we minimize the time and effort it takes to get you ready for your project. Rely on PayReel to assume all of the risk associated with contingent workforce management and get back to the business at hand. We make sure everyone gets paid quickly and easily and have Client Relationship Managers on call around the clock to answer your questions. All you have to do is call 303-526-4900 or email us. The PayReel team makes live event, corporate media, and brand management payroll easier, faster, and seamless.

The post Cannabis, workplace impairment, and 5 questions to consider appeared first on PayReel .

To view our Partner blog, click here

Who needs workers’ compensation? Anyone with employees, it turns out. Workers’ compensation provides wage replacement and medical benefits to employees injured in the course of employment. Just like any other insurance, it’s one you hope you’ll never need. Still, if you do need it, you’ll be so glad you have it. Employers that ensure worker safety and implement best practices before they need them are in the best position to protect employees, keep claims manageable, and maybe even keep premiums down.

Four ways to mitigate workers’ compensation risk

Prevent the need for claims:

Chase prevention like you would chase the crisis or you’ll certainly end up chasing a crisis. Make regular safety meetings, ongoing education, and performance metrics standard procedure. If you don’t have the budget to implement every possible safety measure, you don’t have the budget for the project. The best workers’ comp claim is the one that never happens.

Implement and/or refine your claims management process:

Instead of scrambling to figure out how you’ll handle a claim if it comes up, take steps ahead of time. Make sure that reserves are accurate. Have a standard operating procedure. Decide who will talk to the adjuster and within what time frame. Taking the time to lay out your processes while your brain isn’t in crisis mode means sounder decisions. The added benefit is that it will reassure your adjuster that you’re engaged and motivated to reach a speedy resolution.

Implement a return to work program:

Have a plan for injured workers who have been cleared for modified duty. These measures reassure insurance companies while demonstrating professionalism to employees.

Invest in accurate worker classification:

An independent contractor filing a workers’ comp claim can easily land a well-intentioned company on IRS and DOL radar screens. This happens with surprising frequency despite the logical assumption that an independent contractor should understand the implications of a business-to-business relationship. One key aspect of a true B2B relationship is that a worker’s business activity exists independent of the employer. Preventing misclassification and communicating clearly with workers is a worthwhile preventative investment.

What’s ahead

Analysts anticipate changes for the workers’ compensation industry ahead . They expect “value-based care, political party changes in several states, and a more holistic view of patient injuries” to affect coverage in 2019. Workers’ compensation carriers may face declining profits and escalating claims costs and operating expenses. Companies that address the subject proactively will be in the best position to ensure minimal premium increases. Aside from cost, keeping employees safe is forever a worthwhile investment.

About PayReel:

At PayReel , we minimize the time and effort it takes to get you ready for your project. Rely on PayReel to assume all of the risk associated with worker classification and get back to the business at hand. We make sure everyone gets paid quickly and easily and have Client Relationship Managers on call around the clock to answer your questions. All you have to do is call 303-526-4900 or email us. The PayReel team makes live event, corporate media, and brand management payroll easier, faster, and seamless.

The post Four ways to mitigate workers’ compensation risk appeared first on PayReel .

To view our Partner blog, click here