Keep Employee Data Safe
Original post benefitspro.com
When a cyber breach occurs, lawsuits are usually not far behind. It’s a chain of events that has become de rigueur in the consumer realm when retailers experience a breach and it is bleeding over into the workplace, too.
Employees whose data is exposed are increasingly pointing the finger at failings in the technology employers use to secure their information and lapses in protocols that allow vulnerabilities to be exploited.
Who is responsible if your employees’ personal information is stolen on company time? Where does the company’s obligations begin and end under the duty of care laws? How might state and federal breach regulations impact an organization’s proactive and reactive data security efforts?
How a breach happens and how the company responds both play a major role in determining the potential legal ramifications. To mitigate the risks, it is critical for HR professionals to understand their responsibilities before a cyber criminal strikes.
Many employers aren’t even aware of either the enormous security risks their organizations face or the best strategies to protect the employee data they hold.
Ensuring that employers have access to the right tools and expertise to address data breach concerns is an important role for benefits managers and the brokers and agents who support them.
Know the risks, have a plan
Financial information is what comes to mind most frequently when businesses consider where breach risks exist, but that thinking is too narrow. It overlooks the incredible value inherent in employee data. Not only does financial information lurk within HR’s employment records in the form of salary histories and bank routing numbers used for automatic deposits, but standard consumer data is also present.
Full names, birth dates, addresses and social security numbers exist in every employee’s file. Health and benefit data may be present, too, such as carrier names, subscriber numbers, or details on beneficiaries and dependents. And where there’s smoke, there’s fire. The same servers and systems that host employee and customer data, likely hold data pertaining to trade secrets, M&As, business plans, and more. All the more reason to get your company’s cyber strategy in gear.
Adding complexity to the situation is the fact that employers must be concerned with two types of data breaches — those that are the result of a purposeful act, such as a hacker or a malicious insider, and those that occur by accident. Lost laptops and cell phones are just one common example where an inadvertent exposure could easily happen.
Each flavor of breach represents a different risk profile and each requires its own mitigation measures. A two-pronged approach to breach prevention that marries technology and best practices enables employers to address any existing security gaps while also providing improved protection for employee data.
Deploying technology tools to safeguard sensitive information assets is one part of a comprehensive data security strategy that keeps employers in line with duty of care laws and other breach regulations.
Firms have a range of solutions to choose from and they should tailor their approach based on their network and infrastructure architecture, the information types that are vulnerable to exposure, the volume of data that must be protected, resource availability — from funding to staffing — and any regulatory guidelines or compliance mandates that must be considered.
Encryption is a perfect example of a technology that is relatively simple, but still enormously effective when it comes to securing employee data. Free and low-cost encryption platforms are available which can help to protect confidential information from unauthorized access even if a hardware item (thumb drive, laptop, etc.) falls into the wrong hands.
Other technology tools may also be appropriate depending on the employer’s needs, including firewalls, mobile device management software, and multi-factor authentication to protect access to more sensitive systems.
Security best practices are the second half of a successful data protection strategy. These protocols largely deal with the ways humans interact with the organization’s information and they also cover what to do in the event of a breach. Employers will want to manage network and data access in a way to limits who is able to view and change employee information.
Methodologies for storing, processing, analyzing, archiving, and destroying employee data should be documented in detail and anyone responsible for those tasks must be trained on the organization’s security practices.
An incident response plan is another best practice employers should include under the data security umbrella. This doesn’t need to an exhaustive plan, but it should outline the steps employees are to take if they suspect a breach has occurred — everything from blocking access to compromised servers to contacting the company’s privacy or information security employee or consultant. (Don’t have one? Here’s why you should.)
A strong plan can significantly limit the potential harm that is likely to fall upon any employee whose data was exposed. And as risks evolve, so should the incident response plan – it should be a living, breathing part of a comprehensive cyber strategy with routine reviews.
Retain the right expertise
Another concern often faced by employers, particularly those smaller organizations where internal resources are lean, is that they don’t have good insight into the evolving cyber threat environment and the latest data protection strategies.
Efforts to craft, deploy, and maintain an effective privacy and security program are made more difficult when industry expertise is lacking. Without a strong understanding of where security vulnerabilities exist, or which new threat vectors are likely to be of concern, employers could find themselves directing their limited resources in too many directions and without much effect.
Because many breach scenarios involve little or no technology — hard copies of completed enrollment forms accidentally left in a shared conference room, for example — simply turning responsibility for data privacy over to the IT function isn’t going to work. It’s important that employers are able to seek guidance from someone experienced in data protection in all its forms.
Continuously educate the front line
Employees themselves may pose potential security challenges, so continuous training is essential to protect a company’s own data and that of its customers. Companies should consider implementing educational sessions about new scams and privacy and security refreshers as part of their annual compliance training.
By partnering with employees to help protect their data, the organization can maximize its technology investment and ensure that everyone is committed to the company’s culture of security.
Social engineering schemes are increasingly popular among hackers, effectively turning the workforce into either an employer’s first line of defense or its greatest weakness.
The most recent spoof comes courtesy of a company’s top executive — or so the scammer wants you to think. An employee will receive a request from the CEO — either by way of a hacked email account or an email address that closely resembles the real thing — to cough up documents, usually W-2s. With a few clicks, countless data about a company’s employees has been exposed.
Rather than quickly react, employees should be trained that if they see something, say something.
Identity management
Along with taking appropriate security measures internally, employers may also consider offering identity-related benefits to their employees. These packages bring a powerful suite of tools to the table that provide workers with proactive education and reactive support. Informational resources teach individuals how to spot corrupt websites and suspicious e-mail links.
They give details on what to look for when conducting annual credit report reviews. And workers concerned their personal data may have been exposed — whether at work or through a health care provider, retailer or other avenue — have access to identity theft experts able to help them navigate the resolution process.
The fraud team can assist them in replacing important documents that may have been lost due to theft, fire or flood. They can even monitor known black market websites to see if an employee’s stolen data is being used fraudulently.
Together, these strategies give employers a way to keep employees’ information safe while providing workers with assurances that they’ll have the support they need if the worst should happen.
Workplace Mindfulness Training Benefits Extend Beyond Individuals
Original post benefitsnews.com
Much of the research demonstrating benefits of mindfulness practice – stable attention, reduced stress, emotional resilience, and improved performance at work – focus on the benefits for the individual practicing mindfulness. But the workplace benefits extend far beyond that: Mindfulness has a huge impact on relationships. We’ve seen this in our work at eMindful, and it’s supported by considerable scientific research.
Humans are relational by nature, and the quality of our relationships deeply influences our health and well-being. The importance of relationships in the work environment is no exception. Satisfaction and performance at work are strongly linked to one’s ability to work well in teams, develop leadership skills, communicate effectively and resolve conflict.
Teamwork
Team performance obviously relies on relationship skills, and mindfulness training that improves these skills affects both the experience and productivity of teams. One study of health care workers found that a mindfulness-based mentoring intervention resulted in better active listening, more patient-focused discussion and collaboration, as well as greater respect among team members. Moreover, the newly learned mindful communication habits seemed to stick; one year later the team members still demonstrated the same skills.
Leadership
Mindfulness has become particularly popular in the business world as a component of leadership training. CEOs and senior executives have revealed that practicing mindfulness helps build leadership skills, connect to employees and achieve business goals.
One study showed that leaders’ mindfulness was associated with employees’ work-life balance, job satisfaction, and job performance. In that same study, employees of mindful leaders also experienced less exhaustion and burnout. The researchers attributed these findings to leaders being more attentive to and aware of employees’ needs, while self-regulating their own impulses and personal agendas.
Studies confirm the idea that mindful leaders are more attuned to their employees’ nonverbal communication, body language and emotions. In one study, more mindful individuals were better able to recognize the emotions displayed on others’ faces. In fact, it is not uncommon for leaders who complete mindfulness training to say communication feels somehow different, like they are truly listening to their employees for the first time.
Communication, conflict management
Much of the improvement in teamwork likely stems from improvement in communication skills and conflict management. Research suggests mindfulness is associated with better conflict management, with less aggressive communication, and better perspective-taking. During conflicts, people who rate higher in mindfulness have been shown to exhibit more positivity in interpersonal interactions, fewer inappropriate reactions, and less hostility. Mindfulness leads people to process events and feedback in a less self-referential or personal way, which fosters greater attention to group outcomes over self-concerns.
In a study of groups without leaders, teams that were randomized to a short mindfulness exercise had better scores on measurements of team bonding, and they performed better as well. These mindfulness-enhanced skills are helpful not only in better teamwork, but also in enhancing negotiation. One study showed that negotiators randomized to a short mindfulness intervention were more successful in distributive bargaining.
Mindfulness may improve negotiations and team functioning by affecting the emotional tone (positivity vs. negativity) of the team. Since mindful individuals tend to be less reactive to negative events, and recover from negative emotions more quickly, they can influence the collective mood and reduce emotional contagion – the tendency for “negative people” to “bring down” the mood of the group. By practicing focused, kind attention and skillful self-management, mindful people tend to influence through example, engaging and inspiring others.
In summary, practicing mindfulness yields personal benefits, and it can benefit everyone around you. Leaders who practice mindfulness listen differently and communicate more carefully. One result is that they have employees who are more productive and report better job satisfaction. Since mindfulness leads to less reactivity, greater focus on others’ needs, and overall positivity, practicing mindfulness also enhances teamwork through better perspective-taking and more skillful self-management. In my personal experience as a coach, clinician and academic researcher, mindfulness makes working relationships more enjoyable and productive. I’m delighted that research is beginning to confirm how the impact of mindfulness on relationships contributes to better business outcomes.
7 Tips to Get Your Team to Actually Listen to You
Original post entrepreneur.com
Right from the outset, entrepreneurs must pay attention to every communication and opportunity for sharing their passion and vision. They must communicate effectively, so they can inspire others to come aboard. They must speak honestly and in ways that reveal their personal character and genuine connection. Yet, this sort of communication style can be difficult and time consuming – especially when demands are huge and time is scarce.
There is far more to being an effective and authentic communicator than most entrepreneurs believe -- at least when they are starting out. Even if you think you’re good at speaking to your team and motivating them, there’s always more to learn.
Leadership communication is a discipline and a practice: The more time, effort and heart you put in, the more effective you become. There really are no shortcuts.
That said, here are seven ideas that can help you focus your attention and improve your leadership communication.
1. Be authentic.
When you speak with your employees you must come across to them as real. This means sharing your beliefs and your struggles. Talking about moments of doubt but also explaining how you overcame them with more conviction and confidence than ever. Or perhaps share a story or two about a failure and disappointment in life.
The most convincing talks are when stories are shared about personal weaknesses and what one was doing to overcome them or disappointments and failures and how they were turned around.
2. Know yourself.
Dig deep. Know your values and what motivates you. If you don’t know yourself you cannot share or connect with others. People want to know what makes you tick as a human being not just as a leader. Share this and make yourself real.
3. Rely on a good coach or a trusted advisor.
Developing good communication skills takes time -- and in the rush of business, that’s scarce. Having someone who can push you to examine and reveal your interests and passions is enormously helpful and the value is immeasurable.
4. Read up on leadership communication.
If you can’t hire a coach, read all that you can. This is an inexhaustible resource, and you should never quit learning anyway. Books, articles, the internet; the possibilities are endless.
5. Make values visible.
Effective, empathetic communication and a commitment to culture can provide a solid foundation for your ideas and contribute to making it a reality. Many of today’s most successful companies have gone through dramatic crises. Their improvements often hinged upon genuine communication from the leaders.
For instance, think of Starbucks and Howard Schultz’s clear and genuine communications about the importance of managers and baristas being personally accountable for future success. Your employees want to know what you and the company stands for. What is the litmus test for everything you do? These are your values. Talk about them but you must always be sure to “walk the talk” and live by them.
6. Engage with stories.
You can't rely on facts and figures alone. It’s stories that people remember. The personal experiences and stories you share with others create emotional engagement, decrease resistance and give meaning. It is meaning that gets employees' hearts and fuels discretionary effort, thinking and desire to actively support the business.
Once someone was implementing a massive pricing cut. He could have presented reams of data about this change and why it needed to be made. Instead he invited in four clients of the firm who had written letters about why after more than 10 years they had decided to leave due to our pricing being noncompetitive. Everyone was engaged and quite horrified to hear this feedback. Getting the team’s support for the change was much easier after that.
7. Be fully present.
There is no autopilot for leadership communication. You must be fully present to move people to listen and pay attention, rather than simply be in attendance. Any time you are communicating, you need to be prepared -- and to speak from your heart. Leadership communication is, after all, about how you make others feel. What do you want people to feel, believe and do as a result of your communication? This absolutely can't happen if you read a speech. No matter how beautifully it is written, it doesn’t come across as authentic or from your heart if you are reading it. Embrace what you want to say and use notes if you must, but never read a speech if you want to be believable and move people to action. (And yes this requires a ton of preparation).
Your speeches are visible and important components of your role as a leader. Successful entrepreneurs are conscious of that role in every communication, interaction and venue within the organization and beyond. They also know that while today’s world provides a wide range of ways to communicate to your organization -- mass email, text, Twitter, instant message and more --connecting is not that simple. Electronic communication is a tool for communicating information -- not for inspiring passion.
ACA Makes Tax Season Tougher For Small Companies
Original post insurancenewsnet.com
As more requirements of the health care law take effect, income tax filing season becomes more complex for small businesses.
Companies required to offer health insurance have new forms to complete providing details of their coverage. Owners whose payrolls have hovered around the threshold where insurance is mandatory need to be sure their coverage — if they offered it last year — was sufficient to avoid penalties.
Here are some of the issues related to the health care law that small businesses need to be aware of:
HOW MANY EMPLOYEES DO YOU HAVE?
Companies with 100 or more workers were required to offer affordable health insurance to employees and their dependents, but not their spouses, starting in 2015. Businesses with 50 to 99 workers must offer coverage starting this year; those with under 50 are exempt.
Owners who were on the hook for affordable insurance last year but didn't provide it may face thousands of dollars in penalties — $2,000 per employee per year, not counting the first 80 employees for the 2015 tax year, and the first 30 for 2016. So it's critical for them to know what their head count was — and many may not realize the calculations are based on a company's 2014 payroll, not 2015.
Here's where it gets complicated: Part-time workers and those fired during the course of the year can all be counted toward the threshold where coverage is required. So can some seasonal workers.
Part-timers work fewer than 30 hours a week under the health care law. They must be counted toward what are called full-time equivalent workers. If, for example, a company has two people who each work an average 15 hours a week, they count as one full-time equivalent employee working 30 hours. A company with 30 full-timers and 40 part-timers who average 15 hours a week each has 50 full-time equivalent workers and is required to offer insurance.
Another wrinkle: Owners with multiple companies that combined have 50 or more workers may be required to offer insurance, even if each of the individual companies has fewer than 50.
NEW TAX FORMS
Starting this year, businesses required to comply with the health care law must complete forms that detail the cost of their coverage and the names and Social Security numbers of employees and their dependents. The government will use the information to determine whether a company provided coverage that was affordable under the law, or whether it must pay a penalty.
Accountants have described the forms as labor-intensive, because they require information from a number of sources including payroll and health insurance records. Many companies have had to hire workers or payroll services to complete the forms.
The IRS, recognizing the forms' complexity, has extended the deadlines for the forms to be filed. Forms 1095-B and 1095-C, which must be given to workers, are now due March 31. Forms 1094-B and 1094-C, required to be filed with the IRS, are due by May 31 if they're not being submitted on paper, and June 30 if filed online.
WELL-INTENTIONED BUT ILLEGAL
Some employers with fewer than 50 workers and who don't offer insurance have tried to help staffers with the costs of coverage by giving them money toward their premiums, with the intention that the money will be tax-free. That could get owners into expensive trouble with the IRS — they can be fined $100 per day per employee receiving the money, a total of $36,500 per year for each worker.
The problem is that some employers treat this money as a health benefit, but it's not coverage that complies with the law. So they can be penalized.
Companies can help employees with their premium costs by giving them a raise or a more traditional bonus, says Mark Luscombe, a tax analyst with the business information company Wolters Kluwer. That means withholding income and what's known as payroll taxes — Social Security and Medicare — from employees' paychecks, and for companies to pay their payroll tax share.
4 retirement trends to watch in 2016
Original post benefitspro.com
The Institutional Retirement Income Council has announced the top four retirement industry trends to watch in 2016.
- Financial wellness plans.
According to IRIC, financial wellness will be a big one.
Employers are expected to significantly expand wellness programs that currently focus on physical wellbeing so that they also include features focusing on financial wellbeing.
With all the financial challenges faced by employees—including medical expenses, credit card debt, college expenses, and retirement planning—financial wellness programs have been growing increasingly popular, with that trend expected to continue in the year ahead.
A 2014 Society for Human Resource Management survey reported that 70 percent of HR professionals predicted that baby boomers would likely participate in a financial wellness program if their employer offered one.
Such programs will likely include not just ways to manage debt and better save for retirement, but also how to calculate a spend-down plan once in retirement and how to incorporate Social Security into one’s overall strategy.
- Out of plan or in plan?
Next is the trend that pits out-of-plan income solutions against in-plan solutions.
In their quest to be sure that retirement savings will provide a regular source of income throughout retirement, participants have been looking outside of their retirement plans to find ways to translate a lump sum into a monthly check.
However, the Department of Labor’s expected implementation of a fiduciary rule will have a major effect on out-of-plan advisors, as well as in-plan options.
The release of a Center for Retirement Research study that showed IRAs’ rate of return a poor substitute for that of defined benefit plans will, according to IRIC, “make it all the more difficult for advisors to recommend moving out of a defined contribution plan to those eligible to keep their assets in the plan.”
As a result, it expects that participants will be more likely to leave their assets in a retirement plan rather than rolling them over.
- In-plan retirement income solutions.
The move to keeping assets inside retirement plans, IRIC said, “should cause an increase in participant interest in investment vehicles that provide solutions to the draw-down, rather than accumulation, of retirement assets.”
As a result, revisiting in-plan retirement income solutions will become a major focus for plan sponsors in 2016.
IRIC said that plans that have not considered this will be under pressure from participants to “consider new solutions to address the risks of retirement income sustainability, longevity risk, market timing risk and in-plan distribution options.”
- In-plan distribution flexibility.
Plan sponsors will have to consider the question of which distribution options will be available to terminated participants.
If a plan only offers two options—complete lump-sum distribution or keeping the entire balance in the plan—it’s likely that sponsors will want to explore the possibility of offering periodic withdrawal opportunities, so that they can encourage terminated participants to keep their assets in the plan—which can provide benefits not only to the participants, but also to the plan itself in the form of reduced administration and fee costs.
What employees need to know now to file tax forms for PPACA
Original post benefitspro.com
The Patient Protection and Affordable Care Act (PPACA) reporting deadlines are rapidly approaching, presenting a major administrative burden for employers who face penalties for failing to report in a timely and accurate manner.
While there has been significant discussion of employer roles and responsibilities, employees have been largely left out of the equation.
However, many employees will soon be receiving new forms that are critical to their ability to file their tax returns and to their employers’ ability to accurately fulfill their own reporting requirements. Among these are Forms 1095-A, 1095-B, and 1095-C.
With this in mind, it is important for employers to educate individual taxpayers on what they are required to do and when and how to complete these requirements in the easiest and most efficient manner.
1095-C
The most commonly received form will be the new 1095-C, which millions of Americans will be receiving for the first time this year.
This new government form is used to tell the Internal Revenue Service that you were eligible for insurance coverage under the Affordable Care Act and whether you took advantage of or waived this coverage.
This form will be sent by employers no later than March 31 to all eligible full-time employees who worked for a company with a total of 100 or more full-time or full-time equivalent employees in 2015. For the purposes of this form, full-time is any employee working 30 or more hours per week or 130 hours in a calendar month.
According to the IRS guidance, Form 1095-C helps to determine whether both the employer and the employee have complied with the “shared responsibility” clause of the ACA.
The form also determines whether an individual or family qualifies for the Premium Tax Credit, which reduces the burden of purchasing health insurance.
Anyone who does not have coverage elsewhere and chose to decline employer-sponsored health care coverage will be required to pay a penalty for not carrying coverage--this penalty will be assessed on their tax return.
For 2015, the penalty for declining all health care coverage is $325 per uninsured adult and $162.50 per uninsured child or 2 percent of household income, whichever is greater up to a family maximum of $975.
The penalty will increase to $695 per uninsured adult and $347.50 per child or 2.5 percent of household income up to a family maximum of $2,085 in 2016, and will continue to rise with inflation year-over-year.
However, the IRS offers special exemptions based on income, circumstance and membership in certain groups, so those without coverage should research their options or consult a tax professional. (The most common exemption is for those who declined employer-sponsored coverage that would have cost more than 8 percent of their total household income.)
Health care exemptions can be claimed by filing IRS form 8965 with your taxes. As previously noted, the form also determines who may be eligible for premium credits to help defray the expense of coverage.
Employers are required to submit insurance coverage information, along with social security numbers and other identifying employee information to the IRS, and employee failure to disclose a waiver of coverage may result in an audit and penalties greater than the ACA individual mandate penalty.
1095-B
Form 1095-B essentially serves the same purpose as form 1095-c, but is used by and sent to employees of companies with fewer than 100 employees.
It may also be sent directly by an insurer to certify that individuals/families had non-employer sponsored coverage in place in 2015. This coverage may have come from:
- Government health care plans such as Medicare Part A, Medicare Advantage, Medicaid, the Children's Health Insurance Program, and Tricare for military members, veterans’ medical benefits and plans for Peace Corps volunteers.
- Health coverage purchased through the "Marketplace" -- Web-based federal and state insurance markets set up under the Affordable Care Act.
- Any individual health insurance policy in place before the Affordable Care Act took effect.
Depending on the way a health care plan is structured, some employees may receive both a 1095-B and a 1095-C.
1095-A
Form 1095-A is only applicable to those who purchased their health care coverage through ACA’s health care exchanges.
This form plays a critical role in reconciling the Advanced Premium Tax Credits (also known as APTCs)--a yearly stipend based on modified adjusted gross income designed to help lower-income individuals and families defray the cost of purchasing exchange-based health insurance--for 2015 and in determining future credits for 2016.
Per IRS and ACA requirements, any excess APTC received in the previous year must be repaid through income tax.
What to do with these forms
Like the more familiar W-2 or 1099 forms, the 1095-A, B, and C will be needed to file a 2015 tax return for anyone who receives it.
Those using a tax preparer will need to bring it with them along with their other filing documents, and those doing their own taxes or using tax preparation software will need to keep this document with their tax records in case of any further inquiry /audit by the IRS.
Help is available
Of course, this is just one important factor in gaining a more thorough understanding of the complexities of the ACA. While the IRS has worked to streamline the process as much as possible, many employers and employees are struggling to understand and keep pace with changing requirements.
However, for quick questions, there are many good resources available to both employers and employees. One of the best is the IRS website.
As in all tax-related issues, the most important factors in handling ACA reporting for all groups are to know what’s coming, prepare in advance, keep excellent records, take note of deadlines and avail yourself of helpful resources.