Labor Department Is Now Enforcing Coronavirus Paid-Leave Rules
As the U.S. Department of Labor gave employers sufficient time to comply with paid-leave through the Families First Coronavirus Response Act, many businesses can provide paid-sick-leave for employees if it is needed. Read this blog post to learn more.
The U.S. Department of Labor (DOL) initially gave employers time to comply with coronavirus-related paid-sick-leave and paid-family-leave mandates and correct mistakes without facing scrutiny, but the department has officially ramped up its enforcement efforts.
Under the Families First Coronavirus Response Act (FFCRA), many businesses with fewer than 500 employees must provide up to 80 hours of paid-sick-leave benefits if employees need leave to comply with a self-quarantine order or care for their own or someone else's coronavirus-related issues. The act also provides emergency paid family leave for parents who can't work because their children's schools or child care services are closed due to the pandemic.
The FFCRA's paid-leave provisions took effect April 1 and expire on Dec. 31. The DOL announced on April 20 that the nonenforcement period had officially ended, and the department issued its first enforcement order shortly thereafter. An electrical company based in Tucson, Ariz., was ordered to compensate an employee who was denied paid sick leave after he showed coronavirus symptoms and was told by a doctor to self-quarantine. The employer was ordered to pay the worker $1,600, which covered his full wages ($20 an hour) for 80 hours of leave.
"This case should serve as a signal to others that the U.S. Department of Labor is working to protect employee rights during the coronavirus pandemic," said Wage and Hour District Director Eric Murray in Phoenix. "We encourage employers and employees to call us for assistance to improve their understanding of new labor standards under the [FFCRA] and use our educational online tools to avoid violations like those found in this investigation."
We've rounded up articles and resources from SHRM Online on the FFCRA.
Paid-Sick-Leave Details
Under the FFCRA, covered employers will have to provide up to 80 hours of paid-sick-leave benefits if an employee:
- Has been ordered by the government to quarantine or isolate because of COVID-19.
- Has been advised by a health care provider to self-quarantine because of COVID-19.
- Has symptoms of COVID-19 and is seeking a medical diagnosis.
- Is caring for someone who is subject to a government quarantine or isolation order or has been advised by a health care provider to quarantine or self-isolate.
- Needs to care for a son or daughter whose school or child care service is closed due to COVID-19 precautions. (This leave can be combined with emergency paid family leave.)
- Is experiencing substantially similar conditions as specified by the secretary of health and human services, in consultation with the secretaries of labor and treasury.
Paid sick leave must be paid at the employee's regular rate of pay, or minimum wage, whichever is greater, for leave taken for reasons 1-3 above. Employees taking leave for reasons 4-6 may be compensated at two-thirds their regular rate of pay, or minimum wage, whichever is greater. Part-time employees are eligible to take the number of hours they would normally work during a two-week period. Under the legislation, paid sick leave is limited to $511 a day (and $5,110 total) for a worker's own care and $200 a day (and $2,000 total) when the employee is caring for someone else.
Family Leave and Sick Leave Work Together
The Emergency Family and Medical Leave Expansion Act (EFMLEA), which is part of the FFCRA, provides paid leave to parents who can't work because their children's schools or child care services are closed due to the pandemic. An employee may take paid sick leave for the first 10 days of leave or substitute any accrued vacation, personal leave or sick leave under an employer's policy. For the following 10 weeks, the individual will be paid at an amount no less than two-thirds of the regular rate of pay for normally scheduled hours. The individual will not receive more than $200 per day or $12,000 for 12 weeks that include paid sick leave and EFMLEA leave, the DOL stated. As of April 1, workers who have been on the payroll for at least 30 calendar days are eligible for paid family leave benefits.
More Guidance
Many employers and workers have been confused about how to apply the law or access its benefits, so the DOL has been regularly releasing compliance information and updating its Q&A document. In addition to temporary regulations, the DOL released a fact sheet for employees and a fact sheet for employers. The department also provided model workplace posters for nonfederal employers and federal employers that are covered by the mandate. The DOL will continue to add resources to its website, so employers should keep checking for updates. "Please continue to use our website as a primary source of information," said DOL Wage and Hour Division Administrator Cheryl Stanton.
Answers to the Most Common Coronavirus Questions
Would an employee who is afraid of coming to work and contracting COVID-19 be eligible for paid sick leave? Are nonprofit organizations required to comply with the FFCRA? How do the new requirements interact with collective bargaining agreements? Here are some answers to FFCRA and other common coronavirus questions.
SOURCE: SHRM. (28 April 2020) "Labor Department Is Now Enforcing Coronavirus Paid-Leave Rules" (Web Blog Post). Retrieved from https://www.shrm.org/ResourcesAndTools/legal-and-compliance/employment-law/Pages/Labor-Department-Is-Now-Enforcing-Coronavirus-Paid-Leave-Rules.aspx
How to Evaluate Hiring Assessments
HR professionals and managers need reliable ways to gather and evaluate various assessments. Read this blog post to learn more about how to evaluate assessments.
When faced with a hiring decision, HR professionals and managers have to consider everything they know about the applicants. But that might not be enough information to make a choice. To get more information and add objectivity to the decision-making process, many organizations use assessments.
"When these tools are used correctly, they're tremendously valuable," said Eric Sydell, Ph.D., an industrial-organizational psychologist and the chief innovation officer at Modern Hire, a hiring platform. "There's a level of objective assessment about a person that can be very predictive."
HR professionals and hiring managers don't have the ability to make accurate predictions in the same way assessments can. "Our brains don't work that way," he said.
But buyer beware, Sydell warned, "There are a lot of tools out there that sound great on the surface" but fail to deliver valid and reliable results.
Multiple Options Present Tough Choices
Ryne Sherman, chief science officer at Hogan Assessment Systems in Tulsa, Okla., said he suspects that most large corporations are probably using reliable and valid assessments, while smaller businesses may not be. Unfortunately, he said, "With this industry, there is no regulating body at all—literally anybody can make an assessment tool and start selling it with no background and no science put into it whatsoever."
Perhaps because of the open nature of the field, there are a lot of tools to choose from and many of them are complex, making the selection of one of them a potentially confusing—and even risky—decision to make.
Must-Haves for Effective Assessment Tools
Ryan Lahti, Ph.D., is an industrial-organizational psychologist and the founder and managing principal of OrgLeader, a management consultancy in Newport Beach, Calif. He uses a variety of assessment tools in his work. There are many factors to be considered when evaluating an assessment tool, he said, but the three key ones are validity, reliability and the population that was used to develop it.
Validity deals with how accurately the tool measures the concepts it claims to measure. Lahti pointed to three forms of validity:
- Content validity indicates how well the tool measures a representative sample of the subject of interest. At a minimum, he said, you want a tool that has content validity.
- Criterion validity indicates how well the tool correlates with an established measure or outcome—for example, correlation to strong performance ratings.
- Construct validity indicates how well the tool measures a concept or trait—for example, conscientiousness.
Reliability is a measure of how consistently the tool measures issues of interest. If you were to give the same assessment to the same candidate more than once, how similar would the results be?
Finally, the population used to develop the tool is an important consideration and should be the same as the population being assessed. "For example, you would not want a tool developed on an adolescent population to be used to assess working adults," Lahti said.
Sherman offered the Minnesota Multiphasic Personality Inventory (MMPI) test as an example. The popular assessment tool used by organizations to screen candidates was designed for diagnosis and treatment of mental health conditions, he said. That can be a risky tool to use for assessing the potential of job applicants.
What to Watch Out For
As HR leaders consider various assessment options, they need to thoroughly evaluate whether the assessments they're considering incorporate the must-haves. Look out for companies that don't publish information on validity, reliability and the population used to develop the assessment.
Some companies, Lahti said, will say that their tools are used by a lot of Fortune 500 companies.
"While this argument shows they have good sales and marketing departments, it does not prove the companies have sound assessment tools," he said.
Sy Islam, Ph.D., an associate professor at the State University of New York at Farmingdale and a vice president at Talent Metrics consulting firm in Melville, N.Y., said employers should ask test companies to show their worth. "Vendors should be able to provide you with a validity coefficient, which is a statistic—a correlation coefficient—that indicates how much predictive validity the assessment has," he said. He warned against accepting "black box" explanations like "the tool is proprietary and cannot be explained." The ability to support your assessment could become an issue if your company becomes involved in a lawsuit, he said.
"What you don't want to do is rely on high-level summary statements, marketing statements or hype that is generated by these companies," Sydell said. "There are a lot of different buzzwords and catchphrases that vendors will throw out there. It's really important to look beyond that and dig below the surface." And, while he says you don't need a Ph.D. to do that, it is a good idea to seek help from someone who is familiar with these types of assessments and can help evaluate their efficacy.
"I would strongly advise finding a local industrial and organizational psychologist who can evaluate different vendors and talk to you about best practices," Sherman said. The proper assessment and selection of candidates is just too important, and potentially risky, to cut corners.
SOURCE: Grensing-Pophal, L. (27 February 2020) "How to Evaluate Hiring Assessments" (Web Blog Post). Retrieved from https://www.shrm.org/resourcesandtools/hr-topics/talent-acquisition/pages/how-to-evaluate-hiring-assessments.aspx
Bots Help Government Tackle COVID-19 Challenges
As many are fighting the battle with various programming software applications, at this time it is helping various agencies with coronavirus data collection. Read this blog post to learn more.
The war against the coronavirus is being fought with science, social distancing, health care … and bots, software applications that run repetitive tasks over the Internet. Public-sector agencies are programming bots to speed the collection and analysis of data about coronavirus infection rates, transform paper-based procurement processes into digital ones, and help employees conduct business when in-person contact is no longer an option.
Robotic Process Automation in the Public Sector
Federal agencies are deploying robotic process automation (RPA) to overcome process or administrative hurdles. The General Services Administration (GSA) used the technology—which automates manual, repetitive tasks through the use of bots—to help track the spread of COVID‑19 in counties across the United States where the GSA has buildings.
Jim Walker, director of public-sector services for UiPath, a New York-based RPA platform provider, said the GSA used bots to gather and update COVID-19 infection data when agency employees became overwhelmed as infection counts rapidly rose. Walker said the GSA has trained about 50 of its employees in the use of RPA to create bots for the agency.
In another case, a government agency in Ireland used RPA to help process the burgeoning number of unemployment benefit claims. When laid-off workers submit an unemployment claim, a bot conducts optical character recognition on data and determines where a person has been employed. When employment and benefits eligibility are confirmed, the bot can deposit benefit funds directly into employee bank accounts.
The U.S. Centers for Medicare & Medicaid Services (CMS) deployed a bot to check on employees working from home. "Previously, the CMS would send out e-mails to confirm the health and welfare of its remote workers but would receive many thousands of e-mails a day in return," Walker said. "A small CMS team was tasked with reviewing those e-mails and creating regular status reports, but it became hard to keep up."
CMS deployed a bot that automatically checks the databases employees regularly access to perform their work. If an employee hasn't logged on for a specified period of time, the bot triggers a welfare check, Walker said.
Creating and Deploying Bots
Experts say RPA platforms can often be quickly installed. Because many basic RPA bots are of the "no-code" or "low-code" variety—meaning they require little or no software coding skills but rather, they function in drag-and-drop fashion—they often can be created, tested and rolled out in a matter of weeks, depending on the use case.
But experts say RPA platforms still require enterprise-grade security protections and the oversight of a designated team to manage bot development and deployment across the organization.
"If the automation challenge is COVID‑19-related, you don't have months or in some cases even weeks to get automation in place," said Keith Nelson, senior director of public-sector services for Automation Anywhere, an RPA platform provider in Arlington, Va. "Organizations often need immediate relief. In the case of HR, once a bot is created, users often simply have to send an e‑mail with a specified subject line to a certain address to activate it. In many cases, there's no need for any coding."
Automation Anywhere recently partnered with Microsoft to create a bot to help process COVID‑19 case forms for the National Health Service in the United Kingdom. Nelson said the initiative was in response to a directive from the World Health Organization to collect clinical data and case forms for coronavirus patients to identify infection trends more quickly.
Expanding Uses of RPA
Some government agencies have turned to bots to help them with onboarding. In this use, RPA can be programmed to verify a candidate's information, fill in and process new-hire forms, transfer that information into HR databases, send required paperwork to new hires, and help provision equipment such as laptops.
HR and IT functions are using automation for such tasks as creating and distributing remote-working agreements for employees, and transforming emergency funding requests from paper to digital formats.
"Many government agencies didn't have work-from-home agreements or support response agreements until COVID‑19 hit," said Steve Witt, director of public sector for Nintex, a Seattle-based automation and process management company. "Many procurement and other processes had been conducted on paper before, where people would sign forms and hand them off to HR or to a manager."
HR functions are also using no-code automation platforms to quickly create digital forms for such tasks as tracking essential employees coming to and leaving work. For example, to track exposure and risk to employees, the forms might sit on a kiosk at a reception desk and request details about where employees have recently traveled.
"If HR needs to quickly build out a digital form, they can do it without requiring support from IT," Witt said. "That's helpful during the COVID crisis because IT is often scrambling to keep up with the technical-support demands of employees now working from home."
Companies are using RPA with popular collaboration platforms like Microsoft Teams, and there are concerns that RPA will replace HR or IT jobs after the COVID‑19 crisis begins to recede. Experts say that, to date, the technology more often has replaced tasks, not entire jobs.
"A government employee might have 50 things to do every day but can only get to 40 of them," Walker said. "If you can automate those 10 tasks with bots, you haven't taken a job away but rather helped that worker do his or her job more efficiently."
SOURCE: Zielinski, D. (27 April 2020) "Bots Help Government Tackle COVID-19 Challenges" (Web Blog Post). Retrieved from https://www.shrm.org/resourcesandtools/hr-topics/technology/pages/bots-help-government-tackle-covid19-challenges.aspx
4 Sick-Leave Practices to Avoid During the Coronavirus Pandemic
While the spread of the coronavirus continuously increases, employees are urged to stay at home if they feel any symptoms that could be related to the virus. As employers begin to risk lost productivity due to sick leave, they may be tempted to adopt inflexible standards. Continue reading this blog post from SHRM to learn more.
Government officials are urging sick workers to stay home and employers to have flexible leave policies during the coronavirus pandemic. Don't let business pressures and reliance on past practices lead you to make bad decisions about attendance and leave policies during the public health emergency. Here are four mistakes employment law attorneys said businesses should avoid.
1. Being Inflexible
Many employers are understandably worried about the business impact of COVID-19, the respiratory disease caused by the coronavirus. They might be tempted to adopt inflexible sick time or general attendance policies to keep people coming to the workplace in an effort to maximize productivity, said Marissa Mastroianni, an attorney with Cole Schotz in Hackensack, N.J. "But it's a mistake to adopt an inflexible policy that would pressure a sick worker to come to the office," she noted.
Under Occupational Safety and Health Administration (OSHA) rules, employers have a duty to protect employees against known hazards in the workplace. "If one does not already exist, develop an infectious disease preparedness and response plan that can help guide protective actions against COVID-19," OSHA said in its Guidance on Preparing Workplaces for COVID-19.
The guidance noted that workers might be absent because they are sick or caring for sick family members, need to care for children whose schools or day care centers are closed, have at-risk people at home, or are afraid to come to work because they think they'll be exposed to the virus.
"Don't make employees feel pressured to come in when they shouldn't," Mastroianni said. If employees feel sick or think they have been exposed, they should be told to stay home. "We don't want to wait until someone is actually diagnosed."
Under OSHA rules, employees who reasonably believe they are in imminent danger can't be fired for refusing to come to the worksite. But what if an employee just doesn't feel comfortable reporting to work?
"Be more flexible with existing policies," said Susan Kline, an attorney with Faegre Drinker in Indianapolis. Employers should also consider providing additional sick time for instances of actual illness. If someone can't work from home, decide if offering paid time off is possible.
Some employees may take advantage of a flexible leave policy, Mastroianni said, but the employer's potential for liability is significant if employees are required to report to the workplace when they should stay home.
The analysis could be very fact-specific, and employers may want to contact a lawyer before denying time off.
"For a lot of companies, it's a challenge," Kline said, "because they want to be supportive but also don't know how big this is going to get."
2. Applying Policies Inconsistently
"Employers may choose to relax certain procedures set forth in sick-leave policies under extenuating circumstances, such as the current outbreak," said Jason Habinsky, an attorney with Haynes and Boone in New York City. "However, it is critical that employers apply any such modifications uniformly in order to avoid any claims of discrimination or unfair treatment."
For example, if an employer chooses to excuse absences for or to advance paid time off or vacation time to employees as a result of a COVID-19-related illness, the employer must be certain to do the same for all employees who are absent under similar circumstances.
"This requires employers to ensure that all decision-makers are aware of any temporary or permanent modifications to sick-leave policies to maintain consistency," Habinsky said.
3. Ignoring Leave Laws
All sick-leave policies must comply with applicable state and local paid-sick-leave laws, and these laws may require employers to provide leave for COVID-19-related absences. Although employers may be required to provide leave, they should note that many laws allow employees to decide when to use it.
Employers must also avoid forcing a sick employee to perform services while out on leave, Habinsky noted, as this may constitute interference or retaliation under certain leave laws, such as the Family and Medical Leave Act (FMLA). In fact, employers must avoid taking any actions against employees that could be construed as retaliation in violation of the FMLA, the Americans with Disabilities Act, and applicable state and local paid-sick-leave laws.
"This could include any form of discipline in response to an employee's use of sick time or request to use sick-leave time," Habinsky said. "Likewise, to the extent employees are performing services while working remotely from home, they must be paid for time worked in accordance with applicable federal and state wage laws consistent with their classification as exempt or nonexempt."
Laura Pasqualone, an attorney with Lewis Roca Rothgerber Christie in Phoenix, noted that many paid-sick-leave laws prohibit employers from requiring a doctor's note unless the absence is for at least three days. But requiring a medical certification at all could further burden emergency rooms and urgent care facilities and could expose employees to more germs, she said.
The U.S. Centers for Disease Control and Prevention (CDC) has urged employers not to require employees to provide a doctor's note to verify their COVID-19-related illness or to return to work.
4. Failing to Actively Encourage Sick Workers to Stay Home
According to the CDC, employers should actively encourage sick employees to stay home by:
- Telling employees to stay home if they have symptoms of acute respiratory illness, a fever of 100.4 degrees or higher, or signs of a fever. Employees should be fever-free for 24 hours without the use of medication before returning to work.
- Urging employees to notify their supervisor and stay home if they are sick for any reason.
- Ensuring that the company's sick-leave policies are flexible and consistent with public health guidance and that employees are aware of the policies.
- Making sure contractors and staffing agencies inform their employees about the importance of staying home when ill and urging business partners not to reprimand workers who need to take sick leave.
- Not requiring employees with acute respiratory illness to provide a doctor's note to verify their illness or to return to work, since health care providers may be overwhelmed with requests.
- Maintaining flexible policies that allow employees to stay home to care for a sick relative.
"Employers should be aware that more employees may need to stay at home to care for sick children or other sick family members than is usual," the CDC said.
[Visit SHRM's resource page on coronavirus and COVID-19.]
SOURCE: Nagele-Piazza, L. (18 March 2020) "4 Sick-Leave Practices to Avoid During the Coronavirus Pandemic" (Web Blog Post). Retrieved from https://www.shrm.org/ResourcesAndTools/legal-and-compliance/employment-law/Pages/4-Sick-Leave-Practices-to-Avoid-During-the-Coronavirus-Pandemic.aspx
Employers Grapple with Teleworking Decisions, Fairness
With businesses closing daily due to the implications that the COVID-19 pandemic has brought upon them, many employers are still questioning whether their employees have the resources to successfully work remotely. Read this blog post from SHRM to learn more.
It seems that every hour, another company announces that its employees will work from home to help stop the spread of the coronavirus—although working remotely is not an option for everyone.
For example, roughly two-thirds of the 700 employees at the Community Healthcare Network need to be onsite to provide patient care. But what about the administrative staff who may be able to work from home? Should they be given the opportunity?
Kenneth Meyer, the chief human resources officer at the New York City-based network of 12 clinics, has been grappling with the question. "Will they have the resources they need to perform their jobs?" he wondered. He's not sure that the employees have the computers and Internet connections they'll need. "We're a nonprofit. We don't have computers and scanners just lying around," he added.
And there's another element to consider: Is it fair to let some employees work from home while others labor in an environment where they are more at risk of contracting the coronavirus? "Staff morale definitely enters that equation. It isn't the governing the factor, though," Meyer explained.
Deciding whether to let employees work from home amid the pandemic isn't easy for many firms. Health care providers and manufacturers require most people to be onsite to keep operations running. Yet even for companies where it is technically possible for employees to work remotely, there are other considerations that must be addressed. While such companies are often OK with some people working from home, they lack the systems and protocols to keep the business running smoothly when there is no one at the main office.
Last week, there was significant disagreement among senior executives at software maker Betterworks about whether to close the company's offices temporarily, according to Diane Strohfus, Betterworks' chief human resources officer. Some favored shuttering the offices, while others argued it wasn't necessary because the coronavirus situation was overblown.
"Opinions were all over the map, but we decided to err on the side of safety and caution," Strohfus said. The company decided to make the work-from-home policy mandatory so that people who really wanted to stay home didn't feel pressured to go to the office by those who chose to work there. She added that many of the employees at the Redwood City, Calif.-based company have infants and school-age children, so allowing people to work from home made sense when school and day care closings are happening all over the country.
"I told managers to expect more distractions," Strohfus said.
Strohfus added that even though it's technically easy for the company's employees to work from home, for a firm accustomed to personal interactions, there were still adjustments to be made. To improve communication, channels were added to Slack, a messaging platform used by Betterworks employees, and managers are organizing video meetings to keep employees connected.
"We encourage [videoconferencing]. People can feel your personality when they see your face," Strohfus explained.
Companies don't have to let people work from home, said Tracy M. Billows, a partner in the Chicago office of law firm Seyfarth Shaw who specializes in labor issues. However, she added that if someone is pregnant or has a disability or medical condition that affects his or her immune system, companies must make some accommodations.
Billows said companies need to follow existing laws and coronavirus-specific directions from institutions like the U.S. Centers for Disease Control and Prevention when creating work-from-home policies amid the pandemic. Beyond that, companies need to account for their individual circumstances. Has an employee been infected? Is the company located in a virus hot spot where schools are closed? Does the work need to be done onsite? Companies must balance the safety and security of their workers with what the business needs to continue to operate, she explained.
"There are no one-size-fits-all answers," Billows said.
As the virus spread, Elyse Dickerson thought about how to treat the 10 hourly employees who work in her health care company's manufacturing facility and do not have sick leave. Last week, she told them she would pay them for two weeks if they were feeling ill or needed to care for a family member.
"If they don't get paid, they can't feed their families or pay their rent," said Dickerson, co-founder and chief executive officer of Fort Worth, Texas-based Eosera, a maker of ear care products. She told her other 10 employees that they could work from home but might be called in to help in the manufacturing facility if someone is out sick.
Dickerson doesn't know what the company will do if area schools close, although that won't be a problem for most of her employees. She said employees could bring their children to work if necessary. "I suppose we could put on a movie," she said.
And if an employee contracts the virus, she said the company would have the facility deep-cleaned within 24 hours. She has two months' worth of product in reserve in case there are any production delays.
"We already bleach down the facility every night," she said. "You could eat off the floors."
SOURCE: Agovino, T. (18 March 2020) "Employers Grapple with Teleworking Decisions, Fairness" (Web Blog Post). Retrieved from https://www.shrm.org/ResourcesAndTools/hr-topics/employee-relations/Pages/Employers-Grapple-with-Teleworking-Decisions-Fairness.aspx
As Coronavirus Spreads, Managers Ask How to Handle Telecommuting
With the Coronavirus spreading throughout larger cities in the United States, employers are looking at various ways to keep the workplace and employees safe and healthy. Many employers are turning to remote work to support these efforts. Read this blog post from SHRM to learn more about supporting remote work.
As the coronavirus continues to spread through the U.S.—so far infecting at least 162 people and causing 11 deaths—many employers are considering telling or have already told their employees to work from home. In China, where the virus was first identified, millions of people are working remotely.
But there are technological, process, security, workers' compensation and even tax considerations employers must keep in mind to support remote work.
How to Create an Effective Teleworking Program
One of the first tasks for those who plan to manage teleworkers is deciding who on staff may be eligible for telework. Once that's decided, managers should keep in mind the following best practices.
SHRM's Remote Work Resource Center
These resources can help employers set up flexible work arrangements. They include a sample telecommuting application form and telecommuting policy and information about whether telecommuters are covered under workers' compensation.
Considering a Remote Work Policy? Consider This
Have you checked whether your workers' compensation policy covers remote employees? Do you have technology that lets you see your remote workers during meetings? Do you micromanage a remote worker more than the people who sit beside you, simply because you can't see what the remote worker is doing? Those are questions that HR departments should address to create a telecommuting program.
Technology to Support Remote Workers Evolves
In addition to videoconferencing programs, file-sharing platforms, and project management and time-tracking tools, new adaptive analytics and secure data-access technologies are helping employees who work from home or other locations outside the office.
Building and Leading High-Performing Remote Teams
Overseeing a team of remote employees doesn't come naturally to many managers. Some even question how they can know if people working away from the office are really working. But the guiding principles of leadership are the same regardless of whether the team is located under one roof or geographically dispersed.
Helping Remote Workers Avoid Loneliness and Burnout
Remote work forces structural and systemic change to accommodate different ways of working and different ways of being "available" and productive. Remote and flex work also present new challenges for managers. In particular, burnout and loneliness.
SOURCE: Wilkie, D. (06 March 2020) "As Coronavirus Spreads, Managers Ask How to Handle Telecommuting" (Web Blog Post). Retrieved from https://www.shrm.org/ResourcesAndTools/hr-topics/people-managers/Pages/coronavirus-remote-work-.aspx
Supreme Court to Rule Next Year on the ACA's Validity
With the Affordable Care Act (ACA) being questioned on whether it is in-whole or in-part constitutional, the U.S. Supreme Court has decided to rule on this matter again. The ruling regarding the validity of the ACA is expected by June of 2021. Continue reading this blog post to learn more.
The U.S. Supreme Court will again rule on whether the Affordable Care Act (ACA) is constitutional, in whole or in part, during its term beginning this October, the court announced on March 2. A ruling is expected before the term ends in June next year.
In 2019, Congress eliminated the ACA's penalty on individuals who lack health coverage—the so-called individual mandate. In the aftermath, several Republican state attorneys general filed a lawsuit claiming the ACA itself was no longer constitutional, while Democratic states and the House of Representatives, controlled by Democrats, stepped in to defend the statute.
Back in 2012, the U.S. Supreme Court upheld the constitutionality of the ACA's individual mandate as a justifiable exercise of Congress's power to tax. But without an existing tax penalty, ACA critics charge that the health care statute itself, or at least the parts of the act closely linked to the individual mandate, are no longer constitutionally valid.
In December 2018, a Texas district court struck down the ACA but stayed its ruling pending appeal, concluding that the individual mandate is so connected to the law that Congress would not have passed the ACA without it. On appeal, in Texas v. United States, a split panel of the 5th Circuit instructed the district court to rehear the matter and "to employ a finer-toothed comb on remand and conduct a more searching inquiry into which provisions of the ACA Congress intended to be inseverable from the individual mandate."
Now that the Supreme Court has agreed to hear the case, it will not go back to the district court judge for that analysis, leaving the high court free to uphold the entire ACA, uphold the statute but void provisions linked to the individual mandate, or strike down the law in full, although that draconian option is viewed as exceedingly unlikely by legal analysts. The same five justices that upheld the ACA in 2012 remain on the court.
The health law remains fully in effect during the litigation, including all employer coverage obligations and reporting requirements.
The Supreme Court's Packed Schedule
The Supreme Court has placed five cases—including Texas v. United States—on the 2020 docket. This suggests that the hearing could be held in early or mid-October 2020, right before the 2020 election, although we may not know the oral argument schedule until later this spring or summer. In any event, a decision in Texas v. United States would not be expected until 2021 (and presumably not until June 2021).
It is worth noting that the Court will hear a separate ACA-related challenge on the final day of oral argument during its current term. On April 29, 2020, the Court will hear one hour of oral argument in the consolidated cases of Little Sisters of the Poor v. Pennsylvania and Trump v. Pennsylvania. These cases focus on the validity of two Trump-era rules that created broad exemptions to the ACA's contraceptive mandate for religious or moral reasons. And we are still waiting on a decision from the Court over whether insurers are owed more than $12 billion in unpaid risk corridor payments; oral argument was held in that challenge in December 2019 and a decision could be issued at any time.
(Health Affairs)
Lawsuit Stoked Confusion
America's Health Insurance Plans (AHIP), the insurance industry's leading lobbying group, applauded the justices' decision to hear the lawsuit. "We are confident that the Supreme Court will agree that the district court's original decision to invalidate the entire ACA was misguided and wrong," said AHIP President Matt Eyles in a statement.
Association for Community Affiliated Plans (ACAP), a group that represents more than 70 safety-net plans, noted that the lawsuit "has cast a pall of uncertainty over the future of the individual insurance market," according to ACAP CEO Margaret A. Murray.
(Fierce Healthcare)
5th Circuit Highlighted Suspect ACA Provisions
When the 5th Circuit instructed the district court to rehear the matter and to focus on those ACA provisions that Congress intended to be "inseverable from the individual mandate," this suggested, legal analysts said, that the appellate court was unlikely to overturn the ACA in full. However, the appellate court might have struck down those parts of the law directly related to the individual mandate, such as the 5:1 ratio age band, under which insurers can't charge seniors premiums more than five times what younger patients pay, and community rating, which prevents insurers from varying premiums within a geographic area based on age, gender, health status or other factors.
The increase in revenue to insurers from the individual mandate was meant to offset the decrease from these restrictions. It's unclear whether the U.S. Supreme Court will take a similar approach when it hears the case.
(SHRM Online)
SOURCE: Miller, S. (03 March 2020) "Supreme Court to Rule Next Year on the ACA's Validity" (Web Blog Post). Retrieved from https://www.shrm.org/ResourcesAndTools/hr-topics/benefits/Pages/supreme-court-to-rule-next-year-on-CAs-validity.aspx
Viewpoint: Your First 90 Days as a New Manager
Did you know: the average turnover rate, from the Vice President Level, has decreased from 3.3 to 2.2 years. With this being said, it's important that when coming in as a new manager that the first few words said will impact the image given to colleagues. Read this blog post from SHRM to learn helpful tips on how to make being the new manager a little less difficult.
"The president of the United States gets 100 days to prove himself. You get 90."
That's how author Michael D. Watkins opens his seminal book on leadership transitions, The First 90 Days. The three-month period, as he explains, is a quarter, the time frame used by companies to track performance, and it is long enough to offer meaningful indicators of how a new manager is doing. Research shows that success or failure within the first few months of a new management role is often an accurate predictor of ultimate success, he adds.
"When leaders derail, their failures can almost always be traced to vicious cycles that developed in the first few months on the job," Watkins writes.
These vicious cycles frequently begin in a few similar ways, says leadership expert George Bradt, co-author (with Jayme Check and John Lawler) of The New Leader's 100-Day Action Plan. Some new managers do not realize the impact of their early words and actions, and are inadvertently sending colleagues the wrong message. Others focus on a new strategy before earning trust and support from the team. Others expend too much energy on the wrong projects and neglect the priorities of stakeholders, Bradt writes.
Moreover, recent widespread trends in the business world have made the task of mastering the first three months on the job even more important for new managers, Watkins says. Chief among these trends is that management is turning over at a faster and faster rate.
"The pace of transition has gone up pretty dramatically," says Watkins. As evidence, Watkins cites a recent study of Fortune 100 global healthcare companies. Since 2013, average turnover time at the vice president level decreased from 3.2 years to 2.2 years. "There's a premium on getting up to speed faster," he explains.
Watkins's approach is to break down a new manager's first 90 days into 10 separate directives: Prepare Yourself; Accelerate Your Learning; Match Strategy to Situation; Negotiate Success; Secure Early Wins; Achieve Alignment; Build Your Team; Create Alliances; Manage Yourself; and Accelerate Everyone.
Given this, we asked Watkins and Bradt to contextualize their guidance and highlight key best practices for managers. We also asked a few seasoned managers with successful track records in new leadership roles to provide their insight and perspective on what drove their success.
Preparing and Assessing
Preparation for a new managing role is crucial, and the preparation process should begin before the first day on the job. In most cases, it should start before the first job interview, explains Michael Sarni, CPP, recruiting and training officer for the Emergency Management Agency of the City of Lockport (Illinois), and president of Security Consulting Specialists.
In Sarni's view, a manager candidate conducts due diligence research on the company before being interviewed. The information-gathering process continues during the interviews, with the manager candidate asking informed questions about role expectations and the workplace environment. "A good manager…should always be preparing for future outcomes," Sarni says. "This must start before the first day they walk in the door and continue to the last day they leave the office."
Of course, the manager should also take time before the interview to prepare answers to common interview questions. In Bradt's view, all interview questions boil down to one of three basic questions: What are your strengths? Will you be motivated? Are you a fit for the organization? Given this, managers should prepare answers before the interview that convey three fundamental points: My strengths are a match for this job. My motivations are a match for this job. I am a good fit for this organization.
Another key aspect of preparation is learning about and assessing the company's culture. "I think understanding the culture—and adjusting one's approach accordingly to new challenges and opportunities—is ultimately the key to success in the first 90 days," Sarni says.
Sometimes, a manager can do this by using scouts and spies: customers, former or current employees, or anyone who has been involved with the firm and can speak to its culture, Bradt says. Sometimes, these associates can be a good source of information on an organization's unwritten norms, such as the actual hours most work, as opposed to the hours prescribed in the employee handbook; how employees socialize outside the office; how connected and active staff is through email and texting; and more.
Managers can also learn about the firm's culture simply by being hyper-observant every time they visit the office–taking note of people's interactions and demeanor, their dress, the office's physical set-up and structure, noise level, and other signs. "You can learn an awful lot by simply walking into a place," Bradt says.
In general, new managers who fail to understand a company's culture stand a much higher chance of ultimately being rejected by it. But now, Watkins says, with millennials representing the largest generation in the U.S. workforce, a new dynamic has come into play. A millennial employee joining a new company may in fact make the effort to assess the company's culture—but find it lacking. "They're not terribly tolerant, necessarily," Watkins says with a laugh.
This has created a crossroads, he says: "Is it incumbent on them to adapt to the culture? Or will they ultimately be the agents of change of the culture?" At some firms, the current situation is bi-directional adaptation: millennial employees try to fit in with the culture (at least in some ways), but the company also tries to evolve its own culture so that younger employees stay engaged and not leave. "A lot of companies are grappling with that. It's a real generational shift," Watkins says.
Overall, it behooves new managers to be aware of this generational shift and consider how they might contribute to the company's overall goal of ensuring its culture does not drive away promising employees. "Onboarding is the leading edge of engagement, and engagement is a core part of retention," Watkins says.
Owning Day One
Although preparing, learning and assessing are all key steps before the job begins, they alone will not guarantee a successful transition, experts say. The first several days of the new role will bring their own challenges.
Rex Lam, a Hong Kong-based senior consultant with Guardian Forest Security, has successfully transitioned into a few different management positions since he joined the security industry 15 years ago. While he also supports the importance of preparation, he says that well-prepared managers who are excited about their new ideas must avoid coming off as a know-it-all.
"Avoid the impulse to immediately want to make an impact for the good by changing everything. The attitude should be to learn and listen first, and do not let perfection be the enemy of good," Lam says.
Sarni advises extending the learning process that most new managers undergo in the early days, so that it covers more than just the security department. "Taking a methodical approach to learning as much as you can, not only about your own department and how it fits into the organization, but also about all the other departments with which security impacts operations and culture, should be an early objective," he explains.
He also recommends that new managers try to make the effort to learn what's below the surface. "Always dig a little deeper to learn and understand an operation further. The more one is prepared for the unexpected, the easier it is to adapt when the unforeseen challenge presents itself," he adds.
Bradt agrees with the importance of listening and soaking in information as soon as the job begins, but he also said that too many managers show up with a passive, just-do-no-harm attitude. This is inadvisable; all eyes are on a new manager during the first few days and people start forming opinions based on limited contact. "If you show up looking clueless, people are going to assume you're clueless," Bradt says.
Instead, new managers should come in on the first day with ideas of how they want to position themselves strategically, and what message they want to convey. Then they can listen and learn, and also ask directed questions that support this strategy and message.
Bradt offered the following example to illustrate: A new manager, taking over a leadership position, does due diligence and finds that while the firm is in decent financial shape, competitors are nipping at its heels and gaining ground. So on day one, the new manager listens and learns, but also asks many other department heads, "I've looked at what you've done so far, and it's amazing. What do you think you're going to do next to stay ahead of the curve?" That type of directed question reflects an active focus-on-the-future strategy and message, rather than a passive approach, Bradt explains.
Similarly, a new manager for a firm that needs to be more customer-focused can decide to spend some of day one meeting with customers, outside of headquarters. Here, Bradt recommends following the leadership maxim "Be, Do, Say." New leaders will be judged on all three, in that order of influence. What a leader says comes third; what a leader does comes second; who a leader is comes first. So, if a new leader continues to meet with customers through the first 90 days, at some point the leader will "be" a customer-focused leader in the eyes of staff. That will be part of his or her identity.
Early Wins
Early accomplishments, even small ones, are usually a big boost toward ultimate success for new leaders. If someone asks an employee, "How's the new manager?," while it's nice if the employee says he or she is likable, it's even more indicative of future success if the employee can say he or she already accomplished X.
Lam offers the example of taking over a management position for a company that wanted to alter operations so that it could plan more than three years ahead of time, rather than focusing completely on the current workload. For Lam, targeting the underlying systemic issue led to an early win. "The key is to identify the bottleneck and focus on eliminating the root cause," Lam says.
In this case, Lam identified the bottleneck—inefficient processes—that prevented the team from having enough resources and time for advance planning. So, he decided to target inefficiencies. He improved the resource allocation process for the service team; the team's quality of work increased, and costs immediately went down because outside service contractors were no longer needed. The team was also spending too much time filling out detailed reports for small expenses such as subway and bus fares; Lam distributed pre-paid cards, and this tradeoff won back time for staff.
The cost and time savings became quickly apparent, resulting in an early win for the new manager and eventually developed into a significant accomplishment. "I was fortunate to make the correct decisions," Lam says.
And the chances for notching early accomplishments increase if they are based on a broader strategy that is appropriate for the type of mission that is needed. Watkins recommends that new managers use his STARS model to match strategy and situation. Using this model, the new manager must assess the business mission at hand (Start-Up, Turnaround, Accelerated Growth, Realignment, Sustaining Success) before designing an appropriate approach and strategy.
Alignments and Allies
Often, Watkins's directives of Achieve Alignment and Create Alliances are related for new managers in the security field, Sarni says. Since security touches on every facet of a company, alliances between the security manager and managers in other departments are critical. These alliances can be made with the goal of interdepartmental collaboration, for the benefit of all.
"Often, the security function is viewed as a hindrance to operations in other areas of the organization," Sarni says. "But, if the security manager takes the time to learn as much as possible about those operations and proceed from the philosophy of being a partner with those other functions, security can find ways to not only better secure the environment, but also improve upon methodologies others are using."
Toward this aim, the new security manager can begin to educate selected managers from other departments about how security can align with and support that department's goals and objectives. "Building those partnerships and empowering other departments to feel that they have a stake in security's outcomes—and showing how it can benefit them—dramatically improves the chances of success," Sarni explains.
However, Sarni concedes that this is no easy mission. It takes people skills, emotional intelligence and some deft explaining. "These concepts may sound simple enough in theory, but the reality is far more challenging and delicate," Sarni says. "The brute force approach, even with a mandate, rarely yields the best results. Finesse, patience and understanding the nuances of the environment generally yield the most desirable outcomes."
Forming alliances and creating alignments with other departments is especially crucial for new managers charged with overhauling operations. "Through most of my career I have acted as a 'change agent' for the organizations to which I have been hired," Sarni explains. "But even in that environment, where I have had a mandate from senior management, generating buy-in from peers in different areas of the organization has taken creativity, sensitivity, and perseverance."
On a one-on-one level, it's always best for the new manager to create alliances that function as a two-way street. When discussing issues with other managers, two questions are often very helpful, experts say: What is a best practice that will help me in this firm? How can I help you be successful?
Building Your Ever-Changing Team
Team building for new managers takes a certain mind-set, says Lam, and for new managers who previously worked on their own, it requires a mind shift toward the collective.
"When you are one person, you are the star. When you are the manager, you are a star maker," Lam says.
In many cases, one of two situations apply. A new manager will take over an existing team, with the hope that it will stay intact. Or, the new manager is tasked with building his or her own team. In either instance, one principle is equally valid, Bradt says: every team member should be playing to their strengths.
This should be kept in mind by new managers busy with building their own teams and actively hiring. And it should also be remembered by new managers inheriting an intact team. They should still do a "role sort" in the first 90 days, and make sure everyone is in the right job. A good skill set/role match could mean a star in the making, whereas a mismatch can make for all sorts of problems down the road. Bradt says that one of the top regrets cited by leaders is "not moving fast enough on people" (i.e., reassigning staffers to best-fit positions) earlier in their tenure.
Finally, Watkins cites two recent trends that may have a big impact on team leading. One trend is that more teams are becoming virtual, with some members in different time zones and less face-to-face communication. This type of team can still be managed effectively, but it can take additional skills that not all managers have.
The second trend is turnover. The rate of turnover for team members is even outpacing the rate increase for management turnover. This is true in part because younger workers are more likely to leave a job if they are dissatisfied with the company. As a result, many teams are in a state of constant flux.
"What I find now, pretty much consistently, is that virtually all teams are at some point of transition at any given point in time," Watkins says. This can mean an added challenge for the new manager: learning to lead a team consisting of parts that never completely stop moving.
The Future
What will the new managers of the future have to contend with?
In the last decade, culture has become more important to the ultimate success of the company, Bradt says. Fast forward 10 years, and that continues to the point where "culture is the only thing that matters." With the continuing advancement of technology, companies will be able to duplicate almost any type of competitive advantage in product and services and operations that their competitors may have.
So the only real meaningful component that will separate companies from each other is culture. "Their culture is the only thing they can own," he says.
As for Watkins, he believes that recent innovations like artificial intelligence and the growth of ever-more-sophisticated analytical machines may have a vast impact on how work is done, giving him some pause when he considers the future. He knows that the exact extent and ramifications of this transformation (including the impact on management), and the time frame, cannot be predicted with certainty. "But I tend to believe it's going to happen sooner rather than later," he says.
"I'm wondering if there will be managers in 10 years," he says. "Your manager could be an algorithm."
Mark Tarallo is senior content manager of Security Management magazine.
This article is adapted from Security Management magazine with permission from ASIS © 2019. All rights reserved.
SOURCE: Tarallo, M. (19 February 2020) "Viewpoint: Your First 90 Days as a New Manager" (Web Blog Post). Retrieved from https://www.shrm.org/resourcesandtools/hr-topics/organizational-and-employee-development/pages/viewpoint-your-first-90-days-as-a-new-manager.aspx
Sharpen Your Recruiting Workflow with Service-Level Agreements
Recruiting can be a long and drawn-out process, but using service-level agreements (SLAs) can speed up the dreary process along with generating accountable talent. Firms are beginning to use SLAs to improve recruiting results and consistency. Continue reading this blog post from SHRM to learn more.
Using service-level agreements (SLAs) in recruitment can speed up a laggard hiring process, generate accountability from hiring managers and create the expectation that talent acquisition (TA) is a top company priority.
Common in sales, marketing and procurement, SLAs are written standards that the TA function and hiring managers agree upon in order to understand the responsibilities of each party.
"Service-level agreements have proven to be one of the most effective ways to improve recruiting results, increase recruiting consistency, and, at the same time, strengthen the relationship between recruiters and hiring managers," said John Sullivan, an HR thought leader and professor of management at San Francisco State University. "If you want to improve your quality of hire, reduce position vacancy days and improve process compliance, it only makes sense to try to get hiring managers to put a greater focus on recruiting. You can reduce the blame game [between recruiters and hiring managers] by spelling out responsibilities, timelines, deliverables and success measures in advance."
SLAs are essentially informal contracts, said Jessica Miller-Merrell, SHRM-SCP, an HR consultant and the founder of Workology, an Austin, Texas-based workplace resource site.
They can be time-bound or focused on quality control, with both parties agreeing to specific deadlines or commitments related to resume review, interview scheduling, candidate interview feedback and final selection.
There is one important prerequisite to using the agreements: getting buy-in from hiring managers and leadership. "SLAs won't work if the relationship and the respect are not there first," Miller-Merrell said. "SLAs have value even in just getting the conversation started with your hiring managers. Frame it as a process improvement that will serve both of your goals."
Without that crucial buy-in, "HR and TA are seen as more of an obstacle rather than as a partner," said Caitlin Wilterdink, director of HR and talent acquisition at Paxos, a financial technology company in New York City, and the owner of Wilterdink Consulting. A longtime believer in the SLA model's effectiveness, she's introduced the concept to several companies, receiving both positive and negative reactions. At Paxos, where both time-bound and quality-control SLAs are in use, reaction was initially mixed. When implementing SLAs there, Wilterdink asked hiring managers to take on extra recruiting tasks due to a lack of TA staff.
"There was a bit of questioning from some hiring managers about why they were being asked to do things that HR usually did for them [in past roles]," she said. "That's fair, and it's important for HR leadership to empathize with that sentiment and be able to help them understand why they are being asked to do this. It's about balance, and the TA leader has to have a good pulse on the organization and know when to strictly enforce an SLA and when to bend the rules."
Benefits of Using SLAs in Recruiting
Experts say organizations that use SLAs in recruiting could see several improvements in the process:
Hiring. "Simply setting minimum and maximum times for recruiting steps will speed up your overall recruiting process," Sullivan said. He added that recruiter and manager satisfaction with the process will improve, hiring costs will decrease, and confusion and duplication will be dramatically reduced.
"Being confused about who does what and when can certainly slow down the hiring process and result in the unintended duplication of work," he said. "SLAs lead to clarity and agreement on what must be done and who must do it."
Coordination. "The process of jointly working together in order to create the SLA agreement by itself helps to improve the relationship between recruiters and hiring managers," Sullivan said. "The initial negotiation process also helps both parties understand the needs, expectations and problems of the other party."
Accountability. When Wilterdink joined Paxos, "there wasn't a lot of accountability for how feedback was used to inform the rest of the recruiting team about a candidate, leading to a lot of false positives coming in for onsite interviews." She explained that some managers were marking "yes" on interview score cards to advance a candidate, but their written feedback would indicate they actually felt more like "meh." In order to control for that, Wilterdink initiated an advocacy-modeled SLA, stipulating that an interviewer must advocate for the person he or she advances before the person is moved forward in the process. "Doing this has reduced the number of false positives," she said.
What to Include in Your SLA
Service-level agreements can range from basic one-pagers with general statements to detailed documents covering many aspects of the recruiting process. Sullivan said that upfront basics of an SLA can include setting the goals and business impact of the process and defining the role of each party.
"Defining roles and making it clear who has ownership can reduce hesitation, as well as duplicate work. Roles that frequently need clarification include interview scheduling, interview participation, reference checking and documentation."
The recruiting process should be listed in clear steps in an SLA. "The required and optional recruiting steps are listed in order to make it clear to everyone what steps must be executed, which ones can be expedited and which ones are optional," he said. "It's probably also a good idea to include a visual process map or flowchart so that everyone can clearly see the steps and the flow of the process."
Be sure to specify deadlines and deliverables, as well. "Getting quick feedback from the manager about the quality of the submitted candidate slate is critical," Miller-Merrell said.
At Paxos, SLAs include a commitment to reviewing resumes within 24 hours and attaining a performance benchmark of application-to-offer in about 27 days.
Sullivan said that SLAs should specify how the success of reaching each goal and activity will be monitored and measured. Miller-Merrell said that measuring the time it takes to receive feedback may help the TA team uncover critical bottlenecks in the recruitment process and avoid both delays and the loss of good candidates who remain in limbo.
SLAs can also identify potential risk factors, conflicts, rewards and penalties for nonperformance. "If your recruiting process lacks structure, it might be a good idea to outline any unacceptable actions or behaviors," Sullivan said. "When you specify the don'ts, everyone knows upfront what they cannot do under any circumstances."
Tips for Making SLAs Work
Wilterdink said that a partnership approach will go a long way to smooth over any negative reactions from hiring managers who are presented with an SLA. She suggested some ways TA can achieve cooperation:
- Train hiring managers on how to fill out interview score cards.
- Provide recruiting software, which makes completing score cards and tracking manager participation easier. If you don't have technology that does this, you can use Google Docs, she said.
- Be flexible with enforcement.
- Pair managers with recruiters, if possible. "When I have a fully staffed team, I'll have the hiring manager work side by side with a recruiter," Wilterdink said. "The reason for that is that the manager needs to understand the market we're looking for before posting a role, so we spend our time fitting the actual business need.
SOURCE: Maurer, R. (21 February 2020) "Sharpen Your Recruiting Workflow with Service-Level Agreements" (Web Blog Post). Retrieved from https://www.shrm.org/resourcesandtools/hr-topics/talent-acquisition/pages/sharpen-recruiting-workflow-service-level-agreements.aspx
How Next-Gen Technology Can Keep HR Data Safe
In 2018, the FBI reported having 350,000 complaints of internet crimes, which is a rise of 23 percent over five years. With an increase in internet crimes, HR departments are turning to security approaches that are powered by artificial intelligence (AI). Read this blog post to learn more about how artificial intelligence is helping companies with cybersecurity.
As hackers grow ever-more inventive and data privacy laws are enacted around the globe, HR leaders are faced with the challenge of protecting and storing sensitive HR data but not curtailing employees' ability to use that data to make timely workforce decisions.
But there may not be enough cybersecurity colleagues to call upon for advice and technical assistance, which compounds those challenges. Approximately 65 percent of companies reported a cybersecurity staff shortage last year, according to the 2019 Cybersecurity Workforce Study conducted by (ISC)2, an international nonprofit association for IT professionals. As a result, more companies are turning to security strategies that don't require human intervention, such as cybersecurity powered by artificial intelligence (AI) that can proactively monitor and neutralize new kinds of cyberthreats.
New Strategies for More-Sophisticated Attacks
Research suggests that concerns over data security are occupying more of HR leaders' time and resources. The 2019-2020 Sierra-Cedar HR Systems Survey found a 17 percent increase from the prior year's survey in the number of respondents deploying cybersecurity strategies, with 70 percent of HR organizations reporting they have and regularly update such a strategy. That's good news, because the FBI reported receiving 350,000 complaints of Internet crimes in 2018, a rise of 23 percent over five years. Those crimes caused an estimated $2.7 billion in financial losses.
Security experts say the loss of sensitive data like payroll information, Social Security numbers and notes from internal investigations or employee assessments has implications far beyond the HR department.
"When HR systems are breached, it goes beyond the personal data stolen, because HR is central to so many processes across the organization," said Corey Williams, vice president of marketing and strategy at Idaptive, a cybersecurity firm in Santa Clara, Calif. "HR systems are the starting point for much of the access employees have throughout the organization. HR data doesn't sit on an island like other data, and when you have vulnerabilities at the HR level, you're exposing the entire enterprise to wider attacks."
AI-powered security tools represent a new approach to combating threats to HR data. While not a cure-all, these technologies can protect against malicious attacks driven by automated malware and have capabilities, such as pattern recognition, that can identify suspicious behavior and block potential problems or threatening online traffic in real time.
To protect against insider threats, whether malicious or from workers not following sound security practices, some AI-based cybersecurity tools can be trained to learn employees' behaviors when using corporate networks. Research shows that such threats are a growing problem. Insiders caused 48 percent of reported data breaches in organizations in 2019, according to a recent benchmark study from Cambridge, Mass.-based Forrester Research, up from 26 percent of total data breaches in 2015.
More companies are adopting "zero trust" policies that feature a "never trust, always verify" approach to network access or identity authentication and employ tools like multifactor authentication (MFA). MFA is a way to confirm user identities through at least two different factors. In the last year, according to the Sierra-Cedar survey, large organizations increased their use of MFA by 20 percent, and approximately 55 percent of small organizations reported using MFA for HR applications.
Williams said stolen or weak user credentials is still the top cause of data breaches in organizations. "We've seen growing sophistication in the way passwords and credentials get stolen," Williams said. "That includes malware, hackers writing more convincing phishing e-mails that get employees to click on harmful links and other approaches. Companies have found that depending on passwords alone for access is becoming untenable."
Balancing Security with the User Experience
HR leaders have to strike a balance between taking the right data-security measures and ensuring employees can still use HR networks and software in efficient and user-friendly ways—a balance that ideally won't make the workforce feel excessively monitored or handcuffed when using technology.
"Security is often viewed as a teeter-totter, where you are either increasing data security or you are improving the user experience with technology," Williams said. "But it doesn't have to be an either-or scenario."
For example, employees who typically access the same corporate networks or applications in the same fashion likely don't need additional security oversight, but someone accessing that same system from a country he's never been to before and with a different device would need more controls.
"We're seeing more innovation in applying security tools to separate high-risk from low-risk system access," Williams said.
HR leaders also can help enhance security by encouraging their companies to re-evaluate user access policies, experts say. "As people work for a long time in companies, they tend to accumulate access to systems, and that access doesn't necessarily get taken away as they move up or around a company," Williams said. "Employees are often 'over-provisioned' in terms of their access to sensitive data in systems, which can create increased vulnerability for companies." Automated processes tied to the life cycle management of employees can ensure system access is changed or removed as people change roles in a company, he said.
James Graham-Cumming, chief technology officer for Cloudflare, a cybersecurity company in San Francisco, said being more judicious in granting data access is a wise but sometimes overlooked security strategy. "It's not uncommon for CEOs or other senior leaders in a company to have access to all or most corporate systems because they simply feel a need for that access," Graham-Cumming said. "Yet these are more-visible or even public figures who are often targets for hacking. The reality is your C-suite or vice presidents may not need access to all of your systems."
Managing Vendor Risk
Data security and privacy threats can grow as HR functions add more technology platforms to their ecosystems and create more integrations with third-party providers. A recent study by research and advisory firm Gartner found that because human capital management systems are built to integrate with many third-party services—such as LinkedIn, for example—those integrations can expose organizations to risk through "misconfigurations" that result in unintentional data leakage. Depending on the level of integration, problems with security in vendor systems can open the door for attackers, the Gartner study found, as was the case with the retailer Target in 2014.
Security experts say HR leaders should ensure vendors have best-practice data security and privacy protocols in place, such as MFA, in addition to passing an external Service Organization Control, or SOC, 2 audit, which confirms they're in compliance with recommended practices for data security, processing integrity, ensuring privacy and more.
Jared Lucas, chief people officer with the cybersecurity firm MobileIron in San Francisco, said security-related employee training also is more important than ever as malware grows more sophisticated, phishing attacks increase and bad actors use AI-powered methods to hack corporate systems.
"Effective, regularly updated training in what to look for and what to be wary of can close a lot of holes in a company's data security strategy," Lucas said.
SOURCE: Zielinski, D. (10 February 2020) "How Next-Gen Technology Can Keep HR Data Safe" (Web Blog Post). Retrieved from https://www.shrm.org/resourcesandtools/hr-topics/technology/pages/next-gen-technology-can-keep-hr-data-safe.aspx