The Risks of Staff Using Personal Devices for Work

Bring your own device

As more employees use their personal mobile devices for work companies are being forced to confront the resulting security implications as well as how the devices are changing behaviors in the workplace.

That’s according to a report by Littler Mendelson, an international law firm specializing in employment and labor law. The report highlights the dangers and benefits of allowing employees to use their personal devices at work.

As more people buy smart phones and tablet computers and bring them to work to use to perform company tasks, businesses have responded by implementing policies that allow employees to use their personal mobile devices to create, store, and transmit work-related data.

This trend is generally referred to as “Bring Your Own Device” or BYOD. Some companies even allow employees to replace their work laptop computer with their own personal PC, which is sometimes referred to as BYOC.

The report highlights two broad categories of risks personal devices in the workplace pose: data risks and behavioral risks.

Data Risks

The report looked at five information security threats posed by BYODs:

Lost or stolen devices – According to study by the Ponemon Institute, 39% of respondents reported that their organizations had sustained a data security breach in 2011 as a result of lost or stolen equipment. Put simply, if your employees use their personal mobile devices for work, your company data is at risk if they lose their gadget.

Malware – In February 2012, Juniper Networks reported a 155% increase from 2010 to 2011 in the volume of malicious software created for mobile devices, and malware targeting the Android platform rose 3,325%.

Friends and family – A report by the U.S. Treasury Department’s Financial Crimes Enforcement Network found that in 27.5% of suspicious activity reports filed by depository institutions between 2003 and 2009, the identity theft victim knew the suspected thief, who was usually a family member, friend, acquaintance, or an employee working in the victim’s home.

Links to the cloud – A number of apps for mobile devices allow users to store their documents and data using cloud-based storage, the report states. Employers must evaluate whether the sites provide sufficient security if the employee plans to store company information using the apps.

Security breach – If you have a breach in security, it could expose your company to government enforcement actions, civil penalties and litigation. There are both federal and state-level statutes and regulations on the books that govern storage of personal information in addition to contractual obligations, which increasingly are including responsibilities to safeguard against data breaches and the consequences for failing to do so.

Behavior issues

There is another downside that has not been much discussed. In the 2011 National Business Ethics Survey, the Ethics Resource Center reported that active social networkers (employees who spend 30% or more of their work day participating on various social network sites) are more likely to believe that certain questionable behaviors are acceptable, such as:

  • “Friending” a client or customer.
  • Blogging or tweeting negatively about your company or colleagues.
  • Keeping a copy of confidential work documents in case they need them in their next jobs.
  • Taking a copy of work software home for use on their personal computers.

In addition:

  • Wage and hour implications can arise from using a mobile device to conduct work while off the clock.
  • Both state and federal laws require employers to reimburse employees for expenses that arise in the course of doing their jobs. Once employees are using their own devices it raises questions of whether the employer is required to reimburse for the cost of the device, the data plan and monthly phone bill.

Littler Mendelson includes in its report a slew of recommendations for employers. When drawing up policies on BYODs, the employer should:

  • Decide which employees should be permitted to participate in a BYOD program. You may want to exclude senior executives whose data is more likely to be relevant in litigation, research and development employees and sales staff, who may store client information on their devices.
  • Create policies that address off-the-clock work.
  • Staff should know that if they BYODs the company must be authorized to access their devices for record retention or litigation holds or investigations.
  • Before allowing employees to use dual-use devices to perform work, companies should obtain their written consent to monitor the device, remotely wipe the device, install security software and copy data if necessary.
  • Follow good security practices.
  • Create policy barring friends or family from using the device.
  • Create a policy limiting the use of cloud-based storage.
  • Address safety issues, including a prohibition using the device while driving.
  • Your policy should include consequences for non-compliance.

Workers’ Comp Audit Mistakes: What to Look For

calculate

No company owner wants to undergo a workers’ compensation audit, but they are a fact of life if you run a business and have employees.

Unfortunately, many audits don’t go smoothly and sometimes your insurer may make mistakes. Missouri-based Workers’ Compensation Consultants, which helps employers through the workers’ comp audit process, recently listed the 10 most common audit mistakes that insurance companies make.

The list highlights a common problem and how you can detect the mistakes to avoid being stuck with a massive audit bill. Insurance companies allow you to review the audit with your broker. If you notice that you have received an audit bill that is obviously overstated, you should contact us.

Here are the things to look for when reviewing an audit by your insurance company:

Wrong class code – Misapplication of job classifications occurs in many workers’ comp audits. With hundreds of job classes to choose from, mistakes can happen. Talk to us and review your old policies to see if any of your class codes have changed.

X-Mod is changed – After your insurer finishes the audit, it will use the information to calculate your premium. When that happens, it has to include your X-Mod to get the right rate. But sometimes the insurer may use an incorrect X-Mod. Check carefully.

Subcontractors are counted – Sometimes insurers will include subcontractors as employees, which results in a new audit bill to account for the additional “employees.” But if they are genuine subcontractors, they should not be counted. Often, uninsured contractors will be included as employees. Make sure to use insured contractors only.

Disappearing credits – Most policies will have some sort of premium credits or other modifiers. Sometimes during audits, the insurer will remove them when recalculating the premium they think you owe. Watch out for missing credits and other modifiers if you get an audit bill, like:

  • Premium discount
  • Schedule credits
  • Deductible credits
  • State-specific credits

 

Audit worksheets missing – If the auditor fails to provide you with audit worksheets, which are used do compile your payroll and other audit information, you should ask to check their work. They will provide you with the information you need to carry out such a check.

Your rates changed – The rates you are charged at the beginning of your policy period must remain the same for the entire policy period. If your base rates have changed, the insurer may have made a mistake. 

Separation of payroll – Depending on your industry, you may or may not be able to split your employees’ payroll between job classifications (like cabinet installers and sheetrock hangers). This is a pinch point when errors can occur. If the auditor says you are not allowed to split job classifications even though you have in the past, your audit may be in error.

Unexpected large premium due – If you get a significant bill for your insurance company after your audit, the auditor may have made mistakes, particularly if you know that your employment has remained relatively stable and you’ve had no significant claims, if any. If it seems out of whack, call us.

Payroll data doesn’t match – If there is a discrepancy between your payroll data and what you see on the audit, a mistake may have been made. Try to match the payroll on the audit with that generated from your accountant. If the insurer made a mistake, you could end up paying for phantom payroll numbers.

No physical audit – There are three types of audits:

  • Mail audit
  • Phone audit, and
  • Physical audit

 

The mail and phone audits are prone to errors, since neither you nor your staff likely have any experience in premium auditing. If you have a big bill after a mail or phone audit, mistakes could have been made.

Protect Outdoor Workers Against the Elements of Winter

If you have outdoor workers or staff that will have to venture out into the elements during an especially cold winter, you need to make sure you are taking the correct precautions to keep them safe.

If the conditions are extremely harsh, your workers are at heightened danger of injury, or worse. But even if you have employees who are outside for short periods, they can also suffer injuries if they are not prepared.

The many dangers of winter

Winter can bring with a number of dangers to your outdoor workers:

  • Cold or frigid temperatures
  • High winds
  • Damp air
  • Slippery surfaces
  • Contact with water
  • Frostbite
  • Hypothermia
  • Risk of strains, slips and falls
  • Dehydration
  • Decreased performance

OSHA has the following recommendations for protecting your workers:

Check the forecast – A supervisor should check the forecast for the next day before the end of the shift the day prior, to alert workers about any precautions they should take.

Appropriate clothing – Workers should have proper clothing suited for working in cold-weather conditions. Clothing from thermal underwear to gloves and jackets are the first line of defense against cold weather. Consider these tips for your employees:

  • Wear three layers of clothing. Start with insulating underwear – which traps perspiration – a middle layer that protects the body from precipitation, and an outer layer that allows ventilation and prevents overheating.
  • Cotton is not always a good choice. Wool, silk and some synthetic fabrics are better at keeping skin dry even when it’s raining or the worker is sweating.
  • Wear loose clothing. Tight clothing can trap moisture and lower body temperature.
  • Protect your extremities. That means head, hands and feet. Wear a warm cap or hat, insulating gloves and two pairs of socks and insulated shoes.
  • Carry an extra set of clothing in case something happens and a worker has to change.

Train workers – They should be trained on how to prevent and recognize cold-stress illnesses and injuries, and how to apply first aid treatment. Workers should be trained on the appropriate engineering controls, personal protective equipment and work practices to reduce the risk of cold stress.

Workers should be aware of their body signals – Teach your employees about the symptoms of frostbite, hypothermia and dehydration and report any symptoms they are experiencing to supervisors, who should know how to summon help and protect the worker.

The symptoms of hypothermia are:

Mild symptoms:

  • The worker may begin to shiver and stomp their feet in order to generate heat.

Moderate to severe symptoms:

  • As the body temperature continues to fall, symptoms will worsen and shivering will stop.
  • The worker may lose coordination and fumble with items in the hand, and become confused and disoriented.
  • They may be unable to walk or stand.
  • Dilated pupils.
  • Slowing pulse and breathing.
  • Loss of consciousness can occur.
The symptoms of frostbite are:
  • Reddened skin develops gray/white patches.
  • Numbness in the affected body part.
  • The affected part feels firm or hard.
  • Blisters may occur in the affected part, in severe cases.

Eat healthy, stay hydrated – Employers should stress the importance of a healthy diet to help workers power through harsh weather. They should be told to regularly drink warm water or warm sweetened fluids throughout the day.

Ask that they always eat breakfast before working outside, to give the body the fuel it needs. Also ask them to avoid excessive drinking the night before work.

Do You Have an Emergency Action Plan?

Evacuation plan macro

How would you escape from your workplace in an emergency? Do you know where all the exits are in case your first choice is too crowded? Are you sure the doors will be unlocked and the exit access, such as a hallway, will not be blocked during a fire, explosion or other crisis?

Knowing the answers to these questions could keep you safe during an emergency. And the answers should be readily available to all of your staff in your organization’s emergency action plan (EAP).

Almost every business is required under Occupational Safety and Health Administration standards to have an EAP. The purpose these plans is to facilitate and organize employer and employee actions during workplace emergencies.

Well-developed emergency plans and proper employee training (that helps workers understand their roles and responsibilities when executing the plan) will result in fewer and less severe employee injuries and less structural damage to the facility during emergencies.

A poorly prepared plan likely will lead to a disorganized evacuation or emergency response, resulting in confusion, injury and property damage.

Putting together a comprehensive EAP that deals with issues specific to your worksite is not difficult. It involves taking what you learn from conducting a workplace evaluation and describing how employees will respond to different types of emergencies, taking into account your worksite layout, structural features and emergency systems.

If you have 10 or fewer employees, you may communicate your plan orally. For firms with more than 10 employees, the plan must be written, kept in the workplace and available for employee review.

Although employers are required to have an EAP only when the applicable OSHA standard requires it, OSHA strongly recommends that all employers have an EAP.

Important elements

A few of the important elements of an EAP include:

  • Procedures for reporting fires and other emergencies.
  • Procedures for emergency evacuation, including the type of evacuation and exit route assignments.
  • Procedures for employees who stay behind to continue critical plant operations.
  • Procedures to account for all employees after evacuation.
  • Names or titles of employees to contact for detailed plan information.
  • Alarm system to alert workers.

In addition, designate and train employees to assist in a safe and orderly evacuation of other employees.

Review the EAP with each employee covered when:

  • The plan is developed or an employee is assigned to a new job,
  • Employees’ responsibilities under the plan change, or
  • You change the EAP.