Alert: New Law Creates COVID-19 Workers’ Comp Framework

outdoor workers

Governor Newsom has signed legislation that creates a new framework for COVID-19-related workers’ compensation claims.

SB 1159, which takes effect immediately, partly replaces an executive order that Newsom made on March 18 and which expired on July 5. That order required all employees working outside the home who contracted COVID-19 be eligible for workers’ compensation benefits.

The new law also creates a rebuttable presumption that all cases of COVID-19 among front-line workers be considered work-related for workers’ compensation purposes. Finally, the law creates a rebuttable presumption that a workers’ COVID-19 diagnosis is work-related when there was an outbreak in their workplace during the prior 14 days.

The new law is retroactive to July 6, the day after Newsom’s executive order expired, and is set to expire Jan. 1, 2023.

SB 1159’s presumption that an illness or death resulting from COVID-19 has arisen out of and in the course and scope of employment, can be disputed by the employer if they have:

  • Proof of measures they put in place to reduce the potential transmission of COVID-19 in the workplace,
  • Evidence of the employee’s non-occupational risks of contracting COVID-19,
  • Proof of statements made by the employee, or
  • Any other evidence normally used to dispute a work-related injury.

Employers with fewer than five employees are exempt under the statute.

The law also requires new reporting provisions to allow workers’ compensation claims adjusters to track cases to know when the presumption applies and requires a faster review of claims to accept or deny compensability than is typical.

SB 1159’s three parts

The first part codifies Newsom’s prior executive order that provided a rebuttable presumption of work-relatedness to all employees working outside of the home that contracted COVID-19.

The second provides a rebuttable presumption that front-line workers (like firefighters, law enforcement officers, health care workers, home care workers, and IHSS workers) who contract COVID-19, contracted it in the workplace.

The third creates a rebuttable presumption that worker’s COVID-19 diagnosis is work-related within 14 days of a company outbreak. Under SB 1159, an outbreak is defined as when four employees test positive at a specific place of employment with 100 or fewer employees and, for larger places of employment, when 4% of the employees test positive.

It’s also deemed a workplace outbreak if the employer had to shut down due to a coronavirus outbreak.

Reporting requirements

Under the new law, when an employer “knows or reasonably should know that an employee has tested positive for COVID-19,” they must report to the insurer the following information within three business days, via e-mail or fax:

  • The date the employee tested positive.
  • The address or addresses of the employee’s specific place(s) of employment during the 14-day period preceding the date of their positive test.
  • The highest number of employees who reported to work at the employee’s specific place of employment in the 45-day period preceding the last day the employee worked at each specific place of employment.

The Rossi Law Group has the following recommendations for employers in California:

  • Keep track of all locations each employee works at, the number of employees on each day at each location, as well as a log of those that test positive (including the date the specimen was collected).
  • If you are aware of any staff who have tested positive between July 6 and Sept. 17, you have 30 days after Sept. 17 to report the positive test to the administrator and include the same information as in the bullet points above.
  • You must also report to the administrator positive COVID-19 results for employees that are not filing claims. In that case, you must omit personal identifying information of the employee.
  • Provide any factual information to the administrator that could help rebut any claim of work-relatedness.

The law also has some teeth: Anyone who submits false or misleading information shall be subjected to a civil fine up to $10,000.

One last thing…

The governor also signed into law AB 685, which requires employers to report an outbreak to local public health officials. Employers must also report known cases to employees who may have been exposed to COVID-19 within one business day.

Cal/OSHA Requires Employers to Protect Workers from Wildfire Smoke

wildfire smoke

As wildfires continue raging throughout California, Cal/OSHA has issued a reminder to employers that they are required to protect their outdoor workers from smoke if the air quality index exceeds 151.

Cal/OSHA has extended an emergency regulation it put in place in August 2019 through January 2021 as it works on a permanent regulation on wildfire smoke protection for outdoor workers in California.

For the safety of your workers and to comply with the regulation, it’s important that you follow the regulations and know when you will need to take action to protect them from outdoor smoke.

The regulation applies when the Air Quality Index (AQI) for airborne Particulate Matter (PM) 2.5 microns (PM2.5) or smaller is 151 or greater in an area where employees are working outdoors. Here are the details of the regulation: 

Identification – When wildfire smoke affects a worksite, employers must monitor the air quality index (AQI) for PM2.5. Employers can monitor the AQI using the following websites:

Communication – Employers must implement a system for communicating wildfire smoke hazards in a form readily understandable by all affected employees, including provisions designed to encourage employees to inform the employer of wildfire smoke hazards without fear of reprisal.

Training and instruction – Employers with outdoor workers need to provide training that covers at least:

  • The health effects of wildfire smoke.
  • The right to obtain medical treatment without fear of reprisal.
  • How employees can obtain the current Air Quality Index (AQI) for PM2.5.
  • Possible actions they must take if the AQI exceeds 150 PM 2.5

Options for protecting workers – The regulation provides three ways employers can protect their workers:

  1. Modifications – If possible, employers should implement modifications to the workplace, to reduce exposure. Examples include providing enclosed structures or vehicles for employees to work in, where the air is filtered.
  2. Changes to procedures and schedules – Another option is to change work procedures or schedules. Examples include changing the location where employees work or reducing the amount of time they work outdoors or exposed to unfiltered outdoor air.
  3. Respiratory protection – Employers also have the option to provide proper respiratory protection equipment, such as disposable respirators, for voluntary use without fit-testing.

To filter out fine particles, respirators must be labeled N-95, N-99, N-100, R-95, P-95, P-99, or P-100, and must be labeled as approved by the US National Institute for Occupational Safety and Health.

If the AQI is above 300, fit-testing and a medical examination prior to use would be mandatory.

The takeaway

If you do have outside workers who are confronted with working in smoky conditions, you should start stockpiling two-week supply of N95 masks for all of your workers if you are unable to implement other controls to reduce their exposure.

Cal/OSHA is in the rule making process to make the emergency regulations permanent and has sent out public comment notices on the proposed regulation. We will continue monitoring the agency’s progress on the rules and update you when they have been completed.

New Law Adds Independent Contractor, Freelance Exemptions to AB 5

A new law has come to the rescue of a number of freelance professions by exempting them from the onerous requirements of AB 5, which required most independent contractors to be classified as employees in California.

Governor Gavin Newsom on Sept. 1 signed AB 2257 as an urgency measure, so that it took effect immediately after it passed unanimously in both houses of the state Legislature.

If you remember, AB 5 set a new standard for hiring independent contractors, requiring many to be reclassified as employees covered by minimum wage, overtime, workers’ compensation, unemployment and disability insurance. It created a three-pronged test that needs to be satisfied to determine if someone is an independent contractor or an employee.

To be independent contractors under AB 5’s “ABC test,” workers must (A) work independently, (B) do work that is different from what the business does, and (C) offer their work to other businesses or the public. All three conditions must be met.

It is prong B that’s problematic, as for example, a freelance writer working for a publication would not be doing something different than the business does. The law sets limits on the amount of income someone can receive while doing this kind of work before being considered an employee.

 

Exemptions under new law

AB 2257 preserves the ABC test for independent contractor classification but adds a number of exemptions from this test. Here are the professions now exempt from AB 5, meaning that they can be considered independent contractors and not have to be treated as employees under the law:

  • Youth sports coaches
  • Specialized performers
  • Home inspectors
  • Insurance industry field service contractors
  • Appraisers
  • Underwriting inspectors
  • Premium auditors
  • Risk management, or loss control specialists
  • Sports competition judges, umpires and referees
  • Graphic design
  • Web design
  • Tutoring
  • Consulting
  • Caddying
  • Wedding planning and event vending
  • Yard cleanup
  • Captioning, and
  • Interpreting and translating services.

AB 5 also has a freelancer exemption, which has been expanded by the new law to include:

  • Fine artists
  • Freelance writers
  • Translators
  • Editors and content contributors
  • Advisors, narrators, cartographers, producers and copy editors, and
  • Illustrators, and newspaper cartoonists working under written contracts.

AB 2257 also expands the “business-to-business” definition in AB 5 to cover a relationship between two or more sole proprietors.

Dealing with Violent Customers Who Refuse to Wear Masks

wearing a mask at work

As many states and municipalities have issued mandatory mask orders for businesses that are open to the public, operators like retailers and restaurants have been thrust into the front lines of reducing the spread of the virus by requiring customers to wear masks when on their premises.

This has led to confrontations that sometimes result in violence — and even in the deaths of some workers.

Due to the volatility of some of these confrontations, the Centers for Disease Control and Prevention has issued a guide for limiting workplace violence associated with COVID-19. The guidance recommends:

  • Offering customers options to minimize their contact with others and promote social distancing. These can include curbside pick-up; personal shoppers; home delivery for groceries, food and other services; and alternative shopping hours.
  • Posting signs that let customers know about policies for wearing masks, social distancing, and the maximum number of people allowed in a business facility.
  • Advertising COVID-19-related policies on your website.
  • Providing employee training on threat recognition, conflict resolution, non-violent response, and on any other relevant topics related to workplace violence response.
  • Putting in place steps to assess and respond to workplace violence. Response will depend on the severity of the violence and on the size and structure of the business. Possible responses may include reporting to a manager or supervisor on-duty, calling security or calling 911.
  • Remaining aware of and supporting employees and customers if a threatening or violent situation occurs.
  • Assigning two workers to work as a team to encourage COVID-19 prevention policies to be followed, if staffing permits.
  • Installing security systems (e.g., panic buttons, cameras, alarms) and training employees on how to use them.
  • Identifying a safe area for employees to go to if they feel they are in danger (e.g., a room that locks from the inside, has a second exit route, and has a phone or silent alarm).

Training on warning signs and response

Employee training on workplace violence typically covers definitions and types of violence, risk factors and warning signs for violence, prevention strategies, and ways to respond to threatening, potentially violent, or violent situations.

Warning signs — As part of training, employees often learn verbal and non-verbal cues that may be warning signs of possible violence. Verbal cues can include speaking loudly or swearing.

Non-verbal cues can include clenched fists, heavy breathing, a fixed stare and pacing. The more cues shown, the greater the risk of violence.

Response — During training, employees also learn how to appropriately respond to potentially violent or violent situations.

Responses range from paying attention to a person and maintaining non-threatening eye contact, to using supportive body language and avoiding threatening gestures, such as finger-pointing or crossed arms.

Consider implementing a “tap-out” system that allows an employee to make a signal for a supervisor or other employee to step in and the at-risk staff member to walk away.

Employee responsibilities guidelines

  1. Attend all employer-provided training on how to recognize, avoid and respond to potentially violent situations.
  2. Report perceived threats or acts of violence to your manager or supervisor, following any existing policies that may be in place.
  3. Remain aware of and support co-workers and customers if a threatening or violent situation occurs.
  4. Do not argue with a customer if they make threats or become violent. If needed, go to a safe area, (ideally, a room that locks from the inside, has a second exit route, and has a phone or silent alarm).
  5. Do not attempt to force anyone who appears upset or violent to follow COVID-19 prevention policies or other polices or practices related to COVID-19 (such as limits on the number of household or food products that can be bought).

Courts Rule COVID-19 Business Interruption Claims Invalid

business interruption

As second court has ruled that an insurer does not have to pay business interruption claims by businesses that saw their revenues run dry due to the COVID-19 pandemic, which will further make it difficult for business to successfully file such claims.

In the most recent case, a Superior Court judge in the District of Colombia in August ruled that an insurer is not obligated to pay business interruption claims of the owner of several restaurants after the mayor ordered all restaurants to close in response to the coronavirus. The judge ruled that in order for the business interruption claims to be valid there must have been physical loss or damage and that the plaintiffs failed to prove any they suffered any such losses.

The ruling comes on the heels of a Michigan state court decision in July that also sided with Michigan Insurance Company in a case brought by the owner of two restaurants whose $650,000 business interruption claim the insurer had denied.

These two cases are closely following the wording of typical business property policies that also include business interruption coverage caused by physical damage.

In the D.C. case, there were several plaintiffs: Lead plaintiff Rose 1 LLC, which is owned by chef Aaron Silverman, and which operates a number of upscale restaurants including Rose’s Luxury, Elaine’s One, Pineapple and Pearl’s and Little Pearl. Other plaintiffs included Buttercream Bakeshop, Karma Modern Indian, El Cucho, Bar Charley, La Vie and Beuchert’s Saloon.

Mayor Muriel Bowser had issued orders on banning indoor dining, for residents to shelter at home and for all non-essential businesses to close. The restaurants filed claims on their commercial property policy with Eire Insurance Company, which included coverage for loss of income and/or rental income from a partial or total interruption of business that results directly from loss or damage to the insured property.

The restaurants after the claim was rejected, arguing that the loss of use of their restaurants was a direct physical loss because the closures were the direct result of the mayor’s orders.

The plaintiffs argued that the losses were physical because the coronavirus is “material” and “tangible.” But, the judge pointed out that the plaintiffs failed to show that the virus was present in their properties and that the mayor’s orders did not materially or tangibly affect the restaurants.

Business interruption cover

Business law attorneys say business around the country have filed hundreds of coronavirus-related business interruption lawsuits after seeing their claims rejected. The issue mainly comes down to policy wording.

Most business property policies also cover business interruption claims, but policies usually specify that there must be physical damage to property. The policies are typically tapped to losses resulting from damage to a business caused by a natural catastrophe. Additionally, most business interruption portions of policies explicitly exclude pandemic.

Most policies require there to be some type of direct physical loss or damage to either your premises or some part of your supply chain in order to trigger business interruption coverage. Without that trigger, insurers would likely argue that a virus in your facility is not physical loss or damage.

But these are early days in the litigation front as more cases are decided and appealed, we should have a clearer picture of COVID-19 business interruption coverage.

More Employers Ask Workers to Sign COVID-19 Waivers, but They May Not Be Legal

sign waiver

As lawsuits against employers continue rising amid the coronavirus pandemic, some businesses are requiring workers to sign waivers absolving them of liability and responsibility should they contract the virus.

Eight percent of executives surveyed by law firm Blank Rome said they would require that their workers sign waivers of liability before returning to the workplace.

While employers are trying to protect themselves from a liability that didn’t even exist a year ago, some human resources legal experts have expressed concerns that they may not be necessary ― and may be unenforceable.

The moves come as employers are wrestling with numerous risks that the pandemic has wrought, and with the U.S. Senate having proposed legislation that would limit the liability of employers for workers who become sick during the pandemic. A number of states have also enacted laws or emergency regulations that make it harder for employees to sue employers for negligence over COVID-19.

COVID-19-spurred employee lawsuits have mostly centered on employers not providing the proper protections for workers, discrimination or for being laid off for refusing to come to work.

Legal experts caution that employers cannot require workers to waive rights they may have, such as access to workers’ compensation benefits or the right to file a complaint with OSHA.

They also say that some employers may consider waivers as a green light to not take precautions against COVID-19, but in such cases the waivers would likely not be legal.

If a worker claims they caught COVID-19 at work and the facts back that up, they would likely have access to workers’ compensation benefits (some states even require it). But if the employer was negligent, the employee could have further legal avenues to pursue besides workers’ compensation, rights that cannot legally be waived, lawyers say.

So even if an employee were to sign a document waiving their right to file a complaint if they feel their employer is being negligent, they may still have recourse.

Requiring workers to sign waivers could present a number of legal issues, according to the law website <i>nolo.com</i>, including:

  • Courts in some states are reluctant to enforce liability waivers in the workplace because of the superior bargaining power of employers over their staff.
  • Workplace morale could suffer if your employees think you are placing your own economic interests above workplace safety.
  • Any waiver employees sign would not protect your firm from lawsuits filed by their families should they contract COVID-19 if staff are infected at work.
  • A waiver might be unnecessary in states that have passed laws granting immunity to employers for claims made by workers infected with the virus.

Another option

While employees who refuse to sign a waiver of their company’s liability may have grounds to challenge their employer, some liability lawyers say that employers instead of a waiver can ask their staff to sign a social contract that requires:

  • The employer to follow Centers for Disease Control and Prevention guidelines and take all necessary precautions to prevent the spread of COVID-19 at work, and
  • The workers to comply with their employer’s requirements on mandates on wearing masks, social distancing and not coming to work if they have symptoms or of they think they have been exposed to someone with COVID-19.

This type of agreement won’t protect an employer from a lawsuit, but it does spell out that they are following authorities’ recommendation for protecting employees.

While employees who refuse to sign a waiver of their company’s liability could have grounds to sue, those who sign this type of acknowledgement of new workplace rules and government guidance are less likely to be successful if they are fired for not signing. This is because the acknowledgement is not forcing them to give up any of their rights and is rather for their and their co-workers’ protection.

These social contracts also would provide workers with a list of their responsibilities when working during the COVID-19 pandemic, and outline what their employer is doing to protect them.

Commercial Property Insurance Rates Rise as Risks Grow

commercial insurance rates

Commercial property insurance rates are on the rise across the country as insurers continue wrestling with the toll of increasing natural disasters, rising social unrest around the world (including the U.S.) and the COVID-19 pandemic.

Additionally, insurance companies have become more stringent in their underwriting by restricting some coverages and excluding risks that may have been covered in the past.

The rate increases and stricter underwriting are not a function of the COVID-19 pandemic, as rates have been on the rise over the last two years as other risks and claims payouts have grown, but the outbreak has added more pressure to rates.

According to a report in the trade publication Business Insurance, brokers are reporting average property insurance rate increases of 20% for policies that renewed on July 1, 2020. But rate increases are even higher for commercial enterprises that have certain types of occupancies, large and complex sets of risks, a history of losses or natural catastrophe exposure (hurricanes, tornadoes and wildfires, for example), the report states.

As mentioned, insurers have also taken various steps to restrict coverage, including:

  • More strike, riot and civil commotion exclusions (this coverage was common in most commercial property policies).
  • More stringent communicable disease exclusions for business interruption coverage (while most business interruption coverage on property policies excluded pandemic risks, a small portion of policies did not).
  • Reduced coverage for business interruption claims that don’t include physical damage to the business.
  • Reduced limits.
  • Higher deductibles.

Civil disturbance coverage

The recent riots and protests that erupted across the country also caused widespread insured damage as many stores and businesses were looted, set on fire or vandalized.

Coverage of riots and civil disturbances is a standard part of most property policies, and insurance experts estimate the insured damages could surpass $10 billion as the rioting was not just limited to one city.

There had never previously been a civil disturbance event of this magnitude in the U.S. and insurers had not priced the likelihood of it happening across the nation at one time.

Globally, insurers have started introducing exclusions and raising rates after large-scale protests and civil unrest mushroomed in Hong Kong and Chile last year, causing widespread economic damage and disruption

The scale of damage in the U.S. from our own civil unrest has pushed a handful insurers to start restricting or removing coverage for strikes, riots and civil commotion. The change is not industrywide.

Policy and rate changes for this coverage are also based on geography, as the risks of civil disturbances are greater in cities than in suburbs and smaller municipalities and towns.

Businesses can also take steps to mitigate risks, such as installing video cameras for security, as well as burglar alarms and other measures to reduce their premiums.

COVID-19

Terms and conditions are also being tightened due to the COVID-19 outbreak, after a number of insurers were sued for not paying business interruption claims on the grounds that there must be physical damage to the property.

As a result, many insurers introduced more explicit wording to make their infectious disease exclusion “bulletproof,” as one broker told Business Insurance.

Catastrophe exposure

In addition, insurance companies are looking at how much exposure they have to natural catastrophes, and are hence scaling back coverage or pulling out of some markets. They are looking at markets that have exposure to:

  • Hurricanes,
  • Earthquakes,
  • Wildfires,
  • Floods,
  • Storms

For example, in California a number of commercial and personal property insurers are restricting the number of policies they will write in areas that are at risk from wildfire. Some are also requiring that property owners create buffer areas around their buildings to reduce the chances of them catching fire during an event.

The takeaway

As a business property insured, you will want to do all you can to make your organization as insurable as possible in order to enjoy the best rates. That means taking measures to mitigate risks and following insurers’ recommendations.

That could include installing security cameras and alarms, as well as sprinklers and other fire prevention systems. If your business is exposed to a regular natural catastrophe, you should also take steps to reduce the chances of your property being damage or destroyed.

Five Steps for Protecting the Data of Your Firm, Customers and Employees

cybersecurity

In this era of connectedness, increased telecommuting, smartphones that keep staff connected to the office and cyber criminals constantly waging attacks on businesses, you need to do all you can to protect your firm’s, employees’ and customers’ data.

It’s a heavy lift to try to set up protocols for the various areas where hackers and bots can infiltrate your company’s database, and for a small company the task could be overwhelming. But if you approach your cyber security by focusing on the main pinch points — your greatest vulnerabilities — you can put together a coherent and effect cyber defense.

You can divide your focus among five distinct areas and create clear initiatives for each:

Physical space

The first vulnerability is your office and your network hardware, where even a small oversight can lead to significant losses in hardware and data. Strong security controls of physical environments are a critical foundation for your business.

What you can do: Always lock your network closet or room and other sensitive locations. Use high-security locks and numbered, physical keys with restrictions on duplication. If it makes sense for your business, install video surveillance at entrances and exits. Don’t trust your memory — maintain a device and computer inventory.

People

Numerous people encounter your firm’s data, including full- and part-time employees, contractors, interns and clients. Anyone who has access to business devices, spaces and apps is vulnerable to unwittingly giving away information.

What you can do: Call us to confirm that your cyber liability insurance reflects your actual risks and that you have the correct coverage and riders you may need. You should conduct security-awareness for your staff (and new hires) regularly to show them what you expect in terms of protecting your company’s data. This can include theft prevention and minimizing data leakage, to protecting sensitive data and what to do in the event of a suspected breach.

Also, train them how to detect social-engineering hacking scams. Cover how these scams work by trying to trick your staff into clicking on links in e-mails that contained phishing, malware or ransomware. They should look for spoofed names or e-mail addresses in the e-mails which will often ask employee for passwords or to click on an attachment.

Apps

Applications may be cloud-based or stored on devices. While it can be challenging to manage the many apps people use on their devices, there are best practices for keeping data away from the people who want to use it against you.

What you can do: Ensure that all apps that your staff use on company-issued phones use two-factor authentication (and strongly urge them to follow this practice if they are using their own devices for work). Restrict app permissions to only the few people who should really have it. Also set the apps to automatically update, so as to ensure you are always using the software with the latest security patches.

Finally, enable security notifications so that suspicious activity, such as adding a new user without approval, doesn’t go unnoticed.

Mobile devices

Smartphones and tablets hold most — if not all — of your most sensitive data. Working remotely is gaining popularity, and with that comes a responsibility to learn how to treat your devices like the highly valuable possessions they are.

What you can do: Enable remote wipe and location tracking on your employees’ tablets and smartphones in case of the devices being lost or stolen. Do not use public Wi-Fi. Your employees should only use trusted Wi-Fi, VPN or their mobile hotspot.

Require a password, PIN or biometrics to unlock phones. And, because there will be sensitive documents and e-mail on your employees’ devices, be sure they have enabled local data encryption. Double-check this, as not all devices will have it turned on by default.

Networks

Your network is at the heart of your company’s connectivity and operations. It connects to all of your company’s devices and apps, as well as to the internet. This is the gateway to your business, so it should be regularly maintained and kept secure.

What you can do: For the visitors and vendors who occasionally need to use your network or internet connection, create separate guest and private networks. Do a little research or ask a trusted IT expert and use the latest Wi-Fi encryption standards.

Finally, so much of network security is about management. Know which employee has what equipment by logging and auditing access to devices. Don’t wait for disaster to strike; proactively monitor, manage, update and secure devices, along with creating strong passwords.

Getting started

If you are a small business, all of the above is likely overwhelming, but if you put together smart processes and planning you can reduce your risks, such as:

  • Having processes in place for handing out equipment (keys, laptops, mobile devices) when hiring, and how to handle technology during terminations.
  • Planning and holding scheduled cybersecurity training.
  • Using a password management tool for all of your staff.
  • Calling us about cyber insurance.

New Telecommuter Class Code in the Works

telecommuters

Due to the COVID-19 pandemic, California’s workers’ compensation rating agency plans to implement a new class code for telecommuting employees on Jan. 1, 2021.

The Workers’ Compensation Insurance Rating Bureau of California started work on the new classification after swaths of companies ordered employees that could work remotely to start working at home after the state and local governments issued stay-at-home orders to contain the spread of the coronavirus.

The new code for telecommuting workers will be 8871. Under a prior emergency rule, the Rating Bureau had recommended that employees who were thrust into telecommuting because of the COVID-19 outbreak be assigned the 8810 “Clerical Administration Employee” code.

This is a major change in the class code structure and will affect employers throughout the state, so it’s important that you prepare for it if you have staff working from home.

While the telecommuting code will be new to California, a similar code ― 8871 “Clerical Telecommuter Employees” ― has already been in use for a few years in a number of other states where the National Council on Compensation Insurance serves as the rating bureau.

To qualify for that class code, an employee must spend “more than 50% of their time performing clerical duties from a clerical work area located within their home.”

Additionally, the NCCI released an advisory in March 2020 that employers should start reporting class code 8871 for employees who have been asked to work from home due to the pandemic.

The specifics

Up until now, in California, telecommuting employees whose duties meet the definition of clerical employees in the California Workers’ Compensation Uniform Statistical Reporting Plan have been assigned class code 8810 “Clerical Office Employees,” or their employer’s standard classification if that classification specifically includes clerical office employees.

The Rating Bureau has proposed that class code 8871 be the code for clerical employees who work more than 50% of their time at their home or other office space that is not on the employer’s premises. This will help the Bureau track accident and injury rates for telecommuting employees, and it will align California’s class code system with those of a majority of states (the NCCI is the rating bureau in 38 states).

As mentioned, the class code will be used only if the class code for the employer does not include clerical employees. Currently there are 41 class codes that include clerical staff. There are also two codes that specifically exclude them.

If a company includes all of its staff in the same code, any clerical staff on its payroll are not assigned the 8810 Clerical Employee class code and are instead assigned the code for the company as a whole.

For the sake of continuity, the Rating Bureau has recommended that those 43 class codes be amended to specifically include or exclude clerical telecommuting staff.

What you should do

If you have staff on your payroll who are telecommuting, you should start preparing your accounting or bookkeeping software to add in this code for when your policy comes due in 2021. Starting work on this now can help your insurer more accurately price your future policies, or when they decide to audit your payroll.

Conversely, you should not attempt to change the class code for your currently telecommuting employees now or at any time before Jan. 1, 2021, as the final rules have not yet been written, approved or promulgated. They also need to be approved by the state insurance commissioner.

The Rating Bureau plans to apply the rate for the class code for clerical employees to the new class code for the first few years and until it can gather enough data to set a unique rate for the code. That could take a number of years, as the Bureau typically uses a window of the past three years of claims experience and costs when setting class code rates.

Attacks on Cloud Services Grow Amid Telecommuting Boom

cloud

As more of America’s workers were asked to work from home due to the COVID-19 pandemic, cyber criminals jumped at the opportunity to take advantage, it seems.

Remote work means work being handled on the cloud as employees share files and need a convenient way to access them.

But cyber criminals are banking on workers letting down their guards when they work from home, so it’s no surprise that while cloud service usage among enterprises jumped 50% between January and April, external attacks on cloud accounts boomed 630% in the same period.

Also, hackers and other cyber scammers orchestrated systematic attacks on collaboration tools like Cisco WebEx, Zoom, Microsoft Teams and Slack, according to the “Cloud Adoption & Risk Report ― Work from Home Edition” report by McAfee.

The risk to enterprises cannot be overstated as criminals try to take advantage of the sudden shift to telecommuting by thousands and thousands of organizations as they try to cope with the COVID-19 pandemic and continue operating during stay-at-home orders.

Employees are your organization’s first line of defense. You can protect your company by encouraging personnel to be skeptical of e-mail from unfamiliar sources.

Training your staff

Before the COVID-19 crisis, PricewaterhouseCoopers simulated a phishing attack on mid- to large-size financial institutions, finding that:

  • 70% of phishing e-mails were delivered to their targets, and
  • 7% of recipients clicked on the malicious link.

The danger with phishing and ransomware attacks is that it only takes on click, one missing endpoint agent, one failed alert, one unsuspecting employee, and the criminals can take control of your network and your cloud files.

Many of these attacks come in the form of what’s now called “social engineering attacks.” PwC recommends coaching all of your employees to take the following precautions, particularly on their mobile devices:

  • Be skeptical of e-mails from unknown senders, or from familiar people (like your company’s CEO or your doctor) who do not usually communicate directly with you.
  • Don’t click on links or open attachments from those senders.
  • Don’t forward suspicious e-mails to co-workers.
  • Examine the sender’s e-mail address to ensure it’s from a true account. Hover over the link to expose the associated web addresses in the “to” and “from” fields; look for slight character changes that make e-mail addresses appear visually accurate — a .com domain where it should be .gov, for example.
  • Grammatical errors in the text of the e-mail are usually a sure sign of fraud.
  • Report suspicious e-mails to the IT or security department.
  • Install the corporate-approved anti-phishing filter on browsers and e-mails.
  • Use the corporate-approved anti-virus software to scan attachments.
  • Never donate to charities via links included in an e-mail; instead, go directly to the charity website to donate.

Cyber insurance

Cyber insurance is designed to protect your company by insuring you for network security issues, privacy, interruption to your business, media liability, and errors and omissions.

For phishing, ransomware and other cyber attacks, the network security and business interruption portion of the policy would mainly come into play.

Network security coverage — This includes first party costs. That is, expenses that you incur directly as a result of a cyber incident, including:

  • Legal expenses
  • IT forensics
  • Negotiation and payment of a ransomware demand
  • Data restoration
  • Breach notification to consumers
  • Setting up a call center
  • Public relations expertise
  • Credit and identity monitoring

Business interruption — When your network, or the network of a provider that you rely on to operate, goes down due to an incident, you can recover lost profits, fixed expenses and extra costs incurred during the time your business was impacted. This includes loss arising from:

  • Security failures, like a third party hack.
  • System failure, such as a failed software patch or human error.