Let’s face it, the past several months have been rough on everyone. COVID-19 has radically disrupted our everyday lives, changed the way we do business and drastically increased the number of times we all say “strange” and “unprecedented.” One group that’s been thriving in the COVID-19 world, however, are Cyber Criminals. With the rush to implement “work from home” protocols, security has by and large taken a back seat to operational survival and Cyber Criminals have positioned themselves well to take advantage of this new reality. Poorly configured remote desktops, home “Wi-Fi” networks, a host of new applications and employees forced into the strange new land of remote working all add up to a perfect Cyber Storm. Luckily it’s not all gloom and doom and there are things you can do to help make your firm more resilient to Cyber Attacks.

As we take a closer look at Cyber Risk, it is helpful to consider two questions when thinking about these threats:

  • Do you have a Cyber Incident Response plan?
  • Will you survive a Cyber Attack?

Our friends Mike and Ben will make cameos later on to illustrate the importance of these two questions when determining your firm’s resilience in the face of Cyber Threats.

A good place to start is by examining “What’s at Risk” for your firm. Typically this can be broken down into three categories: Data, Disruption and Dollars.

Data

a) Corporate Data: Every law firm is different, which means the type and volume of information will vary greatly from firm to firm. Personal Injury attorneys may have sensitive health information and medical records, M&A attorneys may have sensitive deal information, real estate and trust attorneys may have sensitive financial information in their files, etc. Think about the information your firm collects, stores and processes.

b) Employee Data: Regardless of what type of law you practice, every firm has employees. Think about all the information you take in when onboarding an employee: Name, Address, Phone Number, Social Security Number, Bank Account information for Direct Deposit, background checks, etc. As an employer it is your legal responsibility to protect this information.

c) Data in Transit: Data is at Risk while it is on your firm’s computers, while it is in transit (faxes, emails, texts) and finally, when it resides on a third party’s network. Many organizations believe that by utilizing a third party to store information they are absolving themselves of all responsibility for what happens after the transfer. However, the truth is much more complicated. Data Privacy Law states that the owner and/or collector of information maintains responsibility for that data, and the liability cannot be transferred via contract.

Disruption

While the bulk of the discussion regarding Cyber Risk has historically focused around Data Breaches, (with good reason: they’re dangerous and tremendously expensive to deal with) the mass proliferation of Ransomware has now catapulted Business Disruption to the top of the list for concerned firms across the world.

Dollars

Pretty straightforward. Cybercriminals are after your money AND your clients’ money.

____________________

Now that we’ve identified “What’s at Risk” for your law firm, let’s dive into “How Breaches Occur.” There are three main Cyber Threat Vectors: Outside Attackers, Insider Threats and Third Party Incidents.

Outside Attackers

Hackers. Typically depicted in a hoodie and gloves in a dark room (not ideal for typing), Hackers deploy malicious software, commonly referred to as “Malware,” in order to corrupt legitimate computer code for the hackers’ own purposes. A few different types of outside attacks are:

a) Ransomware: Ransomware is a specific type of malware that is designed to encrypt key files and/or systems, with an accompanying ransom demand in order to provide the decryption key. The newest and most costly form of Ransomware in the Cyber world today is called “Maze” Ransomware. A new twist on Ransomware, the group behind Maze, exfiltrates sensitive information, publishes the name of your firm online, then demands a ransom payment which (supposedly) guarantees that the Cyber Criminals will not publish all of your sensitive information online.

b) Keyloggers: Keyloggers are a type of Ransomware that when downloaded (via an errant click on a website, email attachment, etc.) quite literally logs the key strokes of your computer as you type. Keyloggers are typically used to pick up usernames and passwords which can then be used across various networks to inflict harm.

c) DDoS: Distributed Denial of Service attacks are brute force attacks designed to overwhelm a target with a flood of requests. Cyber criminals compromise and harness the power of various internet connected devices (computers, copiers, security systems, baby monitors, refrigerators, microwaves, etc. and yes, we’re serious about refrigerators), then direct that computing power at a single target, flooding the victims with billions or potentially trillions of requests per second until the targeted organization is completely overwhelmed and shut down.

d) Business Email Compromise: Business email compromise is exactly what it sounds like. A hacker gains access to your email or a vendor’s email and utilizes that email to fraudulently induce various parties to transfer money or sensitive information.

Insider Threats

As we’ve found, not all attacks come from the outside. Employees are also a large driver of Cyber Losses.

a) Malicious or Disgruntled Employees: One of the best examples of the damage a malicious insider can cause comes from a professional services firm in the UK. The story goes like this: Firm hires a new employee to perform data entry and data integration, employee works from 9-5pm and at 5pm leaves work and brings all their data from work home with them to their significant other who is a hacker, said hacker uses this information to commit wide scale insurance fraud.

b) Careless employees and Honest Mistakes: Phishing and Social Engineering attacks are designed to trick employees into disclosing sensitive information, transferring money to a bad actor or clicking on a link or attachment that provides the entry point for a malware payload. Lost and compromised devices such as laptops and mobile phones have also proven to cause huge losses to a variety of organizations and some Cyber Insurance carriers contain exclusions for the losses arising out of lost devices that are unencrypted.

Third Party Incidents

Everyone has had the story of the Target breach beaten repeatedly into their head at this point, but for a quick recap: a third-party contractor that did business with Target was compromised by a bad actor. The bad actor then used the third-party contractor as an entry point to infiltrate Target’s systems, ultimately resulting in the massive theft of credit card information belonging to Target’s customers and enormous financial losses for Target itself. While the chances are your firm is not the size of Target, it is helpful to use this example as a lens through which to view the third-party “Hub and Spoke” security issue. Think of your firm as the “Hub” in this scenario, with all the third party vendors you use every day as the “Spokes.” Your firm is doing a great job with cybersecurity due diligence and purchases Cyber insurance. In essence, the “Hub” is protected. Are all of your “spokes” (cloud providers, billing services, credit card processors, software vendors) protecting themselves the same way? How are you validating or contractually mandating them to do so?

____________________

Solutions:  Cybersecurity + Cyber Insurance = Cyber Resilience

Finally some good news. While the Cyber world can be a scary place, the good news is there are actions you can take to help prepare your firm for Cyber Incidents.

Cybersecurity

There are a TREMENDOUS number of Cybersecurity solutions out there, so many, in fact, that sometimes we’re tempted to throw our hands up and say “Where do I even start?” While this is by no means an exhaustive list, these are some of the easiest to implement and effective steps your firm can take right now to harden your firm’s Cyber Risk posture:

  1. Firewalls and Anti-Virus Software: Will this prevent your firm from being compromised? Not necessarily. Does it help protect you? Yes. Think about this from the analogy of a burglar looking to rob a house. The firewall or anti-virus is a fence around the property. Does a fence prevent every burglary? Absolutely not. Does it make it a little bit harder? Yes.
  2. Strong Passwords and Password Management: Everyone reading this probably just rolled their eyes, but the bottom line is that a huge number of Cyber Incidents could be thwarted by stronger passwords and password management. There are a ton of good vendors out there that can help!
  3. Back-Ups: Make sure you are backing up your information. There are a variety of different ways to do this and a proper discussion of back-ups would require an article unto itself. Oftentimes folks are lulled into a false sense of security because “everything is backed up” only to find their back-ups have been compromised or they haven’t tested them in 10 years. The bottom line, however, is that back-ups are important. Make sure you back up your data in one way or another.
  4. Employee Training: The vast majority of Cyber Incidents involve the human element at some point in the process. Training employees to be on the lookout for suspicious emails or behavior within the company will go a long way in creating a company culture that takes Cyber Risk seriously.
  5. Multi-Factor Authentication: Enabling multi-factor authentication (using two or more pieces of information to validate a user) is an incredibly simple way to harden your defenses. The leader of the Cyber Practice at a large Insurer recently shared that about 1/3 of their recent claims could be prevented by properly implementing Multi-Factor Authentication.
  6. Patching: Remember all of those little notifications that pop up and tell you that an update is available? Those are important! It means that someone found a vulnerability AND they also found a way to patch that vulnerability.
  7. Constant Testing and Updating: Once you’ve established cybersecurity protections, back-ups, incident response plans, etc. make sure you test them!

Cyber Insurance

A lot has changed in the Insurance world over the past 5-10 years and nowhere is that more evident than in the world of Cyber Insurance. Before we get into the specifics of Cyber Insurance, let’s understand what Cyber Insurance is at a high level:

Cyber Insurance is a risk transfer mechanism that shifts the financial burden of a Cyber Incident from an organization to an Insurer.

Okay, that sounds nice but what does it do?

First Party Coverage

  1. Cyber Incident Response: Carriers have partnered with a wide-variety of law firms, forensics teams and PR experts to provide immediate and effective response to a Cyber Incident. The Incident Response portion of a Cyber Policy provides access to and funding for:

    a) Data Breach Coach: A law firm specializing in responding to Cyber Incidents.
    b) Forensics Teams: Your “boots on the ground.” These folks will determine: What happened? Is it still happening? What do we do now?
    c) Notification Costs: Do we have to notify anyone? If so: Who? How? When? What will be our message? The “Where” is also crucial, as there are currently 50 different state guidelines for data breach notifications and the laws apply to the affected individual rather than the affected organization, so you could have one breach that triggers multiple state reporting guidelines.

  2. Extortion/Ransomware Coverage: Provides coverage for Ransom payments and expenses arising out of a Ransomware threat.
  3. Digital Data Recovery: Covers the cost to restore, replace, recreate, re-collect or recover Digital Data from records that have been corrupted, stolen or destroyed.
  4. Business Interruption: Covers loss of Income (net profit before taxes) and extra expenses that a business suffers to an interruption or degradation in service cause by a Cyber Incident. Note: Business Interruption due to Cyber Incidents is now widely excluded under traditional Insurance Policies.
  5. Cyber Crime: Theft of funds or securities is technically covered under Crime Insurance, however there is a clear overlap between Cyber and Crime in this case. It is crucial to understand how your Cyber and Crime coverages interact to ensure that you are covered for a Cyber Crime loss.

Third Party Coverage

  1. Privacy/Network Security Liability: Covers defense and settlements for third party liability claims arising out of:
    a) Actual/alleged failure of Network Security
    b) Actual/alleged failure to protect Personal, Protected or Confidential Info
    c) Actual/alleged failure to prevent the transmission of malicious computer code
  2. Regulatory Proceedings: With the ever-expanding list of Data and Privacy Regulations (HIPAA, CCPA, BIPA, GDPR to name a few), coverage for regulatory actions and investigations has never been more important.
  3. Payment Card Industry (PCI) Fines and Penalties: Coverage for losses which an organization is legally obligated to pay as a result of the insured actual or alleged failure of Network Security or failure to properly handle, protect, dispose of Payment Card Data.
  4. Media Liability: Coverage from claims pertaining to an organization’s display of Media Content on their website, in printed material or Media content posted by or on behalf of an organization on any social media site.

Benjamin Franklin and Mike Tyson: Cyber Experts

“Failing to plan is planning to fail” – Benjamin Franklin

“Everyone has a plan until they get punched in the mouth” – Mike Tyson

Although these two probably didn’t have a tremendous amount in common, we have brought them together here because their sage words help frame the approach your firm should take to Cyber Risk.

Make a plan! Fortify your defenses with cybersecurity best practices, develop an internal response plan for a Cyber Incident, and transfer the financial cost of an Incident to an insurer who will also bring in an external Cyber SWAT team to get you back up and running ASAP.

Test your plan! Plans look nice on paper, but as our friend Mike reminds us, when things get real, plans tend to go out the window. Make sure you test your plan and everyone involved knows their roles and responsibilities.

The Cyber World can be a scary place but there are lots of ways to help make it safer for your firm. The worst thing you can do is to do nothing; take action today. And if you ever find yourself overwhelmed or scared, just imagine Ben Franklin and Mike Tyson talking you through all of this… That should help!

____________________________________________________________________________

Written By: Adam Abresch | Acrisure National Cyber Risk Practice Leader

As the Cyber Risk Practice Leader at Acrisure, (parent company of AHERN), Adam is responsible for designing custom Cyber, Crime and Technology solutions for Acrisure clients across the globe. Adam is also a guest lecturer at Fordham University, Hofstra University and leads Cyber Liability education for over 250 Acrisure Partner Agencies throughout the country.

Adam is a frequent speaker and thought leader on Cyber Risk, including featured presentations at NetDiligence, the Professional Liability Underwriters Society (PLUS) Cyber Conference and the New Jersey and New York City Bar Associations. A proud Tarheel, Adam graduated from the University of North Carolina at Chapel Hill and maintains a Certified Insurance Counselor (CIC) designation, Cyber COPE Insurance Certification (CCIC) from Carnegie Mellon/ Chubb and was the recipient of NetDiligence’s 2019 Toby Merrill Rising Star Award.

____________________________________________________________________________

Substantial portions of this work appeared in the November 2020 issue of Orange County Lawyer magazine (Page 40). The views expressed herein are those of the Author(s). They do not necessarily represent the views of the Orange County Lawyer magazine, the Orange County Bar Association, The Orange County Bar Association Charitable Fund, or their staffs, contributors, or advertisers. All legal and other issues must be independently researched. Reprinted with permission.

Since the onset of the COVID-19 pandemic, companies across the globe have been working to develop a COVID-19 vaccine. As the pandemic continues on and vaccine clinical trials progress, there may be a possibility of a COVID-19 vaccine being approved for use in the foreseeable future.

The prospect of a vaccine is exciting to most, but also presents challenges for employers. Employers may be considering whether vaccination will be encouraged or mandated.

Employers must navigate the inherent legal risks and logistics of mandating or encouraging employees to receive the COVID-19 vaccine. To do so, employers should seek legal counsel to discuss which course of action is best for their organization. This article provides a general informational overview of considerations for employers.

Governmental Guidance

The Equal Employment Opportunity Commission (EEOC) and OSHA have both issued guidance on vaccines in the employment context in the past, but make no specific mention of a COVID-19 vaccine.

OSHA Guidance

Per OSHA, employers can require employees to receive vaccinations for influenza, providing they properly inform employees of “the benefits of vaccinations.” In addition, OSHA states that employees can refuse a vaccination due to a reasonable belief that they have an underlying medical condition that creates a real danger of serious illness or death, and that they “may be protected under Section 11(c) of the Occupational Health and Safety Act of 1970 pertaining to whistleblower rights.”

EEOC Guidance

The EEOC, which enforces the Americans with Disabilities Act (ADA) and Title VII of the Civil Rights Act of 1964 (Title VII), has also issued guidance regarding vaccines in the employment context. Specifically, in March 2020, the EEOC addressed whether employers covered by the ADA and Title VII can compel employees to receive the influenza vaccine. In this guidance, it was noted that there was not a COVID-19 vaccine yet.

Additionally, the EEOC explained that an employee may be entitled to an exemption from a mandatory vaccine based on a disability that prevents the employee from taking the vaccine. This would be considered a reasonable accommodation, and the employer would be required to grant the accommodation, unless it creates an undue hardship for the employer. The ADA defines an undue hardship as an action requiring significant difficulty or expense when considered in light of factors such as an employer’s size, financial resources, and the nature and structure of its operation.

The EEOC also states that, under Title VII, employees with sincerely held religious beliefs may be entitled to an exemption from a mandatory vaccination, which is considered a reasonable accommodation, unless it creates an undue hardship for the employer. Note that undue hardship under Title VII is defined as a “request that results in more than a de minimis cost to the operation of the employer’s business.” This is a much lower standard than under the ADA.

As such, these exemptions and the discrimination risk posed by mandating employees to receive any vaccine—including a COVID-19 vaccine when and if it becomes available—have led the EEOC to advise employers to simply encourage vaccination rather than mandating it.

Employer Considerations

There are a host of considerations employers need to review before coming to a decision on whether to encourage or require employees to receive a COVID-19 vaccination.

Employers should consider the following when reviewing their options:

  • Evaluating undue safety burdens—Employers will face the challenge of determining whether an employee poses an undue safety burden on co-workers by choosing not to get vaccinated (if the employer is simply encouraging receiving the vaccine) or being exempt from a mandated vaccination. When evaluating this consideration, employers will need to decide whether there are other precautions that can be put into place to protect employees, which may include:
    • Social distancing protocols
    • Requiring employees to wear masks at work
    • Leveraging telecommuting arrangements

Assessing and granting exemptions—If employers decide to require employees to get a COVID-19 vaccine, they will need to be prepared for the difficult task of determining whether an individual worker qualifies for a reasonable accommodation in the form of an exemption from receiving the vaccine under the ADA or Title VII. This assessment would need to be done on a case-by-case basis and could potentially leave an employer open to legal action should they wrongly deny an exemption request. In addition, the employer will also have to navigate protecting the rest of the workforce should an employee be exempt from being vaccinated.

  • Evaluating legal risks of requiring vaccines—Employers need to consider the possibility that they may receive legal claims if they require employees to be vaccinated and an employee experiences an adverse reaction to the vaccine or develops subsequent health problems.
  • Sorting out the logistics of requiring or recommending vaccination—Regardless of whether employers require or mandate COVID-19 vaccination, there are logistical elements to consider, including:
    • Will employers hold on-site vaccination clinics?
    • What vaccine, if more than one will be available on the market, will be used?
    • Who will pay for the vaccine?
    • Will the company require or cover the costs of vaccination for the employee’s family?
    • How long after the vaccine becomes available must workers receive the vaccine, if vaccination is mandated?

In addition to the considerations explained above, employers should consult legal counsel to determine whether there are unique risks to consider for their specific organization.

Employers should begin discussions on the topic of COVID-19 vaccinations at their organization today. Waiting until a COVID-19 vaccine is approved and readily available may leave employers open to overlooking important legal and logistic considerations.

_______________________________________________________________________________

This HR Insights is not intended to be exhaustive nor should any discussion or opinions be construed as professional advice. © 2020 Zywave, Inc. All rights reserved.

 

As an employer, you care about making your workforce feel valued and managing your organization successfully. However, even if you do everything you can to ensure smooth relationships with your staff, employment practices liability (EPL) risks remain. That’s why it’s crucial for your organization to have EPL coverage. Such a policy can offer protection for claims that result from employees alleging various employment-related issues—such as discrimination, harassment and wrongful termination.

Apart from securing EPL coverage, it’s important to stay up to date on the latest EPL market trends. In doing so, your organization will have the information needed to respond appropriately and make any necessary coverage adjustments. Don’t let your organization fall behind in this evolving risk landscape. Review this guidance to learn more about EPL trends to watch in 2021.

The COVID-19 Pandemic

The ongoing COVID-19 pandemic has forced many organizations to make serious workplace changes—such as having employees work remotely, adjusting office setups or conducting significant staff layoffs or furloughs. And with these changes, EPL claims followed. Some of the most common, pandemic-related EPL claims include:

  • Allegations that unsafe working conditions or minimal precautionary measures (e.g., poor sanitation practices, a lack of social distancing protocols or inadequate personal protective equipment) contributed to employees getting sick or dying from COVID-19
  • Allegations of retaliation after an objection to unsafe working conditions or workplace exposure to individuals displaying COVID-19 symptoms
  • Allegations of disability discrimination related to remote working (e.g., failing to accommodate remote staff or denying employees the option to work remotely)
  • Allegations related to employee leave concerns (e.g., forcing staff to take leave, retaliating against employees that take leave due to COVID-19 or not allowing staff to take leave due to COVID-19 altogether)
  • Allegations of laying off or furloughing staff without providing proper employment notices
  • Allegations of discrimination related to laying off or furloughing employees

With these trends in mind, it’s crucial to fully document and review any organizational changes created by the COVID-19 pandemic. These changes should be reviewed to ensure they adequately consider the needs of your workforce and are compliant with employment law.

Social Movements

Several social movements have led to an increase in EPL claims in recent years, including the #MeToo movement and the Black Lives Matter movement.

The #MeToo movement—which is an anti-sexual harassment campaign that was originally founded in 2006 and has gained significant social media attention since 2017—largely contributed to a 50% rise in sexual harassment lawsuits against employers over the past few years, according to the U.S. Equal Employment

Opportunity Commission (EEOC). This movement emphasizes how important it is for employers to implement effective sexual harassment prevention measures (e.g., a zero-tolerance policy and a sexual harassment awareness training program), reporting methods and response protocols.

The Black Lives Matter movement—which is a racial justice campaign that was originally founded in 2013 and resurged in 2020 in the form of nationwide protests—has the potential to become a driving factor in race-related workplace discrimination and harassment lawsuits. This movement makes it increasingly vital for your organization to take steps to promote diversity, acceptance and inclusion in the workplace, as well as take any accusations or reports of racism seriously.

LGBTQ+ Protections

Although the EEOC had previously released guidance stating that workplace discrimination and harassment based on sexual orientation, gender identity and gender expression violated Title VII of the Civil Rights Act of 1964, the U.S. Supreme Court just recently confirmed in 2020 that Title VII protects gay and transgender employees from such treatment. While this is a relatively new development, the Supreme Court’s decision highlights the need for your organization to ensure all LGBTQ+ employees feel properly supported in the workplace.

Age Discrimination

According to the U.S. Bureau of Labor Statistics, the share of employees over the age of 55 in the labor force is expected to rise to nearly 25% by 2024 (up from 13% in 2001). This demographic shift makes it increasingly important for employers to take steps to minimize the potential for age discrimination issues within the workplace. After all, the Age Discrimination in Employment Act (ADEA) forbids age discrimination against employees and job applicants aged 40 and over.

Despite the ADEA; however, a recent Hiscox study found that 21% of U.S. employees have reported experiencing workplace discrimination based on their age. Such discrimination can lead to poor staff morale, a tarnished organizational reputation and an increase in EPL claims. With this in mind, it’s important to review your organization’s employment practices to ensure you are fostering a workplace culture that rejects ageism.

Wage, Leave and Salary History

As wage and hour laws continue to change across the country, it’s critical that your organization regularly reviews state-specific legislation related to minimum wage, employee classifications (e.g., hourly or salaried), overtime pay, sick leave and other paid time off. A failure to provide your staff with adequate wages or paid leave could lead to various EPL claims.

Employers’ ability to receive their employees’ prior salary history has also become a rising concern. In fact, in some states, recent legislation now prohibits employers from requesting or requiring salary history from a job applicant as a condition of being interviewed, hired or even considered for a position. In light of these changes, it’s best to speak with legal counsel for state-specific employee wage, leave and salary history guidance.

Marijuana Legalization

Following the 2020 election results, medical marijuana is now legal in 36 states and recreational marijuana is now legal in 15 states. As marijuana legalization becomes increasingly commonplace across the country, it’s crucial for your organization to review any state-specific legislation and adjust workplace policies and procedures accordingly.

Specifically, some states have enacted legislation that restricts an employers’ ability to conduct drug tests for marijuana. Further, several state court cases have ruled in favor of the employee in recent employment lawsuits related to marijuana usage. This includes a case in which a disabled employee sued their employer for alleged workplace discrimination due to medical marijuana usage, as well as a case in which an employee sued their employer for alleged wrongful termination due to a positive drug test for marijuana.

That being said, your organization may need to reconsider or revise procedures related to conducting workplace drug tests for marijuana or basing employment decisions on an employee’s marijuana usage, as these practices could potentially contribute to EPL claims. Be sure to consult legal counsel for state-specific compliance guidance on this topic.

We’re Here to Help

You don’t have to respond to this changing risk landscape alone. We’re here to help you navigate these EPL market trends with ease. For additional coverage guidance and solutions, contact us today at (800) 282-9786 or via email.

To receive a no-obligation quote for Employment Practices Liability Insurance, please click here.

____________________________________________________________
____________________________________________________________

This article is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel or an insurance professional for appropriate advice. © 2020 Zywave, Inc. All rights reserved.

As a result of the COVID-19 pandemic, many attorneys have been working remotely since March 2020, practicing virtually in jurisdictions where the lawyer is licensed, even if they’re physically located elsewhere. In response to this “new normal”, the American Bar Association (ABA) issued Opinion 495 on December 16, 2020, addressing remote work and the unauthorized practice of law (UPL) 

Formal Opinion 495 provides guidance when a lawyer may practice the law for which they are licensed while physically in a different jurisdiction. Specifically, a lawyer physically present in a jurisdiction in which they are not licensed to practice — and the local jurisdiction has not determined such practice is unauthorized – may practice if they meet the following guidelines:

  • Does not establish an office or other systematic presence in that local jurisdiction.
  • Does not “hold out” a presence or availability to perform legal services in that local jurisdiction.
  • Does not actually provide legal services for matters in that local jurisdiction, unless otherwise authorized.

The opinion notes that providing local contact information on websites, letterhead, business cards or advertising are examples of communications that would improperly suggest a local office or local presence.

To download a copy of Formal Opinion 495, please click here or visit AmericanBar.org.

 

It is our pleasure to extend to you a warm invitation to our upcoming virtual HR Leaders Compliance Summit in early February!

This year’s event is an expanded virtualization of a longstanding on-site gathering of Acrisure Agency Partner offices and the transformational Human Resources professionals they support. Over the course of this summit, you will hear from numerous subject matter experts that specialize in various HR-related disciplines including labor regulations, employee benefits trends, and human capital management best practices. Coming off the heels of 2020, we think you will find the agenda to be timely, relevant, and impactful.

We are also extremely excited to welcome Annie Duke as our keynote speaker on February 9, 2021. In addition to being a nationally recognized bestselling author and the only woman to have won the World Series of Poker Tournament of Champions, Annie is a respected decision strategist and business thought leader. Her background and expertise lend a valuable and unique series of insights to the challenges facing HR leaders and their organizations today.

Below is a general overview regarding topics that will be covered, as well as our keynote speaker. To view the detailed agenda, or for more information on how to register, please click here.

Here’s to a prosperous year of partnership in 2021!

 

On December 27, 2020, President Trump signed into law the much-anticipated COVID-19 relief bill (the “Bill”), which was approved by Congress a week earlier. The Bill, a follow-up to the March 2020 CARES Act, provides a second round of stimulus dollars and economic relief measures; it also contains several provisions of particular importance to employers.

Temporary Provisions for Flexible Spending Accounts

The Bill includes a number of temporary relief measures for Flexible Spending Accounts (“FSAs”). These measures are permissible, not mandatory. Employers who wish to incorporate some or all of these relief measures must make appropriate plan amendments no later than the last day of the calendar year following the plan year in which the change is effective.

  • Balance Carryovers: For 2020 and 2021 plan years only, participants may be permitted to carry over unused balances of any amount in both a Health and Dependent Care FSA. This means that carryover amounts are unrestricted going into plan years 2021 and 2022. Note that ordinarily, Dependent Care FSAs cannot offer a carryover feature.
  • Grace Periods: Health and Dependent Care FSAs that do not incorporate a carryover feature can provide a grace period of up to 12 months for plan years ending in 2020 and 2021. The extended grace period will allow participants additional time to incur eligible expenses.
  • Election Changes: The mid-year election change rules for Health and Dependent Care FSAs may be relaxed to permit employees to make prospective changes to election amounts absent a qualifying event. This relaxation of the election change rules is similar to the relief previously provided for cafeteria plans in 2020 (Benefits Bulletin: IRS Provides Temporary Flexibility for Cafeteria Plans, Health FSAs, and DCAPs) and is available through plan years ending in 2021.
  • Eligible Dependent Age: Dependent Care FSAs may temporarily increase the age of eligible dependents by one year (from 13 up to age 14).
  • Terminated Employees: Participants in a Health FSA who terminate employment in 2020 or 2021 may spend down their account balances through the end of the plan year in which the termination occurs.

Extension of FFCRA Tax Credits

While the paid sick and family leave mandate under the Families First Coronavirus Response Act (“FFCRA”) expires on December 31, 2020, the associated tax credits available to employers who provide this leave will remain available through March 31, 2021. Thus, employers who voluntarily continue to provide FFCRA leave may also take advantage of the available tax credits through the first quarter of 2021.

Continuation of the Employee Retention Tax Credit

Originally set to expire on December 31, 2020, the Bill authorizes a continuation of the Employee Retention Tax Credit through June 30, 2021. This tax credit allows businesses to claim a refundable payroll tax credit for up to 70% of qualified wages paid to employees (an increase from the previous cap of 50%). Despite the increase in percentage of qualified wages, the wage dollar limit remains $10,000 per employee per quarter. This limits the per-employee credit amount to no more than $7,000 per quarter.

Reauthorization of the Paycheck Protection Program

Finally, the Bill allocates additional funding for the Paycheck Protection Program (the “PPP”). This new round of funding means that businesses will have another opportunity to apply for and receive PPP funds – even those that received funding during the first round of PPP – in order to retain employees and cover basic operating expenses. The Bill also expands the list of expenses that are considered forgivable.

Next Steps

For provisions relating to FSAs, employers should carefully consider which measures, if any, it wishes to incorporate, and should then coordinate with third party administrators to make timely plan amendments and distribute necessary participant communications such as Summaries of Material Modifications (“SMMs”). For provisions relating to tax credits and lending programs, employers should reach out to their tax advisor to determine how best to tap into the available assistance.

Additional Resources

Consolidated Appropriations Act, 2021 (the Bill)

FFCRA Tax Credits

Employee Retention Tax Credit

Paycheck Protection Program

To download a copy of this AHERN Benefits Bulletin, please click here.

Simplify Compliance: This Benefits Bulletin is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel for legal advice.

At the end of the calendar year, workplace holiday celebrations are an experience that many employees look forward to as a highlight of the season. These celebrations are often a long-standing tradition allowing employees to celebrate with their colleagues—and sometimes family and guests.

However, in response to the COVID-19 pandemic, many organizations are evaluating how to engage employees safely this holiday season. Employers find themselves tasked with deciding whether they should cancel, postpone or offer an amended celebration that prioritizes safety—with many choosing to offer a virtual holiday party.

Virtual holiday parties can help increase employee engagement—but also come with a set of challenges. In addition to concerns regarding the coronavirus, holiday events can carry a financial cost and create risks for organizations if employees participate in inappropriate behaviors. This article gives an overview of virtual holiday parties and offers ideas and considerations for employers planning a virtual celebration.

The State of Holiday Parties During the Coronavirus

According to firm Challenger, Gray & Christmas, Inc. who conducts annual workplace holiday party surveys, most employers are either canceling their party altogether or hosting it virtually this holiday season. Their annual survey found that:

  • Twenty-three percent of organizations plan to host a year-end celebration in 2020, down from 76% in 2019.
  • Forty-four percent of organizations canceling holiday parties this year cite COVID-19 as the reason for canceling.
  • Seventy-four percent of those planning to offer a holiday party are doing so virtually.

These findings show that, while holiday parties are generally popular, employers are adapting to address current realities. There isn’t a one-size-fits-all solution to offering a year-end celebration during the COVID-19 pandemic, and employers have a variety of options to engage their employees safely.

Considerations for Offering a Virtual Holiday Party

Holiday parties can impact employees in a variety of ways. Specifically, these events can boost:

  • Team chemistry and camaraderie
  • Employee motivation
  • Employee engagement

Additionally, holiday parties can give employees a break from the standard workday and even serve as an informal meeting to discuss next year’s goals and instill company values.

How an organization chooses to celebrate varies by workplace, but employers considering a virtual event may find that many of the shared experiences of a year-end celebration can take place in a remote environment.

Planning a Virtual Holiday Party

A virtual environment won’t always fully replicate the in-person experience that many employees have come to expect for celebrations. Despite this, with careful planning, employers can still plan a virtual event that satisfies employees. Similar to when planning an in-person celebration, there are steps employers will want to take, which include:

  • Establishing a budget for the event
  • Creating the event’s guest list, which may include:
    • All employees
    • A specific team, department or location
    • In some cases, family members or guests
  • Establishing and communicating expectations for employees, including appropriate behaviors and other related policies
  • Planning, promoting and hosting the event

Factors such as a budget and how you intend to engage employees may influence what type of celebration makes sense for your organization. Holiday celebrations often involve a variety of activities, and the good news is that many of these can be offered virtually via online platforms or video chat. Examples of virtual holiday celebrations include:

  • Virtual mixers designed for multiple conversations to take place at once, rather than one big video conference
  • Ugly sweater contest
  • Holiday karaoke
  • Gingerbread house building and decorating
  • Wine and cheese party
  • Online escape room
  • Trivia contest
  • Virtual gift exchange

These are some ideas for employers to consider and may require some advance planning. For example, in some cases, employers may choose to provide party supplies for the employee, which would require gathering and shipping those items to each employees’ home before the celebration. Or, employers may need to prepare a list of trivia questions or instructions for guided activities, such as the online escape room.

When it comes to planning for virtual holiday events, employers can consider planning the activity internally or using providers or vendors that specialize in event planning.

Alternative Methods for Recognizing Employees

Generally, holiday parties carry a cost, and diverting funds to throwing a celebration may not be an option, especially during the COVID-19 pandemic. Although employees may be disappointed due to not being able to participate in a holiday party, employers can lift their spirits in other ways.

Many employees may appreciate a gift or form of recognition as a replacement for their prized holiday party. Alternative methods for recognizing employees can include:

  • Giving employees a holiday gift
  • Sponsoring employees to make a charitable gift
  • Recognizing each employee for their individual contributions

As many organizations encounter financial restraints, holiday celebrations are not a requirement by any means. However, it’s important to consider showing appreciation for employees in some way to boost engagement and morale.

Virtual Holiday Party Best Practices

Workplace holiday parties can present a host of liabilities for organizations each year. While virtual celebrations won’t take place at a physical venue, employers should still proceed cautiously. Employees joining an event remotely aren’t immune from engaging in inappropriate behaviors. Holiday parties can remain a risk for employers—but employers can mitigate undesirable outcomes by planning effectively. Best practices include:

  • Evaluating your policies—With an increased number of employees working remotely—and the holiday event taking place virtually as well—ensure your employee handbook addresses remote behaviors to help mitigate risks. Employees should have easy access to an employee handbook and all policies, and be aware that a holiday celebration is considered a workplace event, meaning that all behaviors are expected to comply with organizational policies.
  • Keeping holiday celebrations optional—Depending on an employee’s exemption status, they may need to be compensated for their time, leading to challenges for mandating their attendance at a virtual event. Additionally, while many employees will be excited about a celebration, others may feel differently. With this in mind, it may be easier to make attendance optional.
  • Keeping the celebration general—There is some debate over the appropriateness of observing one holiday over another. However, focusing on offering a broader “holiday party” while avoiding specific religious celebrations can be inclusive to employees of varying backgrounds and beliefs.
  • Setting expectations for behaviors—Unfortunately, many holiday parties can lead to inappropriate behaviors by attendees. Despite being remote, employers should be aware that consequential employee behaviors can also take place virtually. Employers can mitigate undesired behaviors by setting expectations for attendees. Be sure to include these expectations in the employee handbook and communicate them to employees.

These best practices help mitigate the risk of employees engaging in inappropriate behaviors and best ensure that employees have a positive experience.

Holiday Celebrations in Your Workplace

While holiday celebrations can positively impact a workplace culture—there is also a case for forgoing a celebration. In addition to safety concerns, these events may have a financial cost, and holiday parties can present risks for employers, such as employees engaging in inappropriate behaviors. While virtual events may be able to mitigate common concerns such as excessive alcohol consumption that can lead to inappropriate behaviors, employers should know that poor behaviors can also take place in the virtual environment.

Employers who typically host an annual celebration, but are choosing not to do so this year, should consider explaining to employees why throwing a holiday party isn’t feasible. While some employees will be disappointed in this decision, they’ll still appreciate the sincerity and transparency.

As the end of the year approaches, employers find themselves torn between postponing, canceling or hosting a holiday celebration using safe practices. Employers should consider what type of celebration makes sense for their organization, even if that means not having one this year.

For additional employee engagement resources, contact AHERN Insurance Brokerage.

This article is not intended to be exhaustive nor should any discussion or opinions be construed as professional advice.

© 2020 Zywave, Inc. All rights reserved.

When Cyber Attacks like data breaches and hacks occur, they can result in devastating damage. Businesses suffering from a Cyber Attack can suddenly find themselves in the position of having to deal with business disruptions, lost revenue and litigation.

Unfortunately, since the start of the COVID-19 outbreak, there has been a 400% increase in Cyber Attacks, resulting in 4,000 Cyber Attacks every day.
(Source: Federal Bureau of Investigations)

It is important to remember that no organization is immune to the impact of Cyber Crime. This webinar will show how Cybersecurity and Cyber Insurance work together to make organizations more resilient to Cyber Risks.

        TITLE | What’s a Risk? Cyber Threats During COVID-19
        PRESENTER | Adam Abresch, CIC, CCIC, CLCS | Acrisure Cyber Practice Leader
        DATE | Wednesday, October 28th, 2020
        TIME | 11AM to 12PM PDT
        COST | FREE!

By attending this webinar, you will learn:

-What’s at risk for your business

-How these attacks are occurring

-What these attacks can cost a company

(Please Note: This webinar does not count towards MCLE credit.)

AHERN Insurance Brokerage is a proud agency partner of Acrisure, a top 10 global insurance broker. Our relationship with Acrisure allows us to provide our clients access to policies, resources, and expertise often outside the reach of stand-alone agencies. Along with competitive pricing, our service is backed by dedicated, local customer service.