« February 2012 | Main | April 2012 »

March 25, 2012

The BYOD revolution: Why your own employees might be scarier than hackers

Is your workplace part of the BYOD revolution? With or without your approval, it probably is. BYOD is the abbreviation for "Bring Your Own Device," a reference to the proliferation of employee-owned smart phones, notebooks and personal computing devices used in the workplace. Even companies that supply devices to workers often find that their employees are replacing or supplementing company-sponsored tools with the faster, sleeker personal devices they favor.

Many companies are embracing the change. A survey by Citrix last year found that bring-your-own-device is quickly becoming an accepted business practice, with 25% of both large and small employers worldwide supporting the use of personal devices for business purposes, and many are reporting jumps in productivity associated with use of these devices. But dual-use devices are not without their problems and risks. According to the survey:

  • More than 67 percent of survey participants reported that they don’t have any policies, procedures or IT systems in place to manage the use of personal devices for business purposes.
  • Less than half of U.S. firms (46 percent) are aware of all the devices their staff are using for business purposes.
  • 32 percent of firms are most concerned over the security implications of allowing application and document downloads on personal devices
  • 23 percent are concerned over personal devices trying to get remote access to the corporate network.

Security is an enormous issue, particularly for any firms that have customer data privacy and security issues related to HIPAA or financial data. The average data breach costs a company $7.2 million, or $214 per breached record.

We have met the enemy and he is us
Many companies deploy substantial security resources to guard against hackers but are inadvertently leaving the back door unlocked. In a recent survey of IT managers, 72% of respondents said that careless employees have been a greater security threat than hackers.

Top factors IT pros cited include:

  • 62% - Lack of employee awareness about security policies
  • 61% - Insecure web browsing
  • 59% - Insecure Wi-Fi- connectivity
  • 58 % - Lost or stolen mobile devices with corporate data
  • 57% - Installation of corrupt apps
  • 53% - Lack of security patches from service providers

ZoneAlarm has a good infographic - excerpt below - which breaks down some of the numbers and stats on securing today's mobile workforce.

120117.ZoneAlarm-Mobile-Security.JPG

Risk management: Best practices
This is not likely to be an issue that lessens in significance over time. Employers need to understand the risk and the exposure, and need to take steps to mitigate the risk. These steps will include a combination of well-crafted policies, safe computing training for employees, and technology solutions. Here's a toolkit of good articles to get you started.

HR Hero offers a series of posts from employment law attorney Taylor Chapman around the issue of dual-use devices. In her first post, BYOD - When Employees Bring Their Own Devices to Work, she discusses the trend of employees the real-world concerns associated with the practice, and different approaches employers can take to policies. In Managing the Risk of Employee Use of Personal Technology, she discusses the legality of accessing employees’ personal devices and how employers can mitigate the security risk that comes when employees use their own technology at work.

Roger Cheng of the Wall St Journal covered the topic about a year ago in his article How the smartest companies are letting employees use their personal gadgets to do their jobs. He offers approaches that several companies are using, from policies requiring the use of locks, an agreement that the device will be wiped if lost or stolen, the ability to wall off data, and virtualization.

▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
ESI-Logo.jpg ESI EAP offers resource centers member employees on many hot button issues, including Cyber Safety. Our Certified Senior Professionals in Human Resources (SPHR) can also provide tools for HR policy development. For more information on these or other issues that we can help with, call 800-535-4841.

March 19, 2012

In the "What were they thinking" department: Job interviews run amuck

Most employers and career HR specialists have tales to tell about job interviews gone awry or signs that the employee might not make a good hire. CareerBuilder and Harris Interactive recently surveyed more than 3,000 employers and compiled a list of the most-cringeworthy interview mistakes. Employers and would-be employees alike can learn from the most-frequently cited mistakes. There's also some good advice for job candidates.

Here are a few of the more unusual experiences recounted:

  • Candidate put the interviewer on hold during a phone interview. When she came back on the line, she told the interviewer she had a date set up for Friday.
  • When a candidate interviewing for a security position wasn’t hired on the spot, he graffitied the building.
  • Candidate wore a Boy Scout uniform and never told interviewers why.
  • Candidate was arrested by federal authorities during the interview when a background check revealed the person had an outstanding warrant.
  • On the way to the interview, candidate passed, cut-off, and flipped middle finger to driver who happened to be the interviewer.
  • Candidate referred to himself in the third person.
  • Candidate took off shoes during interview.
  • Candidate asked for a sip of the interviewer’s coffee.

Related -
Ten Dumb Things Said During Job Interviews
Candidates Most Unusual Interview Mistakes, 2011
Employers Reveal Candidates’ Most Unusual Job Interview Behavior, 2010

▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
ESI-Logo.jpg Hiring people is no laughing matter, and it's often one of the riskiest things that an employer does. ESI EAP offers discounted background checks and pre-employment screening to member employers For more information, call 800-535-4841.

March 18, 2012

Prescription drugs: the new face of substance abuse and addiction

If you asked most people to describe an addict, they'd paint a dark portrait of a furtive heroin or meth addict in an urban street corner setting. But as deaths form drug overdoses outpace motor-vehicle related deaths in state after state, today's addict is more likely the face of your suburban neighbor, your soccer Mom sister-in-law, or your best employee. The street corner has been replaced by the medicine cabinet. And the modern pusher is more likely to be a friend, a relative or a workers comp physician.

Seemingly every day, states are issuing new reports about this rapidly escalating problem:

  • Overdose deaths are now the top cause of accidental deaths in Ohio. "In 2010, 1,544 Ohioans died from “unintentional drug poisoning” (overdose). That’s more than four a day, up from less than one a day in 1999." According to Tulsa World, drug overdoses now kill more Oklahomans than motor vehicle accidents — an average of two per day.. The state "...was ranked the No. 1 state in the nation in prescription painkiller abuse last year. They underscore a new reality for law enforcement authorities, health care professionals and public policymakers."
  • Prescription drug dependence is deemed epidemic in East Central Indiana - Since 2009, the drugs have contributed to more than 75 deaths in Delaware and Henry counties alone.
  • Florida is cracking down on pill mills - "Last year [2010], seven people died in Florida each day from prescription drug overdoses, a nearly 8 percent increase from 2009. This is far more than the number who died from illegal drugs, and the figure is not expected to drop much this year."
  • Report: Kentucky sixth in nation for overdose deaths. ""The last couple of years overdose deaths have outpaced motor vehicle accidents as the leading cause of accidental death in Kentucky."

A Centers for Disease Control Report -- Saving Lives and Protecting People: Prevention of Prescription Painkiller Overdoses -- paints a grim national picture. Overdoses of prescription painkillers have more than tripled in the past 20 years, leading to 14,800 deaths in the United States in 2008. Emergency department visits for prescription painkiller abuse or misuse have doubled in the past 5 years to nearly half a million.

What's causing this alarming epidemic? The Ohio report cited above says that part of the reason is that we are "swimming in opiates in all forms" and points to several factors: a shift in the philosophy toward pain management, the huge volume of direct marketing of drugs to consumers, the increase in avaialable varieties of opiod pain killers on the market, and the funneling of prescription pain killers for non-prescription use.

The Work Comp Connection
At least part of the problem may be one that you as an employer are financing. In workers comp, narcotics now account for about $1.4 billion, or a quarter of the annual drug spend. First, there is the increased reliance on narcotics. Workers with musculo-skeletal injuries are being treated with opiates once reserved for cancer patients. This might be partly attributable to the fact that drugs are generally reimbursed at a higher rate under workers comp than under group health. And there are few user disincentives to curb abuse under workers comp. Under group health, an insured is paying part or all of prescription drug costs, but under workers comp, the employer foots the entire bill. Finally, the payer - which is you (usually through your insurer or TPA) - is all too often asleep at the wheel. Physician prescribing must be carefully monitored.

At Managed Care Matters, industry expert Joe Paduda offers a post about how much opioids will really cost you. He suggests steps that payers must take:

Payers must work with their PBMs (Pharmacy Benefit Mangers) to dramatically reduce their exposure. This requires both parties to:

a) identify long-term users,

b) mine their data to determine which claimants may be abusing/misusing/diverting and involve SIU where appropriate,

c) channel appropriate claimants to addiction screening, allocate the resources necessary for weaning and recovery and recognize this will include behavioral therapy will find they can.

Se also: Workers Compensation Prescription Drug Study: 2010 Update from NCCI.


▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬

esi.JPG ESI Employee Assistance Program can help address employees with substance abuse issues - whether problems stem from illicit or prescribed drugs, or any combination of drugs and alcohol abuse. We also offer Drug Free Workplace and D.O.T. compliance programs.

March 11, 2012

Do you have any "bad leavers" lurking in your midst?

Disgruntled ex-employees or soon-to-be-ex employees are nothing new, and if some recent studies are to believed, they are legion. Research from the Corporate Executive Board shows that 75% of departing employees are disgruntled. And because the bad economy may have kept disgruntled employees in place longer due to fear, there may be a high level of pent up frustration with grievances real or imagined.

Most disgruntled employees will simply dust off their resumes and take their leave at the first opportunity. This will generally be a quiet affair because most people are eager to move on with their lives in a positive fashion and with little drama. The Steven Slaters of the world are a rare occurrence.

The real worry for you, the employer, may lie in the malevolent rogue employee lingering in your midst who has plans to wreak some degree of havoc, whether for reasons of revenge, resentment, or potential (larcenous) profit. With powerful and concealable data storage devices and the ability to disseminate communications instantly through texting and email, rogue employees are technology-enabled in an unprecedented way.

In an article entitled Worker-Departure Disaster Waiting to Happen in CFO magazine, John Reed Stark terms these employees "bad leavers" and defines them as "... disgruntled employees who "leave" a company on "bad" terms and cause deliberate harm before or after they exit, typically in clandestine fashion." Such an employee might attempt to destroy, alter or steal information and a company must be prepared to detect, assess, and react quickly.

Stark discusses the need for employers to have established exit protocols, which would include the creation of an IT environment "conducive to locating the proverbial 'smoking gun.'" It may also be essential to bring in independent forensics experts to preserve and safeguard evidence that might be needed in litigation.

The National Association of State Chief Information Officers published a brief on Insider Security Threats (PDF). The report includes a discussion of malicious employees, as well as other internal security vulnerabilities, such as inattentive, complacent or untrained employees, and contractors and outsourced services. They classify the overtly malicious threats as:

  • The IT Expert with a Hacker Mentality
  • The Dissatisfied or Disgruntled Employee
  • The Terminated or Demoted Employee
  • The Fraudster Motivated by Financial Gain
  • The Employee Who Wants Unauthorized Access to Information

The article discusses various security measures for dealing with each threat, including those that might address a "bad leaver," which we excerpt below:

What’s in Their Background? Background checks of all job candidates, including interns and contractors, can identify those with a record of acting out inappropriately or using questionable judgment and could prevent their hiring in the first place. A credit and financial background check can help to identify job candidates in financial difficulty. They could have an incentive to use IT to defraud the state, especially if a position has financial responsibilities or access to financial IT systems.

Vigilance Pays Off: Management should be aware of the signs of a disgruntled employee who could cause damage with or to state IT resources.

Open Communication Channels with Management: A reporting system for employees who witness or know of a disgruntled employee with ill-intended plans can serve as an early-warning system to management. In addition, allowing employees an official channel for the expression of grievances may prevent them from taking their anger out behind management’s back.

Watch Them: For problem employees, managers may consider coordinating with state IT staff to monitor their access to email, the Internet and state IT systems.

The Value of Audits: Regular and ongoing audits may identify ill-intended behaviors of employees that management may not immediately recognize as disgruntled. Audits can include the review of access, activity and facilities logs.

The Exit Strategy: Employees who resign or are terminated may take one last swipe at their employer through sabotage or data theft. A formal and thorough exit process can prevent such occurrences. This includes cutting off access privileges before an employee is terminated or immediately after an employee resigns if the employee appears to be disgruntled and escorting an employee out of the office.

As with most things in life, a good offense is better than a good defense. Employers should be alert for changes in behavior to identify a potential disgruntled employee early. Signs might include a lack of motivation, a breakdown in communications, and a decline in performance. Training managers and supervisors in how to identify and act on changes in performance and behavior before they become problematic can allow for positive communication and intervention.


▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬

ESI-Logo.jpg Employers: ESI EAP offers discounted background checks and pre-employment screening to member employers. And if you suspect a problem with a potentially disgruntled worker, a referral to your EAP can help to defuse a potential problem. Don't have an EAP? Call 800-535-4841.

March 4, 2012

New briefs: EEOC on disabled Vets, GINA, health information, solo workers & more

Veterans and the ADA - The Equal Employment Opportunity Commission recently released a new Guide for Employers on Veterans and the Americans with Disabilities Act (ADA). EEOC says that, "The revised guides reflect changes to the law stemming from the ADA Amendments Act of 2008, which make it easier for veterans with a wide range of impairments – including those that are often not well understood -- such as traumatic brain injuries (TBI) and post-traumatic stress disorder (PTSD), to get needed reasonable accommodations that will enable them to work successfully." John Hyman of Ohio's Employment Law Blog talks about The ADA and reverse discrimination, or whether employers can give hiring preference to a disabled veteran.
In addition, the EEOC released a Guide for Wounded Veterans which answers questions that veterans with service-related disabilities may have about the protections they are entitled to when they seek to return to their former jobs or look for civilian jobs.

Do you know GINA? - The Genetic Information Nondiscrimination Act, which took effect in late 2009, makes it illegal for employers to fire or refuse to hire workers based on their "genetic information" — including genetic tests and family history of disease. Adam Cohen of TIME Ideas reports: According to the Equal Employment Opportunity Commission’s annual report, released last month, there were 245 genetic-discrimination complaints in fiscal year 2011, up more than 20% from a year earlier. At the same time, the EEOC reported that the "monetary benefits" it helped collect related to genetic discrimination — in damages, back pay and other penalties — jumped more than sixfold, from $80,000 to $500,000.

Making sense of Health News - Can you believe what you read in the news about health studies? Journalists ought to know, right? Well, not always. It's a complex topic that may or may not be handled clearly. Plus, the waters are muddied by reports from special interests. But increasingly, there are tools to help consumers weigh health information. HealthNewsReview.org is one such tool. It's a website dedicated to reviewing the accuracy of news stories about medical treatments, tests, products and procedures and helping consumers evaluate the evidence for and against new ideas in health care. See, for example, the recent reviews on these health news stories: Vitamin A may slash melanoma risk and citrus and strokes. And of particular use for consumers, don't miss the Toolkit, which includes tipsheets, primers, links and other resources to help journalists and consumers do a better job of evaluating claims about health care interventions.

Caring for the Caregivers - Carol Harnett of Human Resources Executive offers three lessons for HR leaders to help workers balance caring for loved ones with their productivity at work.

Solo workers & safety - Do you have employees who regularly perform their work offsite or at remote third party locations? You are still responsible for their health and safety. In a pair of articles, The Safety Daily Advisor offers advice and tips for how to protect off-site Workers and decrease your liability:Safety Issues for Off-Site Employees and
Safety Precautions for Solo Workers.

In the "Yikes" Department - While this story isn't specifically work-related, it is one for the insurance fraud hall of fame. For more incredible tales about the lengths people will go to be larcenous, see the Coalition Against Insurance Fraud's annual Insurance Fraud Hall of Shame.

Office toy of the week - You know those little squishy stress balls that you get at trade shows? Well here's a little variation: infectious disease stress balls. Available in four varieties: Bubonic Plague, Cooties, Smallpox, and Zombie Virus.

Quick Takes


▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬

ESI-Logo.jpg When complex employee issues arise, ESI EAP offers member employers direct access to Certified Senior Professionals in Human Resources (SPHR) and senior clinical counselors. If you need an Employee Assistance Program give us a call: 800-535-4841.

eXTReMe Tracker