Find out what’s new in your community and industry.
If You’re a Member of a Professional Organization—Beware! You Could Be Held for Ransom.
Ransomware—malware that can block access to a computer system until a ransom is paid to the perpetrator—is targeting professionals in ways that are likely to cause the unsuspecting to open an infected file. And the perps are getting savvier in their methods.
One way is an e-mail communication from their professional association. In fact, a wave of ransomware is hitting lawyers on the West Coast, causing state bar associations to issue warnings. The thieves send emails to attorneys, which appear to be from state bar associations and reference a complaint, the details of which claim to be in an attached document that contains the ransomware.
Although recent attacks on the West Coast have fed on a lawyer’s publicly accessible email address, these same attacks also go after other professionals. Healthcare is a prime target. Medical and dental practices cannot afford to have critical patient information held hostage. Targets have also included organizations that hold critical data of clients that is often deadline-focused. The threats will become more pronounced as criminals realize the benefit of redirecting resources to ransomware aimed at professionals such as lawyers and accountants.”
How can you avoid being the victim of ransomware?
Double-check the content of the message â¨There are obvious factual errors or discrepancies that you can spot. Example, if your bank or a friend claims that they have received something from you, try to go to your recently sent items to double-check their claim. Such spammed messages can also use other social engineering lures to persuade users to open the message.
Always check who the email sender is â¨If the email is supposedly coming from a bank, verify with your bank if the message is legitimate. If the email came from a personal contact, confirm if your contact sent the message. Do not rely solely on trust or relationship, as your friend or family member may be a victim of spammers as well.
Refrain from clicking links in email â¨In general, clicking on links in email should be avoided. It is safer to visit any site mentioned in the email directly. If you have to click on a link in email, make sure your browser uses web reputation to check the link, or use free services such as Trend Micro Site Safety Center
Remember them, phone books? Back then, when the new one was published, you, or someone in your business, would check your listing and your ad if you had placed one. And if, for some reason the listing was wrong, you had to live with it for a year.
Although phone books are passé, there are many online directories that have taken its place. Have you ever “Googled” your business to see how it appears online? If not, here are five directories to get you started.
Google My Business: The search engine giant has a listing service directed at business owners like you. Just visit google.com/business to claim or add your business to Google’s directory. From there, your business location, contact information and services will appear across Google+, Google Maps and gain traction in the search engine’s results. If you don’t want your business address to appear, you can create a page for your product or services only.
MapQuest: Not everyone has a GPS device sitting on their dashboard or built into their console. Mapquest.com offers a listing service for businesses, allowing customers to find you while on the road and in your area. A basic listing on MapQuest will include your business name, address, phone number, website, several business categories and your longitude and latitude. To list your business, visit mapquest.com, and click on the green Sign Up button in the upper left corner.
Yelp: Yelp gets a bad rep among business owners because of unfair—even biased—reviews and customer rants. But there is value in Yelp’s business listings. Visit biz.yelp.com to claim or add your business. Once claimed, however, be prepared to spend time monitoring your company page and addressing any dissatisfaction among your customers.
Bing Place for Business: It’s a good idea to make sure that your business has claimed its listing on all three major search engines. That includes Microsoft’s search engine, Bing. Bing Places for Business allows owners to claim their listing or add their company details. Simply visit bingplaces.com and walk through the steps.
SuperPages: Finally, the Yellow Pages kept up with the digital revolution by building SuperPages. You can claim your business page by entering your phone number at claimlisting.superpages.com. This is also a good listing to spend your time on: Many consumers still consider the Yellow Pages their go-to resource for looking up businesses.
At Cole Gavlas, our advice isn’t limited to financial matters. We’re here to help you with all aspects of running a successful business—even if it’s something as simple as your listing in the phone books of today.
In the last of our four-part series on employee handbooks, we’ll address attendance.
As Woody Allen once said, "Showing up is 80 percent of life." And the percentage is even higher for showing up for work.
Regular attendance is a key job function for most of your employees. The best way to manage absenteeism is with a reasonable and specific attendance policy that accommodates your organization’s needs and the functional requirements of various work areas and positions.
A sound attendance policy should cover:
- Personal business
- Family and medical leave (including military leave)
- Disability leave.
Be sure to set objective, measurable criteria for when absenteeism will trigger disciplinary action. You may require documentation, such as a doctor’s excuse, to support absences exceeding a certain length, or under certain circumstances.
But while you are free to set and enforce attendance rules, you must also comply these key federal laws the Family Medical Leave Act (FMLA) and the Americans with Disabilities Act (ADA).
The FMLA requires organizations with 50 or more employees to grant eligible employees up to 12 weeks of unpaid leave for qualifying events such as pregnancy, childbirth, adoption, family illness or personal illness.
You cannot use FMLA leave as the basis for any employment actions, including firing, hiring, promotions, or discipline. Employers that use “no-fault” attendance policies often find themselves in court because an employee claims that a past absence was in fact FMLA leave.
The ADA may require you to suspend or modify your attendance policy to accommodate a disabled worker. And, as with the FMLA, you can’t discipline workers who require ADA leave.
New FMLA regulations have given employers a little bit of a break. Employees who claim an absence was FMLA leave must identify the condition that caused the leave and the date the employer approved the leave. Calling in sick is not sufficient anymore.
Also, employers now have five business days—not two—from when they receive the employee’s medical certification to rule whether the leave qualifies for FMLA leave.
Further, the new regulations allow employers to use information attained while working out an ADA reasonable accommodation or workers’ compensation settlement to make fully informed decisions about which absences are FMLA leave and which are not.
“Oh, but we’re a small company, and everyone here is like family. If someone needs a day off, we just give it to them.” We hate to tell you this, but casual or informal timekeeping practices are a lawsuit waiting to happen. In fact, the new FMLA regulations carry new record-keeping requirements. Document any disagreement concerning FMLA leave—that will help you avoid or win FMLA lawsuits.
What else can you do to protect yourself and your business? Include your attendance policies in the employee handbook, and make sure your employees understand them. And be sure that you apply your attendance policies consistently among employees, otherwise you might open yourself up to a discrimination claim.
Finally, avoid taking any adverse employment actions after an employee returns from FMLA, ADA or other legitimate leave. Even if the action is unrelated to the leave, an employee may make a case for retaliation or discrimination. If you must take action following a leave, make sure you have well-documented business reasons for the action on file.
In our last two blog posts, we’ve been discussing the reasons why you should have an employee handbook. (Basically, it’s for your own protection.) And of course, in addition to company policies, a thorough handbook covers expectations of employee behavior in the workplace, or at work-related events.
But, what if you have to take action—any type of action—when dealing with an employee and they cry “retaliation!”?
For the first time since 1998, the Equal Employment Opportunity Commission has issued enforcement guidance on what it considers workplace retaliation.
In a 76-page document entitled, “Enforcement Guidance on Retaliation and Related Issues,” the agency outlines the standards it plans to use to prove retaliation under civil rights and anti-discrimination laws.
Although at this point, the guidance is just a proposal, it’s certainly a clear indication of how the agency will handle claims of retaliation. In a nutshell: Make it as easy as possible to find retaliatory intent in every complaint the agency receives from employees. And that’s a lot of complaints. In fiscal year 2015, 44.5% of all charges filed with the EEOC involved retaliation—nearly 40,000 cases. And proposed to the guidance changes will actually make things easier for employees wishing to pursue retaliation charges.
The EEOC says a valid retaliation claim must consist of three elements:
- An employee’s participation in a protected activity — generally a complaint of discrimination or harassment.
- An adverse action taken by the employer/manager against the employee.
- A causal connection between the protected activity and adverse action.
The guidance doesn’t break new ground there, but the worrisome part is how broadly the EEOC defines each element.
Let’s look at those elements in greater detail.
Protected Activity: The guidance says “protected activity” — or “opposition activity” — can occur explicitly or implicitly. In other words, an employee can issue a direct complaint — or engage in “protected opposition” (e.g., by providing corroborating info during an interview as part of an investigation). Also, the guidance points out that employees don’t have to prove their claims of workplace wrongdoing are accurate and true to win a retaliation charge. Employees’ complaints or opposition activities will be protected as long as their actions are based on reasonable, good faith that their assertions are accurate.
Adverse Action: The EEOC’s view of what constitutes retaliation gets even broader still. The guidance seeks to expand the definition of “adverse action” to include anything that could be reasonably likely to deter protected activity — even if it has no tangible effect on a person’s employment. It also says adverse actions can be activities that aren’t work-related and take place outside of work. Plus, the EEOC says an adverse action could be taken against a third party who is closely linked to a complaining employee.
Example: Threatening to terminate a spouse of a complaining employee or threatening to terminate a business relationship with a spouse’s company could both constitute adverse actions.
Causal connection: Perhaps the biggest — and most troublesome — change for employers in the guidance is its attempt to expand what constitutes a “causal connection” between a protected activity and adverse action. It says the EEOC wants to adopt the position that retaliation can be established by creating “a ‘convincing mosaic’ of circumstantial evidence” that would support the inference of retaliation. (Think of this as the, “where there’s some smoke, there’s fire” approach.) The EEOC even said to create a convincing mosaic it could go back years into a person’s employment history to find evidence of either a protected activity or an adverse action.
Example: The EEOC gave an example of a termination that occurred five years after an employee filed a discrimination lawsuit. It said even if a lengthy amount of time had passed between a protected activity and an adverse action, evidence other than temporal proximity could be revealed to establish a causal connection.
How can employers minimize the likelihood of retaliation violations? Fortunately, the EEOC guidance provides some suggestions, including:
- Write an anti-retaliation policy that not only outlines what retaliation is, but also provides specific examples of retaliation that managers and supervisors may not have otherwise realized were legally actionable.
- Provide regular training to executives, managers, supervisors and employees on your anti-retaliation policy.
- Create a mechanism through which employees can report concerns and instances of retaliation.
- Provide a clear explanation that retaliation will be subject to discipline, up to and including termination.
- Preach civility, which can help reduce incidents of retaliatory behavior.
In this day and age, what smart company doesn’t have a well-thought-out social media policy that spells out what’s acceptable and what is not?
You probably do. But a fat lot of good it will do you, especially if an employee is unhappy.
In our previous blog regarding employee handbooks, we mentioned Protected Concerted Activity, which protects the rights of employees to act together for their mutual aid and protection, even if they are not in a union.
These rights were written into the original 1935 National Labor Relations Act and have been upheld in numerous decisions by appellate courts and by the U.S. Supreme Court.
Back then, if you had a gripe or complaint, legitimate or not, you may have complained to co-workers, your significant other, or the local barkeep.
That was then. Today, if an employee has an issue with their employer, what do they do—especially if they’re a Millennial? They take to social media. They hashtag your business or they take a video of working conditions and post it on YouTube, or post a picture on Snapchat.
And, under the National Labor Relations Board, it’s OK. The NLRB has cast such a wide net regarding activities that fall under the protection of Protected Concerted Activities, that if an employee bad-mouths the employer on a social media page and another employee somehow implicitly agrees (whatever “implicitly agrees” means), an employer cannot terminate the employee for violation of its social media policy.
The following are examples of social media policies found unlawful by the NLRB because of their potential effect on “protected concerted activity:”
- Employees should not release confidential guest, team member, or company information.
- Employees should not share confidential information with coworkers unless they need the information to do their job.
- Employees should not have discussions regarding confidential information in the break room, at home, or in open public places.
- Employees should not "reveal non-public company information on any public sites."
- Employees should not make "offensive, demeaning, abusive, or inappropriate remarks online."
- Employees should not make "disparaging or defamatory" comments.
This list has the potential to be endless. So much has been written on social media policies, yet the same issues seem to arise quite often, especially by non-union employers.
So, should your employee handbook contain a social media policy? It’s in your best interest to have one, but there are two things you should be aware of:
- Employer policies should not be so sweeping that they prohibit the kinds of activity protected by federal labor law, such as the discussion of wages or working conditions among employees.
- An employee’s comments on social media are generally not protected if they are mere gripes not made in relation to group activity among employees.
And when employees know that employers monitor employee use of social networking sites during working hours and on employer-provided equipment and systems, employees are less likely to engage in conduct that harms the employer.
But what if an employee feels that their employer is retaliating for social media posting by firing, wage reduction, denied promotion, etc.? Retaliation has become such a workplace issue, that for the first time since 1998, the EEOC has issued enforcement guidance on what it considers workplace retaliation.
And we’ll address that in our next blog.
They do all the number stuff...but they care about more than just my business.