Monthly Archives: June 2020

News

Tackling the Negligent Threat

Martin Sugden, CEO, Boldon James, considers how to manage insider threats

At the start of the year the Ponemon Institute launched the 2020 Cost of Insider Threats Global Report. The report highlighted the number of cybersecurity incidents caused by insiders increased by a whopping 47% since 2018. This meant the average annual cost of insider threats had also skyrocketed in only two years, rising 31% to £12.20 million.

Whilst the term “insider threat” can seem malicious, the report highlighted insider incidents are more likely to be caused by negligent employees or contractors. The report supported the trend by showcasing the root cause of most incidents (63 percent) was by negligent insiders. The total figure showed a careless employee or contractor was the root cause of 2,962 of the 4,716 incidents reported, and 1,105 incidents were caused by criminal and malicious insiders.

Non accountable behaviours

Whilst there are various type of insider threats; malicious insiders often seek financial gain or look for revenge. Unintentional insider threats, on the other hand, are more well-meaning but are no less dangerous. These employees will more likely fall victim to social engineering techniques or phishing emails.

Ignorance forms a key issue when it comes to employees handling data. Many of these individuals were never trained on their personal responsibility over company data, and have little knowledge of the company’s security practices. As such, they are highly susceptible to threats mentioned above.

Why they are dangerous?

Apart from the economic factor, these threats are hard to identify, and an operational disaster. Identifying these threats internally can be troublesome, since insider threats already have access to the network with authorised credentials, their access does not flag on a traditional monitoring system. They often already have access to sensitive data, awareness of the existing security measures in place and how to get around them. Combine this all with a lack of visibility into user access and data activity, the difficulty of identifying threat actors is incredibly challenging.

Mitigating the threat

One of the best ways an organisation can combat this issue is by fulfilling their compliance obligations through the adoption of a Privacy by Design approach. This is an approach that takes privacy into account throughout the whole process, ensuring that a business’s systems, policies and processes and technologies is accounted for. Privacy by Design needs to start with data classification. The sheer volume of unstructured data within organisation, combined with the ever-increasing technical abilities of hackers and the fallibility of employees, makes it impossible to rely on people and processes alone to ensure that sensitive data is handled appropriately. Data classification embeds a culture of compliance by involving users to identify, manage and control the sensitive data they work with, while automating parts of the protection process to enforce rules and policies consistently. Data is classified at source so the organisation’s rules can be applied at the outset.

An organisations first step is to understand what data they have, who is using it, how it is being stored, classified and shared, and whether it is company-sensitive; this is key to any data protection strategy. Once the organisation has defined what data it has, the next step is to classify it. Data classification is the categorisation of data according to its level of sensitivity or value, using labels. These are attached as visual markings and metadata within the file. When a classification is applied, the metadata ensures that the data can only be accessed or used in accordance with the rules that correspond with its label. This means the organisation would need to define its classification policy first and decide who should have access to each type of data. Once this is done, the next step will be to select an appropriate classification tool; the right technology will help users to consistently apply the classification scheme with ease. The most effective tools make classification a seamless part of business-as-usual. Once data is appropriately classified, security tools such as Data Loss Prevention (DLP), policy-based email encryption, access control and data governance tools are exponentially more effective, as they can access the information provided by the classification label and metadata that tells them how data should be managed and protected.

With the increase of regulation and its impact on business liability, organisations will need to invest in technology and policies that will help them to respond to, and prevent, insider threats from moving out externally. This will mean organisations would be able to identify what data has left their network, and how to prevent data leaving in the future by looking for similar information on all other data.

Benefits, COVID-19, HR News, Return to Work

Three important additions to COVID-19 return to work plans

Across the UK employers are implementing their plans for a safe return to work after the coronavirus shutdown.  Howden Employee Benefits & Wellbeing suggest three important steps no good employer should overlook.

On 10th May the Prime Minister urged many employees to return to work for the first time since the coronavirus lockdown began in March.  The speech also signalled the moment many employers began to implement their carefully considered return to work plans.

The initial focus for most employers will be the aim of providing a safe environment for their employees, clients, and suppliers.  Yet Employee Benefits intermediary Howden Employee Benefits & Wellbeing (Howden) believes there are three additional – but important – steps employers might easily overlook.

Steve Herbert, Head of Benefits Strategy at Howden Employee Benefits & Wellbeing said:

“We fully accept the unprecedented challenges of creating and implementing a robust return to work plan, but we remain concerned that the focus on the physical environment might result in employers overlooking some wider risks and wellbeing issues for employees and employer alike.”

Howden believes there are three key additional items any good employer should include in their return to work action plans:

  • Provide and promote a range of counselling options

Regardless of employment sector or status, the last couple of months have been a deeply challenging time for the mental health of UK employees.

Some will have lost relatives or close friends to COVID-19, and the distancing effect of the lockdown suggests that employers may not always be aware of such deeply personal losses.  With the virus far from eliminated, further coronavirus deaths remain likely.  For this reason, employers should consider highlighting access to any bereavement counselling services they have available alongside their existing Employee Benefits provision.

Supporting employee mental health will also be important. Many workers will have been living in cramped home environments with little opportunity for fresh air, exercise, or social interaction.  Others will be concerned about the risks they face in travelling to and from the workplace.  A few might even have succumbed to addictions such as drugs or alcohol use during the darker moments of the lockdown.

Any of these issues might be deeply damaging to the employee’s health and wellbeing.   So employers should ensure that access to counselling and support services is provided alongside their existing benefit offerings, and regularly promoted to make sure employees are aware of these important tools and encouraged to use these.

 

  • Financial Wellbeing

The household incomes of many UK workers have already been drastically and unexpectedly reduced during the COVID-19 lockdown, and the reality is that income levels and bonus payments for millions more are likely to be stagnating or reducing as the tail of the crisis continues throughout 2020.

Inevitably, this will add further pressure to family finances already under stress following a decade of austerity.  In turn, this will encourage more workers to borrow just to meet their day-to-day living costs, adding to the UK’s already significant level of personal debt.

Of course, in these uncertain and challenging times it is unlikely employers can offer any direct financial assistance to such workers, but they can still provide some other practical assistance.  Options include Workplace Financial Education (which can be delivered face to faceor via webinar), partnering with a finance provider to offer loans at low cost and based on more than credit score alone, as well as debt counselling services.  The costs associated with these options are relatively minor, yet they can make a huge difference to financially stressed workers at this difficult time.

 

  • Insurances to protect BOTH employees and employer

Finally, and certainly not least, the pandemic has already demonstrated the importance of some of the more established Employee Benefits offerings.

The importance of Group Life Assurance protection for the dependents of a deceased employee is now far more evident.  Other protections such as Group Income Protection and Private Medical Insurance may well become more important and well-used in the months ahead.  Employers should retain and promote such services so that employees are aware of, and reassured by, access to these offerings.

But employers should also think about how insurances can protect their business as well as their workers.  The pandemic is no respecter of status or income, and many organisations will now be much more acutely aware of how exposed their business might be to the loss of employees whose role is vital to the on-going success of an organisation.  Howden would therefore strongly encourage every employer to urgently review their key-person protection cover with this in mind.

Herbert concluded:

“We believe that these three simple steps will help employees return to the workplace with the minimum of stress and the maximum of support, whilst also helping businesses by maximising the productivity of every worker.

Many of the tools we have highlighted are already available to employers as part of their wider Employee Benefits offerings, and some others can be added quickly, with little additional administration, and at relatively low cost too.

We would strongly encourage HR professionals to include these three important steps in their return to work plans.”

Please visit Howden’s new coronavirus hub for the latest information regarding COVID-19 & Employee Benefits provision.

Benefits, Business Advice, COVID-19, FInance, HR News, Pay and Reward

Furlough and Pensions: An Update for Employers

Rachel Meadows, Head of Proposition – Pensions and Savings, Broadstone, gives an update on furlough pay and pensions for employers 

COVID-19 has already had huge implications on SMEs and their staff. The government has introduced myriad emergency measures over recent months to try to limit the damage to the UK economy with one key measure being the Coronavirus Job Protection Scheme, or furlough scheme.

In very welcome news for business owners, the scheme has recently been extended until the end of October 2020, with some increased flexibility coming in from July allowing staff to return to work on a part-time basis, albeit with employers starting to pick up some costs thereafter.

Until the end of July, in addition to 80% of wage costs, capped at £2,500 per month, employers can reclaim the employer National Insurance contributions and minimum automatic-enrolment employer pension contributions on the 80% wage. This combined amount is the maximum government grant available.

Of course, there was a good deal of confusion around the nuances of the scheme, yet many businesses needed to furlough staff in advance of full details being available around how the scheme would operate. Cashflow may have been an issue for some with salaries needing to be paid, and pension contributions made, before employers could be reimbursed by the grant.

Furlough Extension – more generous than anticipated

Month

Government

Grant

Employer

Costs

June & July

 Continues to provide 80% of staff salary (capped at £2,500 per month), plus employer NI costs and statutory minimum employer pension contributions No change

August

 Continues to provide 80% of staff salary (capped at £2,500 per month) Employer pays employer NI costs and statutory minimum employer pension contributions

September

 Government to pay 70% of staff salary (capped at £2,187.50) Employer pays 10% of staff salary to make up pay to 80%, employer NI costs and statutory minimum employer pension contributions

October

 Government to pay 60% of staff salary (capped at £1,875) Employer pays 20% of staff salary to make up pay to 80%, employer NI costs and statutory minimum employer pension contributions

November

 Scheme Closed

 

Flexible Furloughing

Flexibility is to be built into the scheme with effect from 1st July, a month earlier than originally expected. This flexibility gives employers the ability to bring staff back on whatever part time basis the employer requires – essentially providing full flexibility to employers to determine what works for their own businesses.

The example cited by the Chancellor was that if an employee were brought back into work two days per week, the employer would pay them in full (as normal) for the two days, then the rest of the week would be covered by furlough grant provisions.

Furlough salaries are pensionable

Pensions are a particular area of complexity. Government guidance made clear immediately that furlough salaries are pensionable. Employers can reclaim the costs of pension contributions made until the end of July, but only to the extent of minimum automatic enrolment contributions (3% of qualifying earnings). For those paying more generous employer contributions into pensions, any additional amounts in excess of the minimums would not be reclaimable from the government.

Key areas of pensions’ complexity to be aware of:

  • If you provide staff with top-up salary in addition to the 80% level, the whole salary is pensionable, not just the 80% furlough level. Costs of employer pension contributions made on top up salary amounts are not covered by the scheme, and are met by the employer.
  • What is ‘pensionable’ pay for your staff? Whilst often ‘actual furlough pay’ is classed as pensionable, employers need to check what is included within their own pension scheme rules around pensionable salary definition – it may be different. This will especially apply where employees are members of defined benefit or hybrid pension schemes, or where employers with defined contribution schemes are certifying under a different auto enrolment basis, i.e. Tier 1, 2 or 3 which are not based on qualifying earnings. Contractual commitments to staff will still stand through furlough.
  • Auto-enrolment rules still apply, and businesses are not able to take ‘payment holidays’ in respect of pension contributions. The usual deadlines also apply in terms of paying over pension contributions deducted from employee pay.
  • Employees will still make their own pension contributions, based on ‘pensionable salary’ as above. Employees can opt out, or cease contributing should they choose to, but this would mean they would then also potentially lose the right to receive employer pension contributions (depending upon their pension scheme terms and rules).
  • In some specific cases, employers might be paying less than statutory minimum levels – in any event, the maximum that businesses can reclaim under the government grant is the amount actually being contributed, i.e. they cannot claim grant reimbursement that is not covering a genuine cost.
  • Salary sacrifice is especially complex, and businesses should certainly seek advice if they are operating such schemes. Employers should be aware when budgeting for furlough costs that they will need to continue to fund both employer and employee elements of pension contribution for those who were sacrificing, as the employee element has become a non-cash benefit (as will any other benefits provided via salary sacrifice). Many businesses hadn’t initially factored this into their furlough cashflow planning. The process of calculating contributions is complex and varies from business to business, and additional calculations may need to be done in payroll compared to normal times. Although staff can opt out of salary sacrifice through COVID-19 as a lifestyle event, as this would not increase their furlough pay it is unclear what advantage they would personally gain from doing so.
  • If employers utilise Flexible Furloughing to bring staff back into the business part time, or for some ad hoc shifts, then these working hours would not only attract full normal pay, but also full normal pension contributions. Clear records should therefore be kept of hours worked so that payroll and pension contributions can be correctly processed.

Last Window of Opportunity

In introducing flexibility into the Furlough Scheme, the government has also introduced a limited time frame in which employers are able to newly furlough staff.

From June 30th, the Furlough Scheme will be closed to new entrants. This means that newly furloughed employees must be on the system by June 10th at the latest to provide for the minimum furlough period to be satisfied.

Professional advice

Any employers considering any change to pension contributions during furlough should definitely seek pensions and legal advice before acting and should engage in writing with affected staff and their representatives providing as much consultation as possible. Businesses that are experiencing difficulty in paying contributions should proactively engage with the Pensions Regulator.

SMEs need to appreciate the costs associated with their pension schemes and understand the potential gap between costs and the amount that the government grant will reimburse. It’s also important to understand the impact that Flexible Furloughing will have on pensions. Failing to spot additional costs that the business will bear may cause financial difficulty and make a tricky situation even more problematic.

News

North Wales security firm offers new ‘FeverCam’ system in wake of Covid-19 Pandemic

Leading North Wales Security company, Corvus Security has launched a new service which will enable buildings and employers to scan people who may have a temperature – before they enter the building.

The company already offer a wide range of security services and the new technology, accompanied by their infection control team, will enable them to expand their offering at a time when businesses are keen to get back to business as usual.
Feverscan is a crowd-control asset in the form of a camera which can scan multiple people in large crowds at once in real time, and is an ideal solution for venues and businesses with large reception areas, airports, schools, stadiums and other crowd-based facilities, allowing them to detect anyone with a high temperature instantly – even when the person themselves may not be aware.

Managing Director, Andy Butterfield, explains:

“As Wales emerges from lockdown, reducing the spread of Covid-19 will become increasingly important if we are ever to fully return to normal life.

“Our FeverCAMs are available with different options and a wide range of applications to help protect people, property and companies. Adding either fixed or portable thermal cameras provides a system that works both day and night and can be fitted internally or externally.

“Using advanced detectors and algorithms, our Temperature Screening Thermographic cameras detect increased skin temperatures to provide preliminary temperature screening in offices, warehouses, airports and public places, with accuracy up to ±0.3°C.

“We can offer both permanent and portable solutions which can be operated by your team or by our experienced Infection Control Officers.

To learn more, please visit the company website: https://www.corvussecurity.co.uk/fevercam/

Business Advice, Networking

Apprentice finalists and Coach to Mike Tyson among global speakers Introbiz hopes will inspire Swansea

Members of the Swansea and West Wales franchise of networking and events business Introbiz are now enjoying a host of renowned speakers and business coaches from across the UK.  The innovative and proactive approach of the network has enabled them to acquire top inspirational speakers including Welsh Paralympian cyclist Mark Colbourne MBE, serial entrepreneur Alison Edgar and musician, property entrepreneur and consultant to Microsoft Kima Otung, with more to come.

The organisation was only launched last November by Bernie Davies, herself a well-connected serial entrepreneur and business strategist, and already the influence of this positive business network is attracting world class speakers who are willing to provide their services free of charge.

The schedule over the coming weeks and months is mouth-watering. Scheduled speakers in May include Emma Cooper, a top five global member of the Forever Living team who has built a multi-million pound company through the brand; Kate Strong, a World Triathlon Champion and entrepreneur; and Damian Bridgeman, a renowned motivational coach who has worked with some of the UK’s biggest and most successful organisations.

In June, the line-up will include Damian Bridgeman of Executive Coaching 365 who advises the Welsh Government on health and social care and business processes; Jessica Cunningham, Apprentice Finalist 2016 and serial entrepreneur; Anil Gupta, best-selling international author of Immediate Happiness and coach to the stars (including Mike Tyson); and Mark Wright, the winner of The Apprentice and CEO of Climb Online.

In the months since launching Introbiz Swansea and West Wales, Bernie Davies quickly built a successful business, putting on well-attended networking events, building membership and organising an EXPO event, which promised to be one of the most prestigious business events the region has ever seen. That event, featuring a multitude of internationally-renowned speakers including Gupta, Wright and Cunningham, has been rescheduled for October 8 at the Brangwyn Hall.

Davies was an attorney-at-law by training and became head of property at NewLaw Solicitors, a role in which he became an avid and successful networker. She has since built a career as a serial entrepreneur, business strategist, motivational speaker and author. Launching the Introbiz franchise for Swansea and West Wales allowed her to focus on her passion: training businesses to network and engage in the marketplace.

The Coronavirus pandemic forced the business to reinvent itself. But Bernie says she has found the business community incredibly supportive and wanted to give something back through this series of free webinars complemented by a series of free online training videos she has made available on the Introbiz West Wales website (introbizwestwales.co.uk).

Bernie Davies said: “For us, it was a question of giving something back to the local business community that has supported us so much from the start. It is so important that businesses remain focused and motivated and are ready to innovate and come out of this crisis ready to do better. Arranging so many amazing speakers to take part in these events was amazing but the fact that they have agreed to do it for free is testament to the solidarity the business community has shown through this crisis.”

Mark Wright said: “Since the start of lock down, we have seen a huge spike in people using and engaging with online platforms more for self-development through learning and motivational courses. What companies like Introbiz have done in hosting these online business events is unbelievable. It is really helping so many businesses get through this challenging time and will enable them to come out the other side prepared for success.”

Anil Gupta said: “We have a duty to share our gifts with the world – it is the impact that we make that determines our wealth.”