Cyber security – It’s a team effort
The recent crippling cyber attacks on M&S, Co-op and Coinbase remind us all that no-one is too big to fall victim to hackers, and that the consequences are far-reaching. But let’s not forget that no-one is too small either. In fact, hackers love the low hanging fruit that an underprepared SME presents.
According to the government’s most recent statistics, 47% of micro businesses, 58% of small businesses and 70% of medium businesses have identified a cyber breach or attack in the past 12 months.
For all businesses, by far the most frequent threat was phishing attacks – where staff receive fraudulent emails or land on fraudulent websites – with 84% of all companies who reported a breach/attack citing this. The next most common was impersonation emails for which 35% of reporting companies said they had been a recipient of such an attack.
M&S confirmed their attack was perpetrated by social engineering, where hackers imitate a trustworthy contact in order to trick employees into sharing passwords and log-in access. In a twist, a third party who had access to their systems was thought to have been the hackers’ target.
There is a lot of technical work to keep your business safe from cyber crime, but as the above demonstrates, your people present a real vulnerability. Your systems may only be as strong as your least savvy member of staff.
In the case of the Coinbase hack, staff were tricked into giving out customer details. Coinbase, an American company, suggested it will cost them up to $400 million and that they had fired all the staff who’d been duped.
So, as well as all the technology solutions, ensure that your staff are well-trained on the risks and best practices of cyber security: strong passwords, two-factor authentication, being suspicious of requests for data, and thinking before clicking on links to name a few. Talk to us about our cyber security awareness training for further help.
Right to work checks to be expanded
You are probably already familiar with the current post-Brexit right-to-work checks in the UK. Whether it’s by a Home Office software service (direct or via a third party) or thorough visual checks of a proscribed list of documents.
Failure to comply with the checks and employing someone illegally can lead to civil penalties of up to £60,000 per transgression, criminal conviction resulting in up to five years in jail plus an unlimited fine and a range of other measures such as seizing earnings made from illegal working and disqualification as a director.
At present, the rules are designed specifically for people you employ; as opposed to freelancers and others performing work in more informal ways. But a proposed amendment to the Border Security, Asylum and Immigration Bill in May, might change this.
The amendment covers anyone working for you, so that might be those engaged under a worker’s contract, individual subcontractors and online matching services which provide the details of an individual who is a service provider to potential customers or clients.
If the Bill passes in this form, this will be something to be alert to. It may be harder to identify the specific people doing the work in your name, but you may still be liable, so robust processes will be necessary to protect you.
Of course, the Bill may change again before being legislated and this may not come to pass. Either way, though, we will keep you posted, and are here to help if you need to review your recruitment and right-to-work checks.
Does overtime go over your head?
Overtime can be invaluable to the busy business which needs to get stuff done, AND employees keen to make an extra buck. But how familiar are you with the strange patchwork of rules that govern it?
The starting point is deceptively simple. There is no legal obligation for you to offer overtime, nor even pay for it directly (unless the national minimum wage comes into play). And neither is there an obligation for employees to work it, so it should always be agreed between parties. Then it gets interesting…
You’ve got the Working Time Regulations which broadly states an employee cannot work more than 48-hours per week unless they opt out of it in writing. There’s national minimum wage law which you should check against to ensure that extra hours without pay don’t drag people below this.
There is, of course, market forces and “doing the right thing” which may determine you do pay – a normal rate, time and a half, a discretionary bonus or something else – for overtime.
And then case law which requires that you factor regular overtime payments into certain annual leave pay, but not necessarily ALL annual leave pay.
And breathe! If you are concerned you are doing it wrong, speak to us and we’ll help you get over your overtime worries.
“Polygamous” working on the rise
Polygamous working – being paid for two or more full-time jobs simultaneously – is on the rise. The issue has been highlighted by a court case where a civil servant is accused of fraudulently holding down three full-time civil service jobs at once!
How would you feel if you found out an employee you had entrusted to work for you had a conflict of interest of this manner? Taking the full-time pay from you and another company, but splitting their time and attention two ways. Worse, they could be working for a competitor, putting your data at risk or using your resources to enrich themselves.
At the very least, it may be considered a breach of trust. Regardless of whether you have any specific clauses in your contracts this should provide you with cause to begin a disciplinary process, and in extreme cases dismissal. But you can protect yourself further by including an “exclusivity clause” in your employment contract.
As well as contractual protection, make sure your hiring process is fit for purpose: that you check their employment history tallies and follow up on references. Be extra careful with remote roles where it will be easier for them to pull such a stunt. For help getting protected against polygamous workers, or in managing a current issue, get in touch.
HR for dogs
20th June is National Bring Your Dog to Work Day. Yes, really! For many, it may be a fun way to engage your workforce, charm customers, and hey, lavish some attention on our four-legged friends.
If this appeals to you, there are a few things for you to consider in advance in order to make it a success. Start with gauging the thoughts of your whole team. Because just as there are many people who adore dogs, there will be plenty who feel uncomfortable: allergies or even a phobia.
In some businesses, it may not be your staff, but what you do, that is an obstacle. Where hygiene is a priority, for example food preparation, it may just not be suitable to have dogs on premises.
Like humans, dogs come in different shapes and sizes, and more pertinently: temperament. Only well-behaved dogs are likely to be a success on a work placement.
If you think you can go for it, watch out for bedding, bowls and leashes being trip hazards. Make sure their owners keep an eye out for “little accidents” (or “big” ones), and that everyone remembers work still needs to be done.
Losing ½ a head
The outcome was as unfortunate as the terminology. When a skincare brand department in the UK was told to lose 0.5 of a head count, management totally lost their own heads, botching the redundancy to such an extent that a judge ordered them to pay more than £23,000 in injury-to-feelings payments.
The part-time employee, who had mental health struggles, was notified on her day off without any proper selection criteria or consultation. Additionally, arbitrarily going for the part-timer led to indirect sex discrimination being found.
Proper process and immaculate communication are essential when conducting redundancies. Compassion will always help too.
