Subject: GEA Newsletter #07 March 24, 2023

Newsletter # 07 March 24, 2023

TRAINING UPDATES


Spaces ARE still available!!

2023 Leadership Training Virtual Series 


Virtual Workshops 

This workshop series will be held virtually. All workshops will be held online from 9:00 am – 3:30 pm, with a break between 11:30 am and 1:00 pm. Materials will be provided in PDF format by email after registration.


Dates

03/22/2023 Leadership I
04/26/2023 Leadership II
05/03/2023 Leadership III
06/07/2023 Leadership IV
07/12/2023 Leadership V

Date TBD Leadership VI


Employment Law and HR Legal Updates

Monthly Webinars


Constangy Legal Update Series – March 28th

 

On February 21, 2023, the National Labor Relations Board (“NLRB”) ruled in 

McLaren Macomb that employers may not offer severance conditioned on an employee’s agreement to broad confidentiality and non-disparagement clauses becausesuch an agreement violates Section 7 of the NLRA.

 

Patricia-Anne Brownback, attorney, Constangy Brooks, Smith & Prophete, LLP,  will discuss how the decision affects employers, best practices for employers, and recommendations for compliance going forward.

 

Please remember our GEA members able to view this webinar free of charge. Non-members will have a $50.00 charge to view. 

If you are interested in

Georgia Employers’ Association membership, please contact

Buddy McGehee, Executive Director at


Date: MARCH 28, 2023

Time: 11:00am EST


GEA Members - Free

Non-Members - $50.00


EMPLOYMENT LAW NEWS


www.nlrb.gov - National Labor Relations Board Decision

Board Rules that Employers May Not Offer Severance Agreements Requiring Employees to Broadly Waive Labor Law Rights


Office of Public Affairs
202-273-1991
publicinfo@nlrb.gov
www.nlrb.gov


February 21, 2023


Today, the Board issued a decision in McLaren Macombreturning to longstanding precedent holding that employers may not offer employees severance agreements that require employees to broadly waive their rights under the National Labor Relations Act. The decision involved severance agreements offered to furloughed employees that prohibited them from making statements that could disparage the employer and from disclosing the terms of the agreement itself.  


The decision reverses the previous Board’s decisions in Baylor University Medical Center and IGT d/b/a International Game Technology, issued in 2020,  which abandoned prior precedent in finding that offering similar severance agreements to employees was not unlawful, by itself.  


Today’s decision, in contrast, explains that simply offering employees a severance agreement that requires them to broadly give up their rights under Section 7 of the Act violates Section 8(a)


(1) of the Act. The Board observed that the employer’s offer is itself an attempt to deter employees from exercising their statutory rights, at a time when employees may feel they must give up their rights in order to get the benefits provided in the agreement.      

“It’s long been understood by the Board and the courts that employers cannot ask individual employees to choose between receiving benefits and exercising their rights under the National Labor Relations Act.  Today’s decision upholds this important principle and restores long standing precedent,” said Chairman Lauren McFerran.   


Members Wilcox and Prouty joined Chairman McFerran in issuing the decision. Member Kaplan dissented.


Established in 1935, the National Labor Relations Board is an independent federal agency that protects employees from unfair labor practices and protects the right of private sector employees to join together, with or without a union, to improve wages, benefits and working conditions. The NLRB conducts hundreds of workplace elections and investigates thousands of unfair labor practice charges each year.


Link to decision in McLaren Macomb PDF


Constangy.com News & Analysis

Beware of MA penalties if you miss payroll – even if it’s due to a bank failure  


3.22.23


On Friday, March 10, the Federal Deposit Insurance Corporation announced that it had closed the Silicon Valley Bank and taken control of its deposits. In its announcement, the FDIC said that insured depositors would have access to their deposits no later than the following Monday morning, March 13. However, the FDIC limit for insuring deposits is $250,000, significantly below what most customers of SVB had on deposit.


Because of the FDIC action, employers who used SVB deposits to fund their payrolls had to consider other options for meeting their payroll needs such as loans, furloughs, and late payments. Employees whose paychecks were direct deposited into SVB accounts would not have received their paychecks on March 10.


In Massachusetts, hourly workers must be paid every week or every other week. The deadline to pay depends on the number of days that an employee works during one calendar week. If the employee works 5-6 days, he or she must be paid no later than six days after the pay period ends. If the employee works 1-4 days or 7 days, he or she must be paid no later than seven days after the pay period ends.


Employees who resign must be paid in full on the next regular payday after the last day worked or, if there is no regular payday, by the first Saturday after their last day worked. Employees who are fired or laid off must be paid in full on their last day of work.


Salaried employees may be paid weekly, biweekly, semimonthly, or, if the employee requests, monthly. Salaried employees who work five or six days a week must be paid within six days of the end of the pay period. All other employees may be paid within seven days of the end of the pay period.


Employees who are not paid according to the above deadlines may recover three times their late wages, even if the employer pays the employee before a lawsuit is filed.


Here are some measures that employers may consider if they are facing payroll obligations and their funds to make payroll are in a failed bank:


  • If you are using a payroll company to calculate and distribute your payroll, ask the company where it deposits the funds and how it would respond to a potential failure at that depository.

  • If your payroll amount exceeds the FDIC insured limits, consider having alternative funding sources available.

  • Follow stories of potential bank closings closely so that you can act quickly to move payroll funds to a different depository if need be.

  • Let your employees know what you are doing to ensure that they will be paid, and paid on time.

  • Consider a bridge loan if funds needed for payroll will not be available.

  • Be aware of Massachusetts laws regarding pay dates, and the requirements of the Internal Revenue Service and state authorities for making payroll tax deposits.

  • If reduced work schedules or layoffs are necessary, make sure you comply with the federal Worker Adjustment and Retraining Notification Act and applicable state law.


Employers should not use withheld federal payroll taxes to fund the payroll. Employers who willfully fail to pay their withheld federal payroll taxes may be subject to a recovery penalty, which is equal to 100 percent of the tax.

For a printer-friendly copy, click here.

HRDive.com Articles

EEOC raises fine for notice-posting violations to $659

Employers must place notices where workers will see them — often at a physical location, online or both, according to the agency.


Published March 22, 2023

Kate Tornone Lead Editor


Employers can be fined up to $659 for failing to post required nondiscrimination notices starting Thursday, the U.S. Equal Employment Opportunity Commission said Wednesday. The change represents an increase from the previous $612 maximum...Continue Reading>>


**********

In EEOC settlement, job board agrees to use AI to look for bias

The announcement was a rare note of support from the agency, which has cautioned employers about the tech’s use in recent years.


Published March 21, 2023

Kate Tornone Lead Editor


Editor’s note: This story has been updated to include a statement from DHI Group, Inc.


Tech job site Dice.com has agreed to use artificial intelligence to comb employer job listings for national origin bias, the U.S. Equal Employment Opportunity Commission said Monday.


The agreement showcases a beneficial use of AI, an EEOC official said — a rare note of support from the workplace discrimination watchdog that has cautioned employers about proper use of the tech in recent years....

Continue Reading>>



Constangy.com Cyber Advisor

As social engineering email attacks increase in sophistication, employee training and awareness rise to the forefront

BY DAVID MCMILLAN ON 3.20.23
POSTED IN CYBERSECURITYDATA PRIVACY


The Nigerian prince seems almost quaint.


Gone are the days when the Nigerian prince was the only nefarious figure menacing our inboxes.  A simple yet elegant scheme – our supposed prince unexpectedly fell upon a large sum of money, left behind by a fallen war hero, bequeathed by a terminally-ill spouse, or, perhaps, borne from the fruits of new age oil exploration. The funds are (somehow) rightfully yours, but a bureaucratic quagmire has them tied up, and they cannot be released until you pay a *small* fee. Just send a few million dollars to a specified bank account, and the endless riches are yours.


Those who use email as part of their daily lives understand that email scams have evolved since the days of the Nigerian prince. But the sheer gumption and sophistication of today’s scam artists is too often underestimated, leading companies and individuals to falsely presume that email security can be taken for granted. Companies may deploy sophisticated antivirus and endpoint detection and response software, adopt air-tight firewall configurations, employ stringent access controls, and maintain comprehensive information security governance programs. These are smart steps that all businesses should take. But in striving toward these noble goals, the most critical vulnerability is often overlooked: the human element.


Humans make mistakes, and scammers know this more than anyone. To ensure email systems are fully protected, companies should supplement their technical controls with robust phishing awareness training programs and infuse the corporate culture with a shared sense of collective vigilance. This is especially important today, where email and cloud-connected applications such as OneDrive and SharePoint are frequently used to share sensitive company or personal information. It is not enough for employees to understand generally that phishing attacks are “out there.” Companies and employees must fully appreciate the complexity and sophistication of the threat landscape as it exists today and raise their vigilance to a level previously unseen.


The threat landscape is evolving. Fake emails are becoming more “real-looking”; threat actors are toning their language to fit company personality and decrease suspicion; legitimate third-party sites are being exploited as intermediaries; and scams are no longer limited to one-off money heists – they can be drawn out for weeks, months, or even longer. Here are some of the more salient examples that attorneys in Constangy’s Incident Response group have assisted clients with in just the past few months:


  • Scammers created a malicious document disguised as a resume, uploaded it to a legitimate third-party job site and had it sent to the client (who was taking applications). As the email originated from the job site’s authentic domain and not a “spoofed” address, discerning its malicious nature would have been difficult if not impossible.

  • A threat actor gained unauthorized access to a client’s Exchange server and deployed malware causing thousands of emails with fake DocuSign links to be “blasted” to everyone in the client’s contacts list. As the emails came from the client’s legitimate domain, again, these would have been difficult to detect by the recipients.

  • A threat actor gained unauthorized access to an email account belonging to the client’s accounts payable employee and monitoring the account for several weeks. Then the actor sent the employee a “spoofed” email with a request to change a customer’s ACH instructions. The fraudulent email was carefully toned to mimic the customer’s communication style and was crafted as a “reply” to an existing thread that was copied and pasted into the fake email.

  • In an-increasingly common “tech support scam,” a client received a fraudulent email disguised as a legitimate outreach from the “Geek Squad,” which instructed the client to call a toll-free number to collect a supposedly due refund. The client called and connected with what sounded like a legitimate customer service representative. The “representative” then initiated a remote access session to the employee’s computer and browsed for sensitive information.


The consequences of socially engineered email scams can range from minor to severe. Phishing-related wire schemes are often caught before funds are dispatched, but successful attacks can result in significant corporate losses, often with little to no chance of recovery. Other schemes are designed to compromise individual email accounts – or even entire tenants – and harvest company-sensitive or personal information. These attacks, when successful, can cause harm ranging from mere nuisance to costly notifications, regulatory inquires, and, in some cases, irreparable damage to the company’s reputation. In many cases, technical safeguards are insufficient to overcome the vulnerabilities inherent to the foibles of human nature.


The metaphor of the “human firewall” is often used to underscore the importance of employee training. Individuals are the front lines of any information security program, so companies are wise to ensure that appropriate training, and threat awareness and prevention, are prioritized. Companies should maintain comprehensive phishing awareness programs that require and enforce regular employee training, while emphasizing that data security is a shared responsibility. Phishing simulation programs offered by reputable third parties are worthy of consideration, as are company-wide discussions where these issues are reiterated and reintegrated into the collective corporate psyche. Email security training should include real-world examples that resemble employees’ day-to-day experiences so that the information is more effectively absorbed and tune-out and misunderstanding are avoided. Leadership should also stay current on the latest advisories from government authorities such as the Federal Bureau of Investigation and the Cybersecurity & Infrastructure Security Agency, as well as local regulators and law enforcement.


Full threat prevention starts and ends with humans. To defend themselves against the bold acts of today’s sophisticated email scam artists, companies should prioritize regular employee training and drill in the shared sense that “we’re all in this together.”

For more advice on how to protect you and your business from socially engineered phishing attacks, contact


The Constangy Cyber Team at BreachResponse@constangy.com or ##877-382-2724 (877-DTA-BRCH).

Tags: Cyber TeamCyberMondayCybersecurityData PrivacyData SecurityPhishingSocial Engineering

   


Georgia Employers' Association

Phone: 478-722-8282 or Email: director@georgiaemployers.org



Powered by:
GetResponse