Ascentis Blog

Information to help HR and payroll managers, recruiters, and compliance officers become more effective.

Category Archives: security

Wage Theft: A Two-Way Street? Or is it Three?

By: Howard Lennie

There has been a lot of recent Internet coverage on the subject of wage theft. Just some of the headlines include: “Paterson signs Wage Theft Protection Act”, “Wage Theft: Thou Shalt Not Steal From Your Workers”, “Workers Rebuilding New Orleans Face Rampant Wage Theft”. Even a quick search of YouTube shows over 200 results for videos related to wage theft. It’s an important topic to workers and employers alike.

Most of the stories tell of employers who “steal wages and overtime” from their employees by misappropriating tips, asking people to work off the clock or not paying minimum or living wages.

The reader is left with the impression that wage theft is strictly an employer misdeed and that employers are conniving miscreants who do not want to fairly pay workers.

“Our nation’s workers deserve full and fair compensation, and this Administration is committed to ensuring that they receive it,” said Hilda L. Solis, U.S. Secretary of Labor, in a recent press release. A lot of employers agree and pay workers their due wage. The Department of Labor’s (DOL) Spring 2010 Regulatory Agenda Narrative confirms this belief.  “Fortunately, many employers and other regulated entities have a culture of compliance. Their ordinary, day-to-day business practices include protecting workers against safety and health hazards, assuring workers benefits and family leave, and paying workers the wages and overtime to which they are entitled, among other aspects of “good jobs.” Like the millions of ordinary citizens who pay their income taxes every year without ever coming into contact with the Internal Revenue Service, these compliant employers and other regulated entities should be congratulated for their responsible behavior. No government intervention in their workplaces is required to achieve compliance.”

Yet there is another form of wage theft gets little attention in today’s employee-friendly regulatory environment. Employee wage theft has become rampant within the US. A quick search of headlines across Google yeilds almost two million results.  A very common form of employee wage theft, called buddy punching, is just as illegal and unfortunate as the well-publicized employer wage theft.

What’s interesting is the chasm between the recourse available to the respective victims. When an employer discovers wage theft, their recourse is to dismiss the employee without any real opportunity to recoup the lost wages. Rare is the case that the law becomes involved. However, when an employee claims wage theft, they can file for class action status and cost the employer double damages, fines and lawyer fees, the total cost of which can potentially run into the millions of dollars in high profile cases.

And there may be a third form of wage theft that does more harm to the economy by removing money for reinvestment. As irresponsible as a wage-stealing employer or employee is, the settlements of large lawsuits have far greater consequences when money is siphoned out of local economies when legal fees are paid to out of state law firms and fines are collected into federal coffers. The result is an extension of unemployment because of lost opportunities to create jobs.

Employers who victimize workers should be punished for their misdeeds. But the painting of the entire business community with broad strokes colored by a small percentage of toxic employers perpetuates a bad economic environment.

Implementing an automated time and attendance system with biometric data collection can help economic recovery by eliminating wage theft in all its forms. It stores an accurate record of time punches from which employees can be fully and fairly paid and and shows clear documentation of compliance. Both of which employers can have on hand to greet plaintiff lawyers or investigators from the DOL when they come knocking on the door.

The Mobile World

By Mike Cross, Vice President, Ascentis

Today’s workforce is armed with laptops, iPhones, iPads, BlackBerries … all good devices to make sure you’re there even when you’re not there. Volcano got you down? No problem! Fire up your hologram projector and beam yourself into the meeting. Okay, we’re not doing holograms on that scale (yet,) but high-speed mobile access is becoming more common and available in more and more places.

But look at all those devices running amok. How much control does your company place on mobile access? Some would just say to ban all those devices. They’re too big of a threat to internal security if someone can walk away with data on their iPod. But ever since the dawn of the personal computer, we’ve had removable media (cassette-tape, 5 ¼” Floppy, 3 ½” Floppy), and now we have the ubiquitous thumb-drive. So the portable nature of data has always been there. It’s just on a grander scale now.

Consider enterprise-level tools for the mobile workforce. RIM Corporation has been on the enterprise scope for several years with their BES (Blackberry Enterprise Server). But did you know Apple provides Enterprise support for the iPhone? Check out their guide here as well as other resources on the Apple Web site. And it’s important to properly educate yourself and your staff on proper mobile device use. Always have a password set to unlock the device. And with an enterprise solution, you can immediately remove access to email messages if someone loses their phone.

Set a policy about the types of portable data your employees are allowed to take offsite using portable devices. A good rule of thumb is “no confidential information is stored on anyone’s laptop, thumb drive or other portable device.” Set-up a secure portal for access to such data, such as SharePoint or another secure-access service.

The upside of the mobile revolution is access-on-the-go. With the demands of today’s businesses, its workers need to have the flexibility to be connected when they’re otherwise counting ceiling tiles in the airport or caught in the endless lines at the DMV. Since mobile Web-browsers are able to securely Web sites, including workforce management sites, even busy HR managers can handle tasks when they’re not at their desks.

Do You Know if Your Data is Really Secure?

by Mike Cross

There’s a crook out there thinking of ways to make a quick buck, and identity theft is at the top of his list. The Internet has revolutionized the way your employees access their own information. They can see their last paycheck, make a change to their benefits or submit an updated W-4 form for withholdings.

Those who conceived the Internet assumed a Utopian culture where free-flowing information would only be used for good. Yet the real world is far more perilous. Today’s world requires a high level of security, and Internet security is no exception.

How secure is your approach to data protection? You’ve probably overheard the IT people talking in the hallway using terms like “patching the minimal server configuration” and “intrusion prevention systems.” And what you’re really hearing is something like Charlie Brown’s teacher speaking. Do you feel your employees’ information is safe and secure?

When evaluating an on-demand solution, look for these important points:
- Employee data is encrypted when it travels over the Internet
- The vendor uses multiple levels of network security to isolate potential threats
- All servers are “hardened” (i.e. have minimally installed) operating systems; regular updates (patching) is performed
- A SAS70 Type II independent audit report is available and performed by a reputable firm at least once a year
- Security-threat monitoring systems are implemented and have 24-by-7 coverage
- Backups are created; and backups of those backups are also created

While considering a solution for protecting your data, keep in mind that security starts at the desktop. Anti-virus software has become a standard program installed on every corporate computer. This program compares incoming email messages to a list of known “signatures” and attempts to block any known threat it matches. But there’s something else you have to watch: “social engineering” threats. These threats often arrive in the form of an email that attempts to trick you into clicking a link or opening an attachment, which can then avert the best security measures.

Cisco Systems provides a good whitepaper about this topic here . The best practice is to avoid opening any attachment or clicking any link without first knowing who it came from and that you were expecting to receive it.

Contact Ascentis today for more information about secure on-demand HRIS and payroll solutions.

Mike Cross is Director of IT and Operations at Ascentis. He has 15 years of experience with systems and security, and has also worked as a software engineer on the Ascentis Payroll product.

Seo 1 plugin by friend-adder-bot

Switch to our mobile site