It costs nearly 20 percent of an employee’s annual salary to replace a current employee. If you are experiencing high turnover, chances are you are experiencing high losses as well. The costs of reviewing applications, processing candidates, conducting interviews, training and purchasing equipment for new hires aren’t only monetary – they also cost time and lost productivity.
Given the high cost of losing an employee, retention should be a top priority for every organization. If you do not already have a retention strategy, now is the time to make one. The first step in curbing turnover is figuring out why employees are leaving.
Why Employees Leave
Employees leave organizations for a variety of reasons, depending on their unique circumstances. However, there are some common reasons that may help determine the best retention strategy for your organization. Below are some of the most common reasons employees leave:
- Stagnation – Employees are often looking for career and personal growth. If they have no upward mobility at your company, they may look for it elsewhere.
- Pay – Compensation needs to be competitive to attract the best talent. Likewise, good pay is needed to retain top talent.
- Workplace culture – Expectedly, co-workers matter to employees. If they feel ostracized or marginalized by co-workers (or management), they will want to leave that environment.
- Better opportunities – Like with stagnation, employees leave when they believe they have better prospects elsewhere. This could be due to a higher-paying position or simply a job more aligned with their interests.
How to Retain Employees
Retention strategies are not universal. It is possible that techniques and strategies that work for some organizations will not work for yours. This means you need to analyze why your employees are leaving and strategize how to combat those reasons.
Exit interviews are a great way to analyze why employees are leaving. During exit interviews, managers ask questions to employees who are on their way out of the company. Questions should be related to the employees’ time with the company, such as what they enjoyed, what they disliked and what prompted their resignation. Exit interviews will only be useful with employees who resign or leave voluntarily, not those who have been terminated.
Depending on the responses from the exit interviews, you can begin crafting a retention strategy. For instance, if a main catalyst for employee turnover is a lack of upward mobility, think about how to change that. It could mean creating new roles or, if roles already exist, making a clear guide for career pathing at the organization.
Creating a retention strategy does not need to be solely reactive. Consider creating a survey to gauge employee satisfaction with the company. Include questions about what people like and what they do not like about their job.
Retaining employees is critical for any business an falling short on retention can be devesating to your bottom line. It costs nearly 20 percent of an annual salary to replace an employee, so implementing proactive retention straties is key to mainitning your workforce.
Answer the questions below to determine if your orginzation has a high turnover risk.
| INSTRUCTIONS: Begin by answering the questions below. Each response will be given a numerical value depending on the answer. After completeing the questions, total your score using the scale at the bottom of the page. |
| YES: 0 points |
NO: 2 points |
UNSURE: 2 points |
|
| QUESTION |
ANSWER |
SCORE |
| Have you reviewed pay scales within the last three years? |
|
|
| Do you survey employees career groth desires each year? |
|
|
| Have you compared your health insurance against similar companies in your industry? |
|
|
| Do you routinely survey employees to ensure they feel comfortable and included in the workplace environment? |
|
|
| Do you track top employee performers? |
|
|
| Do you monitor the market to ensure top performers are appropriately compensated? |
|
|
| Have you surveyed employees in the past to guage their workplace satisfaction? |
|
|
| Do you have a retention strategy in place for when a top performer comes to you with another offer? |
|
|
| Do you offer incentives beyone health benefits to employees? |
|
|
| Have you implemented employee engagement strategies to curb turnover proactively? |
|
|
| TOTAL SCORE: |
|
|
|
| Low Risk |
Moderate Risk |
High Risk |
| 0 – 6 |
7 – 13 |
14 – 20 |
|
There is no hard and fast rule for successful employee retention. Creating a retention strategy for your organization requires you to analyze both your company and its industry. Contact Scurich Insurance for more information on retention and for materials to help you craft your strategy.
Read more
Technology can be a risk, especially when it involves your password. You hear about all of the hack attempts on the large corporations, but you don’t hear about the every day person that get’s targeted by a cyber attack. Simply visiting a website could enable your attacker access to your computer. This should push you to protect your most valuable asset, your password! Don’t give the hackers an easy target by not following the simple tips on improving your password.
Improve Your Password
- Change your password every 30-45 days.
- Choose a password between 8-16 characters.
- Use at least two special characters (!@#$%^&*) randomly within your password
- Avoid using family or pet names, dates or common phrases within your password.
- Never reuse or repeat a password across accounts.
Stay Away from COMMON Passwords
Protect yourself (and your company) by making sure you’re not using one of the top 25 most commonly stolen passwords of 2017, as determined by IT security firm SplashData.
- 123456
- password
- 12345678
- qwerty
- 12345
- 123456789
- letmein
- 1234567
- football
- iloveyou
- admin
- welcome
- monkey
- login
- abc123
- starwars
- 123123
- dragon
- passw0rd
- master
- hello
- freedom
- whatever
- qazwsk
- trustno1
Read more
It’s that time of year: Feb. 1 marks the deadline for you to tabulate your annual OSHA Log Summary (OSHA Form 300A) and post it in a common area wherever notices to employees are usually posted.
The summary must list the total number of job-related injuries and illnesses that occurred during the previous calendar year and were logged on the OSHA 300 Form. And don’t forget to leave the Summary posted until April 30.
If you need additional assistance, have questions about recordability, or would like to compare your loss performance trends against national benchmarking data, contact us today at 831-661-5697 for more information.
Read more
On Dec. 22, 2017, President Donald Trump signed into law the Tax Cuts and Jobs Act (Act). The Act makes significant changes to the federal Internal Revenue Code (Code), including changes that impact employee benefits. Effective for 2018:
- Employers cannot deduct expenses associated with qualified transportation fringe benefit programs;
- Employees cannot exclude bicycle commuting reimbursements from their gross income; and
- Moving expense reimbursements are not deductible for employers and cannot be excluded from employees’ gross income.
In addition, effective for 2018 and 2019, the Act creates a federal tax credit for employers that provide paid family and medical leave.
Because most of the Act’s provisions became effective on Jan. 1, 2018, employers should start working with their tax advisors to determine how the tax changes will impact their businesses.
Qualified Transportation Fringe Benefits
Code Section 132 allows employers to provide certain transportation benefits to employees on a tax-free basis. These benefits include qualified parking, transit passes, and transportation to and from work in a commuter highway vehicle (“vanpooling”). Prior to 2018, bicycle commuting reimbursements also qualified for this tax exclusion.
Qualified transportation expenses paid by either the employer or employee can be excluded from an employee’s gross income, up to certain limits. For 2018, the tax exclusion limits are $260 per month for qualified parking expenses and $260 per month for transit passes and vanpooling expenses, combined.
Beginning in 2018, the Act eliminates the employer deduction for expenses associated with a qualified transportation fringe benefit program. The Act also eliminates the deduction for any expenses incurred in connection with providing transportation to an employee in connection with travel between the employee’s residence and place of employment, except as necessary for ensuring the employee’s safety.
However, with the exception of bicycling commuting expenses, the tax exclusion for employees has not changed—qualified transportation benefits are still excludable from employees’ gross income. The tax exclusion for bicycling commuting benefits is suspended for tax years beginning after Dec. 31, 2017, and before Jan. 1, 2026.
Qualified Moving Expense Reimbursements
Before 2018, employers could pay or reimburse an employee’s eligible moving expenses related to starting employment at a new principal place of work on a tax-free basis. The Act suspends this income exclusion from 2018 through 2025 tax years.
It also suspends the employer deduction for qualified moving expense reimbursements for the same period of time. However, the income exclusion and deduction still apply in the case of a member of the U.S. armed forces on active duty who moves pursuant to a military order and incident to a permanent change of station.
Employer Credit for Paid Family and Medical Leave
The Act creates a new temporary tax credit for employers that provide paid family and medical leave to their employees. The tax credit, which applies to wages paid in 2018 and 2019, is equal to a percentage of wages paid to employees who are on family and medical leave. Paid leave that is provided as vacation leave, personal leave, sick leave, or required by state or local law is not taken into consideration.
To qualify for the tax credit, an employer must have a written policy in place that provides at least two weeks of paid family and medical leave for full-time employees (proportionally adjusted for part-time employees) and a rate of payment that is at least 50 percent of an employee’s normal pay rate.
Read more
Businesses gather a lot of information from their customers, including personal identifying information (PII). Because of the sensitivity of this information, many states have adopted standards that businesses must follow to safeguard PII. These standards often include data security breach notification requirements.
In California, these laws are enforced by the California attorney general’s office. This Cyber Security Law Summary provides an overview of California’s data breach notification requirements. Businesses can use this information to understand their responsibilities in protecting PII of California customers.
Cyber security Responsibilities
California law requires businesses and individuals that own, license or maintain PII about Californians to safeguard that information. Businesses must implement reasonable security procedures and practices to protect PII from unauthorized access, destruction, use, modification or disclosure.
Under California law, “owning” and “licensing” includes retaining an individual’s PII in an internal account for the purpose of conducting transactions with the individual in question.
Businesses that disclose PII to a third party must have a contract in place requiring the third party to implement and maintain reasonable security procedures and practices.
The responsibility to safeguard PII begins when the information is first acquired and remains in effect until the information is properly disposed of. This means that businesses must also take reasonable steps to dispose of customer records that are within their custody.
Adequate disposal methods include shredding, erasing and otherwise modifying the records where the information is stored to make them unreadable or undecipherable. Businesses can use any means necessary to dispose of PII properly.
Affected Entities
Breach notification requirements apply to individuals and businesses in California that own, license or maintain PII about Californians. Under these laws, a business is any group that is organized, chartered, or holds a license or authorization certificate under California law or the law of any other state, the federal government or of any other country. This definition of business includes any sole proprietorship, partnership, corporation, association and financial institutions. The term also includes any entity that disposes of records.
Certain businesses are exempt from California’s breach notification law, including:
- Health care providers, health care service plans or contractors regulated by the Confidentiality of Medical Information Act;
- Financial institutions that are subject to the California Financial Information Privacy Act;
- Businesses governed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy and security rules;
- Entities that obtain information under an agreement authorized by the vehicle code and that are subject to the confidentiality requirements of the vehicle code; and
- Businesses that are regulated by state or federal laws that provide greater protections to PII than what is required under California’s breach notification laws. This last exemption is possible because compliance with stricter state or federal laws will be considered compliance with California laws.
Affected Information
Under the breach notification law, PII includes an individual’s first name or first initial and last name in combination with one or more of the following:
- A Social Security number;
- A driver’s license number or California identification card number;
- An account, credit or debit card number, in combination with any required security code, access code or password that would permit access to an individual’s financial information;
- Medical information (meaning any information regarding an individual’s medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional);
- Health insurance information (meaning an individual’s health insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the individual, or any information in an individual’s application and claims history, including any appeals records); and
- Information or data collected through the use or operation of an automated license plate recognition system.
PII also includes a username or email address, in combination with a password or security question and answer that would permit access to an online account.
PII does not include publicly available information that is lawfully made available to the general public from federal, state or local government records.
What is a Security Breach?
Under the law, a security system breach is an unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of the PII maintained by another person or business.
Determining whether a breach took place under the law depends on whether the affected information was encrypted or unencrypted, as shown in the table below.
|
Encrypted Information |
|
Unencrypted Information
|
|
Notification must be given if:
- The business reasonably believes the information has been acquired by an unauthorized person;
- The encryption key or security credential was, or is reasonably believed to have been, acquired by an unauthorized person; and
- The business that owns or licenses the PII reasonably believes that the encryption key or security credential could render that PII readable or usable.
|
|
- Notification must be given if the business reasonably believes that the information was acquired by an unauthorized person.
|
Data Breach Notification
California law requires businesses to provide written notice of a breach to the security of their systems if they own or license computerized data that includes PII.
|
Who must be notified?
|
Businesses must notify any person whose PII was compromised as a result of a data breach (as defined above).
In addition, any business that is required to notify more than 500 California residents as a result of a single breach must submit a single sample copy of that notification to California’s attorney general.
Businesses that maintain, but do not own or license, PII must inform the entity that owns or licenses the information of any security breach if the PII was, or is reasonably believed to have been, acquired by an unauthorized person.
|
|
Mandatory Notification Content
|
A valid data breach notification must be written in plain language and must be titled “Notice of Data Breach.” This notification must include the following information (if available at the time the notification is sent):
- The name and contact information of the reporting person or business subject to these requirements;
- A list of the types of PII that was or is reasonably believed to have been compromised by the breach;
- The date of, the estimated date of or date range for the breach;
- Whether notification was delayed as a result of a law enforcement investigation;
- A general description of the breach incident;
- The toll-free numbers and addresses for the major credit reporting agencies (if the breach exposed a Social Security number, driver’s license number or California identification card number);
- An offer to provide appropriate identity theft prevention and mitigation services for affected individuals for at least 12 months (if the entity providing the notification was the source of the breach); and
- Instructions on how to take advantage of the 12-month identity prevention and mitigation services offered (as applicable).
|
|
Optional Notification Content
|
The following information may be included in a breach notification at the discretion of the entity sending the notice:
- Information about what has been done to protect individuals whose information has been breached; and
- Advice on steps affected individuals may take to protect themselves.
|
|
When to Send the Notification
|
Data breach notifications must be made as soon as possible, without unreasonable delay. Timely notifications must take into account legitimate needs to cooperate with law enforcement, determine the scope of the breach and restore a reasonable integrity of the data system. For example, the notification requirement may be delayed if a law enforcement agency determines that the notification will impede a criminal investigation.
|
|
How to Send the Notification
|
Under California law, breach notification can be sent in print, electronically or through a substitute notice, as defined below.
The use of electronic notices is acceptable, as long as all timing, content and formatting requirements are met. Electronic notifications must also follow federal laws regarding electronic records and signatures in commerce.
A valid substitute notice must include:
- An email notice (when the business has an email address for the affected individuals);
- Conspicuous posting, for a minimum of 30 days, of the notice on the internet website page of the business, if the business maintains one. Conspicuous posting means providing a link to the notice on the home page or first significant page after entering the business’ website. The link must stand out from the surrounding text by using larger type, contrasting type, font or color to the surrounding text. The text may also stand out by using symbols or other marks that call attention to the link; and
- Notification to major statewide media.
Substitute notice may also be provided if the business demonstrates that the cost of providing notice would exceed $250,000, the affected class of subject persons to be notified exceeds 500,000 or the business does not have sufficient contact information.
|
Required Format
The notice must be designed to call attention to the nature and the significance of the message. This includes making sure that the title and headings are clearly and conspicuously displayed and using a font type that is 10 point or larger.
In addition, the data breach notice must organize the information according to the following headers:
- What happened
- What information was involved
- What we are doing
- What you can do
- For more information
Safe Harbor
A business that maintains its own notification procedures as part of an information security policy for the treatment of PII is in compliance with the notification requirements mentioned above if it:
- Notifies individuals in accordance with its policies in the event of a breach; and
- The notification takes place within the time constraints mentioned above.
Enforcement
Businesses cannot waive any of the responsibilities imposed on them by California’s breach notification laws. Any business that fails to comply with these requirements may be required to pay damages and penalties to injured customers by a civil court. Any business that violates, proposes to violate or has violated notification requirements may be subject to these sanctions.
The amount of damages depends on the extent of the harm or injury caused to the customer. The penalty is typically $500 per violation, but a court may order the penalty to be as much as $3,000 per penalty for willful, intentional or reckless violations.
A “customer,” for these purposes, is any individual who provides personal information to a business for the purpose of purchasing or leasing a product or obtaining a service from the business.
Unless the violation is willful, intentional or reckless, a business that fails to provide adequate, complete and accurate notification to affected individuals can raise a complete defense against court penalties if it strives to remedy inadequate, incomplete or inaccurate notifications within 90 days of discovering an issue.
Read more
Although it is important for companies to trust their workers and the general public, the unfortunate reality is that theft can happen at any time. This is particularly true in the construction industry, where expensive tools and machinery are often left in plain sight or are easily accessible to criminals.
Construction site theft is especially damaging, as the theft of materials and tools can quickly delay a project, sometimes bringing production to a halt. Accordingly, it is essential for construction companies to understand how they can prevent job site theft before it happens.
General Tips
While every job site presents its own set of unique challenges, there are a number of general tips firms can use to better secure a construction site. The following are some basic strategies you can use to protect your materials and tools from thieves:
- Create a written security policy and job site security plan. These written plans should assign supervisory responsibilities, encourage awareness, and establish basic best practices for securing tools and materials.
- Contact nearby property owners and local law enforcement officials whenever you start a new project. These parties can help monitor your job site, particularly during off-hours.
- Establish a way for your employees to report theft or suspicious activity. Be sure to maintain complete records of any security incidents, as they can be beneficial to law enforcement in the event of theft, vandalism or similar occurrences.
- Conduct thorough background checks on your employees before hiring them on full time. You should also keep a list of people authorized to be on the job site on hand at all times.
Worksite Protections
Equipping your worksite with theft prevention features is mandatory if you expect to ward off potential criminals. Whenever possible, consider doing the following:
- Enclose your worksite with a security fence and provide limited access at all times. Use lockable gates whenever possible. Avoid using low-quality locks or leaving keys in the locks themselves.
- Ensure that your worksite is well-lit at night to deter criminals.
- Utilize signage to keep unauthorized personnel off your worksite.
- Walk around the worksite at the beginning and end of each day to ensure that no items are missing.
- Consider hiring security guards to patrol the construction site, particularly at night.
If possible, install security cameras to safeguard your job site. Overall, training employees on how to best keep materials and equipment out of the hands of thieves is your first line of defense against losses.
Controls for Equipment, Tools and Materials
The number of tools and machinery found on a construction site can vary heavily from day to day, making it difficult to keep track of valuables. That’s why the first step in any good protection program is to inventory the equipment you have.
An inventory should be made available for each job site and should accomplish the following:
- Inventories should track all newly purchased items. Copies of the inventory should be kept in a secure location.
- Inventories should be up to date and include photos of the larger, more important equipment.
- To aid in the settlement and recovery of any stolen equipment, inventories should include the following:
- The original date of purchase
- The original cost of the equipment
- The equipment’s age and serial number
- Relevant manufacturer information
Firms should assign one employee to be in charge of managing the inventory. This person would be responsible for keeping track of all materials, tools and deliveries.
Other major steps to securing equipment, tools and materials include the following:
- Utilize a secured area to store your equipment.
- Mark and label all tools in a distinctive manner for easy identification.
- Implement a checkout system of all tools and equipment so you can track their whereabouts.
- Establish a key control system for heavy duty machinery.
- Install anti-theft devices on mobile equipment.
- Lock all oil and gas tank caps.
- Park all equipment in a centralized, well-lit and secure area.
- Avoid using your worksite for storage. Remove any tools, materials or equipment that are not in use.
In general, it’s important to keep inventory levels low on-site to discourage thieves. In addition, creating and maintaining an equipment program can make all the difference when it comes to safeguarding your tools.
Equipment programs should make employees, managers, supervisors and foremen responsible for equipment losses. Under such programs, all losses are must be reported, regardless of how small. You should review equipment programs at least annually.
Responding to Job Site Theft
Even if an unimportant or inexpensive piece of equipment goes missing, it’s critical to report the theft to the police. While the authorities may not always be able to recover stolen items, reporting every instance of theft helps police establish a pattern that may assist in future cases.
When a theft occurs, respond by doing the following:
- Notify the proper authorities. Provide as much detail as possible, including when the theft took place and what was stolen.
- Contact your insurance broker and review the specifics of your policies, including coverages, limitations and deductibles related to personal property.
- File an insurance claim.
Following a theft, it’s important to take any additional steps necessary to secure your job site to prevent future losses.
Protect Your Projects
Theft is unpredictable, but there are many workplace controls that firms can implement in order to protect themselves. In addition, it’s important to speak to a broker to seek the appropriate insurance coverages. Contact Scurich Insurance today for more information.
Read more