Law firms navigate the urgency to resume normalcy and to keep their staff safe.

Employers are reopening and bringing back employees who were teleworking, furloughed, or fired. There are major considerations for employers to weigh in navigating amidst unprecedented legal and logistical challenges in order to strike an optimal pragmatic balance between savings lives and saving businesses. Staying compliant with a myriad of employment laws, rules and regulations was hard enough before; the Covid-19 pandemic has made it exponentially more demanding. Here are some important pitfalls to avoid and tips to follow for employers as they transition.

Credit: https://schwarzberglaw.com/employers-reopening-checklist/ 

 

1. Safety is Job One.

Employers are legally obligated maintain a safe work environment so they need to closely monitor and comply with government directives. The White House has issued phased-in guidelines, which are generally considered non-binding on the states, which have issued their own sets of orders, directives and guidelines, which take precedence over any conflicting municipal orders which may have also been issued. These change frequently from state-to-state, as does the definition of “essential businesses.” The U.S. Centers for Disease Control and Prevention’s (“CDC”) has issued various Guidelines for businesses considering reopening and Recommendations for maintaining a healthy work environment. Good practice dictates that employers should adhere to the Guidelines and Recommendations as, and when, they evolve and are implemented for various sectors, industries, locations and circumstances. Employers are taking steps to ensure a safe working environment including such things as, doing some testing (if and when tests are available and certain conditions are met, e.g., only if tests are job-related and consistent with business necessity, i.e., if the employer can show that:

  • an employee’s ability to perform essential job functions will be impaired by a medical condition; or
  • an employee will pose a direct threat due to a medical condition — that is, a significant risk of substantial harm to the health or safety of the employee himself or herself or to others, that cannot be eliminated or reduced by reasonable accommodation)

and screening to bar employees from returning who have exhibited symptoms or are high risk, sending home employees if they develop symptoms, staggering work schedules, using a 4-day work week, using Saturdays, giving non-essential workers the option of teleworking and making their return voluntary, limiting occupancy levels and spreading out and disinfecting work spaces, etc. It will, no doubt, be a daunting task to set up a safe staging area to keep employees distant from one another as they gather to be tested, keep their results private, and pay them for the time they spend being tested, all the while realizing that many active carriers of Covid-19 do not have elevated temperatures.

2. Insurance.

Employers should review their existing insurance policies with their brokers, including, but not limited to, Employment Practices Liability Insurance (“EPLI”) (which can cover a wide array of employment-related claims), as well as commercial property “all risk” insurance coverage for the loss or interruption of business relating to the Covid-19 pandemic. Employers have begun filing suits against their carriers for business interruption damages. Brokers who were negligent in not adequately meeting their fiduciary duties to advise clients about getting business interruption insurance or choosing an adequate amount.

3. Paycheck Protection Program (PPP) Loan Forgiveness. Use it or Lose it.

Generally, over the eight-week period following the date of the PPP loan, the funds can be used for payroll costs, rent, interest on mortgage and debt obligations, Utility payments, and Refinancing, within limits. At least 75% must be spent on payroll costs. There is a loss of forgiveness if there is a reduction in the amount paid to each employee over the eight-week period for any employee and if there is a reduction in the number of employees paid over the eight-week loan period. An employer has until June 30, 2020 to restore salary/wage levels or number if employees for any changes made between February 15, 2020 and April 26, 2020.

4. FLSA Overtime and Wage claims.

Employers are obligated to keep accurate records of hours worked to be sure to pay employees at least minimum wage and for all overtime worked. This may be difficult when so many non-exempt employees are teleworking but employers are not excused during this pandemic. If employees who were exempt previously started performing different (non-exempt) duties, they may have lost their exempt status and may be entitled overtime. So, employers should have a review conducted to determine if exempt salaried employees need to be reclassified and paid for overtime. When we return to more normal work duties, if certain employees can be restored to their exempt status because they have gone back to performing their qualifying duties, the basis should be documented. An employer should consider adopting an overtime policy that provides that overtime cannot be worked without prior written supervisory authorization. If a violation occurs, the overtime worked MUST be paid BUT the employee can be disciplined. Note that if an employer violates the Families First Coronavirus Response Act, and fails to make the mandated pay for leave, the employee may file a minimum wage action under the FLSA. Lastly, note that if the salary of a Highly Compensated employee is reduced below the minimum level under the FLA, the exemption may be lost and overtime worked may become due. Payments made to an independent contractor do not count towards loan forgiveness calculations. Therefore, if an employer included the salary of a W-2 employee in calculating the amount of the loan, but converted that same employee into an independent contractor, there may be a portion of the loan that will not be forgiven. Aside from the forgiveness issue, if an employer has misclassified a worker as being an independent contractor instead of a W-2 employee, there may be number of employee rights the employer has violated. Hence, it is important to review the status of all so-called independent contractors to see who really qualifies as a real W-2 employee under any of the tests used by the Department of Labor and the IRS and under the Common Law. Proper classification is vitally important for many reasons, including, but not limited to, counting the number of employees correctly (e.g., Title VII applies to employers with 15 or more and the FMLA applies when an employer has 50 or more employees, etc.) and for employers to be in compliance under the FLSA and the Internal Revenue Code.

5. Beware the Whistleblower and Avoid Retaliation in all of its forms.

An employee who objects to an employer of its violation of a law, rule or regulation and suffers an adverse employment action as a result, may have a claim for damages and attorneys’ fees under Florida’s private whistleblower statute. Fla.Stat. Section 448.101. The same applies for employees, who make a claim for overtime (even orally), claim workers compensation relief for an injury on the job, make a claim for discrimination, harassment, or hostile work environment, seek leave under the regular FMLA or are denied benefits under the recent emergency FMLA under the Families First Coronavirus Response Act. Few employers (including non-union employers) realize that they may become liable for retaliation under the National Labor Relations Act (“NLRA”) if they discipline employees for complaining about working conditions, because it may be deemed to be interference with that employee’s protected right to participate in concerted protected activity. An example may have occurred two weeks ago, when Amazon fired, a worker who protested about unsafe workplace conditions due to concerns over Covid-19. Employers need to be VERY careful, now more than ever, whether, how and why they may take any adverse action against an employee (including, but not limited to, for example, not bringing the employee back from a furlough, layoff or reduction of pay). Now is the time to review whistleblower policies and establish hotlines in place to facilitate timely reporting, have thorough investigations conducted and avoid any retaliation.

6. Avoid Qui Tam Claims Under the False Claims Act like the Plague.

Be wary of exposing the Company to a claim made by an employee under the Federal False Claims Act (a/k/a Qui Tam claims), i.e., a lawsuit brought by a private citizen (whistleblower) against a person or company who is believed to have violated the law in the performance of a contract with the government or in violation of a government regulation, when there is a statute which provides for a penalty for such violations. In simplest terms, if a company or person took advantage of the government by wrongfully taking money or something of value or failed to pay the government money it should have or give something of value to which the government was entitled, a private citizen could sue in the name of the government to recover damages and receive a portion and attorneys’ fees and costs. In today’s, confusing, unsettled, threatening, disrupted environment, one can only imagine the wave of such suits being filed. Any employer with government contracts should be especially careful to avoid any mistakes or improprieties.

7. Discrimination Based on Potential Bias in Rehiring In the “Fog of War.”

In starting back up, employers may have a certain business necessity to rehire en masse only a portion of their pre-pandemic work force. That could create some exposure depending on who was chosen to return. For example, if an employer sought to protect and not bring back right away older workers who are deemed more susceptible to infection, or pregnant workers, the employer could unwittingly be setting itself up to an age or gender discrimination claim, respectively. Note the recent April, 2020 US Supreme Court decision in in Babb v. Wilkie (the “OK Boomer” case), where the Court held that if age was “a” factor (not necessarily “the” factor) in employment decisions, the employer could be liable. Many experts believe the Ageism will quickly become its own #metoo movement, especially because of our aging population and the rapid increase pace of technology in the workplace. Also trending are pay disparity claims brought by women who earn a fraction of what men are paid. Also in the mix may be situations where those who had previously taken a medical-related leave or leave under the new FFCRA could bring a retaliation claim.

Liability could also be based on the employer’s decision having a disparate impact on a particular protected group even if discriminatory intent could not be established. Employers should apply existing or new sick leave policies uniformly (the same for all employees under similar circumstances) to avoid claims of discrimination or unfair treatment.

Therefore, employers will need to use objective criteria and document the reasons for decisions on who was chosen to return to work in order to prove later that there existed legitimate non-pretextual reasons for their actions.

Other problems can arise because of the current circumstances. The pandemic has exacerbated xenophobic bias and engendered hateful expressions (e.g., anti-Chinese) which, if allowed to remain unchecked, could make an employer liable. Also, with many more employees teleworking, they are more likely to say or write something to other employees, or act inappropriately, than they would if they were face-to-face in the workplace under direct supervision.

Lastly, there is a phenomenon that more discrimination takes place when decision makers are in the Fog of War, where they think they can get a way with discriminating against members of certain protected groups (e.g., disabled employees). There’s more of a need for employers to keep that from happening.

Lastly, as testing continues to ramp up, and contact tracing and other identifying techniques are put into place, discrimination-related claims may explode, particularly regarding individuals who have tested positive for COVID-19.

Employers need policies and procedures, and need to reinforce training, and be ready to open investigations and to adequately discipline employees, if necessary, to prevent future claims.

8. Unemployment/Re-Employment Assistance and Re-Onboarding Issues.

“But I don’t want to come back to work just yet.” Some employers furloughed employees to keep them employed and on group health insurance policies. Many of those furloughed employees may be unemployment benefits from their state plus the $600 per week federal supplement under the CARES Act, which might total more than they would receive net if they returned to work full-time at their previous compensation level. When businesses reopen, what if they are called back to work but don’t want to return? Employers have a right to recall workers and, if a worker gets a reasonable notice and refuses to return, the employee can get fired and risk losing unemployment benefits by now being disqualified. One approach is for employers to increase pay to equal or surpass what an employee can get through unemployment until the $600 supplement expires July 31, 2020, especially if the employer took out a PPP loan and wants it to be forgiven. Every state’s unemployment compensation system is unique, so employees and employers have to check carefully.

Aside from the economics, just feeling unsafe about returning to work is not a good enough reason to refuse to return, unless the employer is not complying with CDC, OSHA and State guidelines to ensure a safe workplace.

Re-Onboard Correctly. If an employee was officially, terminated, and is being brought back, the employer should be sure to fully re-onboard the employee, het the employee re-enrolled in benefit plans, sign Employee Handbooks, mandatory arbitration agreements, restrictive covenant agreements, etc. as if they were a brand new employee. Note that if an employee was furloughed, then maybe they were continued on the employer’s employee benefit packages but be sure to have your insurance broker and your HR department check and confirm.

9. Family Medical Leave (“FMLA”) Notice of Eligibility and the Americans With Disability Act (“ADA”) Interactive Process.

Under the FMLA, if the employer knows or has reason to know an eligible employee has a serious health condition or may qualify for leave, the employer has an affirmative obligation to provide the employee with formal written Notice of Eligibility and Rights & Responsibilities. If the employee qualifies, unpaid leave must be provided for as much as 12 weeks in the applicable one-year period and the employee’s position must be available upon the end of leave (intermittent or continuous). Employers must maintain the employee’s insurance.

Under the ADA, if the employer knows or has reason to know an employee has a disability or regards the employee as having a disability (physical or emotional), the employer has an affirmative obligation to engage in the “interactive process” to determine if a reasonable accommodation must be provided to the employee, unless the employer can prove that providing the accommodation sought by the employee would work a hardship on the employer’s business.

Maintaining open lines of communications with employees during transition is paramount. It will be increasingly important for employers to communicate concerning what employees are to expect upon returning to work, regarding new evolving health and safety precautions, and with respect to a plethora of workplace transition matters, such as assignments, scheduling, compensation, and sick leave. Employers can consider establishing a hotline to make it easy for employees to connect and report problems and concerns.

10. Privacy and HIPAA Issues.

As we continue to reopen, we remain mindful that the threat of Covid-19 may be with us for many more months or years, at least until an effective vaccine is developed. It may become necessary to continue the reopening process with an immune-based workforce as the central requirement. China has begun issuing written certifications with color-coded QR codes to allow them mobility and access to public places. Several countries are seriously considering issuing immunity passports so that those previously sick can safely work where unexposed vulnerable people cannot. Our own Dr. Fauci has stated that we may need to adopt such a program in the US at least for frontline workers. That possibility is laden with serious uncertainties. The science isn’t in yet to confirm such tests work and would be reliable. Hiring based on someone having had and survived the disease raises serious legal issues (including, ADA, HIPAA, privacy, etc.). Who would control the system and information? Would employers get broad general waivers of liability? So many quirks would impede such a program. Rejected applicants would claim (reverse) discrimination; immunities would wear off, exposing workers; people in need would purposefully expose themselves to become immune and, therefore, employable; black market counterfeit certificates would confuse everyone; certain subsets of the population may benefit more than others, etc. etc. There won’t be enough litigation attorneys, judges, or juries to handle the explosion of litigation.

We don’t know enough yet, we haven’t done sufficient testing and we’re not set up to do contact tracing. Our medical experts state that we’ll first need to know the degree to which the virus has affected our society so we can plan intelligently. Even so, variants and mutations of the virus may derail the best laid plans. Ours is not a totalitarian culture that would be able to impose and enforce such Draconian plans using a centralized Big Brother approach. It’s not who we are.

Conclusion: Employers will be in the thick of it all. There are predictions of a second surge in the Fall that might be worse than what we are experiencing now. Employers need to implement various policies in anticipation and continue to monitor COVID-19 specific government orders or regulations, especially EEOC, OSHA and CDC websites for updated direction.

 

Microsoft has emerged victorious in a dramatic competition for public cloud resources for the U.S. Defense Department, beating out Amazon Web Services. The contract could be worth as much as $10 billion over a decade. See Microsoft Azure wins $10 Billion contract from department of defense.

Azure also has achieved more security and compliance certifications than any other Cloud provider.

When your law firm chooses to go to the Cloud, why choose anything less?

 

Unverified sender is a new Office 365 feature that helps end users identify suspicious messages in their inbox. In order to help customers identify suspicious messages in their inbox, Microsoft added an indicator that demonstrates Office 365 spoof intelligence was unable to verify the sender.

To prevent phishing messages from reaching your mailbox, Outlook.com and Outlook on the web verify that the sender is who they say they are and mark suspicious messages as junk email.

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/unverified-sender-feature 

 

On October 16, 2019, Network Solutions determined that a third-party gained unauthorized access to a limited number of our computer systems in late August 2019, and as a result, account information may have been accessed. No credit card data was compromised as a result of this incident.

The best precaution is to change your Network Solutions login credentials.

Read more: [Click Here]

 

Dorian has passed Miami… did you feel your law office was prepared?

Early hurricane preparation will improve your firm’s ability to get back to business.

Tips you can do before a hurricane strikes:

  • Develop communications procedures to inform staff of office closure status.  Create a “phone tree” to communicate when the office will re-open.
  • Test forwarding the firm’s main phone number to a cell phone or using a mobile phone app from your telephone provider.
  • Confirm you are properly insured.  Consider business interruption insurance that covers loss of income because of a disaster, such as closed roads or loss of power.

When a Hurricane Warning is issued:

  • Properly shut down and turn off computers, monitors and printers.  Unplug hardware, including printers, that do not have an Uninterruptable Power Supply (UPS) from the wall.  A server can stay running to enable remote access if it is properly shielded using an appropriate UPS.
  • Store computer equipment away from the windows and off the floor.
  • Safety is the highest priority.  Heed official evacuation warnings and find the safest location to ride out the storm.

What to do after a hurricane:

  • The electrical supply may be unstable and have unusual surges and flickers.  LCC recommends U.P.S. equipment to protect sensitive hardware.

LCC can assess your firm’s readiness for the next natural disaster.

We hope you and your family stays safe throughout this hurricane season,

Dade: (305) 371-4522

Broward: (954) 680-3760

WPB: (561) 296-4522

peterr@legalcomputer.com

www.legalcomputer.com

Legal Computer Consultants (LCC)provides comprehensive technology solutions exclusively for South Florida attorneys and their staff.   

NYTimes OPINION

They Stole Your Files, You Don’t Have to Pay the Ransom

The F.B.I. should follow the example of European law enforcement and help victims of ransomware decrypt their data.

By Josephine Wolff

Dr. Wolff is a professor at Tufts University.

Aug. 14, 2019

No More Ransom initiative, announcing that the public-private partnership had helped more than 200,000 ransomware victims recover their files using its library of freely available online tools instead of giving in to hackers’ demands to pay a cryptocurrency ransom. All told, the recovered files saved victims some $108 million in ransom, according to Europol, the European Union’s police agency.

 

The No More Ransom tools are available to everyone, not just those in the European Union. People from 188 countries have visited the project’s website in three years, with nearly 10 percent of that traffic coming from the United States, according to data collected by the European Cybercrime Center. But here in the United States, where ransomware is on the rise and increasingly targeting both local governments and private companies, law enforcement has been strangely quiet about promoting alternatives to ransom payment.

 

Lack of public awareness may be one reason that victims of ransomware in the United States are often willing to pay their attackers in order to regain control of their files and computer systems. In June alone, two cities in Florida — Riviera Beach and Lake City — agreed to make Bitcoin ransom payments worth roughly $600,000 and $460,000, respectively. In both cities, most of the payments will be covered by their insurers.

 

But every time a victim pays hundreds of thousands of dollars to a cybercriminal, the payment reinforces the criminals’ faith in their business model. For this reason, it’s essential that victims stop paying these ransoms: Making ransomware unprofitable is effectively the only way, short of coordinated global regulation of cryptocurrencies, to stop these criminals.

 

The F.B.I. has struggled to send a clear message to ransomware victims ever since 2015, when an agent told the audience at a computer security conference in Boston, “We often advise people just to pay the ransom.” The F.B.I. later corrected its position: that victims should not pay ransoms.

 

“The F.B.I. doesn’t support paying a ransom in response to a ransomware attack,” the website states, adding that paying a ransom does not guarantee victims will get their files back and may serve to fund other criminal activity. But most of what the F.B.I. recommends are preventive measures, such as patching software or backing up data — which is good advice, but it won’t help victims whose computers have already been infected by ransomware.

 

But ransomware victims who don’t have offline backups of their data do have options. Many common strains of ransomware have, in fact, been reverse engineered by software engineers and security firms that provide decryption tools, including the ones aggregated in the No More Ransom project. These tools won’t work for every victim, but there are more than 100 decryption tools, each targeting a specific strain of ransomware, available free on the No More Ransom site. As a victim, of course, you may not be sure whether you’re infected with the Marlboro or the Pylocky or the Popcorn or the BigBobRoss strain, but if you upload any of the encrypted files created by the ransomware on your computer, or any email, website or Bitcoin address left behind by the attackers, No More Ransom will let you know if it has any tools that can help.

 

In order for these tools to be effective, victims have to know where to find them in the first place, and so far, American law enforcement has done much less than its European counterparts to publicize the existence of these options. For example, the strain of malware that infected the Lake City systems was called Ryuk, and Emsisoft, a security firm, says it is can decrypt Ryuk malware using its free tools in 3 percent to 5 percent of the cases. But it’s unclear whether Lake City knew about any of these tools and tried to decrypt its data before acquiescing to the ransom demands.

 

If the victims had sought advice exclusively from United States law enforcement agencies, like the F.B.I., the Department of Homeland Security’s Computer Emergency Readiness Team or the Secret Service, they certainly would not have found any mention of the No More Ransom project or other resources for decrypting infected files, such as the website ID Ransomware, which an Emsisoft employee created to help victims identify the ransomware they are facing. The most the federal government has done to support these efforts is give an F.B.I. Director’s Community Leadership Award to the creator of the ID Ransomware site.

 

Contrast that with Europol, which has partnered with private companies researching and building decryption tools to combat ransomware. It promotes the No More Ransom tools on its website and encourages their use by victims who might otherwise be reluctant to trust a strange website at a moment when they are feeling particularly gullible and vulnerable.

 

This silence on the part of the American government is baffling. The recommendations these agencies offer about creating regular backups and not clicking on suspicious email attachments are valid and useful prevention tips, but none of them help the thousands of people who are most likely to be looking at their websites — the people whose hard drives are already infected and encrypted.

 

The best way that the F.B.I. could celebrate three years of No More Ransom is to finally get involved and partner with its counterparts in Europe and around the world to create, and promote, trustworthy resources for ransomware victims who want to do their part to stop ransomware by cutting into cybercriminals’ profits.

 

Josephine Wolff is assistant professor of cybersecurity policy at the Tufts Fletcher School of Law and Diplomacy and the author of “You’ll See This Message When It Is Too Late: The Legal and Economic Aftermath of Cybersecurity Breaches.”

 

 

The New York Times

A new phishing scam is threatening law firms.  We are reaching out to our clients to help them avoid becoming a victim.

Please instruct staff handling inbound calls to hang up on callers claiming to be from Microsoft stating that your Windows license key will be deactivated.  The caller ID may appear to be coming from your own phone number.  This is NOT how Microsoft communicates with their customers and this is a scam!

  • Never give up any confidential information over the phone.
  • If you have any concern about an inbound call, hang-up and initiate the call back to the company on your own.
  • Legal Computer Consultants will never ask for passwords or other confidential information over the phone. 

Follow this link to learn more about this new and dangerous scam:

Microsoft License key/IP address scam

Here is a link to a draft Cyber-Security policy for your firm to edit and distribute:

https://www.legalcomputer.com/cyber-security-policy-template-for-law-firms-and-legal-professionals/

If you have any questions, please do not hesitate to call us directly.

Microsoft’s Intelligent Cloud Segment produced more quarterly revenue than the segments containing Office and Windows for the first time in more than three years. Azure’s grew 64% on an annualized basis.

See: Azure Cloud is now Microsoft’s largest business