President’s Letter

 
70x4
 

 

Happy Summer!!! Hopefully, you have some great summer plans coming up. First, thank you so much for your generosity in our Q2 Quarterly Community Cause, the Wounded Warrior Project!!! We raised over $730.00 for them!!!

That’s just great! Our Q3 Community Cause is Clothes to Kids. We will continue to have the 50/50 raffle and will be taking kids clothing donations in August and September. More details will be given at next week’s meeting. Also, in July we have our Christmas in July social held at the beautiful Tradewinds Resort on July 24th.

 

Please come and join us. Lastly, HR Florida is coming up at the end of August. This is a statewide conference and is packed with learning and fun. On Sunday night, Suncoast HR will be having a social of our own.

 

I hope to see you there!


Sincerely,
Rich Williams
President, SuncoastHR

 
 
 
600x300x2
 

 

July Breakfast Meeting:

The Role of HR in Cybersecurity

 

Wednesday, July 10, 2019

8:00am - 9:30 am (Registration begins at 7:30am)

Feathersound Country Club

2201 Feather Sound Drive

Clearwater, FL 33762

 
 
70x4
 

It is predicted that by the year 2021 cyberattacks will put organizations at a loss of over $6 trillion annually for spending one-sixth of that to merely combat cyberattacks. 


HR leaders have the ability to persuade and improve the security stance and organization holds.  The overall mission is not about preparing the security teams for a cyber battle, but to promote security best practices

 

Cybersecurity is often mistaken to be the duty of IT or network experts in an organization. No matter what role you play, cybersecurity is the responsibility of every employee in an organization.  It is important to communicate security policies to employees and ensure the success of cybersecurity strategies and efforts.


Join us and learn from Lynn Heckler and Dave Stafford, as they share how HR has a role in cybersecurity.

 

 
 

 

Lynn Heckler
Chief Talent Officer
PSCU

 
 
 

 

Dave Stafford

Chief Information Officer
PSCU

 

 

Sponsored By:

 

 

 

At No Limit Technology, Inc. they leverage their experience, agility, and partnership model to implement and execute transformational strategies for cloud adoption. They have staffing solutions that are comprised of placing the right talent in the right position, streamlining business processes and exceeding client demands.

 

They serve the IT, Healthcare, and Higher Ed communities, fostering relationships with talented professionals from a variety of backgrounds. Working alongside business leaders, they excel in building end-to-end lean care systems for providers, payers, and technical organizations.

 

They pride themselves on offering rapid, quality services at fair price points. Their guarantee is to establish an ideal match for both consultant and end client, striving to create mutually prosperous relationships. If staffing gaps are identified they have an AI driven recruiting model that will assist augmentation to elevate technology, increase profits, and drive organizations toward new opportunities.

 

 

Plus

 

We will have some extra special “guests” at this month’s breakfast meeting thanks to ZooTampa at Lowry Park. Along with photo ops and fun giveaways, you’ll find out about exciting event opportunities offered at the Zoo. Whether you’re planning an off-site board meeting, an employee appreciation day, or annual holiday party, the Zoo has space and activities to make your next event the best yet.

 

 
600x300x2
600x300x2

This quarter’s community cause is all about the kids! At each meeting this quarter we will be collecting kids clothing and cash donations to contribute to a 50/50 raffle. Proceeds will go to Clothes to Kids, a nonprofit organization that provides new and quality used clothing to low-income or in crisis school-age children.
Ticket Prices are:
1 for $2
6 for $10

15 for $20

 

 

 
600x300x2

 

www.clothestokids.org

 

 

600x300x2
 
600x300x2
 
600x300x2
 
600x300x2
 
 

A Word From SHRM:
5 Top Cybersecurity Concerns for HR in 2019

 

 

By Dave Zielinski
March 5, 2019


Artificial intelligence, bring-your-own-device (BYOD) policies, and application programming interfaces that connect disparate HR systems have brought important new benefits to the workforce. But the adoption of these technologies—along with a rise in sophisticated new forms of cyberattack—also has created new risks to the security and privacy of sensitive human resources data.
A December 2018 study from Cambridge, Mass.-based Forrester Research found that 55 percent of enterprise network security decision-makers reported experiencing at least one data breach in the past 12 months. Forty-four percent of the breaches were caused by employees who—intentionally or not—exposed sensitive data to hackers or data thieves.
Security experts say there are a number of data security issues human resource information technology (HRIT) leaders should pay close attention to this year. Here are their tips for minimizing risk.


1. Phony Chatbots


Hackers are now creating malicious chatbots that attempt to trick job candidates or employees into clicking links, sharing confidential company data or downloading files, said Marc Laliberte, a senior security analyst with WatchGuard Technologies in Seattle.
In 2016, for example, a bot presenting itself as a "friend" on Facebook conned 10,000 users into installing malware that hijacked the users' Facebook accounts and gained access to their personal and financial data.


"Many chatbots are now used to help recruit, to answer frequently asked questions from employees and for other uses in HR," Laliberte said. "They open up a new avenue for phishing attacks from hackers because they can make fake chatbots pop up on a site and steer unsuspecting users toward giving up sensitive information by tricking them into thinking they're interacting with a company-created bot."


WatchGuard's 2019 Security Predictions study found that hackers primarily use basic text-based chatbots but could go after human speech bots like Google Duplex in the future.
Joe Nocera, leader of the Financial Services Cybersecurity practice at consulting firm PwC in Chicago, said companies should use penetration-testing methods with their AI applications in the same way they look for security vulnerabilities in other technologies.

 

Penetration tests are simulated cyberattacks against your own system to check for exploitable vulnerabilities.


"It helps you understand what can go wrong and how bots react when they are being abused or created for malicious purposes," Nocera said. "That kind of simulation testing is a best practice when it comes to rolling out new bots."


2. Spear Phishing

Laliberte also expects more spear phishing attacks—a practice where e-mails are sent from supposedly known or trusted senders for nefarious purposes—largely because of how successful those methods have been for bad actors.
"Hackers have learned that it's much easier to hack people than to hack technology," Laliberte said. "Hackers may use information from a corporate website or other sources to find out who executives are, for example, and send out very convincing e-mails that can trick employees into giving up sensitive data or lead them into a bogus authentication portal to steal their credentials."
Companies should conduct phishing awareness training for workers, Laliberte said, particularly for those employees who have access to sensitive data.


3. Mobile Malware
Mobile devices will continue to be a top target of hackers' attacks, the Forrester study found.
The trend is rooted in part in poor "vulnerability management" by device manufacturers that cease supporting certain devices when new versions come out or that are slow to make security updates available.


There also continue to be security risks in BYOD policies, although modern security practices have reduced the chance of such dangers. Mobile device management allows companies to add important safeguards to mobile devices that employees use for work, Laliberte said, like data encryption, password enforcement and remote wiping.


The results of Sierra Cedar's 2018-2019 HR Systems Survey revealed that organizations with formal BYOD policies are more likely to employ security processes and technology such as multi-factor authentication (MFA) and remote wiping to protect both employees and the organization from hackers. MFA requires users to present multiple forms of evidence to authenticate their identities before accessing a network; remote wiping technology allows network administrators to send commands to delete stored data if a device is lost or stolen.


4. Internal Risks
Security experts say it's just as important to review employee use of internal systems and software as it is to focus on threats from the external environment. "It's not enough to perform external scans of systems, particularly user systems, because attackers aren't gaining access through exposed network services, but through the software your users use to read e-mail, to surf the web, and open documents," wrote senior data security analyst Josh Zelonis in the Forrester study.


Laliberte said threats can arise from modern features built into software that employees use every day. "There have been times when I've almost accidentally sent an e-mail to the wrong person when using the auto-complete feature in Outlook because I started filling in the name and didn't wait to see the last name pop up," he said. "If there is sensitive information in those misdirected e-mails, it can potentially present a big issue."


5. Balancing Access with Security
HRIT leaders will continue to face the balancing act of ensuring that employees have access to information they need to do their jobs while not exposing any sensitive data in the process. Security practices like data masking, encryption and roles-based access to data can help.
"Employees should only have access to that data they specifically need to complete their job tasks and nothing more," Laliberte said. "I would rather make an employee jump through one extra hoop that takes a small amount of time than run the risk of someone stealing all of my data."

 

 

Zielinksi, Dave, “5 Top Cybersecurity Concerns for HR in 2019.” SHRM, Publisher, March 5, 2019. Dave Zielinski is a freelance business writer and editor in Minneapolis. www.shrm.org

 
600x300x2

 

By: Ogletree Deakins


On May 28, 2019, Colorado governor Jared Polis signed into law the Colorado Chance to Compete Act (House Bill 19-1025), more commonly known as “ban the box” legislation. The recently signed Act is another example of pro-employee legislative change that has taken place since the Democrats gained control of the state legislature in 2018.


Colorado will now join California, Connecticut, Hawaii, Illinois, Massachusetts, Minnesota, New Jersey, New Mexico, Oregon, Rhode Island, Vermont, and Washington, which have all passed similar ban the box laws pertaining to private employers.


Effective Date
The new law will go into effect in September 2019 for employers with 11 or more employees. The law will not apply to businesses with fewer than 11 employees until September 2021. While the Act applies only to the private sector, Colorado passed a similar law pertaining to the public sector back in 2012.


Key Components
The new law has three key components for covered private employers. First, an employer may not state in an advertisement for employment that a person with a criminal history is prohibited from applying. Second, employment applications (including electronic applications) cannot state that a person with a criminal history may not apply for a position. Finally, employers cannot inquire into or require disclosure of an applicant’s criminal history on an initial employment application (either in hard copy or electronic format). “Criminal history” is defined in the Act as “the record of arrests, charges, pleas, or convictions for any misdemeanor or felony at the federal, state, or local level.”


Notably, the law does not prohibit employers from obtaining the publicly available criminal history of an applicant at any time. Furthermore, the Act maintains exceptions where the law prohibits a person from holding a position if they have a certain criminal background or if an employer is required by law to conduct a criminal history record check for a particular position.


The act also provides that the Colorado Department of Labor and Employment (CDLE) will adopt rules regarding the handling of complaints filed against employers, including rules regarding requirements for providing notice to an employer of an alleged violation and recordkeeping requirements during an investigation.


Enforcement and Penalties
The Act does not create a private right of action or a new protected class. However, a person that claims to be aggrieved by a violation of the Act is permitted to file a complaint with the CDLE within one year after the alleged violation. The CDLE will then investigate the complaint unless it is determined that the complaint is without merit.


An employer that violates the provisions of the Act may be liable for the following penalties:

  1. For the first violation, a warning and an order requiring compliance within 30 days
  2. For the second violation, an order requiring compliance within 30 days and a civil penalty not to exceed $1,000
  3. For a third or subsequent violation, an order requiring compliance within 30 days and a civil penalty not to exceed $2,500

 

What Now?
Colorado employers may want to review their job postings and advertisements, as well as employment applications and application processes, including interview guides and sample questions, to ensure compliance with the new legislation’s requirements. Employers may also want to train key employees who are involved in the hiring process on the new prohibitions.
Employers with 11 or more employees in the state of Colorado may need to take prompt action to review and, if necessary, revise their application forms, job advertisements, and interview processes to comply with the new legal requirements in advance of the September 2019 implementation date.

 
 
150x50

Total Rewards Management

CERTIFICATION EXAM: T1/GR1*
 
70x4
 

Attract, Motivate and Retain Employees with an Effective Rewards Program

Learn what is required to formulate a rewards program that has the power to attract, motivate and retain — total rewards. Participants are introduced to the total rewards model and each of its components. Emphasis is given to the five elements of total rewards: compensation, benefits, work-life, perfor- mance and recognition, and development and career opportunities.

  • Gain an understanding of total rewards management

  • Discover the five elements of total rewards

  • Understand the critical role of the main drivers — organizational culture, business strategy and human resources strategy

  • Learn the process of designing a successful total rewards strategy

 
REGISTER TODAY!
 
70x4
 
October 14 and 15, (Monday and Tuesday)
 
DATE
St. Petersburg, FL, location TBD
 
LOCATION (CITY, STATE)
Suncoast HR Management Association
 
SPONSORED BY
www.worldatwork.org/suncoast-hr
 
TO REGISTER, CONTACT
Contact Will Rives at worldatwork@suncoasthr.org

 

WHO SHOULD ATTEND?

This course is designed for professionals new to human resources, as well as HR generalists or line managers who want a basic overview of the components that can create an effective balance in employee rewards tools.

 

 

WHAT YOU WILL LEARN

■ Introduction to Total Rewards

■ Compensation
■ Benefits
■ Work-Life

■ Performance and Recognition
■ Development and Career Opportunities

■ Total Rewards — Putting It All Together


CREDITS

  • CCP: Required

  • CBP: Required

  • GRP: Required

  • Recertification: 2 course, .5 exam

  • CEUs: 1.5 course, .3 exam

  • CPEs: 16

  • CPT: 12 points

  • PHR/SPHR/GPHR Recertification

    Hours:16 (Traditional Classroom); 14 (Instructor-Led Live Online)

     

 

For more information visit

www.worldatwork.org/education

 

 
 
 
P.O. Box 2111 Pinellas Park, Florida 33780
 
 
Copyright 2014. Suncoast Human Resource Management Association. All rights reserved. | Unsubscribe