Is that email REALLY from your boss? IRS warns of new phishing scheme

Let’s pretend you work in HR or in the payroll department of your company. Or better yet, you ARE the payroll department at your company.

It’s a typical Friday morning… you’re at your desk, planning your day, ready to tackle the odds and ends of the week so you can head into the weekend with a fresh slate.

{ping!}

Oh. An email from the CEO. That may or may not happen very often, but it definitely catches your attention. The email simply says:

Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.

Who knows what she wants with that information, or how she’ll use it, but she wouldn’t ask for it if she didn’t have a good reason. Right?

Right???

hacker1Well, maybe not. That exact email was an example given by the IRS when they recently released a report describing the newest scheme that is being used by cybercriminals to gain access to employee data. The IRS reports that criminals will “spoof” the email address of an executive level employee at a company and will then use that email address to send a request to Payroll or HR for specific, sensitive employee data, including W-2s and social security numbers.

If you receive a communication of this nature, we believe it is worth your time to double check with that person to ensure the request, in fact, came from them.

At StratEx, we take security very seriously. We have many safeguards in place to keep our clients’ employees’ data secure:

  • Customizable Security Roles: So that the users who access employee data will be able to access only what they should, where they should.
  • Security Tokens at Login: Two-factor authentication is required for any security roles that have access to sensitive employee data. This provides an extra layer of security, and an audit trail showing when the user logged in, and whether or not they were successful.
  • Security Audit Trails: When accessing employees’ most sensitive data, like social security numbers, there is another audit trail, showing who accessed it and when.

These security features allow our clients to determine the level of access for each person in their company, and give them the tools to understand who has accessed sensitive data.

We believe keeping sensitive employee data in the database and out of email Inboxes is a best practice for the highest-level of security. So think twice when you get that ping! and a request for a bunch of sensitive data. No matter WHO is asking for it.

Ready to pay overtime to Exempt Employees? FLSA changes coming soon…

For many employers, upcoming changes to the FLSA rules governing who is exempt vs. non-exempt from overtime (OT) will result in increased payroll costs — either via higher salaries or higher OT. Plan now. Don’t get caught scrambling at the last minute to understand the coming changes and implement a plan — or worse — get caught up in a wage & hour lawsuit because you didn’t properly prepare.

What exactly is changing?

The Department of Labor proposed amendments to increase the salary threshold for the FLSA’s White Collar Exemptions. These proposed amendments include:

  • A new Salary requirement for exempt employees: $970/week ($50,440 annually)
    • Currently the requirement is $455/week ($23,660 annually)
    • This new salary represents the 40th percentile of earnings for all full-time salaried workers throughout the United States
  • A new Salary requirement for “highly-compensated” employees: $125,148 annually (which is tied to the 90th salary percentile)
    • Currently the requirement is $100,000 annually
  • Automatic annual updates to the salary requirement amounts which will be in line with the applicable 40% or 90% thresholds

We recommend reviewing this DOL Fact Sheet on the proposed rule for a thorough overview.

When is this happening?

The comment period has officially been closed. The Final Rule could be published in or before July 2016 and the details of the rule will take effect at least 60 days later.

What do you, as an employer, need to do?

  • Determine which (if any) of your employees may be affected by the new salary requirements (if you are a StratEx client, you can use the Report Creator to run a custom report)
  • Review the average number of hours worked by these employees
  • Analyze the cost of either increasing salaries or paying overtime to comply with the new salary basis rule
  • Reach out to your StratEx HR Account Manager to discuss how the proposed changes might affect your company
  • Update position’s Job Description if it is changing its’ exempt vs. non-exempt status

By following these steps (soon!), your company can be fully prepared to act when these changes to the FLSA law go into effect.