All Well and Good: Fashioning an Effective Wellness Program

A wellness program assists employees and family members in making voluntary behavior changes that reduce their health risks and enhance their individual productivity. Studies have shown that employees are more likely to perform well when they are in optimal health. The following are benefits of implementing a wellness program:

  • Lower health care costs, due to a healthier workforce and improved disease management
  • Enhanced recruiting by attracting the most talented workers
  • Reduced absenteeism
  • Improved on-the-job time utilization, decision making and productivity
  • Improved employee morale
  • Reduction in turnover

Because wellness programs must comply with state and federal law, legal review should precede a program’s introduction to employees.

The Wellness Council of America identifies these best practices for a successful workplace wellness program:

  1. Create committed and aligned leadership. A commitment from the top is key to the success of any wellness initiative, including commitment of adequate funding.
  2. Foster collaboration in support of wellness. Wellness teams should include a variety of people from all levels of your company.
  3. Collect meaningful data that will drive your health initiatives and wellness strategy. This may involve conducting a survey of employee interest in various health initiatives, health risk assessments, and claims analysis.
  4. Craft an operating plan. An annual operating plan is important for your program’s success and should include a mission statement along with specific, measurable short- and long-term goals and objectives.
  5. Choose appropriate health initiatives that support the whole employee. The health initiatives that you choose should flow naturally from your data, and support your goals and objectives.
  6. Create a supportive environment, policies and practices. A supportive environment provides employees with encouragement, opportunity and rewards.
  7. Conduct evaluations, communicate, celebrate and iterate. This allows you to celebrate goals achieved and to discontinue or change ineffective initiatives.

The Benefits team at The Reschini Group can help you fashion a Wellness Program for your particular situation.  Contact us to learn more.

Copyright 2019 The Reschini Group

The Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

Inside Job: Safeguarding Against Internal Cyber Threats

The Software Engineering Institute (SEI) at Carnegie Mellon University defines insider cyber threats as “the potential for an individual who has or had authorized access to an organization’s assets to use that access, either maliciously or unintentionally, to act in a way that could negatively affect the organization.”

As such, a team from SEI recently issued the sixth edition of its Common Sense Guide to Mitigating Insider Threats, where it lists the following 21 recommendations for businesses to deploy:

  • Know and protect your critical assets.
  • Develop a formalized insider threat program.
  • Clearly document and consistently enforce policies and controls.
  • Beginning with the hiring process, monitor and respond to suspicious or disruptive behavior.
  • Anticipate and manage negative issues in the work environment.
  • Consider threats from insiders and business partners in enterprise-wide risk assessments.
  • Be especially vigilant regarding social media.
  • Structure management and tasks to minimize insider stress and mistakes.
  • Incorporate malicious insider threat awareness into periodic security training for all employees.
  • Implement strict password and account management policies and practices.
  • Institute strict access controls and monitoring policies on privileged users.
  • Deploy solutions for monitoring employee actions and correlating information from multiple data sources.
  • Monitor and control remote access from all end points, including mobile devices.
  • Establish a baseline of normal behavior for both networks and employees.
  • Enforce separation of duties and least privilege.
  • Define explicit security agreements for any cloud services, especially access restrictions and monitoring capabilities.
  • Institutionalize system change controls.
  • Implement secure backup and recovery processes.
  • Close the doors to unauthorized data exfiltration.
  • Develop a comprehensive employee termination procedure.
  • Adopt positive incentives to align the workforce with the organization.

Many of these guidelines appear to be just common sense business practices, but establishing them firmly, communicating them clearly, and enforcing them consistently makes the difference.  Insuring against internal cyber threats carries its own set of parameters and requirements, as well.

The professionals at The Reschini Group can help your organization protect your organization against losses from internal cyber fraud.  Contact us to talk more about this important consideration.


Copyright 2019 The Reschini Group

The Reschini Group provides these updates for information only, and does not provide legal advice. To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.