Canadian HR Reporter

Canadian HR RepoRteR december 15, 2014 8 emPloymeNt lAw/News FIreFIGhter < pg. 5 Have a work-related legal question? Turn to FindLaw.ca FindLaw.ca is a new online resource with accurate, easy-to-use and comprehensive legal information. BE INFORMED ABOUT THE LAW Get up to the minute information and news on the top legal matters that affect your workplace. From workplace harassment and severance to wrongful dismissal and health and safety violations, FindLaw.ca has numerous categories to help people understand a wide range of legal issues. FIND A LAWYER FindLaw.ca also has a comprehensive, easy-to search directory of lawyers to choose from to help you with your legal matters. Canada's resource for legal information - FindLaw.ca Visit us at FindLaw.ca firefighter and he was paid with a cheque every six months with no breakdown of hours. He was unable to answer ques- tions in the investigative meeting because he didn't have specific information, and he never said he had another job because he didn't consider firefighting a job, he claimed. The arbitrator found Buck- ley had been operating under a "loosey-goosey" system for many years with Mainroad, though the company was making attempts to tighten things up. However, the arbitrator found it troubling that the labour/man- agement meeting in 2009 seemed to show Mainroad was aware Buckley was receiving some sort of pay for his firefighting duties and set up a framework for Buck- ley to operate under. ough the union said it would relay the message to Buckley, Mainroad should have commu- nicated it directly to Buckley or at least followed up with him, said the arbitrator. "The employer in this case fired (Buckley) for leaving the workplace to attend fire calls 30 times in two years," said the arbi- trator. "e employer, however, knew this was occurring in 2009; including the number of calls — three to four times a month." The arbitrator found that whether Buckley was paid or not did not fundamentally change the nature of his actions. Most of his calls were less than one hour and he received his cheques from the fire department every six months without a breakdown of which calls were while he was on the job and which weren't. is didn't support Mainroad's charge of fraud and intentional time theft, said the arbitrator. e arbitrator also found Buck- ley's lack of answers in the inves- tigative meeting were related to a lack of sufficient information to respond. Most of his responses related to past practice and indi- cate he didn't deliberately collect wages from Mainroad for work he didn't perform. "While normally the conduct of (Buckley) would be considered very serious, the context of this workplace and the fact the em- ployer knew of this situation in 2009 changes the complexion of the actions at issue from deliber- ate dishonesty and malfeasance," said the arbitrator. "Ultimately, the evidence in my view establishes an employee op- erating under an understanding he thought to be in place over a significant period of time." Mainroad was ordered to re- instate Buckley and compensate him for loss of pay. For more information see: • Mainroad Group and BCGEU, Local 10-01 (Buckley), Re, 2014 CarswellBC 3327 (B.C. Arb.). Jeffrey R. Smith is the editor of Ca- nadian Employment Law Today, a publication that looks at workplace law from a business perspective. He can be reached at Jeffrey.r.smith@ thomsonreuters.com or visit www. employmentlawtoday.com for more information. Responses related to past practice Profit usually key motivator organized criminals who are in it for profit. It's taking little to no effort to take over someone's Twitter account, for example, and extract $2,000 in ransom. at's profit for them and that's some- thing they're going to go after. So the primary motivator is profit." Other motivations often in- clude reputational damage to the brand and capturing sensitive in- formation, said Kruck. "e primary drivers to date for hackers have been to damage a brand's reputation and demon- strate their ability to operate freely in social media," he said. "However, for brands that are in financial services, retail, enter- tainment and B2C markets, the stakes are much higher. For high- er-value targets like these, (the) risks include leakage of sensitive corporate data as well as private customer data, like credit card or account information." And it's not just big or well- known brands hackers are after — small to medium-sized businesses can also be attractive targets, said Nunnikhoven. "What it comes down to is the dynamics of small business mar- keting," he said. "For small and medium busi- nesses, they're on a tighter budget and social media and online me- dia in general tends to provide a much bigger bang for their buck... So (it's) attractive for attackers to go after it because those accounts that they're going after mean more to the people who own them." Also, attacks can happen on a broad scale — it takes very little effort for hackers to attack many different brands at once, said Nunnikhoven. "If somebody's going to rob a store... that takes a lot of effort and it takes a lot of risk. If someone's going to rob a second store, they increase their chance of getting caught, they increase their risk," he said. "In the digital world, that's not true. So once an attacker's devel- oped a way of attacking one ac- count or one site, they can run that against hundreds of thou- sands of others with little to no incremental cost or risk to them." Brand damage When it comes to social media hackers, some of the risks can be expressed as a dollar amount — ransoms, stolen credit card infor- mation. But there are other risks that are not quite as tangible, but just as real. "e first and most prominent risk is damage to a brand's reputa- tion," said Kruck. "When a community cannot trust that their conversations or content are being curated respon- sibly or that they are exposed to harmful content like malware, pornography or hate speech, it creates a negative social climate around the brand." And while hacking can have a very negative impact on a com- pany's overall brand and market- ing, it can also be detrimental to an employer brand and employee communications, said Stacy Park- er, managing director of Blu Ivy Group in Toronto. When an organization becomes the target of a negative social me- dia attack — whether by a hacker, a disgruntled employee or even just Internet "trolls" — multiple issues start to arise, she said. "One is employee engagement. When there starts to be a lot of social media negative press, im- mediately employee engagement drops. eir confidence in their own employer immediately will drop. Once you have a decline in employee engagement, you have a decline in your productivity… And, at the same time, the (social media) attention will impact cus- tomer trust. "It takes a long time to rebuild that trust." at's why it's so important to regularly monitor social media accounts, said Parker, so any is- sues can be caught and addressed immediately. "ere needs to be at least one person that regularly, on a daily basis, even hourly basis, engages with the social media channels that you select," she said. at's especially important be- cause when there is a hacking inci- dent or other attack, the response time from Facebook and Twitter can really vary, said Nunnikhoven. "It's a challenge for them so it depends on a case-by-case basis. All of the major social media sites take these issues seriously, and they tend to address it quickly. e problem is, what can they do about it and what should they do about it?" he said. "In the event of an attacker, and the EatSleepRide (hacking) is a good example, the first thing the attacker did was change all the contact information to their own. So how do you as a service pro- vider differentiate between… the attacker who has an illegitimate claim and the original account owner who has a legitimate one? ere's no way for them to easily say, 'is is legitimate.' Maybe it's a beef between two business own- ers — maybe it's not an attack." Preventative measures One of the simplest ways to de- ter hackers is to set up two-step verification on your accounts, said Nunnikhoven — that way, even if the password is stolen or compro- mised, there is an additional layer of security. Of course, you also want to create strong passwords that are hard to guess, he said — and be cautious of who they are shared with, said Kruck. "One key area where companies have a blind spot is admin access by their digital marketing agen- cies or external consultants who use that access regularly to post or moderate content," he said. "With such a high degree of staff turnover both inside the market- ing team and at external agencies, the risk of access breaches here is really high." Developing a uniform, con- sistent policy on who is allowed to speak for the brand on social media, and implementing social media training for staff is also im- portant, said Kruck. "(And) institute a security and compliance platform that pro- vides visibility and control for security and governance that pulls together all the key stake- holders that touch digital market- ing strategy — HR, legal, IT and executives." Also, consistently monitor the output on your accounts so you can react quickly if something does happen, said Nunnikhoven. It's important to be proactive because even though hacking is not often officially reported, in- stances really are on the rise, he said. "ere's a big disconnect be- tween how many times it's report- ed and how many times it actually happens," he said. "But… we are seeing these types of attacks on the rise. "e economics are in the fa- vour of the attacker. It takes them little effort to attack 100 busi- nesses, and that attack and that takeover of that social media presence could be devastating to a small business if it's driving a large amount of their revenue." hAckING < pg. 1 "with such a high degree of staff turnover both inside the marketing team and at external agencies, the risk of access breaches here is really high."

• Cover