SRA Price Transparency Rules – What you need to know

Pricing spelt out in cubes

The Solicitors Regulatory Authority’ (SRA) Price Transparency Rules are set to come into effect in early December 2018. They provide a major change to how law firms must publicise their prices for certain services which they offer to clients and general consumers. This is part of key changes the SRA are carrying out as part of their Looking to the Future programme.

Who are the Price Transparency Rules intended for?

These are intended for law firms who are required to publish information on the prices and the services which they offer to consumers under Rule 1 of the SRA Transparency Rules. Those firms that are not obligated to provide a transparent pricing list may still find the Price Transparency Rules useful.

What are the aims of the new Price Transparency Rules?

The new Price Transparency Rules aim to ensure that before making certain choices regarding legal representation, consumers will be provided with pricing information, to allow them to make the most informed decisions regarding which legal services provider they choose. The aim is that by providing clear pricing details, consumer misunderstandings later in a transaction will be avoided, as a result of transparent information being provided from the onset.

Continue reading

Six ways GDPR compliance has helped businesses

Pre-GDPR consent email
Many companies sent consent emails as GDPR appraoched in May, with many others doing so in the following weeks

25 May, when the EU wide General Data Protection Regulation (GDPR) came into force, is fresh enough in our minds for us to remember the countless “are you still our friend?” emails from marketers. Many marketing professionals, managers and data protection officers will also remember the panic they faced when preparing for GDPR. As the influx of GDPR emails continued to flood in and cookie notifications started to pop up with increased regularity, skepticism started to mount amongst marketers and managers alike. Have the new regulations helped or hindered business’ sales and marketing efforts?

Your website can be accessed from around the world

US website down due to GDPR compliance
How often have you got this message when trying to access a US-based website from an EU country?

Continue reading

NotPetya: The World’s Worst Cyber Attack

Last year was a bad time for data security, but a great time for digital criminals. In the midst of the thousands of hacks, leaks, exploits and phishing attempts, a group of Russian military hackers unleashed a virulent worm that would cause untold disruption and cost companies around the world billions in lost revenues and repair costs.

While nobody has claimed responsibility for the NotPetya virus, it has been traced back to a group of Russian military hackers who were trying to wreak havoc in the Ukraine – and send a warning to companies that dare to do business with Russia’s enemy.

The virus originated in the Ukraine, after Russian hackers gained access to the servers of Linkos Group, a company that produces a popular accounting program called MeDoc. Having gained access, the hacking group, known as Sandworm, was able to infect the MeDoc update server, which then allowed them access to the thousands of PCs around the world that have MeDoc installed.

NotPetya spread rapidly. It relied on two exploits working in partnership to sidestep defences, infect computers and spread to the next host. Eternal Blue, a tool created by the US National Security Agency, but stolen during a breach earlier in the year, was combined with Mimikatz, a script created by a French researcher to demonstrate that Windows was leaving users’ passwords in memory. Using these two exploits, the virus could leapfrog from machine to machine in a matter of hours.

Maersk goes dark

On 27 June, computer screens at Maersk headquarters began to go black. Some displayed messages asking for a ransom to be paid in bitcoin; others simply stated that the machine was being repaired, and should not be turned off. Whatever the message, the machine was frozen and unusable.

Maersk, a global shipping company, was completely stricken by the virus: so many computers were infected, so rapidly, that the company was unable to take new orders or manage their vast shipping fleet. Even the IT security team was unable to work. Servers, computers, routers and desk phones were all brought down by the virus.

Around the world, 17 of Maersk’s 76 freight terminals were disrupted by the virus. Without computers, nobody could do anything. Freight could not be received, loaded or dispatched. The contents of containers was unknown and new bookings could not be taken. Ports in Los Angeles, Rotterdam and Mumbai were reduced to parking garages. It was a catastrophic failure of shipping IT – and the costs are estimated to be astronomical.

Billions in lost earnings

Ultimately, NotPetya would cause an estimated $10 billion in damage, crippling multinational companies including TNT Express, Mondelez, Reckitt Benckiser, Rosneft and Merck.

At Maersk, recovering from the attack involved a frantic effort to restore core machines and then gradually wipe and restore individual machines. In just 10 days the company managed to rebuild its network of 4,000 servers and 45,000 PCs – though a complete recovery took many months.

While NotPetya was a fiendishly clever virus, it did rely on Maersk (and other victims) having unpatched machines – something that could have been avoided. Maersk has since changed its approach to digital security and is investing widely in security systems and processes. Employees report that requests for spending on digital security are being approved without delay; a contrast to their prior reticence to invest in digital protection.

Why do so many companies have to learn digital security lessons the hard way?

Find out more about Cyber Security eLearning.

What is the Unexplained Wealth Order?

Harrods, Central London
Zamira Hajiyeva spent an average of £4,000 a day in Harrods over 10 years

A woman who spent nearly £16m over a decade in Harrods and once spent £150,000 in a single day became the first target of the recently-introduced Unexplained Wealth Order (UWO). Under this provision of the Criminal Finances Act, which came into force on 31 January 2018, the Azerbaijan international, Zamira Hajiyeva, must give proof of how she and her husband can afford their luxury lifestyle. This includes a £15m home in Central London, an average spend of £4,000 a day at Harrods over ten years and a £10m golf course near Ascot. Should she not have an adequate explanation, she would be the first to be brought to account for unexplained wealth.

Continue reading

The risk manager’s role in countering unconscious bias

Black board with the word RISK in the middle
Making risk management decisions can often be clouded by unconcious bias

Risk managers have a unique and privileged position in terms of being able to recognise and assist in countering unconscious bias, either explicit or implicit. When assessing and discussing risks, we are given direct access to what happens in all areas of the business and have the opportunity to observe behaviours first hand. When we notice biases as part of our role, we can help to implement measures or nudges that encourage a change in behaviour and improve culture.

Here are some practical techniques that can be used to counter the risk of unconscious bias influencing our business decisions.

Pre-meeting or workshop surveys

While conducting surveys is a standard technique for risk assessments, it is helpful in reducing bias from several perspectives. It helps to focus the conversation in subsequent meetings and elicits a personal view of the subject at hand, thereby avoiding groupthink.

Continue reading

New York State harassment law now in force

On October 9, 2018, New York State’s sexual harassment law, officially known as the New York Labor Law, came into force following final amendments. Under the new legislation, companies with staff in New York State must have implemented sexual harassment training for all staff. One of the key amendments to the legislation is that the training must now be completed by October 9, 2019, rather than by January 2019.

You can find a host of compliance tools, such as guides, policy templates and more by searching our sexual harassment prevention resource page.

What does the new sexual harassment law cover?

Non-employees in a workplace covered

New York State Human Rights Law was amended in April 2018 to protect non-employees, i.e. 1099ers, contractors, vendors and consultants, from sexual harassment in the workplace. An employer may be found liable if they failed to take immediate action against harassment of a non-employee. This is an important change because prior to April 2019, you had to be a W2 employee to be covered by the state sexual harassment law which was similar to the federal Civil Rights Act of 1964.

Continue reading

Sexual harassment policy for New York State Employees – free template

Zero tolerance written on a chalk board

On October 1, 2019, final amendments were made to the New York State law, in force from October 9. All companies with employees in New York State should be reevaluating their current sexual harassment policies and ensure they are up-to-date.

VinciWorks has created a sexual harassment policy template that complies with New York City and State laws. The template can easily be edited to suit your organization and include the details of relevant contact people. You can download the policy template by completing the form below.

Fill out my online form.

Continue reading

Why do you Need to Promote Wellness at Work?

“FTSE 100 companies that prioritise employee engagement and wellbeing outperform the rest of the FTSE 100 by 10 per cent.”

That statistic comes from the BITC Workwell FTSE 100 Public Reporting Benchmarking Research Findings – and was included in a report from the mental health charity Mind.

In the same report they include a finding from a survey of 2,060 people in the UK and Wales: “60% of employees say they’d feel more motivated and more likely to recommend their organisation as a good place to work if their employer took action to support mental wellbeing.”

Promoting wellbeing, and creating workplaces that facilitate good mental and physical health, is an affordable way to prevent absences, reduce sickness and improve staff retention rates – as well as your employer brand.

How can your company promote wellbeing at work?

Get senior leaders on board

Support for employee wellbeing programmes must come from the top. Managers and employees should all feel encouraged and supported to pursue wellbeing – in all its guises. Spending time on wellbeing activities is not lost or wasted time; and this message must come from all senior leaders.

Start from the beginning

Employees need to understand the importance of wellbeing from the start of their employment. Employees should be directed to sources of support and encouraged to have honest conversations with their manager so that help can be provided when required. Induction materials should mention wellbeing programmes and reinforce its importance.

Wellbeing programmes

A wellbeing programme and campaign are important to establish the importance of wellbeing, and to raise awareness of the issues and the support available.

Assess the workplace and the work

Your wellbeing programme will be wasted if the work is damaging. Employees need a sustainable workload, healthy working practices and an environment that doesn’t diminish health. For example, you might need to give employees opportunities to take breaks or to experience fresh air and daylight, or you might want to make offices feel less corporate by including plants, healthy snacks and comfortable seating.

Train managers to support wellbeing

Your line managers play a major role in supporting employee wellbeing, and they should be trained to understand the components of wellbeing, and how work can either support, or detract, from employee wellbeing.

Flexible working options

Can your employees manage their lives as effectively as they manage their work? Flexible working can help people organise their lives in a way that makes sense for them, taking into account their other interests, concerns and responsibilities – which in turn can significantly reduce stress and help people focus on their work.

Train employees to address wellbeing

65% of employees don’t take part in any stress-relieving activity (like exercise or spending time on hobbies). This suggests that employees need help to recognise their own role in their wellbeing. While corporate wellbeing programmes are admirable and positive, employees must also take part and take action to reduce stress and make their work manageable and sustainable for the long term.

Risk identification – facing up to awkward risks

Jenga tower to show effect of awkward risks on a business

“We’re about to be splashed across the trade press for protecting sexual predators!” The head of marketing said, storming into your office wrapped in panic. You sit her down, make a strong cup of tea, and try to find out a bit more. 

An imminent media crisis is about to engulf your company. Numerous former employees have come forward with allegations of harassment against a former chairman of your company. The employees even have records of complaints made against the chairman that were brushed under the carpet. It turns out his behaviour was an open secret for years. Not only did the leadership fail to act, they just threw a gala dinner in honour of his retirement after a lifetime at the company.

Continue reading