Increasingly, employers find themselves facing a variety of crises in the workplace and are called upon to respond in real time. Crises in the workplace can take many forms, but commonly include the following:
- Workplace Violence
- Financial Crime
- Public Relations or Social Media Crisis
- Data Breaches
No longer merely a vague risk, the possibility that an employer may face one or more of these issues increases each year. For example, according to the Bureau of Labor Statistics, there were 392 workplace homicides and 37,060 nonfatal injuries in the workplace resulting from an intentional injury by another person in 2020, the last year for which statistics were available. Additionally, in 2022, data breaches numbered over 422 million, which is up from 294 million in 2021.
So, What Can Employers do to Prevent, be Prepared, and Effectively Respond When Facing a Crisis in the Workplace?
Certainly the best defense is a good offense, and there are several proactive measures that employers can put in place to assist with all types of crises. One such measure is appointing a critical response team responsible for planning and policy making related to crisis response. An effective critical response team should include both internal (information technology, human resources and legal) and external stakeholders (outside counsel, law enforcement, investigators). Once an employer has effective policies in place, periodic training for employees on the employer’s policies is also critical.
Below is a discussion of preemptive measures employers may consider utilizing to decrease the likelihood of the most common types of workplace crises, as well as best practices for response if a crisis occurs.
Workplace Violence
Employers are advised to implement a workplace violence prevention policy. In addition to prohibiting acts of violence at work, an effective policy should set procedures for employees to report threats. Equally as important is ensuring that employees are familiar with and trained on the employer’s violence prevention policy.
Effective workplace violence prevention training should include discussions with employees regarding reporting threatening activity that falls short of violence. Employees are often hesitant to report less serious threats by co-workers, but often these incidents provide critical information necessary to prevent workplace violence. Effective policies and training can account for and attempt to bridge employee hesitancy to report. In addition, employers may wish to practice workplace violence drills periodically as employees who practice workplace violence drills are better prepared to respond if a violent situation occurs.
Employers should also periodically conduct physical inspections of the workplace, including outdoor areas and parking lots, and employ security protocols to evaluate potential threats to workplace safety. Inspections should consider factors that may make employees vulnerable to violence, such as exchanging money with customers, late night work shifts, or physically isolated work places.
Additionally, employer should consider using a threat assessment model in conducting employee discipline and terminations. If available, employers may also want to consider EAP (employee assistance program) referrals for employees who engage in threatening conduct that may not reach the level of a terminable offense.
Employee Financial Crime
To combat employee financial crime, employers may want to start with improvements to their pre-employment job screening procedures. Employers may also wish to consider implementing an anti-theft policy and creation of an employee tip line. Employers should review internal processes to set checks and balances regarding access to employer funds. Where permissible, employers may want to consider the use of video surveillance in the workplace.
When suspected employee embezzlement or theft is uncovered, employers may want to consider suspending employees suspected of embezzlement or theft while an investigation is pending in order to prevent the employee from destroying evidence or engaging in further theft. Employers should consider notifying law enforcement and, indeed, this may be an insurance requirement. Although tempting to do so, when terminating an employee for embezzlement or theft, employers should not make any deductions from their final paycheck without discussing with counsel as there are Fair Labor Standard Act (FLSA) and state law implications.
Public Relations or Social Media Crisis
A public relations or social media crisis may occur as a result of a business practice or negative customer review or due to the social media activities of an employee. Employers should have in place media and social media policies that set forth the circumstances under which employees may make public comment on behalf of the employer and the circumstances under which an employee’s social media activity may subject them to discipline by their employer. Due to recent National Labor Relations Board (NLRB) scrutiny of employer social media policies, employers are advised to have these policies reviewed by counsel both prior to implementation and before taking any disciplinary action against an employee for their social media activity.
Should a crisis occur, an employer will want to have a crisis response team in place immediately to ensure the right people are speaking on the employer’s behalf. As public relations crises vary, so will the appropriate response, and it is important to have a team in place to devise a response strategy.
Data Breaches
The greatest risk of data breach is human error. According to a 2022 report, 82 percent of breaches involve some human element. Thus, employers should implement policies and provide employee training to mitigate the risk of data breach. Organizations should also consider implementing periodic stress tests to determine where the organization may be vulnerable to attack. Employers may also wish to enact a mock data breach and require employees who fall for the mock breach to receive additional training. As a separate matter, employers may want to consider purchasing data breach insurance.
If a breach occurs, the crisis response team should be deployed to stop further damage or loss and assess the damage. Employers will also need to consider whether the type of information obtained in the data breach or the laws of the jurisdiction require any mandated breach notifications to customers or employees.
The Bottom Line:
Crisis management has, unfortunately, become part of managing today’s workforce. Implementing proactive measures, such as those discussed above, may help avert or lessen the impact of a crisis on your workforce. If you have any questions regarding this Alert or would like assistance in developing a crisis management strategy appropriate for your work environment, please contact the author of this Alert, Shannon Kelly, partner in our Orlando office, at skelly@fordharrison.com. Of course, you can also contact the FordHarrison attorney with whom you usually work.