Protecting The Workplace

By Howard F. Fisher, Esq.

What is keeping you up at night as you consider returning to the office?

Employers and employees are navigating a rapidly changing landscape of workplace safety concerns from policies touching on vaccine or mask requirements; potential of political or civil unrest; employee and guest vaccination status; remote or hybrid work, scenarios; and a full return to an in-person workplace environment that will look and feel very different than it was prior to the pandemic.

Further adding to the concerns is the unfortunate situation where employees may have experienced economic difficulties, increased domestic tension or other impacts that will increase the risk or opportunity for workplace violence to occur.

Employers Have a Duty To Provide a Safe Workplace

Employers must maintain “a place of employment which is free from recognized hazards that are causing or are likely to cause death or serious physical harm …”, according to OSHA/MOSHA requirements.

Failing to prevent workplace violence is expensive. The human cost of workplace violent acts is immeasurable. The financial impact can cripple a business. Medical bills covering physical and psychological support for victims and witnesses, liability expenses, negligence lawsuits and physical site damage can be extensive.

As employees return to work, there has never been a better time to review physical security as well as workplace violence prevention policies.

Understanding the gaps in your organization’s physical and technical security is a critical first step in prevention-focused security risk management. Workplace violence prevention programs cannot and should not only protect employees as they face these situations, but also prevent a perpetrator from committing violent acts in their own or their victim’s workplace and includes but is not limited to physical violence, threats or threatening behavior communicated through verbal, written, electronic or physical means.

Physical And Technical Security Assessment

Employers should consider an independent assessment of security gaps for their facilities. Assessments may include one or several facility types to allow for a holistic assessment of overall gaps. Facility types may include multi-tenant Class-A office buildings, corporate headquarters or integrated complexes, mixed-use properties, retail and shopping centers, event halls, embassies, data centers and critical infrastructure sites.

The strategic scope of the assessment should cover factors such as risk, threat and vulnerability profile; geography and local environment; criticality of operations; sensitivity of information used, stored or generated; size of facility and number of personnel; regulatory mandates; and internal risk criteria.

The tactical scope of the assessment should focus on factors such as perimeter alarm systems; access control systems; closed-circuit television coverage; intrusion detection systems; fire and life safety systems; emergency plans; mail and package delivery; and backup power availability and adequacy.

Work-Place Violence Prevention Policy Assessment

As an employer, you have a legal duty to take reasonable steps to respond and intervene when the reported actions of an individual or group threaten your workplace. The goal of a workplace violence prevention program is to enhance employee safety and identify opportunities for early intervention to assist employees who may be in crisis.

When some people think of workplace violence prevention programs, they imagine acts of violence and punitive zero tolerance policies. But a properly developed and effectively implemented program prioritizes prevention and creates an environment of trust, respect and courtesy, so when issues arise anywhere (including in the home) employees feel comfortable bringing them forward.

Employers should examine existing policies in critical areas such as onboarding, employment screening, privacy, compliance and issue resolution and escalation. assess their current programs with the goal of creating a security roadmap that:

• Gains a baseline understanding of the strengths and weaknesses in current policy.
• Advances the company’s ability to prevent, mitigate and respond to incidents.
• Incorporates threat assessment into your plan.
• Factors in best practices in emergency preparedness planning.
• Views the company’s security risk management program holistically.

Assessments will identify gaps and opportunities for improvements and provide guidance on execution. The analysis should include key functions and departments such as Security, HR, Operations, Legal, Employee Assistance Program (EAP) and line management.

Closing the Gaps In Workplace Security Has Long-Term Benefits

Employers today are tackling a spectrum of issues ranging from post-incident internal investigations and messaging to employee populations deeply concerned about their own safety, to formal workplace violence prevention program development and – very importantly – the broader framework and integrity of each company’s respective physical and technical security protocols and practices. For your files, here are some resources:

Additional Resource Links

Jensen Hughes Service Offerings
+ Workplace Violence Prevention
+ Security Assessments
+ Active Assailant Awareness and Response Training

Jensen Hughes Publications
+ Workplace Violence Prevention in the Automotive Industry
+ Creating a HR Services Workplace Violence Prevention Program
+ Improving Security while Workplaces are Empty

External Resources
+ US. Department of Labor: OSHA Workplace Violence page
+ Federal Bureau of Investigation: Active Shooter Resources page

Taking an all-in approach to workplace violence prevention is vital to protecting people, property, performance, and reputation. Aligning security and safety with strategic business issues such as production and profitability brings broad business benefits that include increased workplace security, higher employee morale, greater cross-functional collaboration and information sharing, and uninterrupted business operations.

Permission is needed from Lighthouse Consulting Services, LLC to reproduce any portion provided in this article. © 2021 Jensen Hughes and Lighthouse Consulting Services.

Howard F. Fisher, Esq. a senior vice president with Jensen Hughes, advises on security risk consulting. He works with senior executives and their legal counsel who want to better manage security risk and emergency management. Jensen Hughes, a leading safety, security, and resiliency professional services firm, is a joint venture partner with Lighthouse Consulting Services LLC. Howard has held executive positions at several large professional services firms and corporations where he was entrusted with rapidly increasing responsibility for the strategic, operational, and financial performance of multiple teams.

Don’t read the horrible headlines about other businesses and think it will never happen to you. Hopefully you may never need their services, but isn’t an ounce of prevention worth looking into?

To learn more, click here: https://www.jensenhughes.com/services/security-risk-consulting

If you are open to a conversation about how to better manage security risk and emergency management, please contact howard.fisher@jensenhughes.com or 312.560.0336.

We strongly recommend you sign up with Howard to receive a 24-hour hotline number to call in an emergency. If a security or violence problem hit your business, who would you turn to? Sadly, workplace violence is becoming more commonplace. Obviously, this is not something you want to do at the last minute. When something happens that is not the time to scramble for help. Having the 24-hour hotline number to call can give you a measure of peace of mind.

If you would like additional information on this topic or others, please contact your Human Resources department or Lighthouse Consulting Services LLC, Santa Monica, CA, (310) 453-6556, dana@lighthouseconsulting.com & our website: www.lighthouseconsulting.com.

Lighthouse Consulting Services, LLC provides a variety of services, including in-depth work style and personality assessments for new hires and staff development. Lighthouse Consulting Services, LLC can test in 19 different languages, provide domestic and international interpersonal coaching and offer a variety of workshops on team building, interpersonal communication, and stress management.

To order the books, Cracking the Personality Code, Cracking the Business Code, and Cracking the High-Performance Team Code, please go to: www.lighthouseconsulting.com.

 

Protecting Your Business from Social Networking Attacks

By Stan Stahl, Ph.D. & Kimberly Pease, CISSP

[dropcaps type=”circle” color=”” background=””]S[/dropcaps]ally, the accounting manager of Acme Enterprises, a medium-sized business, regularly checked her Facebook account while at work. One day she received an email. The email said that a long-lost friend, Bob, had added her as a friend in Facebook. There was a link in the email for Sally to follow to trojanconfirm the friend request. Sally clicked the link. Over the next week, cyber-thieves withdrew nearly $1,000,000 from her employers’ bank account.

Welcome to the newest nastiest twist in cybercrime.

You see, the email wasn’t from Bob and the link didn’t go back to Facebook. Bob’s on Facebook just like Sally is. That’s how the cyber-thieves found them and discovered that they might know each other. That’s also where they learned that Sally worked in the accounting department.

After that it was a simple matter to set the trap by sending Sally a friend request from Bob. “How great,” thought Sally, “an email from Bob. Let me just follow this link and we can be friends again.”

Link followed. Trojan horse installed. $1,000,000 stolen.

According to Breach Security, the number of web security incidents was up 30 percent in the first half of 2009. And social networking sites like Facebook, MySpace and Twitter were the target of 19% of all attacks, more than any other category. That’s a big change from last year’s report when government networks were the most often attacked and social networks weren’t even on the list.

Making matters worse, many of these attacks succeed by taking advantage of missing patches and using obscure technology like “0-day exploits” that get past traditional antivirus and antispyware defenses.

As if that’s not bad enough, businesses shouldn’t expect their banks to cover losses. Regulation E of the Federal Deposit Insurance Corporation (FDIC) stipulates consumers are protected by cyber crime involving their banks. The FDIC regulation does not cover businesses, however.

Here are five things you can do to inoculate your business against social network attacks:

  1. Prohibit use of social network sites from the office. These sites can be blocked at the corporate firewall. This can become particularly challenging if employees work remotely as it may not be feasible to block access to social networks from home computers. Making matters worse, Trojan horses are like communicable diseases and Sally’s work-at-home computer can be infected from her son’s. That’s why the next four recommendations are so important.
  2. In addition to antivirus / antispyware defenses, add advanced defenses like intrusion detection and prevention designed to block internet-based attacks like the link in Sally’s email and 0-day exploits.
  3. Your IT staff can block known internet-based attacks by comparing links against a database of known bad links like http://stopbadware.org/home/reportsearch.castle
  4. Keep your systems patched. This means not just Windows patching but all your applications, those you know about — like Office and Adobe Reader — and those you might not even know about — like Flash and Java. This also includes your Macintosh computers as they are every-bit as vulnerability-prone as Windows PCs.
  5. Finally, don’t expect to rely on technology alone. Users are often the weakest link so it’s very important to train them to detect the subtle signs of an attack so they can keep from becoming victims. They also need to be given guidance on what information is safe to put on a social networking site. Sally put a big bulls-eye on her back when she wrote that she works in Acme’s accounting department.

There is no one thing you can do to keep from being victimized from a social network attack. Even doing all five of these isn’t a guarantee, just like a flu shot doesn’t guarantee you won’t get the flu. But if you are diligent you can significantly affect the odds and this should be your objective.

Permission is needed from Lighthouse Consulting Services, LLC to reproduce any portion provided in this article. © 2014

Dr. Stan Stahl is the cofounder and President of Citadel Information Group. Stan and his business partner, Kimberly Pease, co-founded Citadel in 2002 to provide information security management services to business and the not-for-profit community. An information security pioneer, Dr. Stahl has secured teleconferencing at the White House, databases inside Cheyenne Mountain and the communications network controlling our nuclear weapons arsenal. Stan serves as President of the Los Angeles Chapter of the Information Systems Security Association. A frequent speaker and writer on securely managing critical information assets, Stan earned his Ph.D. in Mathematics from the University of Michigan. He can be reached at 323-428-0441 or stan@citadel-information.com or visit his website, http://citadel-information.com/. He publishes an information security blog at http://CitadelOnSecurity.blogspot.com.

If you would like additional information on this topic or others, please contact your Human Resources department or Lighthouse Consulting Services LLC, 3130 Wilshire Blvd., Suite 550, Santa Monica, CA 90403, (310) 453-6556, dana@lighthouseconsulting.com & our website: www.lighthouseconsulting.com.

Lighthouse Consulting Services, LLC provides a variety of services, including in-depth work style assessments for new hires & staff development, team building, interpersonal & communication training, career guidance & transition, conflict management, 360s, workshops, and executive & employee coaching. Other areas of expertise: Executive on boarding for success, leadership training for the 21st century, exploring global options for expanding your business, sales and customer service training and operational productivity improvement.
To order the books, “Cracking the Personality Code” and “Cracking the Business Code” please go to www.lighthouseconsulting.com.