Thursday, October 6, 2016


Workplace safety and
Hackers in your home

FIVE DAYS A WEEK I get Advisen FPN in my email. Advisen focuses on insurance issues. It claims that Every business day, Advisen’s editors sift through more than 60,000 articles from more than 4,000 domestic and international news sources to find up to 15 of the most relevant articles to commercial insurance professionals. Advisen delivers these top news stories directly to your inbox via Front Page News.

While selling insurance policies never was my business, following insurance issues via Advisen FPN helped me stay up-to-date on current threats to my clients’ “business as usual” operations.


Under the heading Workplace Safety – 3 Strategies to Stay Ahead of Conflict readers are provided steps to avoid or mitigate workplace violence. The article begins:

    In light of the recent news of tragic shootings and workplace violence around the country, employers are left wondering how they can protect their operations and employees from such events. Rightfully so – employers also have a duty to protect their employees, clients and customers from harm and can be held liable for failing to do so.

Beginning steps:

    Establish a written policy on workplace safety. Policies must mandate a zero tolerance message and should require employees to report threats and comments that suggest suspicious or concerning behavior.

    Establish a clear reporting component. Employees are the eyes and ears of the organization. Employers should have or implement an “Open Door” policy that encourages employees to report concerns to their supervisors or human resources. This allows employers to identify, investigate and assess employee concerns as soon as possible.

    Use of background checks to assist employers in identifying job applicants with violent histories that indicate risk for dangerous behavior. However, the Equal Employment Opportunity Commission (EEOC) has issued guidance regarding an employer’s use of criminal background checks in hiring. That guidance discourages employers from following a policy of outright refusing to hire ex-offenders.

Employers should expect employees at times may encounter difficult periods in their lives that could serve as triggers for violent and disruptive behavior. For this reason, employers are encouraged to consider formal Employee Assistance Programs (EAP).

Between the hammer and the anvil

All of the above must be implemented with federal and state laws and union restrictions else he organization could find itself having to fend off legal actions. Including an employment law specialist, or inviting EEOC participation in program development is a good investment.


Beware of your refrigerator.

Be suspicious of your thermostats.

Know that your cameras see more than you do.

According to a San Diego (CA) Union-Tribune article,

    Devices in people’s homes and offices that are connected to the Internet — things such as routers and cameras, rice makers and thermostats — could increasingly be taken over by hackers in the coming weeks and used to commit crimes or even paralyze businesses and government institutions.

    Cybersecurity experts have been issuing the warning since last week, when a piece of software involved in a major cyber attack was publicly released for anyone to tap.

The article includes a graphic that details The ‘open windows’ that let hackers into your home”

The Times-Union notes that

    There’s yet another related threat, one that hasn’t been getting much attention. It involves profiling people.

    “Anyone with access to a fully connected home can build a detailed profile about the occupants,” said Alfred Chung, senior product manager at Guidance Software in Pasadena.

    “They can gather data about the time of day when the home is occupied, the number of people inside the home at various times, personal details like age, appearance and gender of those living in the home …. With connected appliances, they can even tell what food occupants store in their fridge.”

Consider what this information might mean to a thief. Consider what it might mean to a kidnapper who wants information about a client’s business.

I’m not a software guru, but I will provide one bit of advice, one I practice: Change passwords frequently, but not always at the same date; be unpredictable. Use the longest, most complicated password the device being protected will accommodate. 3uvWef=-ANmn4%vb!$kQx@U+d&%2 is far better than MyC0ffeep0t.(I use passutils.exe to generate all of my critical passwords. There are other password generators available as well.)

Convenience has its price. The minimum price to pay is the “inconvenience” of frequently resetting passwords on Internet-connected devices.

No comments: