Posts

Preventing Workplace Violence

5 STRATEGIES EVERY EXECUTIVE SHOULD KNOW

As a business leader, you have a duty of care to your employees: You’re legally obligated to provide a safe workplace environment by anticipating potential threats and taking action to prevent violence and harassment. By ensuring workplace stability, you can build a stronger company culture and protect your most important corporate assets — including your employees.

In the 1990s, the Department of Justice found that 12.5 persons out of every 1,000 were victims of violence in the workplace each year. Workplace violence is sadly all too common — which is why its prevention should be a key component to any comprehensive corporate security policy. But whether you’re leading a startup or enterprise organization, instituting meaningful change can prove complicated.

Workplace violence defined

Congress created the Occupational Safety and Health Administration (OSHA) to assure safe and healthful working conditions for working men and women by setting and enforcing standards, and by providing training, outreach, education and assistance.

The OSHA defines violence in the workplace as:

”Any act or threat of physical violence, harassment, intimidation, or other threatening disruptive behavior that occurs at the work site. It ranges from threats and verbal abuse to physical assaults and even homicide. It can affect and involve employees, clients, customers and visitors.”

Types of workplace violence

The Federal Bureau of Investigation (FBI) has identified four types of workplace violence:

  • Type 1: Violent acts by criminals who have no other connection with the workplace but enter to commit robbery or another crime.
  • Type 2: Violence directed at employees by customers, clients, patients, students, inmates, or any others for whom an organization provides services.
  • Type 3: Violence against coworkers, supervisors, or managers by a present or former employee.
  • Type 4: Violence committed in the workplace by someone who doesn’t work there but has a personal relationship with an employee — an abusive spouse or domestic partner.

Workplace stability: Why preventing workplace violence matters

A single incident of workplace violence can lead to significant harm — but these consequences may go unnoticed by you or your corporate officers for lengthy periods of time.

But it’s important to address workplace violence immediately because a lack of trust can erode even the healthiest of working environments, leading to workplace instability and a lack of team cohesion. In the long run, disgruntled employees may even begin to look elsewhere to advance their careers.

In addition, your brand identity, which you’ve carefully crafted quarter after quarter, year after year, can be destroyed in an instant.

Your business could also sustain significant financial losses. An incident of workplace violence could lead to lowered productivity, property damage, and loss of sales in the wake of your business’s damaged reputation. And because you can be held liable for violating your duty of care to your employees, you might even face litigation — leading to high legal expenses. It’s estimated that workplace violence costs businesses over $120 billion per year.

Strategies to prevent workplace violence

Harassment policy: Most larger companies will have harassment policies already in place, but smaller organizations located in states with newly-enacted legislation against workplace violence may need to create policies from scratch. Avoid relying on boilerplate language and always consult your company’s legal counsel when drafting policies. Your policy declarations will form the backbone of your intent to maintain workplace stability.

Incident reports: You’ll gain the strongest insights into the working environment from front line managers who work directly with employees on a day to day basis. Create a channel for your managers to document employee complaints and incidents. The procedure should be clear and repeatable, and if you need to craft new policies, respect your employees’ time. Treat reports seriously, discreetly, and within the vein of accepted HR procedures.

Top-down approach: The best way to effect change is to push change from the top levels of the corporate hierarchy down to the lower levels. Business leaders should play an active role in designing and implementing violence prevention programs. If the officers at the top of the organization cannot lead by example, then the actions of others throughout the company cannot be properly held accountable.

Open communication: You’re more likely to find out about — and, accordingly, be able to act on — unwanted incidents if your company culture encourages honest communication, and your management team is open to constructive criticism. Fortunately for today’s leaders, many businesses have already implemented communication and iterative refinement as part of their product development process. This is where “cross-pollination” can come into play: Take inspiration from existing methods for communicating internally, and more importantly, take stock of how your teams can push improvement.

Build on what works: HR is your best asset when developing workplace prevention policies — but are you empowering them to sit at the table in a meaningful way? That said, don’t saddle the responsibility for developing and implementing entire policies for your workforce on HR alone. Getting management intimately involved as well can help produce more meaningful change to the company culture.

Implement effective strategies to prevent and address workplace violence

The ethical, moral, and legal demands upon business leaders have never been clearer: You and your officers have a duty of care to foster workplace stability and maintain a safe, healthy working environment for your employees.

[ Link to original article ]

/by

Crisis Management During Times of Risk

We are truly living in an uncertain time. Are you as tired of hearing that as I am of saying it? Probably, but sadly it’s true. And because of that, uncertainty is what we are all feeling right now. Whether it’s uncertainty from conflicting information, to what this situation is currently doing to ourselves, our families, our organizations – to just a general fear of the unknown – all of us are affected in one way or another.

RISK MANAGEMENT: A process of evolution

Defining your Risk Management process, the “what works for you”, is a challenge that many family offices, corporations and governments struggle with on a regular basis. External or self-imposed vulnerabilities can expose you to a variety of threats, to include global pandemics like COVID-19. Security and intelligence professionals understand the current threat landscape surrounding everyday operations and quality of life, and work around the clock to keep their clients safe and informed.

Do you have a plan to mitigate risk in your family or organization?

Creating a risk management plan is a complex undertaking that involves intelligence collection, security management, and solution based resources. A security professional’s risk assessment process is based on years of experience typically stemming from one of three areas; law enforcement, military, or intelligence.

To gain an understanding of a risk or “threat matrix” to a person’s lifestyle, supply chain, or business ecosystem, one must first learn what threats are present. These are the proverbial, “known, likely and or suspected threats”. A sound professional then utilizes intelligence tools, security best practices, and global threat monitoring resources to gain a thorough understanding of potential threats.

Threats come in many forms, some are self-induced while others are external man-made looking to steal information or sabotage operations. Natural risks such as storms, earthquakes and global pandemics are unpredictable and contant. Determining a threat matrix is found in the DNA of each client, meaning lifestyle, travel, exposer, activities, current political beliefs, religion, disinformation, cybersecurity, or business practices. Once a risk management team has determined a clients perceived threat matrix, the risk management process progresses to an assessment of vulnerabilities.

Determining a client’s vulnerability is an involved process. It begins with asking the right questions, while performing closely sourced intelligence collection analysis after vulnerabilities have been identified. A well-informed security professional looks to understand what countermeasures are in place, meaning what procedures, policies, and tactics are being used to mitigate the current perceived threats and present vulnerabilities.

Following evaluation, a well trained professional will be able to determine client risk, which is to measure the impact, also known as impact analysis. This is where potential loss, exposure, lasting and short-term effects, and viability of all factors (threats, vulnerabilities, and countermeasures) are discovered. Impact analysis will significantly reduce monetary risk by exposing financial vulnerabilities, thwart business and supply chain interruptions, prevent litigation, and in extreme cases protect from potential bodily harm or loss of life.

How confident are you that you risk management plan will measure up during a crisis?

Creating a plan is only part of the solution: People and organizations tend to stop after an assessment is performed and a plan created. This approach may work in some cases, but you could be unintentionally leaving yourself open. Tabletop exercises (TTX) are key to the success of your risk management program. They are designed to evaluate the strength and viability of your plan and plug any remaining gaps.

Don’t go it alone, security experts bring years of experience and industry best practices to fortify your Risk Management Program.

[Link to article]

/by

Guide to Conducting Practical Assessments to Identify Vulnerabilities

Mitigating your security risk begins from the outside. Conducting practical assessments allows your organization to identify vulnerabilities to your infrastructure, resources, and staff – and buy-in for effective preparedness starts at the top.

Strong support and participation from organizational leaders promote a safe, secure, and productive work environment. Never merely “check the box” to meet a requirement. The risk vs. reward of potential litigation can be motivating enough to invest in improvement, and a proper assessment can act as an insurance policy against loss, financial or otherwise.

Conducting an assessment requires honesty and objectivity. If you find something wrong, it’s easy to say, “oh, that rarely happens” or “we can just ignore it this time” – don’t do it. Things that stick out during an assessment may happen all the time; you just don’t notice them. While we’re all hesitant to put our deficiencies on display, an assessment isn’t a pass/fail event; it’s simply a snapshot of where you are at that moment. A third-party assessment team can provide an objective viewpoint some find unable to give themselves. Going it alone can be a lot like grading your own test.

Assessments should consist of physical inspections of your facility’s perimeter, exterior, interior, safety/security systems, and networks, as well as a review of access control, visitor management, and emergency response protocols. Competent assessors don’t just look at the physical aspects. They conduct interviews with random staff members. Doing so gains valuable insight into day-to-day activities and can identify general safety and security concerns that may otherwise never come to light.

However, it’s not all about security. Just as a propped open door negatively affects access control, malfunctioning or expired life safety equipment (e.g., fire extinguishers, AEDs, eye-wash stations, etc.) is also a vulnerability that you should address.

Time is a factor, and assessments take time. A comprehensive walkthrough can take upwards of 8-hours or more, depending upon the facility – and that doesn’t even take into ac- count the initial analysis and reconnaissance, report development, and corrective action planning. However, it’s worth the opportunity to see your facility as you never have before. We’ve witnessed department heads, building supervisors, school principals, and even maintenance staff – folks who spend more time than most in their facilities – display amazement at what they’ve never noticed in their daily routines. While some may see that as complacency – we don’t – we see it as a common occurrence in places we are most familiar. If you don’t know what you’re looking for, you’re not going to find it.

Assessments cover the entire perimeter, facility exteriors, parking lots, vehicle and pedestrian entrances, hallways, offices, common areas, conference rooms, maintenance areas, roofs, and basements. Assessors need to test lighting, test door hardware and windows, test alarms and P/A systems, test everything they can! Options for improvement are higher if you are willing to be thorough. And it all starts with your methodology.

The methodology that guides the assessment determines the outcome. The North Group’s assessment methodology considers guidance and recommendations from the U.S. Department of Homeland Security (DHS), Federal Emergency Management Agency (FEMA), Federal Bureau of Investigation (FBI), U.S. Department of Education, American Society of Civil Engineers (ASCE), Occupational Safety and Health Administration (OSHA), and all levels of emergency response agencies, as well as lessons learned from our combined experience conducting assessments nationwide. Additionally, our methodology applies concepts of CARVER (Criticality, Accessibility, Recuperability, Vulnerability, Effect Recognizability) + Shock, Crime Prevention Through Environmental Design (CPTED), DHS Best Practices for Anti-Terrorism Security (BPATS), and industry-specific requirements.

This bottom line is that conducting assessments can feel daunting but should never be overlooked. An objective analysis of your security capabilities will not only reveal things you never knew were (or weren’t) there, they provide the opportunity to improve in many ways. As leaders, we should continually strive to positively affect the overall facility environment and project a confident, proactive outlook to our employees.

[Link to article]

/by

Focused on Cybersecurity

We understand that the corporate market has unique needs due to current susceptibilities and advise our clients based on real-time data. 

Managing cyber risks within your business and current operating landscape can be troubling and even more frustrating. Due to the current threats and risks, we are offering free enterprise and private client risk assessment consultations. Every client has a unique “risk DNA”. We evaluate risks based on your business structure, operational footprint, vulnerabilities, current countermeasures, and impacts. We use various intelligence and risk management schools of thought to help clients better understand stakeholder liability and enterprise risk.

Impactful Cybersecurity Statistics

Below are some statistics that can give you a good idea of the overall impact of cyber-attacks

  1. 62% of businesses experienced phishing and social engineering attacks in 2018 (per Cybint Solutions)
  2. The worldwide information security market is forecast to reach $170.4 billion in 2022. (Gartner)
  3. On average, only 5% of companies’ folders are properly protected. (Varonis)
  4. Data breaches exposed 4.1 billion records in the first half of 2019. (RiskBased)
  5. 71% of breaches were financially motivated, and 25% were motivated by espionage. (Verizon)
  6. 52% of breaches featured hacking, 28% involved malware, and 32–33% included phishing or social engineering, respectively. (Verizon)
  7. Between January 1, 2005, and April 18, 2018, there have been 8,854 recorded breaches. (ID Theft Resource Center)
  8. While overall ransomware infections were down 52%, enterprise infections were up by 12% in 2018. (Symantec)
  9. The top malicious email attachment types are .doc and .dot, which make up 37%; the next highest is .exe at 19.5%. (Symantec)
  10. By 2020, the estimated number of passwords used by individuals and machines worldwide will grow to 300 billion. (Cybersecurity Media)

[Link to article]

/by

Risk Management and Your Supply Chain

Investopedia gives this definition for understanding supply chains, “A supply chain encompasses a series of steps involved to get a product or service to the end-user. The steps include moving and transforming raw materials into finished products, transporting those products, and distributing them to said end-user.”

An effective risk management strategy can help identify and prevent possible disruptions.

With the ever-growing threat of foreign intervention, supply & demand concerns, as well as economic uncertainty, supply chains for medical stocks, food, and raw materials are susceptible to disruption – whether through theft, counterfeiting, or even destruction. A current high-risk situation is the delivery of the COVID-19 vaccine.

How will your supply chain handle risk management during these uncertain times?

No matter your opinion regarding its effectiveness or whether or not to receive the vaccine, there are questions about the safety and security of transporting it to its final Point of Distribution (POD) – not to mention securing it after it arrives. Using our COVID example, once the vaccine is developed and produced, the process is to load it onto subzero freezer trucks for transport to receiving areas – where state health agencies take custody of the shipment. The vaccine is then sent to predetermined, county-level staging areas (Nodes) and, from there, assigned to a designated site for distribution to the population. These mass dispensing sites can be anything from a hospital or urgent care center to a local pharmacy or school. These sites are where security becomes the most significant concern.

While federal and state law enforcement agencies closely monitor the transportation piece – where the number of vehicles is relatively limited, how can we manage security when dispensing sites can potentially number in the thousands? It is unrealistic that local law enforcement has the capacity to provide the personnel required.

[Link to article]

/by