Risk Management Bulletin

Thousands of businesses are storing terabytes of confidential business and personal information on laptops, tablets, smartphones, PDAs, removable disk drives, flash memory cards, etc. — leading to a spate of highly publicized security breaches involving the loss or theft of equipment containing customer records, Social Security numbers, drivers license numbers — and more. Your business could be next!

Both federal legislation (such as the ADA, FMLA, and HIPAA) and a variety of state laws require companies to keep customer and client information confidential and to report the disclosure or theft of this data. To protect themselves against liability for these leaks and to manage the risk, more and more businesses are tailoring security policies for their Personal Electronic Devices (PEDs)

Your policy should follow these guidelines:

1. Require encryption of all data on PEDs that carry confidential records.
2. Implement “pass phrases” containing letters, numbers, and symbols — and change them frequently.
3. Secure wireless networks with firewalls and passwords.
4. Create a two-step authentication process when using a PED for remote access.
5. Use cable locks for laptops and place them and other PEDs in locked storage when not in use.
6. Have a “time-out” function for mobile devices that requires user re-authentication after 10 minutes of inactivity.
7. When feasible, require that the PED be marked as company property.
8. Have your IT department record the model number and serial number of all PEDs and store digital photographs of each device.
9. Create an automatic login to access to the PED and its confidential data.
10. Allow copying or extracting access only with two-factor authentication.

Focusing on the health and safety of your older workers can help reduce injury-related losses.

Health care costs, Workers Compensation spending, and worker productivity are factors that employers must consider as the nation’s workforce ages.

This is because older employees’ physical condition, such as deterioration caused by age or chronic disease, can affect how they respond to potential hazards on the job, according to the National Institute for Occupational Safety and Health (NIOSH).

The number of older workers will continue growing rapidly, as the negative effect of the recession on worker savings, employers’ desire to retain skilled workers, and rising health care costs are keeping more older employees on the job. The Bureau of Labor Statistics projects that workers aged 55 and older will make up nearly 25% of the workforce by 2018, up from 18.1% in 2008.

However, many employers aren’t adequately prepared or even aware of the health and safety risks that older workers present, says NIOSH Director Dr. John Howard. He notes that, although older employers are generally less likely to suffer workplace injuries, it takes longer for them to return to productivity when they do get hurt. “Employers who aren’t aware of this probably aren’t trying to manage their workforce the best that they could. In other words, they might not be looking at the health care costs of their workforce or asking what could make the work safer or healthier for older workers. Some employers don’t even know the distribution of ages of the people who work for them.”

The situation is critical today because the recession has left even fewer baby boomers financially capable of retiring, says ASSE president Terrie S. Norris. “At the same time,” she points out, “employers generally haven’t helped employees prepare for retirement adequately, while Boomers (born between 1946 and 1964) are healthier and living longer than previous generations,” This longer lifespan means that more people will have to work longer.

Increasing medical costs might also force older workers to delay retirement, especially those with chronic medical conditions that can add to workplace health and safety concerns. A series of surveys by AARP over 13 years found that Boomers plan to work into their retirement years because of financial necessity, the need for health care coverage, and other factors, such as personal enrichment. The latest AARP survey, in 2008, revealed that 70% of respondents planned to work into retirement — and this was before the recession hit.

That’s why it makes sense to provide older workers with tools and work processes that reduce the probability of injuries. Our risk management professionals would be happy to offer their advice — just give us a call.

Life has its ups and downs. However, the downs can be especially painful. Here are some ways to avoid those dangers — and reduce the risk to your business:

• Have ladders inspected before every use and, if defective, taken out of service. The inspection should look for cracks, wood splinters, or moving parts that bind or are disconnected or misaligned, together with worn ropes on extension ladders. Your workers don’t want to find out about them eight feet in the air. Have steps or rungs checked for looseness and cleaned of slippery spots. Make sure that workers wear shoes with nonslip surfaces.
• Make sure that stepladders are stored upright, with simple and extension ladders stored flat, so they don’t warp with age. It’s also okay to store ladders horizontally on wall hooks.
• Transporting ladders takes special care. The old silent movie sight gag about carrying a ladder so that the back end swings around and whacks people holds true. Always have workers maintain clear vision of the entire length of the ladder and beyond — and, if the ladders are carried on a vehicle, double-check the mountings.
• Before workers put the ladder in place, have them scan the location; be sure that both feet are on firm ground; and avoid power lines, or leaning the ladder on any unstable surface.
• Train workers to observe the “1 to 4” rule: Placing the ladder horizontally one-quarter of its vertical length, so a 12-foot ladder should be 3 feet from the wall. If they’re using an extension ladder, keep 3 feet of overlap between sections. It’s also wise to tie the ladder’s top and bottom to fixed points so that it won’t move.
• When it’s time to climb, make sure that workers who carry equipment up always wear a tool belt and maintain three-point contact with the ladder (both hands and one foot, or both feet and one hand). Never allow workers to go above three rungs from the top, and require them to come down and move the ladder if the work is beyond their reach.
• Finally, make sure that your workers learn the bear climb: With the right foot and hand moving simultaneously, followed by the left hand and foot. This might feel funny at first — but it can help save lives and avoid serious injury.

$100,000,000,000 a year.

That’s how much the federal government estimates that drug and alcohol abuse costs American businesses. If you think your organization is immune, bear in mind that nearly three in four of adult abusers are employed — some of them perhaps by you. You might know these people by their absentee records: They’re likely to be gone at 2.5 times the rate of the average employee — or perhaps by their Workers Comp claims: Three to five times those of non-abusers.

If nothing else, you’ll know them by how much they cost your health plan: 300% higher than non-abusers (not to mention the far greater human costs to co-workers, families — and the abusers themselves).

Despite the highly publicized war on drugs, there’s no overall federal drug-free workplace law for the private sector. Although a few states require drug-free workplaces, others take the voluntary approach. For example, some 13 states reduce Workers Comp premiums for businesses with a drug-free workplace program.

If you create such a program, observe these guidelines:

• Create a policy. Be sure to ban illegal drugs and abuse of alcohol expressly; to state specifically which drugs and related acts are banned; to explain the steps you will take to back these edicts; and to detail the consequences for their violation.
• Develop a testing program. Decide whom to test, when to test (e.g. pre-employment, random, regular, reasonable suspicion, incident-related), who will do the test (preferably a certified independent lab, with at least two tests showing positive), and what will happen after a positive finding.
• Decide what to do with abusers. Although some organizations simply discipline or terminate them, others see abusers as valued employees with a problem, who are well worth saving. For this reason, many companies create Employee Assistance Programs (EAPs) to deal with drug and alcohol issues off site. Establishing an EAP shows respect for your employees and offers an alternative to dismissal.
• Define the role of your supervisors. As the management level closest to employees, supervisors will probably be the first to notice the signs of abuse. They need tutoring on what to look for, and how to document and deal with it. Most important is what supervisors should not do — attempt to diagnose what are essentially medical issues, or to counsel abusers. Their role is to report behavior and support what abuse experts decide are appropriate responses to individual situations.
• Communicate to employees the details of your program, the effects of abuse, and the importance of understanding the problem and reacting in a supportive way.

If you have mobile employees, make sure that they’re using their cell phones behind the wheel in a safe manner. Provide a safety policy that clearly defines and limits cell phone usage while driving and provides penalties for violations. Seek the input of mobile employees and managers to help ensure that your policy is enforceable, fair, and realistic. We’d recommend taking these steps.

• Provide safety training for drivers. Ensure that all drivers of company vehicles have a valid driver’s license. Require any employee using a company vehicle to complete a driver safety and defensive driving course before getting the keys to a vehicle. These courses often include graphic demonstrations related to driver distraction from using cell phones. This can be a real eye-opener for drivers who might have never seen the devastation caused by vehicle crashes.
• Post warnings in all company vehicles. The notice should clearly prohibit the use of cell phones while driving. If the call is an emergency, the driver should let a passenger make the call or pull over before using the cell phone.
• Provide a hands-free device option. Although allowing mobile employees to use hands-free devices behind the wheel won’t prevent phone conversations from distracting drivers, it can reduce distraction.
• Use answering services or call forwarding options. It might be hard for mobile workers and those trying to contact them to adjust to an answering service or call forwarding option, especially if workers have been allowed to make calls or answer their phone while driving previously. However, the convenience of answering or making a phone call immediately while behind the wheel just isn’t worth the risk and liability. After the mobile workers reach their destination, they can check their messages and make appropriate return phone calls.
• Turn off the cell phone. Require mobile employees to shut off their cell phones while driving the company vehicle. The employee can turn on their cell phone to make needed calls or check their answering or call waiting service once they’ve arrived. This policy should also require passengers to turn off their cell phones.
• Let employees take responsibility. Most employees won’t adhere to a policy that’s all talk and no action. Make employees responsible for any fines or additional vehicle operation costs from traffic violations related to illegal cell phone usage. The policy might also provide penalties for workers who accumulate a certain amount of traffic violations.
• Ban cell phones from company vehicles. Before making a total cell phone ban part of the policy, realize that this might leave employees unable to contact emergency services in the event of an accident or emergency. Consider a complete ban only after careful thought and as a last resort — for example if employees keep violating the cell phone policy or have repeated cell phone traffic infractions.

Eight out of 10 people experience back problems at some time during their lives – and back injuries affect millions of American workers every year, costing businesses billions.

Overexertion is a leading cause of lost-time injuries, putting a significant number of workers in most industrial workplaces and construction sites at risk. When a load being lifted, shifted, carried, pushed, or pulled exceeds the body’s limits, the result can be torn or stretched muscles, tendons, and ligaments.

Overtaxing muscles frequently or for extended periods can cause them to become fatigued and prone to injury. Activities that increase muscle fatigue while performing a task include: exertion, repetition, and awkward body posture.

The back – especially the lower back – is the area of the body most often damaged by overexertion. Once workers injure their backs, they’re more likely to suffer re-injury, which leads to more pain and suffering for the worker and more lost work time for the business (it’s estimated that on average workers lose as many as seven workdays per year because of back injuries).

Preventing back injuries is far easier than repairing them. Stressing these five fundamentals can help your employees protect themselves and reduce back injuries:

1. Good Posture
Whether a job involves a lot of sitting or hours of standing, maintaining a good neutral posture (the natural “S” shape of the spine) throughout the workday puts less strain on the back and decreases the risk of injury. This means sitting straight, with back resting against the back of the chair, placing feet flat on the floor or on a footrest, and adjusting the chair so that the knees are slightly higher than hips.

To avoid back strain while standing, employees should stand with their feet shoulder width apart and weight balanced and arms, shoulders, and hips aligned. Some people find that putting one foot on a footrest and then alternating feet helps them maintain good posture while standing.

2. Safe Lifting
Improper lifting is probably the most common cause of workplace back injuries. Teach your worker safe body mechanics for lifting. Have them face the load with feet shoulder width apart, keep their heels down and toes pointed slightly out, squat by bending at the hips, use leg and stomach muscles to power the lift, and maintain the back’s natural curves while lifting by keeping the head up.

3. Micro breaks.
Encourage workers to take frequent micro breaks of 10 to 20 seconds to arch their backs and stretch tired, tense muscles. Whether the person is exerting, sitting, or standing for long periods, micro breaks increase blood flow and decrease the risk of back injury.

4. Healthy weight.
Excess weight, especially on the belly, puts lots of extra stress on back muscles. Just by losing a few pounds, overweight workers can reduce their risk of back injuries substantially.

5. Exercise.
Encourage employees to exercise and keep fit. Exercise improves overall wellness, and is particularly important for reducing back injuries. Strong, well-toned back and stomach muscles allow the back to work hard without injury.

Ball caps, jackets, logoed merchandise, pizza, points, gift cards, and discounts – the list of incentives for workplace safety goes on. Whatever the reward, the idea is that employers give workers something in exchange for desired behavior or action. However, some critics point out that employees might hide injuries in order to get the reward.

For example, Aubrey Daniels International senior vice president for safety, Janet Agnew sees no role for incentives as businesses usually use them. “The problem with any kind of incentive that has a monetary value (beyond maybe a pizza) is that it can motivate some people to do things, including lying and cheating, that they wouldn’t otherwise do to get the incentive,” says Agnew. She’s also concerned that workers can behave unsafely, and if they don’t get caught, still earn a reward. The thinking goes that as long as there’s no accident, the employee deserves the incentive.

What’s more, adds Agnew, while employees like getting “stuff,” they don’t believe incentives influence their daily safety behavior. She defines an incentive as a reward that’s tied to something that might happen in the future if one doesn’t engage in a particular behavior.

Agnew prefers the concept of reinforcement to incentives. Although, the most typical form of reinforcement is a positive comment, it also makes sense to reinforce an action by making it easier for employees to do. “Often in safety,” says Agnew, “we make it difficult to do the right thing, like requiring people to sit down and file complicated paperwork to report a hazard.” Implementing a hassle-free system, such as a hot line for oral reporting, reinforces the desired action by making it easier.

Companies can engineer reinforcement into the work process, or encourage it by the way they plan work. “If you’ve have money to spend on safety, I would analyze your organizational and management systems and ask what you can do to make it easier and more reinforcing to do the right things,” Agnew suggests.

Although business use of social media marketing will rise significantly this year, most small and midsize businesses aren’t prepared for the significant risks and exposures involved.

More than half (53%) of senior financial executives surveyed last September by Grant Thornton L.L.P. and Financial Executives Research Foundation Inc.(FERF) said they expect social media to become more prevalent in corporate marketing strategies during the next 12 months; and nearly seven in 10 (68%) described social media as a critical or important component of their marketing.

At the same time, the survey found that risk management and compliance efforts lag far behind implementation of social media as a corporate tool. More than three quarters (76%) of executives surveyed admitted their company doesn’t have a formal policy on employee use of social media; while 61% haven’t developed an incident management plan to address fraud, privacy breaches, and other potentially devastating liability exposures.

According to the survey authors, “Aside from publishing-related risks such as defamation, libel, and copyright infringement, and anti-competitive behaviors such as false advertising and disparagement of a competitor’s product, companies using social media as a marketing tool can find themselves exposed to fraud, theft of sensitive data, and other cyber security risks.”

Yet, 22% of executives surveyed don’t believe corporate use of social media carries risky – and only 27% said their company reviews its social media content regularly. Among companies surveyed, only (21%) said train employees to recognize and report fraudulent activity. Companies that have a formal fraud/privacy breach management plan, split oversight of those responsibilities among general counsel (24%), corporate security (19%), human resources (14%) and IT departments (14%).

“Social media cuts across many areas of a company (such as HR, marketing, communications and legal, among others),” said FERF Senior Research Associate Thomas Thompson Jr. “This means that any social media policy should use a multidisciplinary approach.”

Our risk management professionals would be glad to help you review your company’s exposure to risk management liability – just give us a call.

Every year, more than 4 million workplace accidents result in injuries and illness. Quick and effective response at the scene of an accident can keep a bad situation from getting worse – and might even save a life!

In the event of a medical emergency, first-aid responders should follow these steps as soon as possible:

1. Make sure the scene is safe. Warn employees not to rush into the scene of an accident before checking to make sure that it’s safe for rescuers to enter. Otherwise, you could end up with more victims.
2. Call for help. An employee on the scene should call 911 while a trained emergency first responder tends to the victim. The employee on the phone should explain the type of injury, the exact location of the victim, and the caller’s phone number. The caller should stay on the phone in case the 911 operator has further questions. Because there’s no time to waste in an emergency and often no way to know how serious the emergency is, it’s important for employees to remain calm and act quickly and purposefully.
3. Bring help to the victim. To prevent further injury, don’t move victims unless they’re in imminent danger.
4. Check to see if the victim is breathing and has a heartbeat. If not, someone trained in CPR should try to keep the victim alive until EMS arrives.
5. Do no further harm. Employees who provide first aid should be careful not to cause additional injuries in their attempt to help a victim. If they’re not sure what to do, they should do nothing except call for emergency medical assistance and keep the victim comfortable until help arrives. Doing the wrong thing could be worse for the victim than doing nothing. Employees should never try to do more than they know they can handle in a medical emergency!

Workers who aren’t trained in first aid or feel uncomfortable dealing with injuries can help by making the 911 call and staying on the line with the dispatcher; notifying a supervisor, the safety manager, and others; getting first-aid supplies; and/or meeting the EMS at the entrance to your facility and bringing them to the scene of the accident.

Keep workers who aren’t involved in emergency response clear of the area; and once the victim or victims are removed, cordon off the area to preserve evidence for the accident investigation.

If you face an unforeseen emergency at work, such as a fire or explosion, don’t waste precious moments trying to figure out what to do and who to listen to. Your emergency plan should have a chain of command that gives one person overall responsibility for managing the incident, and supervising other employees responsible for carrying out specific tasks.

At the top of the chain is the emergency scene commander, a trained employee who will issue orders to others during the emergency. This person might be a facility manager, emergency director, or some other supervisor. The commander’s responsibilities will include:

• Assessing the incident to determine if it requires an emergency response
• Supervising emergency scene coordinators (volunteer employees trained in various emergency tasks)
• Coordinating professional responders, such as ambulance, police, and fire departments
• Directing shutdown of critical workplace equipment and/or operations
• Determining the need for an evacuation and managing an evacuation
• Supervising the activities of emergency scene coordinators

Each of these coordinators should be responsible for a specific number of employees in a particular work area. They should know how to respond to worksite emergencies, direct evacuation procedures, and use emergency communication equipment. Make sure to train the coordinators in CPR, first aid, and responses to threats of violence. Their responsibilities should include:

• Checking rooms and other enclosed spaces for employees who might be trapped or unable to evacuate
• Knowing who might need assistance during an evacuation and how to help them
• Coordinating emergency activities of employees
• Knowing the workplace layout, appropriate escape routes, and areas that employees must not enter during an evacuation
• Verifying that all employees are in designated safe areas after evacuation

Our risk management professionals would be happy to provide a comprehensive review of your emergency plans.