Tag Archives: coronavirus

Immediate Vault Immediate Access

Three Ways to Reduce Insider Threat Risks During COVID-19

Posted on by

Months into the pandemic, organizations have recovered from the initial emergency of trying to ensure that their employees could safely work from home. They now realize that this remote reality will be extended—and they need to determine if they have the right cybersecurity protections in place. Most importantly, they need to stop insider threats, which account for more than 30% of all data breaches.

A long-term commitment to remote work requires a commitment to stopping data loss due to compromised, negligent, or malicious insiders. According to the Ponemon Institute, before the pandemic, the average annual global cost of insider threats rose by 31% in two years to $11.45 million, and the frequency of incidents spiked by 47% in the same period. Security teams are in a constant battle to stop cybercriminals from stealing employee credentials, prevent malicious employee action, and correct accidental user behaviors—all of which can result in unintended data loss. Three ways to reduce insider threat risk are:

1. Conduct a Comprehensive Insider Threat Risk Assessment

Each organization has a unique set of risks from insider threats. Be sure to complete a comprehensive risk assessment to identify your most important data and systems, who can access them, and the security controls you have in place to protect your organization. It is important to remember that data loss potential increases every time new information is created and stored. An organization’s most valuable assets (its people, including employees, contractors and partners) can also become its greatest vulnerability without sufficient data controls in place.

After assessing your environment, focus on identifying key risks and weaknesses to address. Successful elements include building a dedicated insider threat function to protect sensitive data, investing in training, and providing real-time policy reminders for users. Work with your HR team to educate and empower employees in subjects like secure data handling, security awareness, and vigilance. Following these steps will address and mitigate insider threats while establishing consistent, repeatable processes that are fair to all employees.

2. Place People at the Center

From a risk standpoint, organizations must place people at the center of their overall cybersecurity strategy—especially as the workforce becomes more distributed. According to Proofpoint, more than 99% of cyberattacks require human interaction to be successful. Chances of a successful attack only increase when employees are remote. Ultimately, data does not just get up and walk away—it requires someone to perform an action. So a people-centric security approach is necessary to mitigate critical risks across email, the cloud, social media and the web.

First, significantly limit access to non-essential data. Second, limit how long specific users can access the information they need to complete a task. For example, not everyone needs access to customer records. Be sure your security technology can differentiate between malicious acts, accidental behavior, and cybercriminal attacks using compromised employee accounts. This intelligence helps organizations respond according to the incident and provides context around the activities that took place.

Finally, detecting and preventing insider threats is a team sport. It is important to ensure the right stakeholders from each department are involved in your security program. This should include operations, human resources, IT, legal, and of course security.

3. Insider Threat Technology at Work

Organizations need to take a holistic approach to combating insider threats, especially during the pandemic. When assessing insider threat technology, be sure to first consider the performance impact of any solution and its associated scalability, ease of management, deployment, stability and flexibility. Select a solution that provides visibility into user behavior while complementing the tools your organization already uses.

A dedicated insider threat solution reduces threats by helping organizations identify user risk, prevent data loss, and accelerate incident response. This approach also distinguishes malicious acts from simply careless or negligent behavior.

online pharmacy amaryl with best prices today in the USA

A more comprehensive cybersecurity program, while also putting training in place, can address negligent behavior before it becomes a security concern.

In 2020, everything about how and where we work changed.

online pharmacy lexapro with best prices today in the USA

Unfortunately, both external and insider data breaches are accelerating. Organizations are losing more data due to compromised, negligent, or malicious insiders, so it is time to place people at the center of your cybersecurity strategy. Today’s COVID-19 reality weighs heavily on security teams.
online pharmacy biaxin with best prices today in the USA

An effective combination of people, process, and technology can help remediate one of the most critical risk factors facing organizations around the world today.

‘Take-Home COVID-19’ Claims: Preparing for a Second Wave of Coronavirus Litigation

Posted on by

The Spanish Influenza epidemic came in three waves, with the first hitting in March 1918, the second in the fall and the third in the winter of 1919. The U.S. Centers for Disease Control and Prevention considers the second wave to have been the most deadly. In the United States, well over half of the epidemic’s death toll of 675,000 occurred during the second wave. It is no surprise then that public health experts were already warning of the possibility of a second wave of the coronavirus pandemic when the world was just beginning to acknowledge that the first wave was upon it in February.

Personal injury mass litigation also comes in waves. Consider asbestos: In the first wave, individuals who worked directly with asbestos filed workers compensation claims. Workers exposed to asbestos in products filed products liability suits during the second wave. A third wave included “take-home asbestos” claims in which workers’ children and spouses sued for illnesses caused by exposure to asbestos fibers taken home from work. A fourth wave is now underway with the alleged asbestos contamination of consumer talc products.

The first wave of personal injury coronavirus litigation emerged in early March when a married couple sued Princess Cruise Lines for gross negligence for placing “…profits over the safety of its passengers, crew, and the general public in continuing to operate business as usual.” Many similar individual and class action lawsuits have followed. According to an analysis by the Miami Herald, some 3,600 cruise line passengers have contracted COVID-19 and more than 100 have died. 

The situation in nursing homes is far worse. Nursing home residents account for an estimated 40% of U.S. coronavirus deaths thus far. Predictably, wrongful death suits filed by the family members of nursing home residents are surging, even as some states move to shield nursing home operators from liability. Personal injury lawsuits have also been filed against hospitals, meatpackers, restaurants, grocery stores and warehousing operations.

However, as the first wave of the coronavirus pandemic subsides, personal injury litigation may subside along with it. But what if the pandemic has a second wave? Although there is a great deal of uncertainty, public health experts now believe that there is no inherent seasonality to COVID-19 itself, but they remain deeply concerned that a combination of complacency and greater indoor activity could lead to a second wave of infections in the coming months.

What would a second wave of coronavirus personal injury litigation look like? One possibility that modelers at Praedicat are considering is a wave of “take-home COVID-19” litigation arising from occupational infection, coupled with high rates of intra-family transmission. Praedicat modelers estimate that 7-9% of COVID-19 deaths in the first wave have been family members of workers in essential industries who acquired coronavirus at work. With widespread testing and improved contact tracing, take-home transmission could be relatively easy to demonstrate during a second wave. The first take-home COVID-19 lawsuits were filed in August against an electrical supply company and a meatpacking facility, and the precursors to these complaints are present in earlier lawsuits filed against Amazon and McDonald’s.

Many public health officials believe that it is entirely within our power to keep a second wave of the virus from forming while we wait for a vaccine to be developed and deployed. A unified and steadfast public health campaign is critical if we are to avoid a second wave, individual companies working to limit transmission among their workers and customers is as well. First and foremost, this means closely adhering to federal, state, and local guidelines and industry best practices regarding disinfection, screening and testing, social distancing, and the use of masks and other personal protective equipment. Employers might also work to raise awareness of take-home exposure and the risk to vulnerable older family members or those with pre-existing conditions like diabetes that have been shown to elevate the risk of life-threatening complications associated with COVID-19.  Depending on the circumstances, maintaining social distance at home may be just as critical as maintaining social distance at work.

While a second wave of the pandemic may be unlikely, some level of infection, illness, and litigation is sure to be with us until there is a vaccine. The best protection against liability is making the safety of workers and customers paramount. But risk managers need to prepare for the worst and should also be reviewing the availability of coverage for employment related coronavirus claims, including take-home exposure. The employers liability exclusion under a general liability policy, for example, might exclude claims made by the family members of workers.

Planning and Risk Assessment for Returning to Work From COVID-19 Closures

Posted on by

As businesses reopen and begin having their employees return to work, navigating the impacts of COVID-19 will undoubtedly be a challenge. Not only does keeping employees and customers safe take on new meaning, but sorting through rapidly changing guidelines can be overwhelming at best.

Adding to the complexity of returning to work after coronavirus-related closures, the Occupational Safety and Health Administration (OSHA), the Centers for Disease Control and Prevention (CDC) and various jurisdictional health departments are all providing guidance. To best keep employees safe and make sure businesses are heading down the right path of compliance in this new era, employers should focus on planning and structure reopening into four phases: 1. identify organizational responsibilities, 2. assess risk, 3. identify the controls needed to return safely, and 4. implement.

1. Identify Organizational Responsibilities

OSHA’s Infection Disease Preparedness and Response Plan (IDPRP) has presented a helpful approach for a range of organizations across the country. The plan helps emphasize and communicate basic infection prevention measures and establishes policies and practices to reduce the risk of disease transmission in the workplace. It also helps employers develop procedures for prompt identification and isolation of potentially infectious individuals, along with implementing safe work practices and workplace controls, such as engineering and administrative controls.

To start, identify the people within the organization who will lead the return-to-work effort. This team will provide daily updates on plan implementation, review company sick leave policies and procure and distribute Personal Protective Equipment (PPE).

During this phase, review your organization’s policies and procedures to ensure they are not creating obstacles for social distancing or staying at home when sick. Sick leave, quarantine policies and pay continuation should all be modified as necessary.

2. Assess Employee Risk Exposure to COVID-19

With a team in place, it’s time to dig deep into individual roles within the organization to understand the risks associated with various work sites and job tasks. The IDPRP helps organizations identify and quantify risks associated with infectious disease and helps to evaluate an employee’s exposure to COVID-19.

When evaluating the individual roles, identify the position, task and potential exposure based on criteria laid out in four exposure levels:

  • Low risk: Jobs that do not require contact with people known to be or suspected of being infected with COVID 19. Workers in this category have minimal occupational contact with the public and other coworkers. Office workers and telecommuters are examples of low-risk roles.
  • Medium risk: Jobs that require frequent or close contact with people who may be infected, but who are not known to have or suspected of having COVID-19. Higher-volume retail workers, restaurant servers and teachers are examples of medium-risk roles.
  • High risk: Jobs with a high potential for exposure to people known or suspected to be infected with COVID-19. Healthcare support personnel, janitorial personnel in healthcare and medical transport personnel are examples of high-risk roles.
  • Very high risk: Jobs with a very high potential for exposure to people or samples with known or suspected COVID-19 infection during specific medical, postmortem or laboratory procedures. Laboratory workers testing for COVID-19, pulmonary therapists and morticians performing autopsies are examples of very high-risk roles.
    buy clomid online www.soundviewmed.com/wp-content/uploads/2023/10/jpg/clomid.html no prescription pharmacy

3. Identify the Controls Needed to Return Safely

After completing a risk assessment for each role, identify specific PPE and administrative and engineering controls to reduce employee exposures. Clerical work, for example, is considered low risk and controls include social distancing and awareness training. A task such as stocking shelves where an employee has moderate exposure to others is considered a medium risk and nitrile gloves, cotton masks and other PPE are recommended. For tasks with high or very high exposure such as healthcare delivery staff, controls include nitrile gloves, facemasks, N-95 or better respirator, protective gown, booties, and head cover.

4. Put the Plan in Action

There are many organizational actions that can be implemented to further prepare to support and enforce the mitigation controls in place. Engineering controls to consider include installing high-efficiency air filters in HVAC systems, increasing a facilities dilution ventilation rate or installing physical barriers to control exposure. Post signs detailing cleaning and disinfecting procedures and social distancing requirements.

buy tenormin online www.soundviewmed.com/wp-content/uploads/2023/10/jpg/tenormin.html no prescription pharmacy

Activate temperature stations and enforce an elevator policy.

For a successful return to work, it is essential to communicate and train employees regarding protections in the workplace. A communication plan should be identified during the organizational return-to-work planning phase, along with employee, supervisor and manager training. The workforce must be well-versed in recognizing symptoms, and everyone should know how to report possible exposure and what mitigation controls specific roles should be using. Your workers compensation carrier should be able to walk you through this process and help get you back to work. Tools and resources are also available on the OSHA and CDC websites.

Organizations that had clear pandemic response plans in place ahead of COVID-19 have had better access to PPE, quicker response times to daily changes in recommended controls, and more consistent ability to address employee concerns. If an employer does not currently have a response plan in place, however, it is never too late to get started. Preparing to return to work is a perfect time to establish the framework to make sure a business is not only ready to work during COVID-19, but also ready for unforeseen disasters in the future.

Spending Risks Shift as the Pandemic Continues

Posted on by

When Twitter offered permanent work-from-home status to all of its 4,600 employees in response to the COVID-19 pandemic, it did so with a $1,000 stipend per employee to furnish and set up functional home office spaces.

For many organizations, such a sweeping move would carry higher risk as more employees, especially those not trained in company spending policy, would be expensing items. During COVID-19, enterprises of all sizes contend with the changing financial implications of adjusting business practices.

Data scientists at Oversight—a global leader in spending management technology—saw out-of-pocket spending increase 17% from April to May and expected this number to rise further in June as more employees without a corporate card make COVID-related expenses. These findings are published in the company’s Spend Insights Report, which analyzed information derived from customer interviews, market observations and Oversight data.  

Several Oversight clients reported finding big-screen TVs and soundbars on expense reports for work-from-home setups. Any of these could ultimately be for personal use or resold for personal gain. One client found that one of its employees spent $7,000 in corporate funds to set up a new home office space.

The months since COVID-19 forced employers everywhere to pivot their office strategies and open expensing capabilities to a broader subset of the employee base. As a result, the fundamental assumptions about spending and risk management in finance operations no longer apply.

New patterns of risk are emerging from these new transactions. However, finance operations teams that take the time to analyze these patterns can develop best practices.

Five key lessons enterprises should understand about spending risk in the 2020 business environment are:

1. Good and Bad Spending Have Reversed Roles

When the rapid shutdown of normal business operations forced the global workforce to shelter in place, travel discontinued abruptly. Airline and transportation activity plummeted in both March and April, as did hotel spending. But purchasing activity was higher than expected in the high-risk categories of mail/phone orders and miscellaneous stores (including merchants such as Amazon, Best Buy and Apple), while out-of-pocket expenditures in the name of business continuity increased dramatically. The result was a business scenario in which much of the historically “good” spending, like travel expenses, was suddenly deemed wasteful to the organization. In contrast, much of the traditionally categorized “bad spending” was now necessary.

2. The Pattern of Risk is Shifting, As is Mitigation Collaboration

Because the risk looks significantly different than it did before the pandemic, finance operations teams are applying more scrutiny to employee spending, and collaborating more. Operations teams are engaging more than ever with counterparts in forecasting, tax and audit to navigate the nuances of risk during the crisis, creating a new best practice that makes identifying and mitigating spending risk easier.

3. Rising Miscellaneous and Out-of-Pocket Costs Cause Payment Platform Risk

Third-party payments increased 40% year-over-year in April according to the Spend Insights Report, as the pandemic drove a significant increase in online shopping activity. That shift to online—as reflected in rising miscellaneous and out-of-pocket spending—was often processed using third-party payment platforms like PayPal and Stripe. When employees spend using these platforms, organizations are exposed to greater risk due to limited visibility into transaction and vendor data.

4. New People Spending is New Risk

Regardless of COVID-19’s impact on an organization, one good rule is that risk is a function of people. According to Oversight data, 70% of employees are good stewards of corporate funds. An additional 25% may make errors or act out-of-policy in certain circumstances, but these individuals are not intentionally involved in waste or fraud. The remaining 5% of employees could use opportunities like COVID-19 to spend maliciously or otherwise act outside of corporate compliance guidelines. Every organization’s goal should be to engender visibility into the 5% of bad actors, while simultaneously seeking to better inform the remaining 25% about the steps they can take to adhere to policy. 

5. Align your Teams and Tools to Ensure Visibility into Spending

By quickly understanding as an organization what employees are spending on today, and at what frequency, leaders will be better suited to manage and mitigate risk. While the profile may be different than before the pandemic, the same tools that guided visibility into spending and risk are available to help organizations understand and analyze spend in the new business climate.

The situation at most organizations is fluid. The essential take-away is to develop a framework and process for near-real-time awareness of employee spending and the associated risks. By recalibrating your sense of the necessary expenditures now, organizations can ultimately ensure continuous control over risks as they emerge.