Risk Control Newsletter – January 2021January 25, 2021
In This Issue
- A Forward from our President, Sue Coates
- Driving Personal Vehicle for Municipal Business
- WFH: A New Playground for Cybercriminals
- Did you Know?
As we look ahead to 2021, all of us at Trident Public Risk Solutions stand ready to provide specialized insurance and risk management solutions to those who protect, serve and educate our communities.
Securing Municipal Building as We Endure the Pandemic
The recent events at our nation’s Capitol are a stark reminder of the need to remain vigilant when it comes to building security. Since COVID 19 safety protocols, in many cases, have limited the number of employees and visitors inside a building at one time fewer employees are keeping an eye out for security concerns as well. Unlike many schools with assigned School Resource Officer’s, most municipal buildings do not have assigned security personnel. There are fewer employees to make sure a side entrance door is not propped open, to confront guests who are wandering in areas they should not be, and to properly secure the building at closing. Nevertheless, we are still faced with the potential for violence and security threats at any time and we need to be prepared. Public building security was a challenge pre-COVID 19 and is even more so now.
At the time when the pandemic initiated limited access to public buildings, municipal leaders understandably were overwhelmed with a new set of priorities. Updating building security plans may have taken on less significance, The present is always a good time to evaluate current security measures and what needs to be adjusted. Security of your building should be a priority regardless of whether your town is a small town or a large city. Determine who is responsible for conducting random security checks throughout the day and who will do a security check at the end of the day (ensure windows are locked, no one remaining in the building, doors locked, etc.). Determine if you need to adjust which meeting rooms or offices will be used for meetings with the public. Ensure security cameras/panic buttons/reverse 911 systems are fully functional. Communicate with all employees what to do if they have any kind of security concerns. Review your plan with your Police and Fire departments for their input. Inspect your building regularly to determine if any security concerns need attention. Continue to review, update, and communicate your plan as changes are made. If you use a third-party custodial service be sure to communicate your security expectations to them. Also, consider employees working remotely or in the field. Security plans should include accounting for them and in some cases incorporating them into the overall response of a significant event.
For school buildings, your security procedures may not have varied much with the pandemic, even if your local district has not returned to full-time onsite learning. Most schools have restricted access points, periodic drills with a full time or floating school resource officer on site. However, although your school security plans may not have changed much it may be necessary to review your plan more often this school year than ever before due to ongoing staff changes. For example, some teachers and staff who may have been a part of your emergency response or active intruder plan may have opted for remote learning. Some staff may be out temporarily due to contracting COVID 19 or from contact tracing protocol. Some staff may be out who are responsible for maintaining and managing onsite security equipment. Ensure your plan is updated and communicated with all staffing changes. Additionally, face masks should be required for all staff and children, depending on their age, as part of your COVID 19 safety procedures. Note that face coverings can make it difficult to identify and distinguish staff/students from visitors. Remind your staff to be vigilant in identifying and approaching folks on campus that are unescorted or without a visitor’s badge. Consider conducting random security checks with other police officers to test your vulnerability. Remind staff to display their ID badges at all times and to keep them secure.
These days we have more on our plates than ever but we cannot become complacent when it comes to building security. Empower your employees by encouraging them to report security concerns in any form, whether it be a cracked window or a disgruntled resident who crossed the line during a visit. Address security concerns promptly. In doing so, it will help your employees to feel safer and more confident at work in a time when stress levels for all are high.
The Covid 19 pandemic has caused many of our insureds to reconsider their traditional means of providing service to their customers. Many employees continue to work remotely and use their personal vehicles while conducting municipal business. Although this certainly isn’t a new issue, it has become more prevalent during the pandemic and therefore has brought up more questions surrounding who is responsible should there be an accident as well as who is qualified to do so.
From a risk management perspective, the use of your entity's vehicles is preferred as you know the vehicle’s service history, know what insurance is in place, and have motor vehicle record screening procedures in place. When it comes to your employees using their personal vehicles for business use, the screening and qualification procedures should be the same. Your entity is responsible for managing your vehicle use program which should include minimum age and driving experience limits, motor vehicle record checks, drug testing, vehicle maintenance and inspections, accident investigations, and driver training. Only employees with good driving/safety history, proper training, and experience should be permitted to operate any vehicle on behalf of your entity. Each department should be responsible for setting driver training standards and annual refresher training. They should also be responsible, along with the Police department, for conducting an accident investigation following an accident. All of these procedures should mirror those for your entity vehicles except vehicle maintenance and inspections. Beyond ensuring that the employees’ personal vehicle has passed state inspection and is registered this may be difficult to monitor.
From an insurance perspective, depending on the state, typically the insurance follows the vehicle. In other words, if the employee is in an accident in their personal vehicle, even while performing their duties, the insurance for the employee would be primary. This obviously increases the risk for the employee who may need to come out of pocket for their deductible following an accident. Most carriers also require a business use endorsement for employees who use their personal vehicle for business use, at an added expense. Depending on your minimum state requirements for insurance, you may want to consider requiring a minimum policy limit of $100,000 per person and $300,000 per accident. Your local agent can assist you with state-specific requirements and strategies to ensure no gaps in coverage.
For more guidelines on establishing a Vehicle Use policy, Motor Vehicle Record screening, sample vehicle inspection checklists, and driver training visit our Risk Control resources page here.
With remote work becoming prevalent, there has been an accelerated increase in cybersecurity disturbances. According to FBI Deputy Assistant Director Tonya Ugoretz, who released a report on pandemic-related cybersecurity in April, cyber-criminal complaints have increased by almost 400%.
Experts believe that employees' rush to work from home prompted some employers to disregard standard IT security protocols. In some instances, employees used outdated and unprotected personal equipment to access the company's system. Companies were essentially left exposed, as employees unintentionally supplied cybercriminals numerous unguarded access points into an organization's network. This outcome is no surprise, as, according to the 2019 Avast PC Trends Reports, more than 50% of computer software applications remain out-of-date.
Fortunately, we can help mitigate most cyber threats by completing a few simple, commonly overlooked tasks:
- Update and secure your device's operating system (OS), along with software applications.
OS updates not only provide new features but protects your equipment from the latest cyber threats. Always ensure the devices' OS is up-to-date and those perimeter defenses, such as firewalls and other protective software and security patches, are enabled and current. Application updates on software are just as important. Using popular outdated applications leaves users susceptible to a hacker's exploits.
- Secure your network connection
Most modems/routers use generic default passwords that are easy to bypass. To prevent access to your home network, experts advise doing the following
- Change your Network name/SSID and password
- Hide your network
- Enable the router's built-in firewall
- Turn on network encryption
- Enable MAC address filtering
- Update your router's software regularly
- Secure business data for recovery
Never store business data on a personal computer. If accessing an organization's network via Citrix or another Virtual Desktop Infrastructure (VDI), make sure to save files in that environment. In the event your device is compromised, the information stored in the "cloud" remains secure.
- Stay vigilant
The most common security risk is human error. We can help minimize network infiltration by learning to spot cyber threats, such as phishing or malware attacks. Using an additional anti-virus and malware software detector will also help you identify security threats. It's virtually impossible to remain informed and comprehend the entire cyber threat landscape. However, adhering to these four best practices will help guard against the most significant threats. For policyholders with Trident’s cyber coverage, the eRisk Hub is a valuable cyber risk resource. Check it out Click Here.
For more information, contact Trident's Risk Control team at email@example.com
On Jan. 15, 2021, OSHA's civil penalty amounts for workplace safety and health violations increase based on cost-of-living adjustments for 2021. States that operate their own Occupational Safety and Health Plans are required to adopt maximum penalty levels that are at least as effective as Federal OSHA's. Read the Federal Register notice and visit the OSHA Penalties webpage for more information.