5 years ago
·
by
Joyce Insurance ·
Comments Off on Protecting Your Business From Social Engineering
Fraud and social engineering claims filed by policyholders have dramatically increased since the start of the COVID-19 pandemic. *Reported losses ranged from $25,000 to $1.3 million per event, with threat actors exploiting COVID-19 and changes in organizations’ operating procedures.
Please be aware that email is not a secure medium, and one should never rely upon financial instructions sent via email without additional verification. We highlight below some of the criminal tools, tactics, procedures (TTPs) we see in use, and our recommendations for keeping your organization safe:
- Invoice manipulation: criminal actors are sending phishing emails with malicious links and files to trick individuals into providing credentials to their business email accounts. Once an email account is compromised criminals search for and doctor any discovered invoices with fraudulent wire instructions. They then use the compromised account (or a look-alike domain) to send the manipulated invoices to third parties claiming that, due to COVID-19, check payments are no longer being accepted and that all payments should be made to the new (fraudulent) account. Depending on whether an organization is on the giving or receiving end, it can suffer a 1st party loss of any funds transferred or liability to 3rd parties who are socially engineered into wiring funds as a result of an organization’s security failure.
- Look-alike Domains: related to the above, criminal actors commonly register domain names that appear similar to an organization’s or its partners’ domain names. For example, instead of receiving an email from your vendor’s real address (e.g., finance@coalitioninc.com), the hacker sends it from finance@coalitionninc.com. Did you spot the difference? Very often, these emails contain intimate knowledge of company procedures by virtue of their access to a compromised email account. While it can be easier to spot typos in an organization’s own domain, it can be very difficult to do so for vendors and partners, and all can be potential vectors of compromise.
- Domain Spoofing: criminals are preying on organizations that have failed to set up SPF email security, allowing them to send emails from an organizations’ actual domain (i.e. email spoofing). While many mail clients are set up to detect this, many are not, allowing an attacker to impersonate anyone in an organization without ever compromising an account.
In order to avoid these common attacks, we recommend that you:
- Never rely on wiring instructions sent via email or in attachments. Whenever receiving a new instruction or a request to change an existing one, be sure to use a dual-control method to confirm the instruction (e.g., if you received it via email, make a phone call to a known good phone number to verify).
- Always verify with your bank that the name of the organization you are transferring funds to matches the name associated with the account number provided to you (if it’s fraudulent, it often won’t).
- Always use 2-factor authentication. That way, if someone in your organization is ever tricked into disclosing their credentials, the hacker will be missing the 2nd factor to gain account access.
- Configure SPF and DMARC records to avoid email address spoofing — there is no cost to do so.
- Consider using an anti-phishing solution, or configuring your email client to notify you when you are receiving an email from outside of your organization.
Just about any organization that uses technology to do business faces cyber risk. And as technology becomes more complex and sophisticated, so do the threats we face — which is why every business and organization needs to be prepared with both an effective cybersecurity plan, and a cyber liability insurance policy to manage and mitigate cyber risk. Take Your Free Cyber Liability Risk Assessment here.
Request A Complimentary Cyber Liability Risk Consultation
Source: Coalition
Read more
5 years ago
·
by
Joyce Insurance ·
Comments Off on COVID-19: Phased-In Process for Restarting Construction Projects
In conjunction with the State of Pennsylvania COVID-19 Phased-In Process for Restarting Construction Projects and the Health and Safety Standards of the OSHA Act including the OSHA General Duty Clause Section 5 (a) Construction Companies/Contractors should follow these measures to protect its Employees, General Contractors, Sub-contractors, Associated Job-site Companies, and Personnel, Inspectors, Vendors, Qualified Interested Persons and the General Public.
Good hygiene and infection control practices must be implemented
Face Covering: In light of new data about how COVID-19 spreads, along with evidence of widespread COVID-19 illness in communities across the country, CDC recommends that people wear a cloth face covering to cover their nose and mouth in work and community settings. This is to protect people around you if you are infected but do not have symptoms.
- Mandated frequent and thorough hand washing, including by providing workers, customers, and worksite visitors with a place to wash their hands. If soap and running water are not immediately available, provide alcohol-based hand rubs containing at least 60% alcohol
- Mandating workers to stay home if they are sick
- Mandated respiratory etiquette, including covering coughs and sneezes. Avoid touching your face
- Maintain a spacing of at least six (6) feet where feasible and possible with the job at hand
- Mandating workers not use other workers’ phones, desks, offices, or other work tools and equipment, when possible
- Mandating regular housekeeping practices, including routine cleaning and disinfecting of surfaces, equipment, and other elements of the work environment.
- When choosing cleaning chemicals, consult information on Environmental Protection Agency (EPA)-approved disinfectant labels with claims against emerging viral pathogens. Products with EPA-approved emerging viral pathogens claims are expected to be effective against COVID-19 based on data for harder to kill viruses. Follow the manufacturer’s instructions for use of all cleaning and disinfection products e.g., concentration, application method and contact time, PPE.
Procedures for Prompt Identification and Isolation of a Person or Persons who have Signs and/or Symptoms of COVID-19 must be implemented
- Prompt identification and isolation of potentially infectious individuals is a critical step in protecting workers, customers, visitors, and others at a worksite
- Employees are strongly advised to self-monitor for signs and symptoms of COVID-19 if they suspect possible exposure or symptoms regarding themselves or others
- Move potentially infectious people to a location away from workers, customers, and other visitors immediately
- Although most worksites do not have specific isolation rooms, designated areas with closable doors may serve as isolation rooms until potentially sick people can be removed from the worksite
- Take steps to limit the spread of the respiratory secretions of a person who may have COVID-19. Provide a face mask, if feasible and available, and ask the person to wear it, if tolerated.
- Note: A face mask (also called a surgical mask, procedure mask, or other similar terms) used for a sick person should not be confused with PPE for a worker; the mask acts to contain potentially infectious respiratory secretions at the source (i.e., the person’s nose and mouth)
- Isolation of persons suspected of having COVID-19 virus to prevent further transmission at worksites using either permanent (e.g., wall/different room) or temporary barrier (e.g., plastic sheeting)
- Restrict the number of personnel entering isolation areas until and beyond the time that qualified medical personnel has controlled and administered the situation. Proper and immediate disinfection must be completed following the incident by competent personnel utilizing proper PPE and disinfectant
Administrative Controls
- Sick workers must stay at home and contact your Primary Care Physician or other Medical Provider
- Minimize contact among workers, general contractors, sub-contractors, inspectors, vendors, and other qualified interested persons by replacing face-to-face meetings with virtual communications and implementing telework if feasible
- We are discontinuing nonessential travel to locations with ongoing COVID-19 outbreaks. Regularly check CDC travel warning levels at www.cdc.gov/coronavirus/2019-ncov/travelers
Safe Work Practices
- Safe work practices are types of administrative controls that include procedures for safe and proper work used to reduce the duration, frequency, or intensity of exposure to a hazard. We will implement safe work practices for COVID-19 to include:
- Providing resources and a work environment that promotes personal hygiene. For example, provide tissues, no-touch trash cans, hand soap, alcohol-based hand rubs containing at least 60 percent alcohol, disinfectants, and disposable towels for workers to clean their work surfaces.
- Requiring regular hand washing or using alcohol-based hand rubs. Workers should always wash hands when they are visibly soiled and after removing any PPE.
- Post handwashing signs in restrooms and in other conspicuous places
Construction Project COVID-19
Safety Guidelines of Minimum Requirements
- As the Commonwealth responds to the COVID-19 outbreak, the following information represents the minimum requirements for active construction projects
- The Contractors shall each designate a representative on the project to administer each employer’s COVID-19 safety guidelines
- The Contractor is responsible for conveying the guidelines to all material suppliers and subcontractors
Personal Responsibilities
- It is critical that employees NOT report to work while they are experiencing illness symptoms such as fever, cough, or shortness of breath
- Employees should seek medical attention if they have or develop symptoms:
- Fever
- Cough
- Shortness of breath or difficulty breathing
- Chills
- Repeated shaking with chills
- Muscle pain
- Headache
- Sore throat
- New loss of taste or smell
Employees that develop emergency warning signs for COVID-19 should get medical attention immediately
See the following warning signs- (Emergency warning signs include*)
- Trouble breathing
- Persistent pain or pressure in the chest
- New confusion or inability to arouse
- Bluish lips or face
- *This list is not all inclusive. Please consult your medical provider for any other symptoms that are severe or concerning.
- Refer to COVID-19 Hygiene and Cleaning Best Practices for personal hygiene, cleaning (project office and job site), for COVID-19 best practices.
Social Distancing
- Staying Away from Close Contact in public places
- Do not host large group meetings. CDC recommends avoiding gatherings of 10+ people; and when meeting, keep a minimum 6-foot distance between people. Perform meetings online, via conference call, or outdoors (while maintaining a 6-foot distance between people), whenever possible
- Avoid using other workers’ phones, desks, offices, or other work tools and equipment when possible
- Limit the number of people on a job site and allow personnel to work from home when possible
- Avoid physical contact such as hand-shaking and other contact greetings
- Inspection staff only go into the project field office for essential functions. Do as much work from your vehicle as possible.
- Ensure electronic devices are charged every night and have a car charger available for each device.
ALL EMPLOYEES ARE RESPONSIBLE TO IDENTIFY AND REPORT NONCOMPLIANCE TO THEIR RESPECTIVE DESIGNATED REPRESENTATIVE
Jobsite / Office Practices (Specific Requirements)
- *Install “COVID-19 Safety Plan in effect” sign at the project entrance and reasonable locations on the project site.
- Designated representatives should ask the following questions to their designated employees prior to entering the workplace.
- If they answer “yes” to any, they should be asked to leave the workplace immediately. Anyone asked to leave should not return to work until 72-hours after they are free from a fever or signs of a fever without the use of fever-reducing medication.
- Have you, or anyone in your family or anyone you have been in close contact with, been in contact with a person that has tested positive for COVID-19?
- Have you been medically directed to self-quarantine due to possible exposure to COVID-19?
- Are you having trouble breathing or have you had flu-like symptoms within the past 48 hours, including:
- Fever
- Cough
- Shortness of breath
- If a thermometer is available at the workplace, the employee shall take their own temperature and advise the observer of the reading. The thermometer must be cleaned between each use (an oral or an ear thermometer is not recommended). If the reading is 100.4 degrees For higher, the employee will be directed to go home and contact their medical provider for further guidance. In an acute case where the employee requires transportation, isolate the employee, and call 911 for assistance.
- Stakeholders shall remind/update all employees on the job site during all safety meetings/talks on current COVID-19 guidelines and ask if anyone is feeling ill. If “yes”, follow the directions listed under Managing Sick Employees.
- Communicate key CDC recommendations (and post signage where appropriate) to your staff as potential safety talks:
- Place posters that encourage staying home when sick, cough and sneeze etiquette, and hand hygiene at the entrance to your workplace and in other workplace areas where they are likely to be seen
ALL EMPLOYEES ARE RESPONSIBLE TO IDENTIFY AND REPORT NONCOMPLIANCE TO THEIR RESPECTIVE DESIGNATED REPRESENTATIVE
How to protect yourself if you are sick
- Managing Sick Employees (Specific Requirements)
- Isolate sick employees. CDC recommends that employees who appear to have acute respiratory illness symptoms (i.e. cough, shortness of breath) upon arrival to work or become sick during the day should be isolated from other employees and to seek medical attention and / or be sent home immediately. Reference PennDOT document Coronavirus Screening – Symptom Summary contained in the current version of the Entering PennDOT Facilities During COVID-19 Mitigation.
- If an employee is diagnosed with COVID-19 or shows symptoms of COVID-19, the employee should consult the employee’s primary care provider and the employer before returning to work.
- The stakeholder will communicate Human Resources practices for managing sick time related to COVID-19 to their employees.
- For any employees who are higher risk for serious illness from COVID-19 because of age or because of a serious long-term health problem, it is important for them to take actions to reduce the risk of getting sick with the disease as per CDC guidance – https://www.cdc.gov/coronavirus/2019-ncov/specific-groups/high-risk-complications.html
- After notification from an employee that tests positive for COVID-19, the stakeholder will take the following steps and follow current CDC guidelines:
- The project will initiate a safety stand-down for a minimum of 24 hrs. or until compliance with CDC guidelines for return to work.
- Communication of positive test to all employees who were present at the job site and all project stakeholders while maintaining patient confidentiality (HIPAA)
- The supervisor shall investigate additional potential exposure while maintaining patient confidentiality (HIPAA)
- Deep clean of the project as described in the stakeholder’s safety plan
- Should you need additional support services during this self-monitoring and social distancing period, visit the Pennsylvania Department of Health website, www.health.pa.gov or call 1-877-PA-HEALTH (1-877-724-3258).
ALL EMPLOYEES ARE RESPONSIBLE TO IDENTIFY AND REPORT NONCOMPLIANCE TO THEIR RESPECTIVE DESIGNATED REPRESENTATIVE
Personal Protective Equipment – PPE (Specific Requirements)
- Employees shall wear appropriate PPE on the job site as required
- Employees shall not share personal PPE with another employee
- While working in a potential COVID-19 environment, it is important to reduce the risk of potential exposures by keeping all work vehicles, equipment, and tools clean.
- While engineering and administrative controls are considered more effective in minimizing exposure to COVID-19, PPE may also be needed to prevent certain exposures. While correctly using PPE can help prevent some exposures, it should not take the place of other prevention strategies.
- Examples of PPE include:
- Gloves
- Goggles,
- Face shields
- Face masks
- Respiratory protection, when appropriate
- All types of PPE must be:
- Selected based upon the hazard to the worker.
- Properly fitted and periodically refitted, as applicable (e.g., respirators), consistently and properly worn when required
- Regularly inspected, maintained, and replaced, as necessary.
- Properly removed, cleaned, and stored or disposed of, as applicable, to avoid contamination of self, others, or the environment.
- National Institute for Occupational Safety and Health (NIOSH)-approved, N95 filtering facepiece respirators or better must be used on all worksites in conjunction with a comprehensive, written respiratory protection program that includes fit-testing, training, and medical exams. See OSHA’s Respiratory Protection standard, 29 CFR 1910.134 at www.osha.gov/laws-regs/regulations/ standard number/1910/1910.134.
- When disposable N95 filtering facepiece respirators are not available, attempt to obtain other respirators that provide greater protection and improve worker comfort. Other types of acceptable respirators include: a R/P95, N/R/P99, or N/R/P100 filtering facepiece respirator; an air-purifying elastomeric (e.g., half-face or full-face) respirator with appropriate filters or cartridges; powered air purifying respirator (PAPR) with high-efficiency particulate arrestance (HEPA) filter; or supplied air respirator (SAR). See CDC/ NIOSH guidance for optimizing respirator supplies at: www. cdc.gov/coronavirus/2019-ncov/hcp/respirators-strategy.
ALL EMPLOYEES ARE RESPONSIBLE TO IDENTIFY AND REPORT NONCOMPLIANCE TO THEIR RESPECTIVE DESIGNATED REPRESENTATIVE
Material Deliveries & Anyone Entering the Jobsite
- Anyone entering the project site including all outside vendors and truck drivers is to practice social distancing
- Subcontractors are to submit their own COVID-19 Safety Plan or follow the prime contractors’ COVID-19 Safety Plan
- The contractor will collect daily delivery tickets in a sealable container or baggie and quarantine for a minimum of 24 hours before providing to the Department/PA Turnpike Commission representative if applicable.PPCC submission, eTicketing, email, or photographing paper documents/tickets are applicable
ALL EMPLOYEES ARE RESPONSIBLE TO IDENTIFY AND REPORT NONCOMPLIANCE TO THEIR RESPECTIVE DESIGNATED REPRESENTATIVE
Training, Education, and Communication
- The following process should be implemented prior to Restart and continuing to inform and educate all Managers, Estimators & assistants, Supervisors, employees, collective bargaining representatives, inspection personnel, and other qualified persons associated with any specific project
- Initial Meeting: The COVID-19 Health and Safety Policies and Procedures will be distributed and reviewed by Ownership, Project Managers, Estimators, and Supervisors including all components and details of the Plan. All attendees will be asked to prepare questions, comments, and concerns in writing to be reviewed at a follow-up meeting to be held within 72 hours
- Follow-up meeting: This meeting will be conducted as noted: to review, consider and address all comments, questions, and concerns from attendees of Initial Meeting to a degree that is reasonable and possible for the mission at hand. In addition, Action Item Responsibilities will be assigned and Management will designate appropriate groupings for training and education of job site personnel, office, and other support staff. These meetings should take place within 48 hours
- Group Meetings: These meetings will disseminate all information that will be vital to training all component members regarding what they must do to keep themselves, those around them and their family members safe from the COVID-19 Virus
COVID-19: Protecting Workplaces and Employees
Resources for more information:
CDC Guidance
Other Agencies and Partners
Additional Resources
Read more