In This Issue


Toolbox Talks

Cyberthreats

2016 TnPRIMA Scholarship Winners

Harassment in the Workforce

Preventing Death and Injuries


Tennessee Trivia

Q. Beneath the hills of Tennessee lies a hidden treasure — the Lost Sea. This beautiful geological formation is the largest sub-glacial underground lake in the United States. In what Tennessee city is the Lost Sea located?

Click Here for the Answer

Message from the President

Dawn Many of you have heard of the Tennessee Public Risk Management Association (TnPRIMA). 2016 marks the 30th anniversary for this statewide education and networking organization. Public entity personnel — including elected officials, risk managers, safety directors, human resource personnel, public safety officers, city managers and department heads — all have something to gain from and provide to this essential organization.

It is our belief that risk management is everyone’s responsibility, not just that of personnel who have a related job title. In recognition of the importance of active risk management, we have once again awarded scholarships for attendance to this year’s TnPRIMA annual conference, to be held Nov. 2-4, 2016. This year’s recipients come from various departments within local government, including health and safety, administration, procurement, human resources and finance. Please read the article below and join us in congratulating the winners.

Additionally, on the topic of managing risk, the Equal Employment Opportunity Commission (EEOC) completed a study on workplace harassment in June. Results of that study include several recommendations on leadership and accountability (see the related article below).

Over the years, Public Entity Partners has seen an increasing number of EEOC complaints and considers notice of an EEOC complaint to be a reportable claim. Any such notices should be forwarded to our Claims Department as soon as possible. Please review the recommendations from the EEOC. You may also contact your loss control consultant for more information, details on specific training, or to discuss any questions you may have.

Best Regards,
signature
Dawn R. Crawford
President/CEO

 

Toolbox Talks

Toolbox talks are a great way to raise and maintain awareness about safety in the workplace. If you’re looking for resources in this area, the Center for Construction Research and Training offers guidance on 52 different subjects — one for each week of the year — and works to promote safety and responsibility in some of the most dangerous areas facing local governments.

Sample topics include:

  • Arc Welding and Electrical Hazards
  • Buried Utilities
  • Carbon Monoxide Poisoning
  • Cold and Cold Weather
  • Carpal Tunnel Syndrome
  • Falls from Moving Machinery
  • Lockout/Tagout
  • Traffic Safety
  • Trench Safety
  • Workplace Safety

Materials can be found at http://www.cpwr.com/publications/toolbox-talks, where there is a downloadable PDF for each topic.

Return to the top

Cyberthreats in Government Continue to Escalate, Report Says

The results of an annual report centered on the cyber threat landscape show an increase in attacks across the board.

BY EYRAGON EIDAM / APRIL 15, 2016

While it stands to reason that cyberattacks are bound to increase as our dependence on technology accelerates, a new report released by Symantec highlights a startling surge in zero-day, ransomware and phishing attacks – especially in the public sector.

Despite the belief that cyberattacks are mainly focused on larger agencies, like OPM and the IRS, Kevin Haley, director of Product Management for Symantec Security Response, said smaller, often more vulnerable agencies and governments are more frequently targeted.

According to Symantec's Internet Security Threat Report, 67 percent of the attacks on organizations were launched against those with 250 employees or fewer.

Of the more unsettling trends in the greater cyber threats space is the increase in ransomware and zero day attacks. Haley said the “professionalization” of the hacking industry is leading to more exploits being made available to nefarious actors. Zero day vulnerabilities refer to unrecognized holes in software, which can then be sold to and exploited by hackers.

According to Symantec’s count, the number of zero day attacks has increased from roughly 10 attacks since the company began monitoring them in 2006 to nearly 60 in 2015, which is 125 percent higher than the previous year.

“Between 2006 and 2012, we saw between eight and 15 [attacks annually]. Then we hit 2013 and it explodes up to 23, 24 the next year and now we’ve hit 54. We’ve just reached a new plateau in terms of these vulnerabilities,” he said. “That’s because of the professionalization of hunting for these zero day vulnerabilities and the fact that people are paying good money for them, so people are out looking for them.”

Ransomware attacks, like the one launched against Hollywood Presbyterian Medical Center in February, are also seeing a startling increase within the last year. Haley said crypto ransomware attacks, where attackers encrypt an organization’s systems to extort money, grew by 35 percent.

“We saw about 1,000 attacks per day in 2015, and we’ve actually seen peaks of 4,000 per day in 2016,” he told Government Technology. “There’s a real significance to these threats. They’re not an annoyance anymore, they’re a real hazard to all of us.”

The prevalence of malware has also seen a surge in development. In 2015, Haley said there were as many as 430 million new pieces of malware discovered – more than a million pieces launched a day.

While there are instances of nation state actors involved in these types of attacks, Haley said attackers vary from organizations to individuals. Unsurprisingly, the number of attacks correlates closely with countries that have Internet-capable computers.

“It’s coming from everywhere,” he said, adding that although legislation and policy always lag behind the technology industry and its capabilities, he sees positive steps being taken to strengthen security. Within organizations, he points to a lack of adherence to best practices as one of the key factors behind security vulnerabilities.

“From what I see, the biggest problem is that many companies have not taken this seriously enough. They’re not being serious about security," Haley said. "We see that in many cases, best practices are not followed."

Procedures can be as simple as not allowing executable file attachments through email systems. These files, once opened, infect computers and the systems they are connected to.

“There are many places that aren’t doing something as basic as not allowing executables to come in through their mail systems," he said. "It’s just a standard best practice."

Additionally, Haley said that organizations and individuals, if targeted once, were likely the victim of three other attacks that were not caught initially as of 2015.

“The joke used to be that there are two kinds of people: those who had been attacked and those who didn’t know they had been attacked,” he said. “Most people have been attacked four times if they have been attacked at all."

Return to the top

2016 TnPRIMA Scholarship Winners Announced

Congratulations to this year’s recipients of Public Entity Partners’s TnPRIMA Scholarship:

  • Louise Horton, health and safety officer, City of Bartlett
  • Mary Williams, director of administration, City of Bristol
  • Lisa Piefer, procurement director, City of Germantown
  • Chris Taylor, assistant HR manager, City of Hendersonville
  • Jennifer Rigsby, HR administrator, City of McMinnville
  • Stacy Harbin, finance director, City of Rutledge

The 30th annual TnPRIMA conference will be held Nov. 2-4, 2016, in Franklin, Tennessee.

Return to the top

Equal Employment Opportunity Commission Recommendations on Harassment
in the Workforce

Posted on: September 26, 2016 9:00 am
- Zywave

The Equal Employment Opportunity Commission (EEOC) is an independent federal agency created by Congress in 1964 to eradicate discrimination in employment. The various statutes enforced by the Commission prohibit employment discrimination on the basis of race, color, sex, national origin, religion, retaliation, age, and disability or protected veteran status.

The EEOC has authority to investigate charges of discrimination filed against employers who have a statutory number of employees. The EEOC’s role in an investigation is to fairly and accurately evaluate allegations in light of all the evidence obtained, and attempt to settle the charge if discrimination has occurred.

Recommendations Regarding Workplace Leadership and Accountability

  1. Employers should foster an organizational culture in which harassment is not tolerated, and in which respect and civility are promoted. Employers should communicate and model a consistent commitment to that goal.

  2. Employers should assess their workplaces for the risk factors associated with harassment and explore ideas for minimizing those risks.

  3. Employers should conduct climate surveys to assess the extent to which harassment is a problem in their organization.

  4. Employers should devote sufficient resources to harassment prevention efforts, both to ensure that such efforts are effective, and to reinforce the credibility of leadership’s commitment to creating a workplace free of harassment.

  5. Employers should ensure that where harassment has been found to have occurred, discipline is prompt and proportionate to the severity of the infraction. In addition, employers should ensure that where harassment has been found to have occurred, discipline is consistent, and does not give (or create the appearance of) undue favor to any particular employee.

  6. Employers should hold mid-level managers and front-line supervisors accountable for preventing and/or responding to workplace harassment, including through the use of metrics and performance reviews.

  7. If employers have a diversity and inclusion strategy and budget, harassment prevention should be an integral part of that strategy.

Recommendations Regarding Harassment Prevention Policies and Procedures

  1. Employers should adopt and maintain a comprehensive anti-harassment policy (which prohibits harassment based on any protected characteristic, and which includes social media considerations) and should establish procedures consistent with the principles discussed in this report.

  2. Employers should ensure that the anti-harassment policy, and in particular details about how to complain of harassment and how to report observed harassment, are communicated frequently to employees, in a variety of forms and methods.

  3. Employers should offer reporting procedures that are multi-faceted, offering a range of methods, multiple points-of-contact, and geographic and organizational diversity where possible, for an employee to report harassment.

  4. Employers should be alert for any possibility of retaliation against an employee who reports harassment and should take steps to ensure that such retaliation does not occur.

  5. Employers should periodically “test” their reporting system to determine how well the system is working.

  6. Employers should devote sufficient resources so that workplace investigations are prompt, objective, and thorough. Investigations should be kept as confidential as possible, recognizing that complete confidentiality or anonymity will not always be attainable.

  7. Employers should ensure that where harassment is found to have occurred, discipline is prompt and proportionate to the behavior(s) at issue and the severity of the infraction. Employers should ensure that discipline is consistent, and does not give (or create the appearance of) undue favor to any particular employee.

  8. In unionized workplaces, the labor union should ensure that its own policy and reporting system meet the principles outlined in this section.

  9. Groups of employers should consider coming together to offer researchers access to their workplaces to research the effectiveness of their policies, reporting systems, investigative procedures, and corrective actions put into place by those employers, in a manner that would allow research data to be aggregated in a manner that would not identify individual employers.

Return to the top

Preventing Death and Injuries of Firefighters Operating
Modified Excess/Surplus Vehicles

Vehicles that have been modified for use in combating fires pose an industry-specific series of hazards. Review these relevant case studies from NIOSH and learn how you can safeguard employees from harm and protect your entity from related liabilities.

Click here to read more

Return to the top

Tennessee Trivia

Q. Beneath the hills of Tennessee lies a hidden treasure — the Lost Sea. This beautiful geological formation is the largest sub-glacial underground lake in the United States. In what Tennessee city is the Lost Sea located?

A. Sweetwater