Construction Risk Advisor - November 2019

Improving Safety Through New-hire Orientation

According to industry experts, workplace injuries in the construction industry cost businesses over $1 billion per week in 2018. Safety management remains a hugely important factor in the construction industry, but it’s not only for the obvious reasons of protecting your employees. Your safety management performance can also directly affect being awarded contracts as well as negotiating them.

As an employer in the construction industry, preventing potentially fatal accidents is a process that starts long before an employee even reaches a construction site. Your responsibility to protect your workers begins from day one, long before they start what will be their everyday work.

The Importance of Orientation

One of the best methods for protecting your employees from the beginning is to have an effective and extensive orientation process. While onboarding new employees is an important step for all companies, those in highly regulated industries should prioritize it even more.

Newsletter Provided by: Hierl's Property & Casualty Experts

Download the Newsletter

In the construction industry, new hires fall victim to a disproportionate number of injuries. According to industry experts, more than 50% of injuries involve employees with less than 12 months of experience.

While there are universal factors across construction, even if a new hire has prior experience in the industry, it is important to introduce them to your company’s culture, past experiences and specific projects.

Ponder the Process

With new employees being at greater risk for injuries, it’s imperative that companies take the time to ensure that orientation is well-thought-out. Consider these steps as part of your hiring and onboarding plan:

  1. Pre-employment screening—This can include drug and alcohol screening as well as checking training certificates and credentials, motor vehicle records and driver qualifications.
  2. Safety onboarding—Provide an accident-prevention program, a safety procedures manual and hands-on training for specific safety skills.
  3. Mentorships—Pair up new hires with experienced workers so they can be immersed in your company’s safety policies and have consistent reinforcement.
  4. Check-ins—Schedule regular reviews with new hires to make sure that the training was adequate and effective for them.

Value Your Workers

Having successful safety policies and introducing them effectively is very important, not only to ensure the wellness of your workforce, but also to help your company secure contracts. Protect your present and plan for your future by making orientation a priority.


Trucking Risk Advisor - October 2019

Proposed Delay to Drug & Alcohol Clearinghouse Won’t Affect Motor Carriers

The Federal Motor Carrier Safety Administration (FMCSA) is asking for input regarding a possible delay for state licensing agencies (SLAs) and the Commercial Driver’s License Drug and Alcohol Clearinghouse (Clearinghouse).

The proposed rule would delay when SLAs would be required to begin requesting information from the Clearinghouse by 3 years. The current start date, along with other parts of the 2016 Clearinghouse final rule, is Jan. 6, 2020. The proposal would affect only SLAs and would push that date back to Jan. 6, 2023.

Why the Wait?

The proposed delay is intended to address concerns regarding the 2016 Clearinghouse final rule, which did not include details about how SLAs should use information that they obtain from the Clearinghouse.

The FMCSA says that pushing the deadline back to 2023 would provide more time for figuring out SLAs’ access to, and use of, driver-specific information from the database.

If approved, states would not be required to perform checks on drivers who are licensed or seeking to be licensed until Jan. 6, 2023. However, beginning on the original Jan. 6, 2020 date, states would be free to request information from the Clearinghouse at their own discretion.

The FMCSA also has future plans for another notice of proposed rulemaking that would address concerns raised by the American Association of Motor Vehicle Administrators about possible operational issues related to states’ roles in the Clearinghouse.

Unchanged for Others

While the proposal would push requirements back for SLAs, the Jan.6, 2020 compliance deadline would remain in effect for CDL holders, motor carriers and employers.

The 2016 Clearinghouse final rule created a national clearinghouse for drug and alcohol testing. In addition, it sets requirements for license holders in regard to reporting violations of drug and alcohol testing regulations. Motor carriers and employers are also required to perform checks with the Clearinghouse during the hiring process of any prospective employees and must also check the database for existing employees’ statuses at least once per year.

The FMCSA says that the new Clearinghouse rule will help make roads safer, and the agency estimates that it will eliminate approximately 900 crashes per year.

Input and opinions on the proposed delay for SLAs will be considered by the FMCSA before the agency releases a final rule. Comments regarding the proposal must be turned in by Oct. 7, 2019, and can be submitted online.

Newsletter Provided by: Hierl's Property & Casualty Experts

Download the Newsletter

Cyber Risks and Liabilities - Fourth Quarter 2019

3 Risks Associated With Removable Media Devices

Portable hard drives, USB flash drives, memory cards and other types of removable media are vital for the quick storage and transportation of data. For many businesses, removable media can be used as backup storage for critical digital files or even free up additional storage space for work computers.

While removable media is easy to use and has many business applications, it isn’t without its share of risks. The following are some considerations to keep in mind when using removable media at your organization:

  • Data security—Because removeable media devices are typically small and easy to transport, they can easily be lost or stolen. In fact, every time you allow an employee to use a USB flash drive or other small storage device, your organization’s critical or sensitive information could fall into the wrong hands. What’s more, even if you encrypt your removable storage devices, you will not be able to recover lost files once the USB flash drive or other device is lost.
  • Malware—Simply put, when employees use removable media devices, they can unknowingly spread malware between devices. This is because malicious software can easily be installed on USB flash drives and other storage devices. In addition, it just takes one infected device to infiltrate your company’s entire network.
  • Media failure—Despite its low cost and convenience, removable media is inherently risky. This is because many devices have short life spans and can fail without warning. As such, if a device fails and your organization doesn’t have the files backed up, you could lose key files and data.

Thankfully, there are ways to mitigate risks associated with removable media. To use these devices effectively while maintaining data security, consider doing the following:

  • Develop a policy for related to removable media use.
  • Install anti-virus software that scans removable media devices.
  • Ensure all removable media devices are encrypted. Passwords to these devices should never be shared.
  • Instruct employees to never use unapproved removable media in a computer.
  • Have employees keep personal and business data separate.
  • Establish a process for wiping all portable media devices when they are no longer needed.

Cloud Computing 101

There are many benefits to adopting cloud computing at your organization, such as reduced IT costs and increased scalability. However, it’s important to note that there are different cloud service and deployment models, each with their own benefits and risks. There is no single type of cloud computing that will work best for everyone, so it’s important to conduct research to determine the right fit for your organization.

Types of Cloud Computing Service Models

There are three distinct cloud computing service models: Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS).

The SaaS distribution model provides you with an application that is managed by the service provider and accessible through the internet. As such, SaaS applications need not be installed or updated on individual computers.

The PaaS model allows organizations to safely develop, test and deploy applications without needing to manage the underlying infrastructure. This provides flexibility that allows deployments to scale quickly.

The IaaS model provides organizations with a specified amount of cloud storage space to do with whatever they want. This allows the greatest amount of flexibility, as the organization is responsible for accessing, monitoring and managing their data that is stored in the cloud. In this case, the service provider typically only manages hardware, storage and networking, though other services may be provided at additional costs.

Types of Cloud Deployment Models

Just like with service models, there are various different ways that a cloud can be deployed. This includes a public cloud, which is cost-effective and efficient but means that your data may be stored on the same server as others’. A private cloud, however, allows your organization greater control over infrastructure and computational resources by having them located on private networks.

Lastly, a hybrid cloud combines on-site infrastructure with a cloud environment. This allows organizations to utilize different types of service providers based on what is ideal for each business requirement.

Best Practices for Contracting With Managed Service Providers (MSPs)

While working with a managed service provider (MSP) can be efficient and cost-effective, it’s important to carefully consider the organization that you plan on working with and get a holistic view of its operations and security. Because an MSP has direct access to sensitive systems and information, working with one is not to be taken lightly. While doing so puts your IT infrastructure in the hands of experts, it also comes with its own risks. For example, MSPs may be a target for cyber criminals, as compromising one MSP potentially compromises every organization that it works with.

To help keep your organization’s digital information and resources secure, there are a number of best practices and security considerations to keep in mind when contracting with managed service providers:

  • Perform a detailed risk assessment and enforce associated mitigations before working with a managed service provider. Some considerations include:
    • How a cloud service (if used) is implemented and managed
    • Who has access to data and how it is secured
    • The intended purpose of engaging with the managed service provider
    • Potential challenges that may arise during incident detection and response, such as the managed service provider’s availability during off hours

  • Keep operating systems and software up to date.
  • Ensure that an MSP follows organizational security, privacy and legislative requirements.
  • Find out how closely the MSP adheres to an IT security management framework.
  • Use secure computers with multifactor authentication, strong passwords, few access privileges and encrypted network traffic to administer the cloud service.
  • Do not provide the MSP with account credentials or access to systems outside of their responsibility.
  • Use cryptographic controls to protect data in transit to and from the MSP.
  • Consider full data encryption for critical information while at rest and while maintaining control of encryption keys.
  • Employ full hard-drive encryption to ensure data at rest on storage media is not recoverable should the MSP replace or upgrade physical hard drives.

For more risk management strategies related to cyber exposures, contact Hierl Insurance Inc. today.

Portable hard drives, USB flash drives, memory cards and other types of removable media are vital for the quick storage and transportation of data.

Download the Newsletter

A monthly safety newsletter from