U.S. Justice Dept. Offers Guidance for Delayed Reporting Under SEC Cyber Rules
This article is from RISQ Consulting’s Zywave client portal, a resource available to all RISQ Consulting clients. Please contact your Benefits Consultant or Account Executive for more information or for help setting up your own login.
With the Dec. 18 effective date of the U.S. Securities and Exchange Commission’s (SEC) cyber incident reporting rules looming, federal officials have offered guidance on when it may approve delays in the interest of national security.
The SEC cyber rules, adopted this past July, give publicly traded companies four days to disclose the occurrence of a “material” cyber event via regulatory filing. The U.S. Department of Justice and the FBI gave examples of scenarios that may warrant delay.
“The primary inquiry for the Department is whether the public disclosure of a cybersecurity incident threatens public safety or national security, not whether the incident itself poses a substantial risk to public safety and national security,” stated the Justice Department. “While cybersecurity incidents themselves frequently threaten public safety and national security, the disclosure to the public that those incidents have occurred poses threats less often.”
These “limited circumstances” would apply to cases in which a company “reasonably” suspects the event occurred because of a tactic with no known mitigation—for example, an as-yet-unpatched software vulnerability.
Another example given included impacts to events impacting systems containing sensitive government information.
“This category includes systems operated or maintained for the government as well as systems not specifically operated or maintained for the government that contains information the government would view as sensitive, such as that regarding national defense or research and development performed pursuant to government contracts,” said the Department. It also highlighted events involving public companies performing remediation efforts for critical infrastructure or critical systems.
The FBI “strongly” encouraged companies to quickly contact federal officials as soon as they determine an event could threaten national security or public safety.
“This early outreach allows the FBI to familiarize itself with the facts and circumstances of an incident before the company makes a materiality determination,” said the agency. “If the victim of a cyber intrusion engages with the FBI or another U.S. government agency, this engagement doesn’t trigger a determination of materiality. However, it could assist with the FBI’s review if the company determines that a cyber incident is material and seeks a disclosure delay.”
- Published in Blog
Taking the Shortcut
By Alison Nelson, Employee Benefits Account Manager
Sometimes taking shortcuts at work is a good thing- I’m talking about keyboard shortcuts of course! When I first started working at RISQ Consulting (six years ago!), I prided myself on knowing a fair amount of keyboard shortcuts. However, the more I worked with my tech-savvy colleagues, the more I realized that I had a lot to learn. Luckily, we have some great teachers on our team and I’m here to share some of that knowledge! There are endless amounts of shortcuts (many of which will differ depending on the program you are working in) but below are the ones I’ve found to be the most universal and helpful in my daily work.
- Copy text
- Ctrl + C
- Past text
- Ctrl + V
- Select text
- Shift + an arrow key
- Selecting the next word
- Ctrl + Shift + an arrow key
- Undo
- Ctrl + Z
- Redo
- Ctrl + Y
- Search for a keyword
- Ctrl + F
- Open a new browser tab
- Ctrl + T
- Refresh a webpage
- Ctrl + R
- Save a document
- Ctrl + S
The above list is just the tip of the iceberg! Here is a website that lists even more keyboard shortcuts that could help increase your keyboard acumen. Want to learn even more? Check out this website that focuses on productivity shortcuts.
- Published in Blog
How Technology Can Boost Workplace Safety
This article is from RISQ Consulting’s Zywave client portal, a resource available to all RISQ Consulting clients. Please contact your Benefits Consultant or Account Executive for more information or for help setting up your own login.
More than 14 people per day died while doing their jobs in 2016, highlighting the need for safety and procedural enhancements in the workplace. Employers are starting to embrace new technology in an effort to improve worker safety, including the following:
- Exoskeletons—Workers can wear exoskeletons to transfer weight from repetitive tasks and use less energy when moving objects. The result is a reduced risk of injuries as well as increased strength, dexterity and productivity.
- Virtual reality—This technology replicates physical environments and presents training opportunities for employees. It also allows workers to simulate hazardous tasks and identify safety needs. More benefits are expected as technology matures.
- Wearables—Wearable devices offer real-time monitoring of workers’ vital signs and can alert workers to the presence of environmental dangers. They can also cut health care costs by reducing health risks such as respiratory problems, cancer, dermatitis and hearing damage. An added bonus to employers is that wearables can provide an idea of what may have caused an employee’s injury before filing a workers’ compensation claim.
- Hand-held mobile devices—Although the use of mobile devices can be a distraction and safety liability, there are useful apps that detect safety hazards, log safety incidents, track OSHA requirements and even determine when the heat index is too high on job sites. The key to improving worker safety with hand-held mobile devices is using them responsibly.
- Drones—Sending drones into high-hazard areas instead of humans helps safely assess damage and plan emergency response.
INCORPORATING DATA SCIENCE
Aside from new devices, data science has enabled companies to analyze photos from job sites and then scan them for safety hazards, using an algorithm that correlates those images with their accident records.
Although the technology still needs some fine-tuning, companies can use such algorithms to rate project risks. As a result, the technology could prove extremely helpful in detecting elevated threats and then intervening with safety briefings.
TIME TO GET ON THE CLOUD
By using the cloud, companies have been able to completely overhaul the way they interact with each other and with their workers. The cloud consists of multiple networks of servers that allow apps to be accessed anywhere through the internet instead of confined to a particular computer or network.
Businesses that have projects and crews in multiple locations especially appreciate the benefits of the cloud, since it is efficient and allows for the seamless transfer of information and monitoring of workers’ safety.
SUCCESSFULLY DEPLOYING NEW TECHNOLOGY
New technology can be a waste of money if it is not deployed properly. It’s easy to get caught up in the “wow factor” of technology and lose sight of what the intended improvements are. Without a plan in place for deployment, this technological investment may be wasted.
Before seeking out new technology, consider ways to improve workplace processes. After improving these processes, it is easier to identify gaps that new technology can address. No amount of technology will help if it is processes that need to be fixed.
- Published in Blog