Although it is important for companies to trust their workers and the general public, the unfortunate reality is that theft can happen at any time. This is particularly true in the construction industry, where expensive tools and machinery are often left in plain sight or are easily accessible to criminals.
Construction site theft is especially damaging, as the theft of materials and tools can quickly delay a project, sometimes bringing production to a halt. Accordingly, it is essential for construction companies to understand how they can prevent job site theft before it happens.
While every job site presents its own set of unique challenges, there are a number of general tips firms can use to better secure a construction site. The following are some basic strategies you can use to protect your materials and tools from thieves:
- Create a written security policy and job site security plan. These written plans should assign supervisory responsibilities, encourage awareness, and establish basic best practices for securing tools and materials.
- Contact nearby property owners and local law enforcement officials whenever you start a new project. These parties can help monitor your job site, particularly during off-hours.
- Establish a way for your employees to report theft or suspicious activity. Be sure to maintain complete records of any security incidents, as they can be beneficial to law enforcement in the event of theft, vandalism or similar occurrences.
- Conduct thorough background checks on your employees before hiring them on full time. You should also keep a list of people authorized to be on the job site on hand at all times.
Equipping your worksite with theft prevention features is mandatory if you expect to ward off potential criminals. Whenever possible, consider doing the following:
- Enclose your worksite with a security fence and provide limited access at all times. Use lockable gates whenever possible. Avoid using low-quality locks or leaving keys in the locks themselves.
- Ensure that your worksite is well-lit at night to deter criminals.
- Utilize signage to keep unauthorized personnel off your worksite.
- Walk around the worksite at the beginning and end of each day to ensure that no items are missing.
- Consider hiring security guards to patrol the construction site, particularly at night.
If possible, install security cameras to safeguard your job site. Overall, training employees on how to best keep materials and equipment out of the hands of thieves is your first line of defense against losses.
Controls for Equipment, Tools and Materials
The number of tools and machinery found on a construction site can vary heavily from day to day, making it difficult to keep track of valuables. That’s why the first step in any good protection program is to inventory the equipment you have.
An inventory should be made available for each job site and should accomplish the following:
- Inventories should track all newly purchased items. Copies of the inventory should be kept in a secure location.
- Inventories should be up to date and include photos of the larger, more important equipment.
- To aid in the settlement and recovery of any stolen equipment, inventories should include the following:
- The original date of purchase
- The original cost of the equipment
- The equipment’s age and serial number
- Relevant manufacturer information
Firms should assign one employee to be in charge of managing the inventory. This person would be responsible for keeping track of all materials, tools and deliveries.
Other major steps to securing equipment, tools and materials include the following:
- Utilize a secured area to store your equipment.
- Mark and label all tools in a distinctive manner for easy identification.
- Implement a checkout system of all tools and equipment so you can track their whereabouts.
- Establish a key control system for heavy duty machinery.
- Install anti-theft devices on mobile equipment.
- Lock all oil and gas tank caps.
- Park all equipment in a centralized, well-lit and secure area.
- Avoid using your worksite for storage. Remove any tools, materials or equipment that are not in use.
In general, it’s important to keep inventory levels low on-site to discourage thieves. In addition, creating and maintaining an equipment program can make all the difference when it comes to safeguarding your tools.
Equipment programs should make employees, managers, supervisors and foremen responsible for equipment losses. Under such programs, all losses are must be reported, regardless of how small. You should review equipment programs at least annually.
Responding to Job Site Theft
Even if an unimportant or inexpensive piece of equipment goes missing, it’s critical to report the theft to the police. While the authorities may not always be able to recover stolen items, reporting every instance of theft helps police establish a pattern that may assist in future cases.
When a theft occurs, respond by doing the following:
- Notify the proper authorities. Provide as much detail as possible, including when the theft took place and what was stolen.
- Contact your insurance broker and review the specifics of your policies, including coverages, limitations and deductibles related to personal property.
- File an insurance claim.
Following a theft, it’s important to take any additional steps necessary to secure your job site to prevent future losses.
Protect Your Projects
Theft is unpredictable, but there are many workplace controls that firms can implement in order to protect themselves. In addition, it’s important to speak to a broker to seek the appropriate insurance coverages. Contact Scurich Insurance today for more information.
When a data breach or other cyber event occurs, the damages can be significant, often resulting in lawsuits, fines and serious financial losses. What’s more, cyber exposures impact businesses of all kinds, regardless of their size, area of focus, or status as a private or public entity.
In order for organizations to truly protect themselves from cyber risks, corporate boards must play an active role. Not only does involvement from leadership improve cyber security, it can also reduce liability for board members.
To help oversee their organization’s cyber risk management, boards should ask the following questions:
Does the organization utilize technology to prevent data breaches?
Every company must have robust cyber security tools and anti-virus systems in place. These systems act as a first line of defense for detecting and preventing potentially debilitating breaches.
While it may sound obvious, many organizations fail to take cyber threats seriously and implement even the simplest protections. Boards can help highlight the importance of cyber security, ensuring that basic, preventive measures are in place.
These preventive measures must be reviewed on a regular basis, as cyber threats can evolve quickly. Boards should ensure that the management team reviews company technology at least annually, ensuring that cyber security tools are up to date and effective.
Has the board or the company’s management team identified a senior member to be responsible for organizational cyber security preparedness?
Organizations that fail to create cyber-specific leadership roles could end up paying more for a data breach than organizations that do. This is because, in the event of a cyber incident, a fast response and clear guidance is needed to contain a breach and limit damages.
When establishing a chief information security officer or similar cyber leadership role, boards need to be involved in the process. Cyber leaders should have a good mix of technical and business experience. This individual should also be able to explain cyber risks and mitigation tactics at a high level so they are easy to understand for those who are not well-versed in technical terminology.
It should be noted that hiring a chief information security officer or creating a new cyber leadership role is not practical for every organization. In these instances, organizations should identify a qualified, in-house team member and roll cyber security responsibilities into their current job requirements. At a minimum, boards need to ensure that their company has a go-to resource for managing cyber security.
Does the organization have a comprehensive cyber security program? Does it include specific policies and procedures?
It is essential for companies to create comprehensive data privacy and cyber security programs. These programs help organizations build a framework for detecting threats, remain informed on emerging risks and establish a cyber response plan.
Corporate boards should ensure that cyber security programs align with industry standards. These programs should be audited on a regular basis to ensure effectiveness and internal compliance.
Does the organization have a breach response plan in place?
Even the most secure organizations can be impacted by a data breach. What’s more, it can often take days or even months for a company to notice its data has been compromised.
While cyber security programs help secure an organization’s digital assets, breach response plans provide clear steps for companies to follow when a cyber event occurs. Breach response plans allow organizations to notify impacted customers and partners quickly and efficiently, limiting financial and reputational damage.
Board members should ensure that crisis management and breach response plans are documented. Specific actions noted in breach response plans should also be rehearsed through simulations and team interactions to evaluate effectiveness.
In addition, response plans should clearly identify key individuals and their responsibilities. This ensures that there is no confusion in the event of a breach and your organization’s response plan runs as smoothly as possible.
Has the organization discussed and formalized a cyber risk budget? How engaged is the board in terms of providing guidance related to cyber exposures?
Both overpaying and underpaying for cyber security services can negatively affect an organization. Creating a budget based on informed decisions and research helps companies invest in the right tools.
Boards can help oversee investments and ensure that they are directed toward baseline security controls that address common threats. Boards, with guidance from the chief security officer or a similar cyber leader, should also prioritize funding. That way, an organization’s most vulnerable and important assets are protected.
Has the management team provided adequate employee training to ensure sensitive data is handled correctly?
While employees can be a company’s greatest asset, they also represent one of their biggest cyber liabilities. This is because hackers commonly exploit employees through spear phishing and similar scams. When this happens, employees can unknowingly give criminals access to their employer’s entire system.
In order to ensure data security, organizations must provide thorough employee training. Boards can help oversee this process and instruct management to make training programs meaningful and based on more than just written policies.
In addition, boards should see to it that education programs are properly designed and foster a culture of cyber security awareness.
Has management taken the appropriate steps to reduce cyber risks when working with third parties?
Working alongside third-party vendors is common for many businesses. However, whenever an organization entrusts its data to an outside source, there’s a chance that it could be compromised.
Boards can help ensure that vendors and other partners are aware of their organization’s cyber security expectations. Boards should work with the company’s management team to draw up a standard third-party agreement that identifies how the vendor will protect sensitive data, whether or not the vendor will subcontract any services and how it intends to inform the organization if data is compromised.
Does the organization have a system in place for staying current on cyber trends, news, and federal, state, industry and international data security regulations?
Cyber-related legislation can change with little warning, often having a sprawling impact on the way organizations do business. If organizations do not keep up with federal, state, industry and international data security regulations, they could face serious fines or other penalties.
Boards should ensure that the chief information security officer or similar leader is aware of his or her role in upholding cyber compliance. In addition, boards should ensure that there is a system in place for identifying, evaluating and implementing compliance-related legislation.
Additionally, boards should constantly seek opportunities to bring expert perspectives into boardroom discussions. Often, authorities from government, law enforcement and cyber security agencies can provide invaluable advice. Building a relationship with these types of entities can help organizations evaluate their cyber strengths, weaknesses and critical needs.
Has the organization conducted a thorough risk assessment? Has the organization purchased or considered purchasing cyber liability insurance?
Cyber liability insurance is specifically designed to address the risks that come with using modern technology—risks that other types of business liability coverage simply won’t cover.
The level of coverage your business needs is based on your individual operations and can vary depending on your range of exposure. As such, boards, alongside the company’s management team, need to conduct a cyber risk assessment and identify potential gaps. From there, organizations can work with their insurance broker to customize a policy that meets their specific needs.
Asking thoughtful questions can help boards better understand the strategies management uses to prevent, detect and respond to data breaches. When it comes to cyber threats, organizations need to be diligent and thorough in their risk prevention tactics, and boards can help move the cyber conversation in the right direction.
Cyber exposures impact organizations from top to bottom, and all team members play a role in maintaining a secure environment. However, managing personnel and technology can be a challenge, particularly for organizations that don’t know where to start.
That’s where Scurich Insurance can help. Contact us today to learn more about cyber risk mitigation strategies you can implement today to secure your business.
OSHA’s final rule on electronic reporting requires certain employers to submit data from their injury and illness records electronically so it can be posted on the agency’s website. Because the rule is an extra requirement on top of existing OSHA recordkeeping standards, affected employers need to be ready to comply with the rule before the proposed Dec. 1, 2017, deadline.
Other News and Tips
Preparing for OSHA Inspections
If an unannounced OSHA inspection finds violations at your business, you may have to pay thousands in fines and watch as your reputation plummets. Fortunately, OSHA inspections generally follow an established procedure that you and your staff can prepare for.
When an OSHA compliance officer arrives at your business, it’s important to check his or her credentials and then determine if you’ll give consent to the inspection. Although you can refuse an inspection or give only partial consent, the compliance officer will take note of this and OSHA may take further action.
Once an inspection begins, the goal should be to determine its purpose and set any ground rules. You should also be prepared to provide proof that your business is in compliance with OSHA standards. During the walkaround process, be sure to take notes of what the inspector documents so you can review them later.
OSHA inspections can be stressful, even when your business is in full compliance. Scurich Insurance can provide you with our inspection guide, “Be Prepared for an OSHA Inspection,” and help your business impress OSHA compliance officers.
OSHA Removes Employee Fatalities from Home Page
Although OSHA used to include a URL link on its home page that would direct viewers to a list of employee fatalities, the agency recently moved the link to a separate page on its website.
According to a spokesperson from the Department of Labor, the link was moved in order to increase the accuracy of workplace data, as previous listings included fatalities that were outside OSHA’s jurisdiction. However, OSHA will keep the list of employee fatalities on its website and continue to review data from employers.
Although the electronic reporting rule initially required certain employers to start submitting their required information by July 1, 2017, OSHA’s Injury Tracking Application website wasn’t ready to receive electronic reports in time, and OSHA proposed Dec. 1, 2017, as the new deadline. The rule doesn’t change an employer’s requirements to complete and retain regular injury and illness records, but some employers will now have additional obligations. Here are the requirements for the rule:
- Establishments with 250 or more employees that are required to keep injury and illness records must electronically submit the following forms:
- OSHA Form 300: Log of Work-Related Injuries and Illnesses
- OSHA Form 300A: Summary of Work-Related Injuries and Illnesses
- OSHA Form 301: Injury and Illnesses Incident Report
- Establishments with 20 to 249 employees that work in industries with historically high rates of occupational injuries and illnesses must electronically submit information from OSHA Form 300A.
The final reporting requirements will be phased in over two years. After the initial Dec. 1, 2017, deadline, establishments with 250 or more employees must submit information from OSHA Forms 300, 300A and 301 by July 1, 2018. Beginning in 2019 and every year thereafter, the information must be submitted by March 2.
For more help preparing for this new rule, call us at 831-661-5697 and ask to see our comprehensive Compliance Overview on OSHA’s electronic reporting rule.
New Silica Rule Enforcement Begins
A new OSHA rule on respirable crystalline silica will require employers to limit their employees’ exposure to silica hazards and provide medical exams to monitor highly exposed employees. The rule is scheduled to come into effect on June 23, 2018; however, OSHA began enforcement of the new rule in the construction industry on Sept. 23, 2017.
Under the new rule, employers must reduce the permissible exposure limit (PEL) for respirable silica to 50 micrograms per cubic meter of air (50 µg/m3). The rule also requires employers to take the following steps:
- Establish engineering controls to limit employees’ exposure to the new PEL.
- Provide employees with respirators when engineering controls alone do not provide enough protection.
- Establish a written silica exposure control plan.
- Provide medical exams to employees who are exposed to levels of respirable silica at or above the new PEL for 30 or more days a year.
To see more information on the respirable silica rule, and to see specifics about the rule’s application in the construction industry, visit OSHA’s website.