How to Keep Your Workforce Safe
Common threats like natural disasters, workplace violence, disgruntled employees, and cyber-attacks put your business, workforce, property, and operations at extreme risk. To ensure your organization is prepared, protected, and ready to communicate, consider the following aspects of your workforce safety: how to shelter-in-place, responding to a hostage situation, managing a disgruntled employee, and establishing good cybersecurity hygiene.
How to Shelter-in-Place
In our previously published blog post, we explained a commonly misinterpreted situation of taking shelter in place. We covered the steps of how to stay safe if there’s an imminent threat or a hazard.
According to a definition by the American Red Cross, shelter in place is “to seek safety within the building one already occupies, rather than to evacuate the area.” This warning is issued when “chemical, biological, or radiological contaminants may be released accidentally or intentionally into the environment,” and residents should “select a small, interior room, with no or few windows, taking refuge there.”
Hostage Situations: How to Prepare and Respond
Hostage situations and other acts of workplace violence are unpredictable.
If you acknowledge the fact that one can’t be fully insured against a hostage situation taking place at your office, it’s time to define and plan what you and your team need to do in this situation.
Unfortunately, many business owners do not consider planning for instances such as the hostage situation until it happens to their employees. The biggest misconception is that establishing a procedure for these types of events will cause panic among employees.
With proper planning and training, your employees and teammates are more likely to respond to an emergency and be safe and sound. Emotions can get in the way, creating life-threatening conditions not only for the individual but everyone else. A risky situation such as this one needs to be handled with extreme care.
The best way for your employees and coworkers to be aware of their roles and responsibilities during a hostage situation in the office is by introducing them to an Emergency Acton Preparedness plan (EAP).
In addition to creating an EAP plan that is designed to train all employees, consider the following 7 tips to promote safety during a hostage situation:
- Do not argue with an assailant.
- Keep a conversation to a minimum. Don’t draw assailant’s attention.
- Mentally prepare yourself to be there for a long time and be patient for the situation to be resolved.
- Sit down and keep your hands on your head or where visible.
- Do not make suggestions, especially if they are risky.
- Do not make sudden movements, even if help has arrived.
- Once help arrives, but there’s confusion and you’re being handcuffed, do not resist and wait for the situation to resolve.
If at any time your hostage-taker develops into a shooter, refer to Active Shooter instructions to get out or take out.
Managing a Disgruntled Employee
A laid-off employee killed five people at his place of work in Aurora, Illinois in February 2019. This isn’t the first act of violence in the workplace, and it’s highly unlikely that it will be the last one.
Having a plan for workplace violence doesn’t indicate that you don’t trust your employees and coworkers. It means that your business cares about the wellbeing of your colleagues and want to protect them by implementing plans that will keep them safe in the worst-case scenarios.
Identifying a disgruntled employee
To prevent an incident from happening, one must identify the signs indicative of anger or hostility.
If an employee demonstrates open aggression, if they own weapons or talk about resorting to violence as a solution, then you have signs of a disgruntled employee.
Handling a disgruntled employee
Once you have identified that person, it is imperative for you and the company to make this your top priority and handle the situation with care to avoid aggression from the employee.
The sooner a disgruntled-employee situation is addressed, the better. Here are the steps for accomplishing that.
- Don’t let it fester
- Keep it professional and private
- Document everything
- Don’t tolerate it. Be firm and terminate the employee.
Unfortunately, the signs are not always evident until it’s too late. If you feel that one of your employees may escalate the situation into a potentially dangerous one, don’t hesitate to get assistance. Dealing with disgruntled employees isn’t pleasant, but the situation must be addressed immediately because it can create a lot of damage—from the inside out—if it isn’t addressed in a timely and professional manner.
Establishing Cyber Security
Intentional external hacking has increased over the past few years. In 2017, the number of cyberattacks worldwide doubled to 160,000. And even though the loss of revenue and additional costs can come from malicious acts, frequently, these events happen because of technical glitches or a human error.
Leaks of sensitive information can happen from both inside and outside of your organization by both people and technology.
The Alliance for Telecommunications Industry Solutions (ATIS) describes different types of unintentional and intentional threats in the following way:
- Unintentional, insider-originated security breaches are the result of simple negligence, inattention, or lack of education. Unintentional mistakes such as system administrator errors, operator mistakes, and programming errors, for example, are common.
- Intentional acts can be overt and direct action (e.g., when an employee with access to customer credit card information sells it to the third party) or can be from individuals who use covert technical means.
Unintentional, or negligent technical threats involve software bugs that happen during the programming of a computer system and system configuration errors, like incorrect settings or parameters when software is installed.
Intentional and malicious technical threats typically include the use of computer code or devices designated to hamper the system. This includes: software bugs purposely added to computer programs, malicious software that modifies or destroys data (such as viruses), worms, Trojan horses or back doors that allow unauthorized access to a system, password hacking, network spoofing, denial of service attacks, email hijacking, and so on.
Regardless of the intention, you must protect your organization from the vast and swiftly growing array of threats that can put your reputation and revenue at risk. Only having a plan that meets the minimum requirements is not enough. An effective business continuity program that anticipates and responds to uncertainty is paramount to achieving organizational resiliency. Your clients and the regulatory environment require it.
Organizations face continuous threats that can put the lives of their employees in danger and interrupt business operations. Developing a business continuity plan that fits your organization is challenging.
To help mitigate threats, Agility Recovery provides simple, comprehensive packages for any organization to seamlessly protect their operations from interruptions.