Cal/OSHA Reports a 13-Year Low for Injury and Illness

In the world of occupational safety and health, it’s easy to focus on hazards and disasters. After all, workplace injuries or fatalities affect hundreds of thousands of Californians and their families every year. Preventing and reducing these incidents is very important. But it is also good to know that the efforts of employers and workers across the state have made a significant difference.

This month, the Department of Industrial Relations posted the occupational illness and injury data from 2014. According to the survey results, rates of reportable workplace accidents and illnesses remain at a 13 year low. This holds true across all categories of lost work-time cases (incidents resulting in time lost from work, transfer, or restricted duty).

Quick Statistics for 2014

  • There were 460,000 reportable injury and illness cases
  • 265,000 involved lost work-time
  • 140,000 resulted in days away from work
  • 25,840 involved local government workers including over 3000 in the trade, transportation, and utilities sector.

Risk Factors for Workers

  • Latino workers continue to face disproportionate risks at work, accounting for almost 60% of days away from work. In jobs involving construction activities, 75% of injured workers who lost work days were Latino.
  • Teenagers and new workers (those on the job less than a year) are at particularly high risk for accidents.
  • Sprains, strains, and tears remain the leading causes of lost work-time.
  • Overexertion, adverse reactions to substances at work, slip & falls accidents, and equipment-related injuries are common.

Progress Can Still Be Made

The continuing reduction of workplace illness and injury is cause for hope. It clearly demonstrates that making positive changes in safety programs has a real effect on outcomes. Paying close attention to the factors involved in accidents and illnesses for at-risk groups and activities allows employers to identify hazards and adjust their workplace program accordingly. This is an ongoing process that can and should continue to be refined each year.

With 2016 approaching, it’s a great time for a review of your safety program. With your participation, DKF is dedicated to making each year safer than the one before. If your organization hasn’t yet scheduled a consultation, we encourage you to contact us today. 

Cybersecurity: Water Utility Security Part 6

The issues surrounding cybersecurity in the water utility industry become more complex and technically demanding as the focus becomes more granular. This month, we continue the shift from overarching “big picture” best practices that remain fairly stable to a moving target of security and encryption protocols that may change on a monthly basis.

In fact, application security and encryption can’t be pinned down perfectly because there are too many variables to consider—and hackers are always looking for new ways to penetrate online systems. For this reason, cybersecurity measures in these areas must be subject to ongoing testing and review with resources committed to frequent fixes, updates, and upgrades. Any other approach makes it simply a matter of time until a breach occurs.

Application Security

Securing an application begins in the design phase and continues through testing, deployment, monitoring/maintenance, and through to obsolescence. One common area of vulnerability is Insufficient Transport Layer Protection that fails to protect network traffic, leaving data and session IDs exposed. Knowing enough to ask the right questions is essential during vendor selection to avoid these risks. Software vendors and system integrators must demonstrate that their applications and processes have an appropriate level of integrity. There are also actions that can be taken at an administrative level within the organization to promote better application security.

Examples of current smart practices: Each PCS user should have their own login (username and strong password). This login should be different from the user’s login for other business apps and provide access only to those program capabilities required for the user to perform their job. Administrator privileges should be given only to administrators, and all application usage should be logged, monitored, and reviewed regularly.

No application can be guaranteed to be entirely secure, but the level of security is enhanced with constant vulnerability monitoring to identify weak points and address them quickly.

Encryption

In simple terms, encryption is about keeping information away from prying eyes through the use of cryptography (codes). Data must be protected both in storage and during transmission from one point to another. Encryption schemas may include compression algorithms, Virtual Private Networks (VPNs), and other components to provide well-rounded security. The appropriate type and level of encryption should be applied to databases, laptops and computers, mobile devices, wireless and wired communication, removable storage devices, and so forth. The best practice is typically to use the highest level of encryption available for a given piece of equipment or system.

Encryption keys themselves should be treated with special care throughout the lifetime of the keys and the data they are intended to protect. They must be backed up and managed to prevent loss, theft, or unintentional destruction. Key vaults and similar environments with restricted access and redundant storage capacity may provide a solution.

Above all, water utilities should ensure that encryption is more than window dressing. According to the AWAA, Weak encryption schemes are particularly dangerous because they provide little protection and create a false sense of security and complacency. Proprietary encryption schemes should be avoided since they typically have not gone through comprehensive testing and often contain flaws. Also, only encryption schemes that are referenced by appropriate standards and use keys of proper length should be considered secure.” Encryption only works if it addresses real world risks.

Next up, Telecommunications, Network Security, Architecture and more!