As a new wave of COVID spreads across the United States, business owners in particular must remain vigilant – whether that means protecting employees, being cognizant of changing laws and safety requirements, or securing the infrastructure of the business itself.
In this regard, two news items caught my eye in December that are sure to have an impact on affected security integrators.
California Legislation
The first has to do with any organizations that conduct business in California; in fact, California Assembly Bill 685 (AB 685) enacts sweeping COVID-related requirements that went into effect on Jan. 1 and will stay in effect for two full years.
Chief among these requirements is a mandate for all companies that have employees or subcontractors in California to be notified of any potential exposure to COVID-19. “This law requires any employer to make notification if any employee should contract COVID-19 – it is just not limited to contractors,” explains Shane Clary, VP of Codes and Standards Compliance for California-based Bay Alarm Company. “The bill makes COVID-19 an occupational illness as defined by the California Department of Industrial Relations (DIR). Notification to the DIR is required as well.”
By law, employers are now required to notify all employees at a worksite of potential exposures, COVID-19-related benefits and protections, and disinfection and safety measures that will be taken at the worksite in response to the potential exposure. They are also required to notify local public health agencies of all workplace outbreaks – defined as three or more laboratory-confirmed cases of COVID-19 among employees who live in different households within a two-week period – within 48 hours of becoming aware of the number of cases that meets the definition of an outbreak.
The state’s Division of Occupational Safety and Health (DOSH), better known as Cal/OSHA, can shut down an entire worksite or specific worksite area that exposes employees to an imminent hazard related to COVID-19 infection. Cal/OSHA can exercise its authority at any place of employment where risk of exposure to COVID-19 constitutes an imminent hazard, and would remove employees from the risk of harm until the employer can effectively address the hazard. Additionally, Cal/OSHA can issue citations for serious violations related to COVID-19 without giving employers 15-day notice before issuance.
The law now clearly states that employers must provide a written notice to all employees, and the employers of subcontracted employees, who were on the premises at the same worksite as the person who was infectious with COVID-19 or who was subject to a COVID-19-related quarantine order. “The employer is also responsible for maintaining records of this for a period of three years,” Clary adds.
For more on this law, consult: www.dir.ca.gov/dosh/coronavirus/AB6852020FAQs.html
Beware of Phishing
As you might expect, the massive increase in remote connectivity to corporate networks has led to an equally massive rise in ransomware and cyber-attacks. Your security director customers with thousands of employees to monitor can attest; however, your own employees are just as susceptible.
KnowBe4, a provider of cybersecurity awareness training, recently issued a warning on the potential for a surge of phishing attacks that take advantage of COVID-19 vaccine updates.
“With infection rates soaring around the world, the impending news about COVID-19 vaccines is highly anticipated, and as soon as it hits inboxes, people will be more likely to click,” company CEO Stu Sjouwerman says. “The bad guys are waiting to take advantage of this news by crafting new attacks.”
He goes on to say that employees should be particularly suspicious of any vaccine-themed emails, especially those containing attachments or instructing them to click on a link.
KnowBe4 has already developed templates (aka fake phishing emails) that organizations can send out to train employees. They include subject lines like: HR COVID Vaccine Survey or Find your nearest COVID-19 vaccine location! It certainly pays to be aware. Learn more about these tactics and the training modules at https://blog.knowbe4.com.
Paul Rothman is Editor-in-Chief of Security Business magazine (www.securitybusinessmag.com). Email him your comments or topic suggestions at [email protected].
