Connecting Your Business with the Industry’s Best
Print Access Find the right printer for the BEST results.
print Access

Printlandia - The Blog

Train Employees to Avoid Cybercrime

Posted Friday, February 10, 2017 by Jules VanSant.

alt textHere are some tips from PayNW on establishing cybersecurity policies with your employees to avoid cybercrime.

Source: PayNW

In an era of hyper-connectedness and a burgeoning global cybercrime industry, you can’t afford to hope you’ll just be lucky and avoid a successful attack. It’s essential to establish policies and procedures to minimize risk and train employees on how to protect your company.

The basic kinds of criminal acts you need to guard against are:alt text

  • Theft of proprietary or sensitive business data that could be sold to competitors or other hackers,
  • Installation of “ransomware” that locks you out of your own data until you pay the cybercriminals’ demands,
  • Malicious damage to your system, such as crashing your website to prevent customers from accessing it (often referred to as a “denial-of-service attack,” under which hackers overwhelm your site with data requests), and
  • Theft of employees’ personal information to eventually steal from them.

Internal Threats

Building a defensive strategy starts with recognizing that, even with the best technical external barriers in place, you could fall victim to an employee who goes rogue, or even joins your organization specifically with cybercrime as a goal.

While unlikely, it’s essential for your hiring managers to be mindful of these risks when reviewing employment applications — particularly those for positions that involve open access to sensitive company data. It’s just another checklist item when reviewing applicants with unusual employment histories. Checking references and conducting background checks is also a good idea.

In the same way, it’s generally advisable to include a statement in your employee handbook informing employees that their communications are stored in a backup system, and that you reserve the right to monitor and examine their company computers and emails (sent and received) on your system.

When such monitoring systems are in place, prudence or suspicious activity will dictate when they should be ramped up.

DHS Tips for Employees and IT Staff

It can also be useful to establish a policy encouraging employees to report any suspicious computer-based activities they observe around them. Of course, you don’t want to foster employee paranoia or promote the spread of baseless accusations. But deploying more eyes and ears can serve both to forestall cyber bad behavior and detect it, if it occurs.

The largest threat isn’t that employees may intentionally commit cybercrime, but that they might inadvertently open the door to external cybercriminals. That’s why the Department of Homeland Security (DHS) considers cybercrime serious enough to offer eight tips for employers to pass along to their employees:

  1. Read and abide by the company’s Internet use policy.

  2. Make passwords complex — use a combination of numbers, symbols, and letters (uppercase and lowercase).

  3. Change passwords regularly (every 45 to 90 days).

  4. Guard user names, passwords, or other computer or website access codes, even among coworkers.

  5. Exercise caution when opening emails from unknown senders, and don’t open attachments or links from unverifiable sources.

  6. Don’t install or connect any personal software or hardware to the organization’s network or hardware without permission from the IT department.

  7. Make electronic and physical backups or copies of critical work.

  8. Report all suspicious or unusual computer problems to the IT department.

Employees that follow these steps faithfully can serve as an additional layer of protection against cyberattacks.

For those people who are charged with the responsibility to maintain a secure system, the DHS offers the following advice:

  • Implement a layered defense strategy that includes technical, organizational and operational controls,

  • Establish clear policies and procedures for employee use of the organization’s information technologies,

  • Coordinate cyberincident response planning with existing disaster recovery and business continuity plans across the organization,

  • Implement technical defenses, such as firewalls, intrusion detection systems and Internet content filtering,

  • Update the existing anti-virus software often,

  • Follow organizational guidelines and security regulations,

  • Regularly download vendor security patches for all software,

  • Change the manufacturer’s default passwords on all software,

  • Encrypt data and use two-factor authentication where possible,

  • If a wireless network is used, make sure that it’s secure, and

  • Monitor, log and analyze successful and attempted intrusions to the company’s systems and networks.

Cybercrime Insurance

What else can be done? It’s often a good idea for businesses to protect their computer systems further by buying cybercrime insurance. Alone, this won’t prevent victimization, but it can offset some of the financial damage in case of a successful attack.

In addition, most insurers perform a rigorous risk assessment before issuing a policy and setting premiums. The results of such an assessment can be quite eye-opening for business owners.

If you decide against buying insurance, it might be useful to have a consultant conduct a cybercrime exposure risk assessment anyway. The growth, ubiquity and high cost of cybercrime has spawned a large industry of cybersecurity consulting firms. And, unless your company already has a robust IT staff with expertise in cyber-risk mitigation, you’ll likely save time and money engaging a third-party vendor.

Permalink to this entry

OSHA 300 Logs: Four Common Mistakes Employers Make

Posted Thursday, February 9, 2017 by Jules VanSant.

alt text

Have you posted your OSHA 300 Log yet? Here are a few common mistakes to avoid before you submit your form.

Source: JD Supra - Eric Conn

This is your annual reminder about the important annual February 1st deadline to prepare, certify and post your OSHA 300A Annual Summary of workplace injuries and illnesses, for all U.S. employers, except those with ten or fewer employees or those whose NAICS code is for the set of low hazard industries exempted from OSHA’s injury and illness recordkeeping requirements, such as dental offices, advertising services, and car dealers (see the exempted industries at Appendix A to Subpart B of Part 1904).

Specifically, by February 1st every year, employers must:

  • Review their OSHA 300 Log(s)
  • Verify the entries on the 300 Log are complete and accurate;
  • Correct any deficiencies identified on the 300 Log;
  • Use the injury data from the 300 Log to calculate an annual summary of injuries and illnesses and complete the 300A Annual Summary Form; and
  • Certify the accuracy of the 300 Log and the 300A Summary Form.

The Form 300A is a summation of the workplace injuries and illnesses recorded on the OSHA 300 Log during the previous calendar year, as well as the total hours worked that year by all employees covered by the particular OSHA 300 Log.

Four Common 300A Mistakes that Employers Make

We see employers make the following four common mistakes related to this annual injury and illness Recordkeeping duty:

  1. Not having a management representative with high enough status within the company “certify” the 300A;
  2. Not posting a 300A for years in which there were no recordable injuries;
  3. Not maintaining a copy of the certified version of the 300A form and
  4. Not updating prior years’ 300 Logs based on newly discovered information about previously unrecorded injuries or changes to injuries that were previously recorded.

Certifying the 300 Log and 300A Annual Summary

The 300 Log and the 300A Annual Summary Form are required to be “certified” by a “company executive.” Specifically what the company executives are certifying is that they:

  1. Personally examined the 300A Annual Summary Form;
  2. Personally examined the OSHA 300 Log from which the 300A Annual Summary was developed; and
  3. Reasonably believe, based on their knowledge of their companies’ recordkeeping processes that the 300A Annual Summary Form is correct and complete.

A common mistake employers make is to have a management representative sign the 300A Form who is not at a senior enough level in the company to constitute a “company executive.” As set forth in 1904.32(b)(4), company executives include only the following individuals:

  • An owner of the company (only if the company is a sole proprietorship or partnership);
  • An officer of the corporation;
  • The highest ranking company official working at the establishment; or
  • The immediate supervisor of the highest ranking company official working at the establishment.

Posting the 300A Annual Summary

After certifying the 300A, OSHA’s Recordkeeping regulations require employers to post the certified copy of the 300A Summary Form in the location at the workplace where employee notices are usually posted. The 300A must remain posted there for three months, through April 30th.

Another common mistake employers make is to not prepare or post a 300A Form in those years during which there were no recordable injuries or illnesses at the establishment. Even when there have been no recordable injuries, OSHA regulations still require employers to complete the 300A form, entering zeroes into each column total, and to post the 300A just the same.

Maintaining the 300A for Five Years

After the certified 300A Annual Summaries have been posted between February 1st and April 30th, employers may take down the 300A Form, but must maintain for five years following the end of the prior calendar year, at the facility covered by the form or at a central location, a copy of:

  • The underlying OSHA 300 Log;
  • The certified 300A Annual Summary Form; and
  • Any corresponding 301 Incident Report forms.

In this technology era, many employers have transitioned to using electronic systems to prepare and store injury and illness recordkeeping forms. As a result, another common mistake employers make is to keep only the electronic version of the 300A, and not the version that was printed, “certified” typically by a handwritten signature and posted at the facility. Accordingly, those employers have no effective way to demonstrate to OSHA during an inspection or enforcement action that the 300A had been certified.

Finally, another common mistake employers make is to put away old 300 Logs and never look back, even if new information comes to light about injuries recorded on those logs. However, OSHA’s Recordkeeping regulations require employers during the five-year retention period to update OSHA 300 Logs with newly discovered recordable injuries or illnesses, or to correct previously recorded injuries and illnesses to reflect changes that have occurred in the classification or other details. This requirement applies only to the 300 Logs; i.e., technically there is no duty to update 300A Forms or OSHA 301 Incident Reports.

Permalink to this entry

HR Question of the Month: Unpaid FMLA and Paid Holidays?

Posted Monday, February 6, 2017 by Jules VanSant.

alt textFederated Insurance’s experts answer specific Human Resources related questions.

Question: We received a question regarding unpaid FMLA leave and holiday pay. An employee has requested unpaid FMLA leave. There are paid holidays during the leave period. Is the employee entitled to holiday pay?

Response: In determining whether an employee on FMLA leave is entitled to holiday pay for a holiday that falls during the leave period, the employer’s policy governs. The FMLA Regulations provide specifically that “[a]n employee’s entitlement to benefits other than group health benefits during a period of FMLA leave (e.g., holiday pay) is to be determined by the employer’s established policy for providing such benefits when the employee is on other forms of leave (paid or unpaid, as appropriate.)” See 29 CFR 825.209(h). In other words, the employer’s policy relative to holiday pay eligibility and whether FMLA leave affects it should be uniformly enforced for all types of leaves to avoid potential discrimination or retaliation claims. If employees on other types of leaves of absence, whether protected by the FMLA or not, are eligible for holiday pay, employees on FMLA leave should be, too.

If your policy does not specifically address holiday pay eligibility under these circumstances, we recommend that you consider revising your policy to ensure it addresses this issue in a manner that comports with your company’s objectives while remaining compliant with applicable law. Any policy that is changed should be communicated in advance of its implementation, and uniformly enforced to avoid discrimination concerns. From an employee relations standpoint, if this is the first situation of its kind and your policy is silent, you may want to consider paying the subject employee for the holidays until such time as the policy is changed (and then move forward consistent with the new policy), even though strictly speaking this is not a statutory requirement.Want to learn more about how to handle issues like this? Click here to listen to our Podcast about FMLA and holiday pay.

Permalink to this entry

PIA-endorsed Postal Modernization Bill Introduced

Posted Friday, February 3, 2017 by Jules VanSant.

alt text

Source: Lisbeth Lyons, VP Government Affairs, Printing Industries of America

This is great news for the forward momentum of the PIA-endorsed postal modernization bill that could put USPS back in the black and on the path towards financial stability.

Washington, DC ….. February 2, 2017 The Coalition for a 21st Century Postal Service (C21) expressed its support for HR 756, the Postal Reform Act of 2017, introduced by a bipartisan group of Members of the House Oversight and Government Reform Committee, including its leaders. The Postal Service is in deep financial trouble, and this bill would constructively address, among other things, retiree health obligations that account for many $ billions in postal red ink.

Not only is the postal system deeply in the red on its balance sheet from its virtually unique and unsustainable statutory prefunding obligations (operations are nominally in the black), it and its customers are confronting a mandated review of its rate setting system this year. What is at stake is whether the Postal Service can continue to be wholly funded by user fees: postage. It receives no taxpayer funds. Absent this bill, the result could be major, unaffordable rate increases that would drive large volumes of mail out of the system, damaging businesses and costing jobs around the country. Ultimately, taxpayer funds would be necessary to prop up a failing, but still essential postal system.

“This bill provides an intelligent, workable and bipartisan solution to the financial predicament faced by USPS,” said Art Sackler, Manager of C21. “C21 mailers and suppliers, and the industry as a whole, have long supported a universal, self-sustaining postal system, and this bill would keep it that way.”

The industry generates $1.4 trillion in commerce, and employs 7.5 million workers. With the major increases necessary to cover postal liabilities, mailers would gravitate aggressively to electronic alternatives to mail in online, social and mobile media. This would put the survivability of the postal system at risk, and likely require support from taxpayers.“The beauty of this bill,” added Sackler, “is that it would put USPS back on the path to financial balance without taxpayer funds.”

The OGR Committee will conduct a hearing on HR 756 on February 7. C21 will testify.

Permalink to this entry

Canon Solutions America's Supports The 2017 Best Value Conference

Posted Friday, February 3, 2017 by Jules VanSant.

alt text

Canon Solutions America recognizes the value of the Best Values Business Model. How does your company utilize the model to improve performance?

MELVILLE, N.Y., Jan. 31, 2017 /PRNewswire/ – Canon Solutions America, Inc., a wholly owned subsidiary of Canon U.S.A., Inc. today announced its participation in the 2017 Best Value Conference, a nationally recognized event that educates guests on a leadership-based business model designed to improve performance of individual projects and entire organizations. Members of Canon Solutions America’s Enterprise Managed Services Division (EMSD) returned this year to discuss the positive integration of the Best Value approach into programs at Canon Solutions America. The event was held on January 22-26, 2017 in Tempe, Arizona.

The Best Value Conference focuses on sharing best procurement and risk management practices with leading industry professionals seeking measurable results for their respective industries. The model, which is based on leadership principles, drives accountability and efficiency to ultimately decrease risk, stress, cost, and management requirements. Since its founding in 1994, the Performance Based Studies Research Group (PBSRG) has been testing and refining the Best Value Business Model under the leadership of Dr. Dean Kashiwagi, Director of PBSRG and Best Value Guru. Consequently, the model has improved the performance of projects and organizations more than 1,800 times. Canon Solutions America recognizes the model’s added value to the company and its customers. For this reason, it was proud to, once again, support Dr. Kashiwagi and his team at the Best Value Conference.

“I was honored to be a part of a great educational experience where industries collaborate and contribute their knowledge for one common purpose,” said Rick Ranft, the Senior Director of the Strategic Markets group within the Enterprise Managed Services Division. “The Best Value approach is working for us, so we must dedicate time to support its development for the benefit of our clients.”

Ranft, who leads the Strategic Markets group, which includes Advisory Teams dedicated to Higher Education and Healthcare, made a notable appearance at the conference as a Canon Solutions America representative for the fourth time. He has been invited to share Canon Solutions America’s expertise in implementing Best Value print programs in large, complex organizations. Ranft and his team have adapted the Best Value approach to cater to the complex needs of Higher Education and Healthcare clients. With transformational design, dedicated account teams, and industry-leading technologies, the Enterprise Managed Services Division builds robust and scalable, yet flexible, print and document management services platforms, which include hardware and software that allow for customization and innovation based on relevant business needs. The Best Value model has shown to be applicable to any level of organization, allowing Ranft to implement it in a variety of environments. Furthermore, the flexible details of the model clearly align it to additional divisions of the company and extending services to customers on a small or large scale.

“We are motivated by the Best Value specialists who endlessly promote improvement to generate business opportunities for our Enterprise Managed Services Division,” said Erin Gruber, Practice Leader, and a member of the Strategic Markets Team. “We aim to thrive with this methodology by continuing to drive superior rates for print program success.”

The Enterprise Managed Services Division’s implementation of the Best Value approach is elevating Canon Solutions America to new heights by exposing customers to tools and processes that significantly improve practices in procurement, change management, and print programs. Additionally, Canon Solutions America’s active participation in the expansion of this proven methodology exhibits its ambition to help customers have the best forward-thinking solutions to thrive within their industries. To learn more about the Enterprise Managed Services Division and how it can help companies grow with transformative solutions to address financial, operational, and environmental goals, please contact the division at EMSDINFO@csa.canon.com or 888.369.8911 .

About Canon Solutions America, Inc.Canon Solutions America provides industry leading enterprise, production, and large format printing solutions, supported by exceptional professional service offerings. With the technology offerings of the Canon and Océ brands, Canon Solutions America helps companies of all sizes improve sustainability, increase efficiency, and control costs through high volume, continuous feed, digital and traditional printing, and document management solutions. A wholly owned subsidiary of Canon U.S.A., Inc., Canon Solutions America is headquartered in Melville, N.Y. and has sales and service locations across the U.S. For more information on Canon Solutions America, please visit csa.canon.com .

Permalink to this entry