Safety professionals and risk managers in the manufacturing, construction, and service sectors spend considerable time ensuring their workers have both a physically and mentally safe workplace. Recent technology outages and cyberattacks demonstrate that safety professionals also need to consider technology risks that could threaten workers’ safety.
1. The Impact of Cyber Outages on Worker Safety
The CrowdStrike outage in summer 2024 was a botched Microsoft software update that became the largest cyber outage in U.S. history. While not a cyberattack, the impact of this outage was especially extreme on airlines. Delta had to cancel hundreds of flights over a few days, causing severe disruptions for customers and employees. This created scheduling issues, which are critical in the aerospace industry because federal law prohibits employees from exceeding work hours allowed for safety purposes. The CrowdStrike outage is a stark reminder that organizations must be vigilant and understand that the intangible world of cyber can have major impacts on workers’ safety. Many CIOs and CTOs were questioned about halted operations, and safety professionals had to account for employees with systems capturing employee check-ins being impacted.
2. Prioritize Workplace Safety
Workplace safety is paramount for employees. Manufacturers and construction sites invest much time and energy in plant security and safety, but equally important is the emotional, mental, and physical safety of the workforce. Examples of cybersecurity measures that contribute to employees’ sense of safety and well-being include tracking employees in the plant, monitoring machines to ensure they are operating correctly, and installing lockout/tagout technology to shut down machines if compromised. Part of the process for safety personnel is to work with IT to ensure appropriate firewalls are in place to prevent unauthorized network access and protect against cyberattacks. In addition, both departments need to install and update antivirus software on all necessary equipment to detect and remove malicious software that could compromise digital systems.
Organizations should also ensure that appropriate surveillance technologies are in place to monitor and track activities. Surveillance serves various purposes, including securing the plant or site and tracking individuals for identification. One issue that is more prevalent in our current environment is IoT vulnerabilities. Hackers often compromise IoT devices as a gateway to an organization’s network, allowing access to more sensitive data. Manufacturers and other industrial businesses collect and possess increasing data valuable to hackers, and technology downtimes can lead to safety concerns and major operational disruptions.
3. Practice Good Hygiene
Making workers feel safe and addressing the risk of cyberattacks starts by practicing good cyber hygiene. Business owners have repeatedly identified cybersecurity and privacy as top concerns. Several proactive steps safety professionals and risk managers can take include:
Privileged access managementThis involves controlling access to sensitive information and preventing unauthorized access to critical systems.
Controlling data collectionRisk management around cybersecurity includes understanding what information your organization collects from workers and why. For instance, if collecting biometric data, ensure compliance with relevant state or local laws.
Cybersecurity awareness training and phishing testingEvery employee should understand the risks of cyberattacks and how to prevent exposure. Additionally, periodic testing should be conducted to ensure good risk management.
Employee awarenessInform workers about steps taken to secure sensitive information and limit access to those who need to know.
Cyber incident response planning and testingOrganizations need an effective cyber incident response plan that is regularly tested to ensure preparedness for potential attacks.
Tested backupsMaintaining secured, encrypted, and tested backups can help resist ransomware attacks. Regular snapshots can ensure quick recovery if an attack occurs.
Cybersecurity programA tailored cybersecurity program proportional to the entity’s resources and risks is essential.
Good cyber hygiene will not guarantee total prevention of breaches, but it will make it more difficult for attackers to exploit vulnerabilities. Effective risk management and safety protocols will minimize exposure.
4. Invest in Cyber Insurance
Another crucial aspect of protecting employees and the organization is having a robust cyber insurance risk management profile. Whether in manufacturing, construction, or the service sector, having comprehensive insurance that includes protection for cyber events is vital. The cyber insurance market has matured, with more risks now placed on the insured. Risk managers should work with insurance brokers to ensure the policy addresses specific risks within the company’s profile. Cyber insurance policies vary by insurer, so it’s important to understand exclusions and other conditions.
5. Prepare Your Cyberattack Response
In the event of a cyberattack, safety professionals and risk managers should take steps to safeguard employees:
Assessing the riskQuickly determine what information has been attacked and whether any personal data of employees has been compromised.
Informing employeesNotify the workforce about the steps being taken to minimize their exposure.
Reminding the workforce of safety practicesMaintaining safety practices is crucial even if there is a production stoppage due to an attack.
Notifying insurersInform the cyber insurance carrier and other relevant insurance providers to ensure coverage.
Updating policies and proceduresIdentify and address the vulnerabilities that led to the attack, then review and update risk management and safety policies.
Considering ransomware demandsMany regulators advise against paying ransoms, as it may fund future attacks. Organizations must verify that they are not paying to a sanctioned entity before considering a ransom.
Conclusion
Safety professionals and risk managers within the manufacturing, construction, and service industries devote significant time to making sure their employees work in environments that are both physically and mentally safe. These efforts involve a variety of measures to prevent accidents and promote well-being. However, recent incidents of technology failures and cyberattacks have highlighted a new area of concern. It’s now evident that safety professionals must also account for technology-related risks. These risks can jeopardize not only the security of data and systems but also the safety of the workers. For instance, if a cyberattack hits a company’s operational technology, it can disrupt machinery, leading to potential physical injuries. Similarly, technology outages can cause unexpected shutdowns in systems that are crucial for maintaining a safe working environment. As a result, the scope of workplace safety has expanded beyond traditional physical safety measures. Addressing technology risks is essential to ensure a comprehensive approach to worker safety in today’s increasingly digitalized operations.
