When it comes to workplace safety, have you considered the company parking lot or garage? Your workers use it at least twice a day to stow and shelter their vehicles, but beyond that it's fairly invisible. A closer look reveals that predators might easily be lurking there. To minimize this threat, experts recommend ensuring that workers (as well as visitors) take these precautions:

1. Stay alert for cruising vehicles, whose drivers can stop suddenly and jump out to rob or assault you.
2. If you're using a parking lot, park near the building in a visible, lighted area.
3. In a parking garage, park near the parking attendant (if there is one) or near a well-lit exit. Women should avoid using stairs and elevators, if possible.
4. Use the main exit/entrance rather than a side or secluded one.
5. Lock any valuables (including GPS, shopping, other bags, etc.) out of sight. If you're walking to your vehicle after hours, ask a co-worker or security officer to accompany you.
6. If you have to walk alone, ask someone to watch from inside, if possible. Turn around frequently to make sure you're not being followed and pretend that you're waving to someone ahead to give the impression you're not alone.
7. Don't talk on your cellphone or listen to music with ear pods -- predators are looking for victims who seem distracted or unaware.
8. Have your car keys and personal alarm or whistle ready as you approach your vehicle.
9. If someone nearby looks suspicious, keep walking and get to a safe place where you can call for help.
10. Before you unlock the door, take a good look around, inside, and behind the vehicle.
11. Once you enter the vehicle, lock all doors promptly and keep your windows up until you've exited the lot or garage.

Words to the wise.  

Pop quiz time. What's more secure; financial records locked in a filing cabinet or financial records stored in the cloud? If you don't understand how cloud security works, you probably said the filing cabinet. It's time for a little mythbusting about how secure your paperless office could be. Last week, Cindy Bates posted on the Microsoft SMB Blog about the benefits of a completely paperless office. Like Delta Airlines, who recently switched to the paperless cockpit, it's possible for any office or organization to ditch the dead trees and move entirely into the digital space. One of the first questions decision makers ask when considering the paperless office is "how secure is this?" It's a fair question, so let's consider Delta's paperless cockpit example and overall data security. The problem with paper is that, well, it's paper. Paper gets lost, it burns, it can be misfiled and disappear. It's only as secure as its physical location. If that location is a locked filing cabinet (or a vault under Fort Knox), if someone really wanted to get to it, they could. A file in the cloud cannot burn, be stolen, accidentally left behind in a restroom, or any other number of things that could affect a hard copy of important information. For a recent example, take a look at the Internet Archive, whose scanning facility in San Francisco recently caught fire. Although no data was stored in their San Francisco office, if it had been, cloud redundancies would have prevented any loss. But what about a data center, such as what powers Windows Azure or Office 365? Let's start with physical security: data centers are monitored 24 hours a day, 365 days a year. A team of ninjas could, in theory, break in, but they'd still have to know which of the thousand machines contained your exact data—so unless you've upset the cast of Ocean's 11, it's significantly less likely than an office fire that could destroy physical data. In addition, with Office 365, data transmitted across networks is encrypted—so if some agency (or other villain) happens to tap the wires, they still won't be able to read your files. While a move to a paperless office does not entirely guarantee data security—there are still those ninjas to think about—it is significantly more secure than leaving your information in paper form, where it could be destroyed or stolen with greater ease. It's just one more reason to go paperless.

"Cybersecurity is definitely no longer a server room issue," says David Finn, Executive Director at the Microsoft Cybercrime Center. "It's a boardroom issue." He notes that on average, it takes 243 days before an organization even knows that it was penetrated by a cybercriminal. Today, when one in five businesses are the target of a security breach, bad things are inevitably going to happen. That's why looking at your organization from "the bad guy's perspective," says Tiffany Rad, is crucial. Rad is rated one of Bloomberg's top "white hat" hackers (computer specialists who break into protected networks to test security and advise organizations on improvements). One of the most difficult things in Rad's industry is protecting against insider threats. But she notes there are products entering the market that have "an algorithm to check for abnormal patterns, when it looks like someone's going to sites perhaps that they shouldn't be during working hours or they're on different hours than normal." In terms of external threats, there's a lot of attention on protecting businesses as they move to the cloud. Ken Biery Jr., Verizon's Managing Principal of Governance, Risk and Compliance, explains that it's important to provide physical and logical security. Rad agrees, noting that in addition to firewalls and antivirus software, protection against malware is critical as more and more hackers look to steal intellectual property to give themselves or your organization's competitors a heads-up on what your organization is planning. You're "only as safe and secure as your weakest link," says Finn, admitting that when you rely on the cloud, "you trust that an organization is going to invest enormously in your security." But, as Biery sees it, "the good thing about a lot of the cloud providers that are out there is their default security, and the security they built into their environments are often better—especially for small and medium businesses—better than what they could do themselves." Biery also points out that companies need to stay in control with the advent of BYOD (Bring Your Own Device). With mobile device management, "you can take and keep your sensitive information in an encrypted container on that employee's phone. So it kind of exists as its own virtual machine in that environment," he says, explaining that you can delete access and the encrypted container without affecting personal data such as photos. The bottom line, agree the experts, is that companies of all sizes need to amp up protection. Even if you think your business information isn't of interest to others, Rad assures us that there will always be hackers that find your digital footprint interesting and will do something with it—if only because they can. Let us know how you keep your own business safe on Facebook and Twitter.

Mobile devices are the mighty double-edged swords of today's workplace. On the one hand, they provide greater integration of information, on the other, they could be your business's one-way ticket to a catastrophic security breach. This week we had the amazing opportunity to speak with Anthony Kinney, Microsoft's Verizon Partner Manager, about mobile security and the ways to mitigate data risk in a BYOD environment.

According to Kinney, the three main security risk areas associated with BYOD are:

1. Data loss prevention, which has to do with securing the data on a device in the case of it being lost or stolen.
2. Data in transit, which is most often protected by encrypting information to ensure that all communications between the device and backend infrastructure are secure.
3. Data leakage, which is about keeping a user's work and personal information separate. In other words, "protecting users from themselves."

We asked Kinney what Microsoft is doing to make sure that moving to a pocket office doesn't mean introducing security risk. He discussed how our multilayered approach to security makes adopting a BYOD policy far less of a risk, with solutions like Secure boot technology, remote "wipe" capabilities, and automatic cloud storage (among other security solutions).

What makes the greatest difference, however, are the actions a company takes to ensure that their data is secure. The way Kinney sees it, employees jailbreaking and rooting devices is one of the largest risk factors for companies who allow employees to BYOD. What those companies do is implement third-party services to "containerize the data," so it never actually goes onto the local device.

According to Kinney, Windows Phone solves for this by protecting the data at the data center level before it even gets to the device. This means each document can have specific edit/view/share settings so that when it's accessed on a mobile device it can't be 'saved as' or forwarded to another cloud service, depending on what the settings permit. This way the phone fully understands the corporate policies on the document, helping IT to provide security—even at the file level.

This level of device integration with your data allows your company to consider a BYOD or CYOD policy without the need for third-party security solutions—which themselves offer another point of potential failure and risk. By working with your existing desktop OS, email, and other systems, the native Windows Phone OS helps mitigate data loss risk for your pocket office by preventing it in the first place.

Although business management and performance are the major factors that will determine which contractors survive the downturn in construction, the size of the contractor also comes into play. As a rule, project owners are more likely to continue with larger developments because of their greater value, higher investment, and longer lead time. Smaller projects are easier to cancel, which makes smaller and midsize contractors (with work backlogs between $5 million and $100 million) more vulnerable to cancellation.

If you're experiencing losses on a project, your first step should be to deal with overhead, liquidity, problems, and ongoing business concern. It's also essential to communicate any problems to your insurance agent and surety company immediately! Because the surety has a strong financial interest in preventing you from default on your bond, it will leverage its relationship with the bond underwriter to help you work through these difficulties and reach a mutually acceptable solution that will keep you on the job.

However, a contractor withholding critical information about a problem situation from a surety would lead to a far different result. Concern about the contractor's deteriorating financial condition - which makes it a riskier bonding candidate - might make the surety restrict its future capacity, leading it to make the contractor either bid on only smaller projects that pose less risk to the underwriter or postpone bidding on all projects until the business can clean up its balance sheet.

If you have any questions about working with your surety, please feel free to get in touch with the Bond professionals at our agency

Can you believe that winter is here already? Time flies. Always has, always will. However, as risk managers, we think that you should slow down for a moment and ask yourself if your risk-protection program has kept pace with the changing times.

Just as your business needs might have changed significantly since your last review, so have the methods of protecting you from risk of loss. New policies have been created, new techniques in risk management developed, and new exposures arisen.

Consider these questions:

• Is your current risk protection program as up-to-date as it needs to be to meet your business needs today?
• What if your business were unable to operate due to extensive damage?
• How much income would you lose during the time it takes to open the doors again?
• Or would your choice be to reopen as quickly as possible at another location? Bear in mind that the "hurry up" expense of making the move, installing the necessary equipment, and notifying your clients would prove a painful unplanned burden.

Let's schedule a time for a review. Our professional staff stands ready to work with you. Regardless of your firm's situation, it's important to get a comprehensive risk review of your business as it is today, not as it was years ago.

Call us. We're here to help.

Natural disasters can do significant damage to construction firms. Some suffer direct hits, while others endure massive service demands and shortages of help and supplies.

Although you might escape massive destruction and distress, what other events might cause your company to suffer a crisis? IT failure? Burglary or vandalism? Professional liability? Fire? Loss of market?

Whether disaster strikes as a catastrophic or stressful disruption, the best way to prepare for them is crisis management. Now is the time to develop a plan that will allow you and your staff to mobilize the right resources in the right order quickly to get you up and running as smoothly as possible.

How do you develop such a plan? What's the process? Who should you include? How often should you review and update it?

We can help by providing risk management advice and recommendations, together with materials and resources tailored to your needs and exposures. Although insurance might not solve all your post-crisis problems, it can certainly provide a solid foundation for your planning should the worst happen.

Don't wait for a crisis to uncover the gaps in your current preparations. Start now.

For years, Owner-Controlled Insurance Programs (OCIPs) were only found on large, single-site projects. Every day, more contractors are being required to work under these types of arrangements, either on smaller projects or "rolling" OCIPs that cover multiple projects. This requires contractors to identify and deal with the variety of complex issues that these programs raise.

Don't go it alone. Our Construction Insurance professionals stand ready to help. If you'd like to do some research on your own, the Insurance Risk Management Institute (IRMI) provides a wealth of solid safety guidelines that are updated frequently. Originally created as a resource for contractor risk management information, IRMI publishes one of the best and most extensive libraries of insurance expertise in the nation and is widely used by insurance agents and risk managers in all types of businesses.

"A Contractor's Guide to OCIPs," available on the Construction Business Owner Web site, offers valuable guidelines on the benefits and risks of these programs, together with tips on making the most from them, and dealing with such issues as loss costs, separating Construction Insurance costs from bids, and estimating labor expenses.

Check out the guide. Then give us a call on how to apply its principles to your business. When it comes to your protection, don't let "owner controlled" mean "out of control.

In a recent HR webinar, I asked three highly revealing polling questions. Here they are:

1. What have you done to show your value?

Nobody knows that you're doing a great job unless you tell them. It's not that they don't care about you; it's just that they're running 75mph and barely have time to pay attention to anything but their own work. What effort have you made to get noticed by delivering a report or giving a workshop? Unfortunately, only 21% of respondents said that they created a strategic plan. As Mary Kay once stated, "most people spend more time planning their vacations better than their career." Or, as I might add, their HR department.

1. How excited are you about the HR opportunity on a scale from 1-5 (5 being very excited)?

Half of the respondents described themselves as fairly "excited." Unfortunately, some 43% were just "ok or worse" with HR. Most organizations find the whole idea of HR boring. My guess is that is not the case at the 7% of companies where people said they were very excited about HR! I believe that if 7% can be excited, so can the 93%. It's simply a choice. What have you done in HR lately that goes beyond administrative or compliance requirements? What have you done to help improve the quality of the workplace (getting rid of poor employees and replacing them with great ones is a start), increasing performance management (having a performance management system that actually works), boosting retention, and giving greater love to that 20% of your workforce that produces 80% of results? What are you helping your company do to become more creative, innovative, and interesting?

1. What's stopping you?

I often ask this question in workshops and in webinars. Time is always the most common response (one of those buts again), followed by the company or management. A survey of HR That Works members found that 84% of respondents said they would make better use of the service if they had more time.

Time management is a major issue!

Go to the time management training on HR That Works. Watch the two videos and then start putting them into practice. I would recommend that you start by tracking where your time is going and then eliminate five hours of the uncool, un-valuable work you do every week.

The spread of social media has revolutionized not only the way we connect with friends and family, but also how we conduct business. However, this asset can quickly turn into a liability if misused - for example, in recruiting your company's most valuable asset - its employees.

Many employers begin the hiring process by using social-media outlets to screen applicants. LinkedIn and Facebook can provide a wealth of information about applicants' education, their friends, and their personal behavior. Some companies reject candidates based on the content of their social-media pages. This might include anything from inappropriate photos or comments, discriminatory or slanderous statements, and references to alcohol and substance abuse, to sharing confidential information about their previous employers(s), displaying poor communication skills, or exaggerating their qualifications.

Although all of these indicators raise red flags, you could be risking a costly and annoying discrimination lawsuit if you access social-media sites which contain protected class information that's not privileged in the normal hiring process.

To minimize this risk, it makes sense to:

1. When hiring, use outside third parties such as background-verification companies and/or recruiters who document content from social-media sites in selecting candidates
2. Develop and enforce a comprehensive social-media usage policy.
3. Purchase an Employment Practices Liability Insurance (EPLI) policy

For more information, please feel free to get in touch with our agency