Protection of Data in LinkSafe

By | Uncategorised | No Comments

LinkSafe is designed from the ground up as a secure system, but no system has ever been devised that is completely invulnerable from attack. The practices outlined below are not only good procedures to follow for protecting LinkSafe but can be applied in general to any kind of IT system that requires keeping data protected.

Password policies and user permissions

Any experienced IT administrator will confirm that most users prefer the shortest, simplest passwords they can get away with. This unfortunately resulted in the creation of a widespread practice of requiring passwords to be complex, because those simple passwords are amazingly easy to crack.

The factors in play here are that the ordinary users want convenience, while the IT administrators want security. The IT administrators have the upper hand, because they can set policies that force the users to conform with the standards set by the administrators.

This creates a massive problem because many users are unable to remember complex passwords without writing them down, and the writing down a complex password renders that password insecure.

Smart users don’t write down their passwords but may more easily forget them. Forgotten passwords lead to lost time and decreased productivity. It’s a losing situation all round, and one that places your business in an unnecessary risk position.

Password complexity may have been somewhat helpful in the distant past when computing power was very low, but in modern times a credit card sized computer can crack short complex passwords in a matter of hours, and often even less time.

Most password policies require the password to be at least 6 characters in length, contain at least one uppercase and one lowercase letter, at least one number, and possibly also a special character such as a punctuation symbol. This is something like the IT administrator hopes the user will choose:

r&E6qwGg

But what the users will probably choose is something like:

Pass123!

Or:

Asdf123!

The reason is that these latter two examples are much easier to remember than the “administrator approved” example. They’re also much easier to crack, but what the administrator may not realize is that the complex password is only minimally more difficult to crack.

The letters in the typical password are likely to be either forming a common word, a person’s name, or something easy to type (keyboard proximity bias).

This knowledge means about 75 percent or more of most passwords are extremely easy to crack because cracking algorithms can be programmed to try the simplest combinations first, before moving on to brute force methods. A user with the password Jenny-23 may as well not bother having a password at all.

Even worse, many administrators limit the password length to between 6 and 8 characters in a forlorn attempt to prevent users from forgetting their complex passwords.

This is hopeless because modern computers can make slightly under 600,000 guesses per second, so with a decent botnet at our disposal, any 8 character password can be cracked in less than half a day unless you allow extended characters (UTF8 or UTF16), which most systems do not allow. If we instruct our cracking program to use the GPU instead of the CPU for cracking, it will get the job done about 100 times faster.

A sensible modern password policy does not call for complexity but length. Therefore the best password policy calls for at least 12 and preferably 15+ characters, composed in a way that is meaningful and memorable to the user.

The phrase:

Icouldjustfancysomecheese,Gromit!

Is a far more secure password than:

r&E6qwGg

It’s also going to create fewer security problems than:

r&E6qwGggGwq6E&rs*F7rxHhhHxr7

The simple, plain English password is better because it is long enough and complex enough to be difficult to crack (several lifetimes, even with the most powerful computers on Earth) and it’s unlikely to be forgotten. If the user knows a foreign language, that can push the guessing difficulty up even higher, for example:

Podriagustarmeunpocodequeso,Gromit!

Such moves will even defeat social engineering that could improve the chances of guessing a password based on a user’s personality.

User permissions are even easier to handle. Each user should only have permissions up to the limit of their area of responsibility. By creating Group Policies in the operating system, you can easily group users according to their roles, and set appropriate permissions automatically by assigning users to the correct group.

Physical security at the data centre

The importance of physical security is often ignored, because people don’t believe an attacker would have the audacity to attempt to circumvent security in person.

If you are included in the group of non-believers, then you also won’t believe that your own employees are the biggest threat to the security of your IT systems, but indeed they are.

Internal threats are a serious and growing problem, along with corporate espionage and sabotage. Physical security is important, and you can implement it easily.

Workstations can have unnecessary ports disabled, optical drives disabled or removed, and the computer case locked and physically secured to the work area so it can’t be carried away.

At the software level, drives can be encrypted, and of course data should always be backed up to at least three separate secure physical locations.

Server rooms should be securely locked and only accessible by authorized IT staff. Access to the server rooms should be logged electronically, and the servers themselves should be under direct CCTV surveillance so that suspicious access can be noticed.

Access and change histories

Keeping logs of “who does what” on your system can be helpful in many ways. This will help you recover more quickly from some types of malicious activities, and makes it easier to roll back to a point where the system was free of trouble.

Being able to isolate which individuals had access at certain times and what actions they performed can provide evidence in subsequent investigations.

LinkSafe is inherently secure

We designed LinkSafe with a lot of built-in security features to make it easy to administrate. Even so, taking sensible precautions is a good idea, because you can never be too careful when it comes to IT security.

To find out more about how LinkSafe can be an asset to your business, get in touch with a member of our team today.

To find out more about how LinkSafe can be an asset to yness, get in touch with a LinkSafe consultant today.

Incident management: How to train your staff to deal with incidents

By | Uncategorised | No Comments

No matter what industry you’re in, there will come a time where your staff will come face-to-face with a challenging incident. Whether it’s a workplace injury, a serious safety hazard like a fire or flood, or a threat or assault, your employees and contractors need to have the training to properly handle any incidents they might face while on the job.

The type of incident your team is likely to face will vary depending on your industry, but here are a few general guidelines on how to train your staff to deal with incidents so they feel prepared to handle anything that happens on the job calmly and correctly: Read More

Best practices for volunteer induction & training: how to make the process easier and more efficient

By | Uncategorised | No Comments

If your company utilizes volunteers, the volunteer induction and training process is crucial. It’s an opportunity for you to connect with your volunteers, get them on board with your organization and mission, and ensure they have everything they need to be successful in their roles.

A positive induction and training process that’s fun, organized, and educational will get your volunteers excited and committed to your project, while a boring, disorganized, or uninformative process can lead to volunteers leaving your program in droves.

But how do you create a positive volunteer induction and training process? What is the best practice for training your volunteers in a way that gets them excited to partner with you? Read More

Get With It – Modern Safety Training Challenges & Solutions

By | Uncategorised | No Comments

Every company strives to provide a safe working environment for their employees. After all, the least that employees should expect when they clock in for work is to conduct their duties in a safe environment.

To ensure effective hazard management and regulatory compliance, safety training sessions form a key part of company safety initiatives. Providing employees with the knowledge and tools to carry out their work in a safe manner is imperative to promoting a positive safety culture. However, sometimes safety training doesn’t go all that smoothly and can fall flat with contributing to your safety goals.

The world of work is consistently evolving, and so too does your safety training procedures and formats. Following the same legacy safety training processes that you have done for the last decade simply won’t cut it. Your safety training sessions need to be consistently revisited. In today’s modern world, there are more challenges than ever to overcome to design and deliver effective safety training.

Workplace Diversity

Across the workplace will be workers from various backgrounds. Some will be more educated than others, some may not speak English as their first language, some may struggle with accents and dialects, others will have differing religious and spiritual beliefs, some will have families. Safety training needs to consider all of these various aspects.

Holding training sessions after work or at the weekends might seem like a great idea, but will be a huge struggle for those with families. If you have to hold your training sessions outside working hours, make the content available remotely so that if workers with families cannot attend they can still access the content and materials.

It’s also important to ensure that training materials are available in the first language of all employees and that a translator is hired if needed for live safety training sessions. This prevents any miscommunication or misunderstanding of critical safety issues and ensures all workers can contribute to the sessions.

Not all workers will be WHS savvy and some may struggle with terminology. All safety content should be delivered using “layman’s terms” to cater for the needs of all workers. Complimenting text with graphic depictions of safety procedures can prove helpful here too.

Ever Changing Regulations

All safety training materials and sessions need to be in line with current regulations. Dated materials are a key contributor to compliance issues as workers are misinformed as to the legislation they should be following. As painful as it seems, the best practice is to conduct training sessions and update training materials ahead of the introduction of new regulations.

As soon as regulatory changes are announced, it’s time to take action and get updates to safety training materials scheduled in and training sessions pencilled into everyone’s diary. This prevents any panic with compliance once the regulation is introduced as everyone will be fully prepared.

Different Software Tools for Different Processes

Safety training is difficult if you are using several different software tools and systems for the various safety management and compliance tasks in the workplace. Keeping up to date with features and functionality across all the different tools can prove a nightmare and make delivering safety training sessions incredibly difficult.

This is why the use of integrated safety management software tools like LinkSafe helps ensure more effective safety training delivery. Using just one suite of tools from one provider, training is much more streamlined. In fact, LinkSafe’s own team can assist you with training sessions. Too many cooks spoil the broth so just stick with one suite of safety tools.

Don’t let the challenges of modern safety training deter you from your efforts. Take our tips on board and talk to our expert team if you need further advice. You’ll soon be able to design safety training materials and deliver sessions which fully deliver on your company’s safety needs.

Top 3 hazards in aged care – and how to avoid them

By | Uncategorised | No Comments

Working in the aged care industry can be a rewarding and satisfying career choice, but it’s not without its hazards. And if your business is in the aged care industry or you have contractors working on site at aged care facilities, it’s important that you’re aware of those hazards and take extra precautions to protect your workers.

Here are the top three hazards in aged care and how you can avoid them and keep your workers safe: Read More

Contractor Management 101

By | Uncategorised | No Comments

Construction, Engineering, Manufacturing, Healthcare, and I.T. – the use of contractors is relevant to many industries. Contractor culture is critical to the success of many projects and companies. The ability to draft in contractors as and when needed makes financial sense, providing an effective way to supplement a company’s resources during busy periods or draft in expertise that isn’t regularly needed. However, the use of contractors in the workplace does prevent safety hazards.

Contract employees are unlikely to have the same familiarity or appreciation of hazards and safety procedures as full-time employees. This poses a significant hazard where a contractor worker such as a doctor, nurse, maintenance worker, hot work engineer, construction worker or IT security engineer is fulfilling a high-risk role.

Regardless of the role they are fulfilling, employers must make it their responsibility to manage contractors effectively and ensure that their employment does not impact the safety culture of the company. Contractor workers should not present new safety hazards in the workplace.

Safety Screening

When hiring contractors, it is important to not only consider their experience and expertise in their area, but their attitude and record with regards to safety. Ask potential contractors about the safety policies and procedures they have followed in previous roles, the hazards they have identified in previous roles and how they dealt with them and their opinion of the role of safety and specific safety legislation in the workplace. Ask their referees about their safety records too. All of this should be done before any contracts have been issued or job offers have been made.

A contractor’s suitability for a role goes beyond their expertise and qualifications. No matter how technically knowledgeable or skilled they are, if they do not have the attitude and commitment to safety that other employees have, they are not the right fit for the role. Featuring a quick safety screening of potential contractors can go a long way to preventing critical safety hazards.

Keep Track of Who is On Site and Whether They Are Compliant

Given that contract workers present a higher safety risk, it’s incredibly important to know when they are on site and that is legislatively compliant for them to work for you. Australian legislation requires companies to be able to provide details on contractors currently employed including their contracts, their site status, their employment expiry date and evidence of any licences, certifications or tickets they have required to hold to perform their duties.

If contractor hires are critical to your business, you need to roll out the use of contractor management software. Such software tools enable you to keep a close eye on contractor performance and ensure that everyone on site is fully compliant.

They can immediately flag and issues notices for contractors to renew certifications, tickets etc. well in advance of expiry dates so there is no excuses for them to be non-compliant. In the event of an audit, senior management can simply open up their contractor management tool and immediately demonstrate evidence for all employed contractors to external auditors.

Training Remains Imperative

All contractor workers should receive the same safety training as permanent employees before commencing employment. They too should be tested on their safety knowledge before beginning their duties and their safety knowledge should be regularly reviewed throughout their contract period.

Although their contract terms may differ from permanent employees, their contribution to workplace safety is the same so they need to have the same knowledge and understanding of the safety policies and procedures of the company as permanent workers. You must work together with your contractors to help them to build the required safety knowledge to fulfil the role.

Working together is key to effective contractor management. With the right procedures and tools in place, any contractors that you hire can become an immediate asset to your company rather than a safety hazard.

 

 

Training is more than just a signature of completion: Checking competency

By | Uncategorised | No Comments

Effective training of employees and contractors is about more than just signing off on a certification of completion. In order to get the most out of training and protect yourself, your company, and your team, it’s important that every person who goes through your training has a thorough understanding of what they’ve learned.

Checking competency is a critical part of the training process. If you’re not making sure that every person who goes through employee induction training understands the content, you’re putting yourself at risk for workplace accidents, poor work performance, and an overall negative experience.

Here are a few tips for checking competency throughout the training process that will help you assess the competency level of your trainees and make sure they fully understand what they’ve read: Read More

The importance of effective hazard management

By | Uncategorised | No Comments

Accidents and injury are an ever present threat in the workplace. Slips and trips, falling from height, falling objects, repetitive injury, back and shoulder strain, muscular strains and sprains, machinery incidents – every workplace can present opportunities for employee safety hazards.

Unfortunately, the outcome of unexpected workplace safety incidents can sometimes be even more drastic. From 2003 to 2016, 3,414 workers have tragically lost their lives in work-related incidents in Australia.

While there are a portion of workplace incidents every year in Australia which can be constituted as “freak accidents”, many could have been avoided. Effective hazard management not only ensures Australian businesses can stay compliant with the many rigorous rules and regulations in place, such procedures and policies can save lives.

Safety First 

No matter what industry your business operates in, whether you run a construction firm, factory, leisure centre, cleaning company or , “safety first” should be your number one policy . This “safety ethos” should be evident in every employee from the top down. From the moment an employee begins employment with your company, they should be immediately aware of just how seriously the company takes workplace safety.

Every single employee has a role to place in hazard management, and they should recognise that. If an employee reports a potential safety hazard, immediate action should be taken by senior management. Doing so demonstrates to the workforce how much a company appreciates and how committed they are to ensuring worker safety.

A workplace that is renowned for a commitment to safety is a much more attractive place to work and studies have shown time and time again that where workers feel safe and valued in their environment, they are more productive.

Knowledge is Power

Empowering employees with knowledge of how to identify hazards, respond to safety issues and conduct their work in a safe manner is key. All new employees should be trained on how to record and report safety hazards and tested on their knowledge of safety policies and procedures. Gaps in safety knowledge are a significant hazard and a key contributor to workplace incidents.

Current employees, from every department, and of every level of seniority, should partake in regular safety refresher courses and training. Revisiting safety policies and procedures and regular meetings to discuss hazards and hazard management creates a positive safety culture.

Provide the Right Tools

The use of hazard management software can prove critical in identifying, reporting and resolving potential safety hazards. With so many processes and procedures across the workplace environment, it is easy for hazards to go unnoticed or unreported. Through the use of hazard management software, companies can ensure complete visibility of any potential safety issues.

Having such tools in place ensure recording and reporting hazards are part of everyone’s daily tasks and become immediately visible to senior management. It is all too easy for hazards to get lost in paper or in e-mail chains or miscommunicated otherwise. Hazard management software tools can be deployed across any device, meaning that workers can instantly log and report hazards on the job, anytime, anywhere.

Such software solutions provide visible evidence of a company’s efforts to ensure effective hazard management and can be used to demonstrate legislative compliance during external safety audits.

Get an External Opinion

Even if you think you’ve got safety in hand, get an external view. Employing safety auditors and consultants to regularly review your policies, procedures and processes can help to bring unidentified safety hazards to the fore.

With workers so used to operating a certain way and following the same procedures day in, day out, hazards could be staring them in the face but not be recognised. A fresh set of eyes and insight from external experts helps businesses to ensure total hazard management.

Prevention is always better than cure. Active and effective hazard management protects workers, improves company culture and can protect the longevity of your business.

Induction training: how to streamline and get new employees up to speed the quickest

By | Uncategorised | No Comments

One of the most important parts of running a successful business is employee training.

When employees have a proper induction training, they’re in a better position to succeed; they know how to perform the job, the policies and procedures of your company, and they become more familiar with your corporate culture and mission. Setting your team up for success with the right training is a win for them and a win for you. Read More