Do your health and safety plans include cybercrime?
When talking about cybercrime we typically think about computer nerds trying to steal passwords. Or pretending to be Nigerian royalty in the hope of convincing you to hand over your bank details (and cash).
The risks posed by cybercrime are actually far greater – and can even place your employees in physical danger. Which is why the HSE’s business plan for 2016/2017 identifies computer crime as an emerging threat that needs to be addressed sooner rather than later.
Is this the rise of the machines?
Almost every business in the UK uses computers – from managing the company accounts, to production line control systems. The information stored on these systems is vital to the smooth running of your company – which makes it valuable to hackers too.
The HSE has identified three key areas of concern:
1. Operational risk
Where cybercriminals gain access to these systems, your business faces an operational risk. Disruption to critical systems that monitor lone workers could place those people in additional danger for instance.
Even a basic system outage that prevents your team from accessing computerised risk assessments and reports could be dangerous. When they can’t get to that information, employees will be unable to fully enact necessary safety measures.
2. Information risk
Employers often hold a lot of personal information about their employees – and they have a legal duty to protect that data. Health records and details of disciplinary activities are particularly sensitive and could be stolen quite easily from unprotected systems.
Losing this information may not affect the day-to-day running of your business, but you could be fined by the Information Commissioner’s Office for breaching the Data Protection Act 1998. You may also find exposing sensitive, potentially embarrassing personal information places employees under enormous stress – quite worrying when you consider that the construction industry has the highest rate of suicide in the UK.
3. Physical risk
If your business relies on computer controlled systems, there is a danger that hackers could override their settings, creating all kinds of problems. If that equipment is related to maintaining security and containment or governs safety control systems, the results could be catastrophic, increasing the risk of death or injury for your workers.
Typically hackers do not set out to hurt people physically, but such injuries may be an unintended consequence.
Thinking about machines
Your business should already have a well-established program for conducting health and safety risk assessments – and you will need to apply those skills to securing your IT systems too. Obviously, cyber security is a specialist discipline, and you may need additional assistance to ensure there are no gaps in your plans.