You Have Moments to Act
Nov 29, 2018

Every day 115 Americans die of an opioid overdose. Today an employee goes down hard, suddenly, just a hundred feet from your office door. The person is unresponsive. If this is an overdose situation, minutes count - even seconds count. You rush to their side. You're the risk and safety person. The employee health nurse is at another location today. Quick, what do you do? This person, a co-worker, someone you know, could die in your arms if you aren't ready to respond.

Our friends at Risk & Insurance recently provided a neat overview of how to handle situations just like this. First, know what to look for. If you see:




Bluish tint to lips, skin, or nail beds


Difficulty breathing or shallow breathing


Gurgling sounds that indicate a blocked airway


Dilated pupils

there's a good chance that this is an overdose.

Now, get in gear. All of the following apply:


Call 911.


Administer naloxone or Narcan if available. (This drug is harmless if the person is not overdosing, so you don't have to be 100% certain.)


If the individual is not breathing, administer rescue breathing. (Chest compressions are not necessary unless there is no pulse.)


Turn the individual on their side and wait for help.


Have them stay in place until they can be examined by medical responders to see if more treatment is required.

Everyone in a management or supervisory role should know these protocols and have Narcan quickly available. If you haven't done so already, sit down with your Employee Health people and HR and work out the best way for your organization to be prepared. Safety should have a key role.

Don't think this is one of those events that only happens to other people. Every one of those 115 souls we lose every day is a brother, sister, spouse, co-worker, parent, neighbor, a part of the community. Don't watch them die. Act. As Mr. Shakespeare tells us, "the readiness is all."


Existential Risk Meets Credit Ratings - Are You Ready?

The reality of cyber risk is coming home. CNBC recently reviewed what this really means in terms of corporate life-blood, i.e. your credit rating. The major ratings agencies have been warning for some time that "cyber issues", including lax controls or poor resiliency post data breach, could lead to a credit downgrade. Moody's just made it official and CNBC calls this step a "game-changer."

High risk industries are defense, finance, healthcare, and critical infrastructure. Cyber risk today isn't the old linear how-much-will-it-cost-to-plug-the-hole calculation. Now Moody's is looking at major essential function disruptions. The big hacks of recent years, like Target and Home Depot, were eye-wateringly expensive but, as Derek Vadala, the head of Moody's Cyber Risk Group notes, "those were not business-ending incidents."

That is changing. He goes on to note: "When you flash forward a few years, to the ransomware events that occurred (duly chronicled in previous issues of this Journal), the financial impact of that is much more significant. It's still not business-ending at that point, but certainly as that financial impact continues to rise, the probability of one of these events creating a deep financial impact also rises."

Standard & Poor's and Fitch have also released new guidance on how cyber risk is now viewed in their ratings and Fair Isaac launched its Cyber Risk Score program last year. (See below for an update on cyber resilience from The Risk Institute.)

Not long ago, cyber risk was largely a nuisance, but the price tag for breach, ransom, and denial of service attacks has been going up steadily. The now well-known ransomware attack on the City of Atlanta carries a price tag recently estimated at $120 million. But, as Moody's suggests, the price tag on the next big hack might be your entire company. The reputational risk alone is enormous.

As usual, the Bard of Avon was on top of this 400 years ago:

Who steals my purse steals trash; ‘tis something, nothing,
‘twas mine, ‘tis his, and has been slave to thousands;
But he that filches from me my good name
Robs me of that which not enriches him,
And makes me poor indeed.


Those Dress Code Blues

A very recent issue of the Society for Human Resource Management (SHRM) electronic newsletter included a neat summary on how strict or inappropriate dress codes may lead to discrimination claims. Laws and court decisions are changing previous ideas about dress codes as well as the ongoing popular movement towards less formal dress in the workplace.

In addition, some 20 states now have laws that restrict dress codes as they intersect gender identity. A New Hampshire law now prohibits employment discrimination based on "a person's gender-related identity, appearance or behavior, whether or not that gender-related identity, appearance or behavior is different from that traditionally associated with the person's physiology or assigned sex at birth." A too restrictive dress code may be interpreted by the courts as a form of prohibited discrimination.

The application to risk management, you ask? Well, where do safety requirements concerning attire blend right into dress codes? This is a complicated area. Safety related dress requirements need to be coordinated with your colleagues in HR. The potential for apparent discrimination involves not only questions of what is "gender appropriate" but also prohibitions on the wearing of certain customary ethnic or religious attire. Even better, the laws and regulations are largely state-based and thus, like workers' comp regs, may vary from one company location to another.

Some safety requirements - the designation of "hard hat areas" on a construction site, for example - may be obvious to all, but many others, such as prohibitions on scarves and other "flowing" attire or certain types of headgear, may be less obvious to some employees. Ask HR to vet any communications concerning what attire is safety-appropriate by job class and location so all of your safety professionals know exactly how to handle these issues with transparency, consistency, and sensitivity to gender and ethnic concerns.

Once upon a time, most insurance companies required their salespeople and agents to wear suits, ties, white shirts - and hats. No beards or moustaches and hair had to be close-cropped. Or else. But that was long ago in a galaxy far, far away.


Quick Take 1:
Asian Cats? No, The Non-Furry Kind

You're no one, we've been told, until you've been ignored by a Siamese cat, but we're looking at the kind of cats you can't ignore. A recent RMS report looks at really ugly catastrophes. The report discusses ten highly possible "one in a hundred years" events that might happen any day now in the Asia-Pacific Rim of Fire region.

This area hosts some of Earth's most spectacular earthquakes, tsunamis, volcanic eruptions and typhoons. It is also a vital link in almost everyone's manufacturing supply chains nowadays. No matter what you or your commercial clients make, some major components (or support services) probably come from this area. The report looks at ten very possible scenarios impacting everywhere from Japan to India.

Quakes, volcanoes, typhoons, and cyclones don't respect production schedules, staffing, and communication needs - all the complex and delicate systems and activities that make our businesses possible. The point to this list of "just might happen" scenarios is to help you think through how to protect your company's operations from any and all of these very realistic horror stories.

Unless you're a Siamese cat, don't ignore them.


Quick Take 2:
Is your Business Cyber Resilient?

Research from The Risk Institute, a top-notch research center at Ohio State University, found 28% of financial, non-financial, public, and private firms have been victims of a cyber-attack. On the other hand, thirty-three percent of firms don't think that they are at risk of a cyber-attack. What's wrong with this picture?

According to the Risk Institute report, "in 2018, a cyber-attack is not an ‘if' scenario. It's a guarantee." As noted above, the major credit rating organizations fervently agree. What to do? The Institute recommends resiliency as a primary strategy because "Resilience is the capacity of an enterprise to survive, adapt and grow in the face of turbulent change." Cyber-attacks are all but impossible to avoid now, so building a multi-part business continuity plan which allows the company to continue to function, serve its clients,and maintain its market presence even in the face of a cyber-attack is the only approach that makes sense. Planning for resiliency can allow an enterprise to survive and even flourish in spite of the worst that the denizens of the dark web can throw at it.

By way of illustration, your humble GB Journal scribe was the target of a Romanian hacker recently. We practice what we preach. We got a pain in the priory, but he (dark web handle: samuelabogdanova88), as Shakespeare suggests, got nothing. Resiliency indeed.


Share This
* Required Fields