More companies are promoting health in the workplace to increase productivity and cut down on sick days. Get started with these four workplace wellness ideas.

Keeping your employees happy and working hard is a major part of running any company. However, one thing that a lot of people don’t think about is employee health.

Sure, it comes up when discussing insurance, but what about conditions where you don’t go to the doctor? A bad cold can keep someone out of the office for a few days, and expose the rest of your employees.

To a certain extent, illness isn’t something you can control, but you can control the workspace. Somebody may come to work sick and leave work sick, but the risk of spreading germs can still be reduced.

You’ll find some helpful workplace wellness ideas in the paragraphs below.

1. Start with Lunch

A healthy diet is key when it comes to avoiding sickness. We’ve all heard of heart disease, obesity, and diabetes, but it doesn’t end there.

It turns out that a balanced diet can help strengthen our immune systems, making us less likely to get sick overall. The details of why certain lifestyle decisions make our immune systems more effective aren’t well understood, but most medical professionals would agree that the right diet matters.

This ties into workplace wellness ideas because it’s a great opportunity to learn and participate. A company can very much be thought of as a community.

We tend to do better at various tasks when we’re not alone. Try organizing company or office activities to encourage your employees to eat healthily.

2. Encourage Flu Shots

A lot of companies make an effort to bring flu shots, and other important vaccines, to the office so that employees have a convenient place to get them. This will work not only for the employees but their families as well.

If employees are able to get free, or simply more affordable, vaccinations for themselves and their loved ones, they’ll not only be healthier, but they may appreciate the company more.

3. Organize Exercise Events

There are many different ways to encourage physical activity in the workplace. For instance, maybe your office has a gym. If so, you can have a competition to see who can exercise the most.

Please keep in mind that you should not start a weight loss competition. Offices are diverse places. Not everyone is going to be overweight, and some may even suffer negative consequences from losing weight.

You could also organize a company sports team, or see if your employees would be willing to run a 5k together. Even a sign reminding people to take the stairs can encourage employees to make healthier choices.

Workplace Wellness Ideas to Keep Your Employees Healthy

Implementing some workplace wellness ideas is a great way to increase productivity and morale on the job. It’s up to you how you want to encourage employee health, but the biggest factors to focus on are lifestyle factors.

Try to encourage them to eat healthier and exercise more. Also, give them easier and more affordable access to medicine and medical programs, if possible.

If you want to know more about health and wellness, especially as it relates to professional life, please visit our site. We can teach you about short-term disability, and what qualifies as one.

For more information, please contact Theresa Semple.

Semple Solutions LLC

Insurance Made Personal

Phone: 732-238-6734

Fax: 732-238-6735

Cell: 732-841-5625

tsemple@semplesolutionsllc.com

www.semplesolutionsllc.com

https://www.facebook.com/SempleSolutionsLLC/

Newsletter: https://conta.cc/32vPTaL

http://semplesolutionsllc.com/newsletters/

As security breach events clog news cycles, businesses can only hope to find silver bullets in protective cybersecurity services.

Is it true that regardless of what you do to protect your company’s valuable data, your systems will STILL be hacked?

According to Rob Kleeger, Founder of the Digital4nx Group who gave a recent interview to ROI-NJ News, the answer is YES, it’s only a matter of time before it happens to your business.

In his view, preparing for hacker assaults doesn’t involve just going out to purchase the most advanced suite of cybersecurity products on the market. The biggest companies have tried that, he said.

“And, yet, those companies, with all their resources, are still getting breached and are in the front-page headlines all the time,” he said. “All the money in the world doesn’t solve the problem.”

Kleeger was a first responder during the 2011 Sony breach, during which the “hacktivist” group Anonymous announced its intent to go after the business in response to a lawsuit against George Hotz, a New Jersey native who gained notoriety for reverse-engineering the PlayStation 3 gaming system.

“That’s a perfect example, Sony banged their chest and said, ‘Hey, we’ve got 600 security engineers,’” he said. “When they got a letter from the Anonymous organization standing behind this person’s cause and threatening to bring Sony’s websites down. … Sony gave them the bird, and (Sony was) shut down two days later.”

The bottom line is this: Those that deal with these threats on a daily basis want business leaders to think about what to do when — not if — they’re the next victims on the hacker hit list.

“Most business leaders are thinking about this as a technical issue,” he said. “It’s not simply technical. At the end of the day, you have to understand what it is you want to protect and legal obligations you’ll have when you’re breached.”

No doubt influenced by his detective-like business approach, Kleeger is a fan of companies doing an investigation of their own systems and the kind of data they have before attacks happen.

And, even if hackers are hard to stop, having some level of cybersecurity protection is better than the alternative. But these are most effective when you know what specifically needs protecting, Kleeger said.

“Because, if an attacker finds themselves on your network but can’t get to the crown jewels, they’re going to leave empty-handed or just go after a lesser target,” he said.

Experts say part of why there’s no perfect failsafe to be found is the amount of security breaches caused by exploiting human behavior, not secured computer systems.

Check out his interview at the link below:

ROI News Interview with Rob Kleeger, Founder of Digital4nx Group

Earlier this month, NJ enacted a new “wage theft” law that effective immediately, expands the fines, penalties, and damages for violations of the state’s wage payment law. 

Wage theft happens when an employer does not pay workers what they are owed. Theft can take a variety of forms: refusing to pay workers at all or refusing to pay for hours worked; refusing to pay standard hourly or overtime minimum wage rates or refusing to pay for time out of regular shifts or “off the clock.” Employees might be given checks that bounce, have illegal deductions taken from their paycheck or deductions for meals and other breaks they did not actually receive.

The newly enacted New Jersey measure increases fines for wage theft to between $500 and $1,000 and provides for prison sentences of between 10 and 90 days for a first offense. Fines would climb to between $1,000 and $2,000 for a second offense, and imprisonment for up to 100 days. Habitual offenders could face up to five years in prison and fines of $15,000.

To force the hands of employers found guilty of wage theft, the state labor commissioner can revoke an employer’s license – effectively shutting down the business – until the correct wages are paid.

Employees can seek recovery of up to six years of stolen wages, or up to 200 percent of their stolen wages – capped at $50,000 – if business owners are found to have retaliated against workers for reporting the thefts. Proponents of the anti-retaliatory measures argue they are necessary to prevent employers from forcing workers to keep quiet about wage theft.

The law is not limited to failure to pay wages. It also includes failure to pay compensation and benefits, which include health benefits, pensions, medical treatment, disability benefits, and workers compensation. Additionally, an employer’s failure to provide sufficient employee records in response to an employee’s wage claim results in a rebuttable presumption that the employee worked for the employer for the period of time asserted and for the amount of wages alleged in the employee’s claim.

Josh Rothenberg

Liberty Payroll has partnered with industry leaders to offer HR solutions that will help you stay in compliance. Whether you need a full HR audit, an employee handbook, help hiring and firing, our solutions can help. Contact us today to discuss your HR needs. Do not wait until it’s too late.

Article courtesy of Josh Rothenberg V.P. of Sales & Marketing, Liberty Payroll (Reprinted with permission)

For more information, please contact Theresa Semple.

Semple Solutions LLC

Insurance Made Personal

Phone: 732-238-6734

Fax: 732-238-6735

Cell: 732-841-5625

tsemple@semplesolutionsllc.com

www.semplesolutionsllc.com

https://www.facebook.com/SempleSolutionsLLC/

Newsletter: https://conta.cc/32vPTaL

http://semplesolutionsllc.com/newsletters/

In the first quarter of 2018, we’re already seeing reports of a dangerous ransomware campaign in full swing. Ransomware continues to be a popular cybercriminal approach because of the sheer number of targets that can be infected. Everyone from individual users to large  enterprises have been attacked, and small to expansive infections won’t stop anytime soon.

One of many areas of a not-for-profit organization that appears enticing to cybercriminals is the information held on individuals who the organization serves. Not-for-profits can collect health information and act as an intermediary with requesting, through State and Federal Assistance Programs, aid for their constituents. Even though not-for-profits are targets like any other business and generally have exposure to other types of data, there is an added emphasis on your attractiveness to hackers because of PHI “protected health information.”

Ransomware is big business. As organizations increasingly depend on electronic data and computer networks to conduct their daily operations, growing pools of personal and financial information are being transferred and stored online aka “the cloud.”

By now, most organizations of all sizes, as well as, individuals are well aware of the deceptive nature of ransomware. As its name implies, ransomware is a malicious software that holds electronic files hostage pending the payment of a ransom, typically with untraceable bitcoin as the currency of choice. The main problem is the ransomware encrypts a series of files or worse, the entire hard drive preventing access to those files. Absent the victim’s ability to restore a backup, the attacker (aka “hacker”) may hold the encryption keys required to access the files until the ransom demand is met or only for a number of hours.

“Unfortunately, ransomware threats continue to emerge as they prove successful for cybercriminals, and more high-profile business targets fall victim to this kind of infection nearly every day. There’s no doubt that ransomware will maintain its reputation as a formidable threat in the cybersecurity industry,” says Rob Kleeger, Managing Director of Digital4nx Group, Ltd.

Organizations must treat mitigating the risks associated with ransomware — data loss, interruption of business operations, and more—as a strategic imperative by implementing a layered security approach that maps to and thus thwarts ransomware attack campaigns.

INCREASINGLY SOPHISTICATED VARIANTS ARE EMERGING

Ransomware is evolving using increasingly sophisticated tactics, techniques, and procedures to execute attacks. 

Ransom amounts are typically measured in the tens of thousands of dollars or less, which is indicative of a business model predicated on a large number of quick and small transactions across a broad set of targets.  While attack methods vary across types of vulnerabilities, the most commonly exploited is human vulnerability via spear phishing.  Traditionally, most infections are launched with a spam email that includes a malicious link or attachment, providing hackers entry into the system and enabling them to deliver the ransomware and lock down the system. 

“Drive-by downloading” is another frequently tapped vector to deliver ransomware payload. The hackers inject malicious code into legitimate webpages, or redirect traffic to spoofed sites, which has proven successful as well. 

The majority of ransomware variants are either known as crypto-based, or data-locker based. These variants leverage sophisticated encryption algorithms that lock down the infected device’s operating system – meaning that all files and data, as well as applications and other system platforms, are rendered unavailable, in addition to making system files and associated data inaccessible to the victim. CryptoLocker is one of the most well-known variants of this kind.  The recent Petya attacks fall into this category as well. 

The world has seen its fair share of ransomware attacks — the WannaCry and NotPetya attacks were in the past year alone. These attacks were direct ransom worms that had to do with informational warfare between countries, managing to affect large entities and causing organizations to rebuild active directories.

Dharma is a ransomware-type infection which targets to encrypt the most valuable information on the victimized computer. Dharma ransomware is a variant of CrySiS ransomware that has been increasingly tied to brute force Remote Desktop Protocol (RDP) attacks. Dharma made its first appearance in November 2016, shortly after the master decryption keys for CrySiS ransomware were publicly posted to the BleepingComputer.com forum.

In addition to bearing technical similarities to CrySiS, Dharma has also been observed infecting victims in similar ways. Both have been tied to a recent spike in brute force attacks on victims with open RDP ports. 

RDP was developed by Microsoft as a remote management tool. It’s commonly exposed in internal networks for use in administration and support, but when exposed to the wider Internet it can be a dangerous beacon for attackers.  Remote Desktop Protocol (RDP) attacks sometimes begin with the infection of one machine and then spreads to all other connected computers and then hold the victim hostage for ransom.

WE DO NOT EXPECT RANSOMWARE TO GO AWAY ANYTIME SOON. On the contrary, it can only be anticipated to make further rounds in 2018, even as other types of digital extortion become more prevalent. Cybercriminals have been resorting to using compelling data as a weapon for coercing victims into paying up. With ransomware-as-a-service (RaaS) still being offered in underground forums, along with bitcoin as a secure method to collect ransom, cybercriminals are being all the more drawn to the business model, according to Trend Micro.

In a recent case for a Digital4nx Group, Ltd. not-for-profit client, we responded to a ransomware attack and learned that one ransomware (Dharma) had only locked up files on the local user’s computer.  A week later, there was an attack from a RDP connection from a user which then affected the entire user directory on one server and then worked its way across to the domain controller and email server, which effectively encrypted the entire operation.  

During the investigation, it was learned that the backup’s maintained by a third-party provider were actually stored on the encrypted server and the redundant backup was an external USB hard drive, which also was connected to the server.  Unfortunately, the only off-premises backup was months ago, thus the organization is beginning the process of recreating their efforts from re-entering data, paper files, and emails. The organization’s insurance coverage is woefully inadequate to cover the incident investigation and notification process. The potential regulator fines have not yet been determined. Could this ransomware event cause an operational going concern? Time will tell.

Ransomware isn’t spread indiscriminately. Instead, attackers typically gain access to target
servers via weak or stolen credentials, often identifying prospective victims by scanning the Internet for computers with exposed RDP connections.
 

By using port scanning tools like masscan, attackers can easily hone in on systems with open ports (port 3389 is standard for RDP). Once found, the standard drill is to try to gain access by conducting brute force attacks designed to guess weak or default passwords.

SamSam is one of a growing list of ransomware families that primarily infects victims via exposed RDP ports.  SamSam resurfaced, this time targeting organizations with RDP connections exposed.

SECURING RDP IS THEREFORE KEY

Ransomware is also exploiting application vulnerabilities, as is the case with SamSam, which takes advantage of vulnerabilities in certain web application stacks, and others that exploit vulnerabilities in Adobe Flash.  Trend Micro has reported the most consistent target of those attacks has been healthcare providers in the United States. One Dharma victim, ABCD Children’s Pediatrics in San Antonio, was forced to notify 55,447 patients that their personal data had been encrypted and therefore potentially exposed to hackers.

We know that some not-for-profit organizations can collect health information and act as an intermediary with requesting, through State and Federal Assistance Programs, aid for their constituents. Even though not-for-profits are targets and generally have exposure for other data (see the following use cases), we want to emphasize your added attractiveness to hackers because of PHI “protected health information” and related ransomware example.
 

DIGITAL4NX GROUP, LTD. HAS BEEN RESPONDING TO OTHER CYBER BREACHES COVERING SPEARPHISHING FOR WIRE TRANSFERS, PURCHASE OF GIFT CARDS, W2 TAX AND PAYROLL INFORMATION, AND VARIOUS CRIMINAL ACTIVITIES WHERE WE SEE AS A PATTERN CONNECTED TO THIRD PARTY IT PROVIDERS, WHERE SECURITY PERFORMANCE LEVELS ARE SUBPAR.
 

Because hackers have an array of variants and infection techniques to choose from, ransomware infections do not all look or operate the same way. While one infection may begin with an email and result in all data being encrypted, another may come from a malicious website and end with the entire operating system being locked down. This variation makes it difficult for users to guard against threats — but protection is not impossible.

Everyone with sensitive or important data should make backups, preferably on external disks or some combination of cloud servers and external disks that one has physical access to.

Part of the problem is a disparity in perception of risk between those on the ground — the IT teams that see the vulnerabilities and understand the threats — and those higher up. Board members don’t see the risk if everything is status quo. CFOs are focused on spending time and money on efforts that will result in profit and gains, not the far less glamorous idea of protecting their data. Business leaders need to ensure they’re doing everything they can to prevent successful infections in the first place. Ask yourself if it’s pragmatic to restore from your backups if you become a ransomware victim.

Ransomware victims should avoid paying ransoms to their cyber attackers, as sometimes an attacker won’t decrypt files even when a ransom is paid, and all payments made to  ransomware cyber attackers make ransomware profitable for criminals and encourages those actions to continue.

Best Practice Tips:

DO THE BASICS AND PLAN:
Security really doesn’t have to be difficult, or even expensive. Strong passwords, two-factor
authentication, security patches, continuous end-user training, isolated backups and hardened
systems and networks can make all the difference

SECURE RDP:
Remote Desktop has become one of the most popular tools for attackers to abuse. Make sure you secure it by doing the following:

• Restrict access behind firewalls and by using a RDP Gateway, VPNs
• Use strong passwords and two-factor authentication
• Limit users who can log in using remote desktop

Test your backup systems:

In order to ensure that you survive a ransomware attack. The often missed fundamental best practices such as automating full and differential backups, keeping backups offline provide for a defense in depth approach are required to combat ransomware. 

Patching is fundamental.

What won’t help is throwing money at the problem and investing in thousands or hundreds of thousands dollar software if employees are neglecting basic system updates. Attackers are opportunists looking for an easy way in, and they look where they think you’ll have your guard down. 

Cyber Insurance:

Make sure you have a standalone cyber insurance policy and not a rider with minimum Coverage of $25,000 or $50,000. These are inadequate coverage values given public documented costs as this risk continues to grow as a result of high-profile data breaches and awareness of the almost endless range of exposure businesses face. 

Whether it’s credit card fraud, identity theft, email hacking, ransomware, account stealing or any other number of activities — you’re in the midst of an online war and you may not even know it.

Employee Awareness Training:

The goal is to ensure that employees at all levels are aware of how to identify, control, and mitigate loss of confidential data in a secure technical environment that meets acceptable security standards. Protecting an organization from cyber-threats, such as malicious hackers, requires everyone’s participation.

We find the weakest link in many organizations is an untrained employee who does not understand the value of the information that they control. They are often susceptible to social engineering and other human-based attacks. 

Billions of dollars are spent each year combating cybercrime and yet the number, intensity and severity of attacks keeps increasing.

Digital4nx Group, Ltd. provides Digital Forensic Investigations, Electronic Discovery Consulting and Advisory Service, Incident Response to Data Breaches and Cyber Security services such as “Ethical Hacking”. 
LinkedIn | Twitter | Email | Speaking Events