employee Archives - World Risk Management

How to Create a Psychologically Healthy and Safe Workplace. Lessons from Physical Health.

Jul 24, 2019 | Informative

Originally posted on Insurance Business America by Bethan Moorcraft.

When considering how to create a psychologically healthy and safe work environment, it does require a high level of innovation or new thinking. One can simply look at how workplaces have been addressing physical health and safety for the past several decades.

There are two well-established methods to proactively address health, safety and wellbeing in the workplace: 1) Risk Management, and 2) Wellbeing Promotion. If you consider the public health model [1] approach to disease prevention, wellbeing promotion can be considered a primary prevention intervention, suitable for 100% of employees to reduce illness risk and promote positive mental health. Risk management can be considered a secondary prevention initiative, to identify at-risk employees and groups, and reduce the likelihood and consequence of illnesses.

While risk management and wellbeing promotion activities can be carried out independently of each other, when used together, they increase the chances of positive employee mental health outcomes. Where they fail to prevent a stress-related illness occurring, tertiary prevention interventions should be made available, including counseling (e.g. Employee Assistance Programs), and injury management and return to work provisions.

While risk management and wellbeing promotion activities can be carried out independently of each other, when used together, they increase the chances of positive employee mental health outcomes.

Method 1: Risk Management

Risk Management in relation to psychological health, safety and wellbeing involve four steps [2]:

1. Identify psychosocial hazards – find out what could cause harm, considering recognized psychosocial hazards (e.g. role overload, role clarity, job control).

2. Assess risks if necessary – understand the nature of the harm that could be caused by the psychosocial hazards, the likelihood of it happening and the amount of harm that could be caused.

3. Control risks – implement the most effective control measures that are reasonably practicable in the circumstances.

4. Review hazards and control measures to ensure they are working as planned.

Figure 1: The Risk Management Process

As figure 1 above demonstrates, the risk management process also requires management commitment and consultation with employees, including Health and Safety Representatives (HSRs) if they exist.

When controlling risks (step 3), it is important to reduce risks using higher order controls wherever possible. The Hierarchy of Controls applied to Total Worker Health by the National Institute for Occupational Safety and Health[3] provides a conceptual model for prioritizing efforts to advance worker safety, health and wellbeing (see figure 2 below). Controls and strategies are presented in descending order of anticipated effectiveness and protectiveness. It is an easier model to apply to psychological health and safety than the original hierarchy (which is more specific to physical hazards).

Figure 2: Hierarchy of Controls Applied to Total Worker Health (NIOSH)

FlourishDx helps employers follow a risk management process for the identification and mitigation of psychosocial risks. The platform contains the “Work Design Survey”, which is a short battery of survey scales (86 multiple choice items) to assess employee perceptions of common psychosocial hazards.

Consistent with best practice, and the Thrive at Work framework (developed by the Future of Work Institute at Curtin University), the Work Design survey also assesses positive characteristics of work that promote flourishing, as well as steps taken by the employer to mitigate illness.

Consulting with employees during the risk management process, including the identification of hazards is a WHS legal requirement. The FlourishDx Work Design survey facilitates this process at scale and across geographical diverse work groups.

Method 2: Health Promotion

Workplace health promotion is the process of fostering healthy workplace policies and supportive environments, enhancing positive social conditions, building personal skills, and promoting healthy lifestyles[4]. Physical health promotion at work typically focuses on the five pillars of good health, often abbreviated with the acronym “SNAPS”:

smoking cessation,
nutrition,
alcohol consumption,
physical activity, and
sleep

Health promotion at work typically focuses on policies, education, and behavior change programs to promote the development of these five pillars.

Martin Seligman (often referred to as the godfather of positive psychology – the branch of psychology concerned with wellbeing), has identified five pillars of mental health, often abbreviated with the acronym PERMA [5]:

positive emotions,
engagement (flow),
positive relationships,
meaningfulness, and
accomplishment

To promote positive mental health in the workplace, employers should introduce policies, education, and behavior change programs aimed at assisting employees to develop these pillars. But where to start?

FlourishDx contains the “Flourish Survey”. It is a short survey to assess the degree to which individuals have developed PERMA. This can be used as a needs analysis, to determine priorities for intervention at either an individual or group level. At a workplace level, the Flourish Survey results are a leading indicator of mental health, as it has been shown that people with well-developed PERMA are less susceptible to mental illness, and more likely to be flourishing.

Train Your Employees to Think for Themselves in Data Security

Sep 19, 2018 | Cybersecurity

Employers have learned (the hard way) that one of the biggest security threats in the organization is their own staff.

A report published by Ipswitch looks at data breach causes to find out how rogue employees rank. An interesting find is that up to 75% of data breaches result from insider threats, while a separate report by Veriato suggests that 90% of cybersecurity experts feel that their company is vulnerable to insider attacks. In fact, about 50% of the 472 professionals surveyed said they had suffered these attacks in the previous 12 months.

Deliberate or not, these threats are very real and as heavily as companies might invest in data security software, they are always going to be vulnerable because they continually ignore a large component of realizing fewer cybersecurity threats.

Since employees (insiders) have access to company information, they are technically a bigger danger to data security than the third party cyber-criminals who use all manner of innovative ways to gain access to personal data.

A curious business owner wants to know: Why must I involve employees in implementing data security when they have been shown to be a weak point in the same strategy?

1. Social engineering transcends security tools
Human error is often the weakest link in an otherwise ideal chain. From technology to literature, social engineering is the big boss you have to beat after meeting all the other mini-bosses.

By definition, social engineering involves the use of psychological tricks to manipulate people into revealing sensitive information about themselves. For an organization, once the hacker has your employee at this point, they can gain access to all the areas the employee can typically access. Through social engineering security awareness you can help your employees avoid the three commonest security scams thereby protecting your company as well: identity theft; vishing; and baiting.

Without adequate education on social engineering and covering that loophole, security tools are almost useless.

2. It’s part of their responsibility
Apart from preventing the catastrophic aftermath of social engineering, data security is the responsibility of every employee in the organization in this sense: if consumers expect organizations to protect their data, isn’t it the responsibility of employees to make sure the data doesn’t land in the wrong hands?

Dropbox’s 2012 incident, during which hackers reportedly stole data belonging to over 60 million of Dropbox’s clients at the time, was attributed to employee negligence.

As reported, the hackers who used the password of the employee were able to access the company portal by reusing a password from the LinkedIn breach of the same year that exposed the emails and passwords of 117 million LinkedIn users.

Such an example shows that as a company, you can still unwillingly betray your customers. While Dropbox wasn’t entirely to blame, one of their employees reusing passwords was a great insight into the company’s internal security standards and more importantly, a good example for all employees on password don’ts.

3. It is now a common regulatory requirement
Through internet security awareness training, organizations are required to equip their staff with knowledge about data security. Some of the laws, regulations and industry codes include HIPAA, FTC Red Flags Rule and PCI DSS among others. While many SMEs don’t do any training to remain compliant, many conduct the training to avoid cyber-attacks.

These tips will help you implement a great training program:

Diversify your training methods. Have a mix of training techniques at your disposal including classrooms, videos, team discussions, newsletters, posters, etc.
Educate often. Conduct regular training in monthly, quarterly, or annual cycles.
There’s no one size that fits all. Different members at different levels will start learning at equally different points.
Don’t ignore industry regulations.

Don’t be like the owner who delegates the role of data security to themselves because it’s “too important.” If you really want to be stress-free, train your employees well and promote a culture of information security.

Source: InfoSecurity

Author: Joseph Chukwube