Archive for month: January, 2019
Employers have to post OSHA Form 300A for 2018 by the first day of February and leave it up through April 30. This form displays illnesses and injuries that occurred during the previous year and serves as a log of work-related injuries and illnesses recorded. The form must be posted in an area where it is visible to all employees. Records must be kept at the worksite for a minimum of five years and available to not only current employees, but to former employees (or their representatives if need be) as well.
The United States Department of Labor requires employers with 10 or more employees to keep records of work-related illnesses and injuries that are considered serious (if an injury only required first-aid, it need not be recorded). Severe injuries regarding loss of an eye, amputation or hospitalization must be reported within 24 hours; any fatality must be reported within 8 hours. Businesses that employ 10 or less employees who work in low-hazard conditions are considered exempt from the above requirements.
Note: OSHA Form 300A (Summary of Work-Related Injuries and Illnesses) is the only form needed for electronic submission for establishments in excess of 250 employees as of July 30, 2018 due to issuance of a Notice of Proposed Rulemaking (NPRM). In addition to form 300A, OSHA also requires the employers submit their (EIN) Employer Identification Number.
Ensure Your Workers Are Safe:
Employers are responsible for providing a safe work environment and by law are required to provide training and information to employees in a manner of communication that the employee/s understands. They must be made aware of certain hazards in the workplace and instructed on how to avoid them or prevent them from happening according to OSHA standards. This can include labeling hazardous materials or chemicals and providing Fact Sheets; posting signs, color-coding; safety training and written instructions clearly defined in an Employee Manual and the implementation of OSHA’s Illness and Injury Prevention Program at your place of business.
Fines Are Steep for Violations:
Congress enacted legislation that required federal agencies adjust civil penalties to account for inflation as of November 2015. OSHA’s maximum penalties have not been adjusted since 1990 and are going to increase by 78 percent. Moving forward, this will adjust each year for inflation based on the Consumer Price Index beginning after August 1, 2016 when they went into effect.
- Serious or Other-than-Serious Violations are currently $7000 per violation and the new penalty will be $12,471 per violation.
- Failure to Abate is currently $7,000 per day beyond the abatement date and the new penalty will rise to $12,471 per day beyond the abatement date.
- A Willful or Repeated violation is currently $70,000 per violation and the new rate will become $124,709 per violation.
In the course of a citation being issued, it must remain posted and visible until it has been corrected, or for a length of three days, whichever comes first. Smaller businesses may see a reduction in OSHA penalties based on deciding factors and number of employees/sizes of business. OSHA’s Field Operations Manual has been revised and is now available to field staff to address recent changes.
This may all sound a bit complicated, but it doesn’t need to be. If your business does not have a designated HR department, try reaching out to a local HR agency such as Stellaris Group in Marietta, Georgia. Stellaris Group offers OSHA and Safety Programs, Government Compliance, Internal Investigations and everything you need for complete Human Resource Management for your business.
Article by: Dawn Stastny, SPHR, SHRM-SCP is the Managing Partner and Founder of Stellaris Group, LLC. To learn more about Human Resources Outsourcing and Consulting, connect with her at 678-935-6001 or by email at Dawn.Stastny@Stellaris.Co
Since the early 2000s, spear phishing scams have been a problem. These scamming emails occur when someone attempts to lure sensitive information from an unsuspecting recipient by posing as a legitimate company or entity (i.e. ‘please provide your credit card info for a free trial,’ or, ‘your account has been hacked, please reply with your password and username to reclaim control’).
Falling victim to a phishing scam can be detrimental to the individual or company who is preyed upon. And unfortunately, phishing scammers have been getting better and better, therefore making it more difficult to detect when an email is legitimate vs. when it is a fake.
To help you decipher between what’s real and what’s not, look for these 5 signs that you’re reading a spear phishing email.
Nosy and Suspicious Requests
Your bank, or any other company, will not ask you for your social security number, bank account information, PIN numbers, or any other highly sensitive material over email. Whenever you receive an email that is requesting any type of info from you, always remain suspicious. When in doubt, call the bank or company directly to ensure that the email is in fact legitimate.
While we can all be guilty of a typo here or there, some phishing emails are often plagued by spelling, grammatical, and format errors. While in some instances, the grammatical errors are caused by the sender not being a strong English speaker, many theorize that these errors are prevalent in scam emails because they save time.
Because it usually takes multiple emails back and forth between the phisher and the victim for them to successfully extract the information, the scammers need to weed out between those who will fall for it and those who won’t. In other words, people who look past grammatical errors and ignore spelling mistakes are more likely to actually provide the information than those who don’t. Therefore, they can save time by sending low-quality emails to more people, faster, and cast a wider net around potential victims.
Pretty evil, we know. So always be mindful of too many
Missing a Name for Who it is Addressed to
An email that begins with ‘Dear customer’ or a similarly generic introduction is more likely to be a spear phishing email than those that actually include your own name. For reasons described in the previous tip, it is more advantageous for these criminals to not take the time to figure out the names of the recipients, but rather to just send out as many as they can.
Email From a Public Internet Account
If you believe you’re receiving an email from a bank or business, the sender’s email should not have a public internet account attached to it. Email from @ Gmail, Yahoo!, Hotmail, or Outlook should be a red flag that the sender is not who they say they are. Many phishing emails will use the name of the bank or entity in the email to try and trick you.
Phishing scammers will often use fraudulent websites to try and steal your information. If you are provided a link, check carefully to make sure that the URL is correct. You can easily do this by opening a new tab and googling the website yourself and checking to make sure that it is the same as the one provided in the email. Scammers will try and make the website look as close to the original as possible, but you can spot slight differences, such as alternative spelling or added punctuation.
Use Medicus IT For Your Cybersecurity Needs
At Medicus IT, we offer phishing and security awareness solutions for our clients to help you prepare for a phishing email attack on your business. We’ll work with you to implement a phishing scam simulation, which will allow us to identify which employees fell for the scam. Therefore, we can pinpoint which employees need to be trained in how to spot these scams. It’s also a great reality check, as it shows just how easy it is for businesses and their employees to be tricked into giving up personal information.
These simulations are extremely important for healthcare providers, whose patient’s information and records should be confidential at all times.