Accident Investigation

Look at the picture, then read down...

OK, read down...

DOWN...

DOWN...

Read on...

You are wondering what this picture has to do with safety and accident investigation? You  first probably noticed the girl's thong showing through her pants (women saying that is a fashion faux pas, men adding a point to their thong spotting score. )

Did you notice the DOG driving the white car? Go look.


So what does this picture have to do with accident investigation? Quite simply I ask: "What else are you missing?"

Just because you think you know where the scene is, you may be missing something. When I teach accident investigation, and my students determine the scene, we rope it off to investigate just like the police.

After  we investigate the scene, I ask: "What else are you missing?" I tell them that you will (usually) find something outside the scene that has a bearing on interpreting what caused the accident. My Rule of Thumb: 20 feet.

That is to say to say there is additional evidence at least 20 feet away from what you thought was the scene. For example an employee is injured by a machine that the guards were tampered with. What additional evidence can be more than 20 feet away?

How about a production memo that pressures employees to take shortcuts or devices being made in the maintenance shop that disable the guards?

Investigate Accurately, Recreate Accurately

You may do your "initial investigation" as soon as possible to preserve evidence, but do a thorough investigation accurately. If the accident happened on 3ed shift, come back then to do a thorough investigation. There may be dynamics that are only present on 3rd shift like employees coming from the bar to work.

If you recreate the accident scene, do it accurately.  I recreated a roof section that was involved with a fall. By comparing my pictures I had taken at the scene with the full sized model I built, I discovered that the rails and toe boards were not properly attached. I solved this when I noticed that my model had long common nails from where nailing the toe boards and rails missed the rafters.

This was confirmed by another visit to the scene and interview with employees. They did use nearly enough nails, not wanting to damage the new roof.

My 20 foot rule is no guarantee, BUT it is a reminder to think "outside the box" (or accident scene).

Thank you for reading.

English Por Favor

I have been off on technology tangents, now I am getting back to safety....

Can You Require Employees to Speak Only English on the Job?

Sources: USA Today,  EEOC, think HR blog,

In today’s increasingly diverse workforce, it’s not at all unusual for a company to have employees whose native tongue is a language other than English. In some workplaces, this has given rise to problems. Consider these situations:

• Two cashiers chat with each other in Spanish while dealing with English-speaking customers. A customer later complains about this "rude behavior."

•  Three members of a work team converse in Portuguese. A fourth member, who doesn’t speak Portuguese, tells a supervisor she thinks the other three are making fun of her.

•  An employee, seeing a falling object, yells "Watch out!" in Italian to co-workers, some of whom don’t understand that language.

The first scenario might be considered poor customer service. The second could lead to morale problems or hostility among employees, or otherwise interfere with their ability to work together efficiently. And the third is a safety concern.

I am going to evaluate the above 3 scenarios, but first let's take a look at the legality of  English-only policies. There have been numerous lawsuits in the wake of these policies.

USA Today reports that Whole Foods has suspended two employees for allegedly speaking Spanish to each other on the job. For its part, Whole Foods denies the claim, and insists that it suspended the employees for "rude and disrespectful behavior."



English-only rules are legal as long as the employer can show a business need for the policy (for example, inter-employee communication or workplace safety). An overly restrictive rule (for example, prohibiting non-English-speaking in non-work areas such as the lunchroom), however, might violate EEOC's Title VII’s prohibition against national origin discrimination.

According to the USA Today story, Whole Foods’s "policy states that all English speaking team members must speak English to customers and other team members while on the clock" and that "team members are free to speak any language they would like during their breaks, meal periods, and before and after work." That policy is perfectly legal under Title VII, and should raise no issues for the employer.

What the EEOC Says:

EEOC Regulation 29 C.F.R. § 1606.7(a) provides that a rule requiring employees to speak only English at all times in the workplace is a burdensome term and condition of employment. Such a rule is presumed to violate Title VII. Therefore, a speak-English-only rule that applies to casual conversations between employees on break or not performing a job duty would be unlawful.

A workplace English-only rule that is applied only at certain times may be adopted only under very limited circumstances that are justified by business necessity. 29 C.F.R. § 1606.7(b) Such a rule must be narrowly tailored to address the business necessity. Situations in which business necessity would justify an English-only rule include:

• For communications with customers, coworkers, or supervisors who only speak English.
• In emergencies or other situations in which employees must speak a common language to promote safety. 
• For example, a rule requiring employees to speak only English in the event of an emergency and when performing their work in specific areas of the workplace that might contain flammable chemicals or other potentially dangerous equipment is narrowly tailored to safety requirements and does not violate Title VII. 
• For cooperative work assignments in which the English-only rule is needed to promote efficiency.
• For example, a rule requiring investigators (some of whom speak only English) to speak only English when working as a team to compile a report or prepare a case for litigation is narrowly tailored to promote business efficiency and therefore does not violate Title VII.
• To enable a supervisor who only speaks English to monitor the performance of an employee whose job duties require communication in English with coworkers or customers.
• For example, a rule requiring employees to speak only English with English-speaking co-workers and customers when a supervisor is present to monitor their work performance would be narrowly tailored to promote efficiency of business operations. As long as the rule does not apply to casual conversations between employees when they are not performing job duties, it would not violate Title VII.

If an employer with a business necessity adopts an English-only rule to be applied at certain times, the employer must inform its affected employees of the general circumstances when speaking only in English is required and of the consequences of violating the rule. 29 C.F.R. § 1606.7(c).

As with all workplace policies, an English-only rule must be adopted for nondiscriminatory reasons only.

• For example, an English-only rule would be unlawful if it were adopted with the intent to discriminate on the basis of national origin. Likewise, a policy prohibiting some, but not all, of the foreign languages spoken in a workplace, such as a no-Spanish rule, would be unlawful.

The American Bar Association has an excellent analysis of English-only rules (in .pdf format) here:

Some History of English-only:

The debate about English-only initiatives has raged in one form or another for much of this country's history.  In America's early days, multiple languages often co-existed. The Continental Congress printed many documents, including the Articles of Confederation, in German and English.  An 1837 Pennsylvania law required school instruction in both German and English.  California was officially bilingual for its first 30 years, and printed its first state constitutional proceedings in both Spanish and English.

During the 1870s, however, restrictive language legislation became prevalent.  In the South, native-born, English-speaking African American men had to pass a literacy requirement in order to vote.  An Anti-Chinese Party led California's second constitutional convention to ratify the state's first English-only provisions.   During the 1920s, many Midwestern states passed legislation that barred schools from teaching German as a result of anti-German sentiment lingering from WWI. 

  The courts and eventually the United States Congress stepped in and reversed this pattern of language restriction.  In 1923 the U.S. Supreme Court nullified these restrictive laws in the case of Meyer v.  Nebraska.  The Court wrote, 

"The protection of the Constitution extends to all; to those who speak other languages as well as those born with English on the tongue." 

The Supreme Court, in Lau v. Nichols, ruled that instruction solely in English deprives students of an understanding of the curriculum and of an equal opportunity in education.  In 1968, Congress, looking for new ways to educate minority youth, enacted the Bilingual Education Act.

The debate has been renewed at 9th and Passyunk in South Philadelphia. At Geno's "world famous" cheese steaks the demand for "Wiz wit" (i.e., cheese wiz and onions) remains high even though the owner is requesting that customers order their sandwiches in English. A sign at the order window reads: "This is America.  Please Speak English."

Apparently no one has been denied a steak at Genos's for ordering in something other than English, despite several attempts by local radio stations. 

Two cashiers chat with each other in Spanish while dealing with English-speaking customers. A customer later complains about this "rude behavior."

Speaking English only would constitute a business necessity for communications with customers, coworkers, or supervisors who only speak English.

An employee, seeing a falling object, yells "Watch out!" in Italian to co-workers, some of whom don’t understand that language. 

Safety concerns are another legitimate  use of an English-only rule, although it must be applied to specific situations.

The EEOC cites the following scenario as an appropriate use of an English-only rule to address safety concerns:

XYZ Petroleum Corp. operates an oil refinery and has a rule requiring all employees to speak only English during an emergency. The rule also requires that employees speak in English while performing job duties in laboratories and processing areas where there is the danger of fire or explosion. The rule does not apply to casual conversations between employees in the laboratory or processing areas when they are not performing a job duty. The English-only rule does not violate Title VII because it is narrowly tailored to safety requirements. (EEOC Compliance Manual, Section 13: National Origin Discrimination – Dec. 2, 2002).

According to this example, then, an employer would not run afoul of federal non-discrimination laws by requiring employees to speak only English while performing specific job functions, during emergency situations, or while working in particular areas of a facility that implicate workplace safety issues.

EEOC and OSHA: a Double Edged Sword

While EEOC allows English-only rules for concerns of safety OSHA’s training standards require employers to use particular documents, teaching methods or language to train employees. Instead, OSHA requires employees to present information in a manner that employees are capable of understanding.

A narrowly-tailored and appropriately used English-only policy is relevant to hiring decisions. If, for example, an employer has an English-only policy like XYZ Corporation’s in the above example, it would need to consider that policy in hiring employees to work in the laboratories and processing areas.

Candidates who speak no English would not be able to adhere to the policy and would therefore not be qualified for hire into a position that includes work in those areas. Similarly, even in the absence of an English-only policy, an employer does not violate federal anti-discrimination laws by rejecting a non- English speaking candidate whose inability to speak or understand English would materially affect his or her ability to perform job duties. 

If, for example, a candidate’s job duties would require forklift operation, and the candidate could not read or understand warning signs, operating manuals, or safety placards required for the safe operation of a forklift, the employer would have a good faith, non-discriminatory reason to reject that candidate.

Consider a production facility where forklifts are used. All employees need a certain proficiency in English for the forklift drivers to communicate their intentions. It would be almost impossible (and discriminatory under EEOC) to identify (label) non-English speaking employees to the forklift drivers. 

Under this scenario, it is reasonable to expect all production, maintenance, dock, yard, and warehouse employees (all the places where forklifts are present) to speak English. Office employees would be exempt as long as they do not have to speak to Englis only speaking supervisors or go in to areas where the forklifts operate.

Another way OSHA inspectors will evaluate an employer’s compliance with safety training standards is by determining how the employer communicates other workplace rules and policies to employees, particularly job instructions (i.e., other non-safety policies or procedures). If these other job instructions are given in Spanish, for example, OSHA will likely view English-only safety training as insufficient.

Other Federal Agencies:

Certainly, safety issues arise in some workplaces. The Federal Aviation Administration (FAA), for example, requires air traffic controllers to "be able to speak English clearly enough to be understood over radios, intercoms, and similar communications equipment."

The Nuclear Regulatory Commission (NRC) requires that "all employees profeciently read, write, and speak English... and English is the only language to be used."

 
U. S. Department of Transportation (DOT) regulations require commercial truck drivers "to be able to read and speak the English language sufficiently to" speak with the public, understand road signs, respond to "official inquiries," and keep records. The states are charged with enforcing these requirements.

A Federal Motor Carrier Safety Administration pamphlet outlines the kinds of things truckers should be able to say, in English, if they want to keep on driving:

Three members of a work team converse in Portuguese. A fourth member, who doesn’t speak Portuguese, tells a supervisor she thinks the other three are making fun of her.

I purposely saves this for last. This may seem like an inappropriate application of an English-only rule, but I beg to differ.

Workplace and school violence events have contributed to our increasing national conversation about "bullying."  Recently, National Public Radio quoted a Zogby poll in which more than a quarter of American workers reported that they have experienced abusive conduct at work. Sixty-four percent of respondents to a Monster Global Poll felt that they had been "bullied, either physically hurt, driven to tears, or had their work performance harmed."

As part of an anti-bullying policy, the requirement to speak English-only in the presence of  English-only speaking employees is reasonable. This also prevents the misinterpretation of threats.

Both practical and legal problems impede developing effective policies.  As an example, how do you define "bullying" and how do you distinguish this objectionable conduct from the sort of workplace banter and teasing that men often use to bond with one another?

Michael Akin, vice president of government affairs for the Society of Human Resource Management, pointed out that "it’s tough, if not impossible, to legislate against someone being a jerk."  However, employers may be able to develop an effective code of conduct and effective anti-bullying policy based upon requiring employees to use "good judgment" and to be a "professional."

Being that there is no legislation or OSHA Standard on anti-bullying policies, it is important to define the terms used in the policy. For example;

"Abusive conduct" means acts, omissions, or both, that a reasonable person would find abusive, based on the severity, nature and frequency of the conduct, including, but is not limited to: repeated verbal abuse such as the use of derogatory remarks, insults, and epithets; verbal, non-verbal, or physical conduct of a threatening, intimidating, or humiliating nature; or the sabotage or undermining of an employee’s work performance.  It shall be considered an aggregating factor if the conduct exploited an employee’s known psychological or physical illness or disability. A single act normally shall not constitute abusive conduct, but an especially severe and egregious act may meet this standard;

"Abusive work environment" means, an employee condition when an employer or one or more of its employees, acting with intent to cause pain or distress to an employee, subjects the employee to abusive conduct that causes physical harm, psychological harm, or both;

Here is another good paper titled: Safety, The Universal Language? Literacy and Language Challenges in the Workplace (in .pdf format).

Literacy as a Foreign Language

What special accommodation should an employer have for an employee who works in a safety-sensitive position who cannot read or write?

The employee is required to pass a hazard communication training, as well as be able to respond adequately to an emergency situation, including being able to read and follow safety instructions.

Assuming that this not a disability that causes the illiteracy but based upon lack of formal education, an employer is not required to accommodate the employee.  In safety-sensitive positions, even if a disability were the cause for inability to read or write, the Americans with Disabilities Act (ADA) does not override safety requirements in the workplace.

Again OSHA training requirements say: For example, if an employee is not literate, the employer does not satisfy OSHA training requirements merely by telling the employee to read training materials or safety programs. Likewise, if an employee does not speak, read or understand English, training must be provided in a language the employee understands.

OSHA has tasked each of its inspectors with the duty of determining whether the training provided by an employer satisfies the intent of the Standard (i.e., whether employees receiving the training actually understand the training). 

Discriminating on the Basis of an Employee’s National Origin

To me this is truly idiotic. There are people from every National Origin that can speak English, and there are people from every National Origin that can't speak English.

First, let me point out how the EEOC defines national origin discrimination:

National origin discrimination involves treating people (applicants or employees) unfavorably because they are from a particular country or part of the world, because of ethnicity or accent, or because they appear to be of a certain ethnic background (even if they are not). source: eeoc.gov

It is important to note, that "National Origin" is NOT "Country of Origin." National Origin Discrimination is: not hiring anyone with black skin appearing to be of African decent, hiring people with "oriental" eyes and light skin, appearing to be of Chinese or Japanese decent, etc. (True) discrimination is wrong!

But what if you only have 5 workers of Latino decent and none of them can speak English? Is action against them discrimination? Do you to find at least one workers of Latino decent who does speak English to prove you are not discriminatory?

Based on this theory, I would argue that almost ALL US companies discriminate based on National Origin for not employing people of Aboriginal decent.

Samantha Harris: First Aboriginal Supermodel

Take a Test: Discrimination on National Origin

 Look at the picture above. This person is a (in)famous foreign national.  If your company had only white, Anglo, English only speaking employees, and he claimed you fired him for not speaking English, what National Origin would he claimed you discriminated against? (Answer below in fuchsia.)

Is Simply Speaking English Enough?

Is speaking English enough or do you need to proficiently speak English? That depends on the situation. From a safety perspective,  flight controller needs a better level of English than a warehouse worker.

What to Take Away from this...

You cannot ban employees from speaking a foreign language all the time.

"English-only" policies, prohibiting employees from speaking languages other than English at all times in the workplace, are presumed to be discriminating on the basis of an employee’s national origin.

You can have a policy that requires at certain times, an English-only in the workplace may be appropriate and non- discriminatory. The employer must establish that the rule is justified by a "business necessity," or essential to safety.

Proficient English-only can be an essential requirement of the job requirement for those specific situations. If a person does not meet essential job requirements, then they are not qualified.

Literacy should also be a job requirement when necessary for safety. Lack of formal education is NOT considered a disability under ADA or a protected class by EEOC when it is essential to the job function.

English-only cannot be broad based, it must apply to specific situations.

Answer from the Test Above:

The gentleman in the picture is Alberto Fujimori Fujimor (This name uses Spanish naming customs; the first or paternal family name is Fujimori and the second or maternal family name is Fujimori.) He served as President of Peru from 28 July 1990 to 17 November 2000. He is a Peruvian of Japanese descent (his parents were native Japanese). He fluently speaks Spanish and Japanese. Under EEOC he could claim discrimination against his national origin as:

1.  A Peruvian (Latino) being he was born in Peru and speaks Spanish.
2. Japanese (Asian) because he "looks Asian" and speaks Japanese.
3. Nisei (a subculture of Japanese immigrants to Peru, and up to 4th generation children). Just as we consider Aboriginal a separate culture, yet a part of the Australian culture, Japanese immigrants to Peru are a separate culture, yet a part of thePeruvian culture.
4. 
   

Disclaimer: I am 3rd the generation descendant of immigrants. They also learned English (to work in the (dangerous) mines and survived (although a couple uncles were sans fingers). My grandmother use to yell at me in Polish when I misbehaved. My heritage has only enriched my life. I do not advocate discrimination. I do advocate legal, well written job descriptions. Coming from a nuclear background, I see the value of English-only in respect to safety. English-only may not be required in every situation. You must evaluate on a case-by-case basis to ensure legality of your requirements.

Thank you for reading!
Thank you for thinking!

Serious Security Flaw Affects Every Version of Internet Explorer

June 3, 2014 -- UPDATE!!!

In the wake of the "zero day" security flaw, Microsoft has announced (along with fixes), another vulnerability: the use-after-free vulnerability. 

Here is the Microsoft Security Bulletin Summary for May 2014, along with links to the May 2014 updates.

Here is a great graphic comparing web browser security flaws, taken from wikipedia: 

Click on image to open a full size.

The entire wikipedia page on browser security flaws is here:

The fallout from all of this is that companies, both the ones that produce the programs (Microsoft, Adobe, Google, Apple, etc.) and the companies that use the programs (government, schools, retailers, banks, insurance companies, etc.) are reevaluating their systems. Even Google has just announced an update to Chrome. 

The Google announcement can be found here and the updated version of Chrome can be found here:

Below my original post. For the average person, this may seem like too much to take in, and it is. My simple recommendation is if you are on Windows, use Chrome or FireFox.

Better yet, switch to a Mac.

Original Post: May 1, 2014...................

Sunday, April 27, 2014
From: Kim Komando, Time, Forbes, Liberty Voice,  Tech Eye , and USAToday

Here is the USA Today article with video:

Researchers at security company FireEye have found a flaw in Internet Explorer that could let hackers easily slip a virus on to your computer, especially those still using Windows XP. And hackers are already using it.

This flaw, the "zero day" security flaw, is present in every version of Internet Explorer – from 6 to 11 – stretching back more than a decade.

Calling it a "remote code execution vulnerability," Microsoft warns that "An attacker who successfully exploited this vulnerability could gain the same user rights as the current user, including the ability to "take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

Microsoft explained that the "vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated."



You have no defense with the latest Windows systems, either; the program is vulnerable no matter which version of Windows you are running.

The bug is a drive-by hack; all you have to do is visit a site that hackers have hijacked or modified and you’re infected.


As of May 1, 2014, there is no permanent fix and Microsoft is still researching the problem.

Internet Explorer Security Issues Trigger National Security Alert

This Internet Explorer (IE) security issues is so serious, that it triggered a national security alert from the Department of Homeland Security (DHS), which issued an unusual advisory warning computer users not utilize the IE web browser until the most recently discovered security issue is fixed. Some experts say that is not very likely to happen any time soon.

A Concerted Attack on US Infrastructure

"Complete compromise" means different things to different organizations, but a technical support team at General Dynamics defines it as a complete takeover of system operations, sometime called the "going hog-wild" phenomenon among hackers. This is not a common garden variety hack, a phishing scheme, or some other low-level annoyance.

On the contrary, this is a prima facie illustration of what a cyber war attack will look like, because that is exactly what is happening right now. So far, the hackers have only been stealing data, but the nature of the security hole is such that the hackers could take control over entire systems and wipe data, change data, add data, or deliberately crash devices running on infected systems. In other words, this is no joke.

Who is Affected?

Just about anyone could be affected by the breach. Neither Homeland Security nor anyone else is about to provide any details about who has been affected, or who may be affected in the near future, for the very obvious reason that making such information public would hang a target on those companies for other hackers.

However, the fact that the warning came from Homeland Security, rather than Microsoft itself, suggests that at least one of the victims has ties to country’s defence systems. The Department of Homeland Security yesterday warned. "We are currently unaware of a practical solution to this problem," said the department's Computer Readiness Team

You  can read Homeland Security's warning here:

Organizations in that category reportedly might include branches of the U.S. Military, The U.S. Postal Service, the Internal Revenue Service, the Federal Bureau of Investigation, defense contractors, and major financial institutions.

Homeland Security itself has moved most of its operations to Windows 7, but still requires its employees to use Internet Explorer.

The IRS recently admitted that it was paying Microsoft millions of dollars to continue to support their Windows XP installations, a situation necessitated by the fact that IRS’s own software will not run properly on Windows 7 or 8.

The biggest potential victims in this scenario, however, are the Chinese, who are running more XP systems than anyone else.

US-CERT

Although I say the warnings are from Homeland Security, they originate with US-CERT (The United States Computer Emergency Readiness Team). US-CERT is an organization within Homeland Security’s National Protection and Programs Directorate (NPPD). Specifically, US-CERT is a branch of the Office of Cybersecurity and Communications' (CS&C) National Cybersecurity and Communications Integration Center (NCCIC).

 US-CERT is responsible for analyzing and reducing cyber threats and vulnerabilities, disseminating cyber threat warning information, and coordinating incident response activities. The division brings advanced network and digital media analysis expertise to bear on malicious activity targeting the networks within the United States and abroad.

Why do these organizations continue to use XP?

In addition to compatibility issues with enterprise software that has not been upgraded to run on new versions of Windows, many users also point to the fact that their older peripheral devices will not work on the newer operating systems.

Manufacturers have not released updated drivers to allow older equipment to work on newer operating system, but many computer users have substantial investments in the older devices, which would have to be replaced during an upgrade to the newer systems.

According to Browsium, a software company that publishes software that enables newer operating systems to function like Windows XP, 80 percent of the organizations with more than 10,000 computers in their systems never upgraded their operating systems to Windows 7.

The anemic market performance of Windows 8 to date is widely attributed to serious misgivings in the marketplace about Microsoft’s decision to “optimize” Windows 8 to run on touch-screen systems.

Recognizing, belatedly, that the majority of the upgrade candidates do not have touch screen computers,Microsoft recently issued an update for Windows 8 that makes it easier to use on systems that do not have touch screens.

In many cases, however, Windows XP users is simply do not want to put new shoes on an old horse. They do not want to upgrade their software until they have to upgrade their hardware, and they don’t want to have to upgrade their hardware just to run Microsoft’s new software.

In many cases, computers that run Microsoft XP perfectly well, will not be as successful with Windows 7 or 8 because the newer systems need more processing speed and more memory than the older systems. This forces customers who have to move up to Windows 8 to buy new hardware to run the new software.


The Microsoft business model is apparently intent on forcing customers to constantly upgrade software versions rather than rely on customers actually wanting to buy its products (and for the long term). Microsoft freely admits to building software that is incompatible with previous versions of the same product, though this is typically spun as being a trivial, harmless issue.

You can read more about the issue of Microsoft forcing upgrades here, here, and here.

Microsoft Reaction Muted

Microsoft’s immediate public reaction has been low-keyed, promising to get right on it….while skirting the issue of whether or not they will provide a fix for IE 6 so that Windows XP users can pick up where they left off and go about their business. That is not a likely course of events.

While there is little doubt that Microsoft’s decision to discontinue support for Windows XP was specifically motivated by their need to force computer users to upgrade to Windows 8, (due to Windows 8′s poor performance in the marketplace), but there is also little doubt that decision may have just created an enormous public relations problem for the company.

If Homeland Security is telling people not to use Internet Explorer, and Microsoft never fixes the older versions of Internet Explorer, it will be Homeland Security that will be blamed as hundreds of thousands of individuals and companies spend millions (if not billions) of dollars to upgrade to an operating system that most of them did not want in the first place.

A fix for the FLASH part of the problem is available from Adobe.

So far hackers have been using Adobe Flash as the delivery system for this attack. As of 4-28-2014, Adobe rushed out a fix for Flash to prevent this from happening. Click here to update to the latest Flash version.

Microsoft Workaround #1: "Enhanced Protected Mode"

Microsoft has offered a temporary user fix for Internet Explorer versions 10 and 11 but this is not automatic. Users have to go into the tools menu implement it themselves. And, like many security documents, the Microsoft advisory can be a bit confusing to those without a lot of technical experience.

You can click on any image to make it larger.

• First, make sure you can see the menu bar in Internet Explorer.

• If you don’t see a menu bar, right click on area near the top of the window and then click on Menu bar in the box that comes up:

• Scroll to the bottom of the Tools menu (illustration is cropped — it’s actually quite long) and select Internet options:

• In the Internet options menu, click on the Advanced tab and scroll down to the Security section. Check "Enhanced Protected Mode" if you are running Internet Explorer 10 or for Internet Explorer 11 select both Enhanced Protected Mode and  Enable 64-bit processes for Enhanced Protected Mode (for 64-bit systems)

• Restart your system, which means completely reboot your PC.

Microsoft Workaround #2: Install EMET

If you want to stick with Internet Explorer, Microsoft recommends installing its Enhanced Mitigation Experience Toolkit version 4.1. EMET’s recommended configuration will make some tweaks to IE that reduce the threat.

However, it may cause some websites you use to stop working. And EMET is really mean for companies, so it’s not very user-friendly if you want to tweak settings. If you run into problems using it, uninstall it and switch browsers.


You can get EMET ( Enhanced Mitigation Experience Toolkit version 4.1.) here:

Download Instructions:

1. On the EMET download page, click the big red Download button. It will ask you to select the files you want to download.
2. Choose “EMET Setup.msi”. You can also download the user guide if you want to learn more about using the program. Then click Next.
3. Choose where to save the file or files, and then once they’re saved, find and run the .msi file. Follow the directions. 
4. When you get to the EMET Configuration Wizard, choose Use Recommended Settings. Then click Finish and Close.

Note to XP users: EMET will NOT improve your security. The tweaks it makes are to settings not available in XP. You must switch browsers or upgrade to a newer operating system.

About EMET:

On its own, Windows isn’t all that secure. That’s why you have to add third-party security software and be careful what links you open and files you download.

Part of this is because some of the settings Windows uses are good for flexibility and convenience, but bad for security. To help users adjust these settings, Microsoft makes the Enhanced Mitigation Experience Toolkit.

This program helps you tweak key Windows settings for extra safety. Of course, it can also break some programs and websites that rely on the settings it changes.

Also note that it’s meant for companies and advanced users. Its default settings work OK, but if you want to tweak anything, you really need to know what you’re doing.

If you install it and things you use often start breaking, it’s best to just uninstall it.

Switch to a Standard Account

If hackers break in to your computer using this security flaw, they can only use the Windows account that’s running Internet Explorer. That means if your account is set as a Standard account, it really limits what they can do. This is true of most other attacks as well.

If for some reason you or someone in your family insists on continuing to use Internet Explorer, please take the time to ensure that the computer is operating in a Standard account.

Learn the differences between a Standard and Administrator account, and how to switch your account over to Standard here:

Switch Browsers

This flaw only affects Internet Explorer, so switching to another browser will instantly stop the threat. Firefox and Chrome are both good free alternatives. If you want, you can switch back to IE once this flaw is fixed, but you might find you don’t want to.

IE currently owns 55 percent of the web browser market, according to NetMarketShare,with the rest being divvied up between Google Chrome, Mozilla Firefox, Apple Safari and Opera.

Those figures are contradicted by W3schools.com, whose figures show that IE only accounts for around 10 percent of the market, with Chrome holding 57.5 percent against Firefox’s 25.6 percent. Runner up Safari claims just 3.9 percent of the market, leaving 1.8 percent for Opera.

The NetMarketShare report reflects a cross-section of all computer users. W3schools statistics are based on data from visitors to their websites, who tend to be computer professionals, rather than end users.

Finally...

==> Make sure that your security software is up to date. This flaw lets hackers bypass most security software, but it’s still better to have it installed than not. Security software will catch most of the other threats out there – and there are a lot of threats out there.

If you do not have security software, or it is out of date, you can get FREE security software here: 

Remember, security software covers 3 areas:

1. Antivirus
2. Spyware/Malware
3. (Software) Firewall

You should also have a router, even if you are the only computer in your office. Modern routers act as a NAT Firewall (Hardware). You should still have a software firewall on each computer as well.

You can read more about Hardware Firewalls vs. Software Firewalls here:

==> Back up your Data.

==> Be sure to update all software and your OS (operating system).

Governments, Businesses, and Other Institutions Warning Against IE

The New York Public Library suggests its uses to ditch IE and use Google Chrome instead.

The US and UK governments advised computer users to consider using alternatives to Microsoft's Internet Exploder browser until the company fixes a security flaw that hackers used to launch attacks.The Department of Homeland Security's U.S.

The Department of Homeland Security's U.S. Computer Emergency Readiness Team said in an advisory that the vulnerability in versions 6 to 11 of Internet Explorer could lead to "the complete compromise" of an affected system.

The UK National Computer Emergency Response Team told British computer users, that in addition to considering alternative browsers, they should make sure their antivirus software is current and regularly updated.



Thank you for reading.

Recordkeeping Guidance for Temporary Staffing Issued by OSHA

One year ago this month,the U.S. Department of Labor's Occupational Safety and Health Administration (OSHA) announced an initiative to further protect temporary workers from workplace hazards.The OSHA temp worker initiative web page can be found here:

Due to increasing employee benefits and health care costs, as well as employee turnover, employers are more frequently using temporary employees to address staffing shortages or an unexpected increase in production. In these situations, a workplace often has multiple employers, the host employer, and the staffing agency.

OSHA’s Multi-employer Policy

Section 5(a) of the Occupational Safety and Health Act broadly requires employers to furnish each of its employees a workplace free from recognized hazards and to comply with all occupational safety and health standards developed by OSHA. Thus, the act creates two types of obligations: (1) a “general duty” obligation running only to the employer’s own employees; and (2) an obligation to obey all OSHA standards with respect to all employees, regardless of their employer.

This second obligation formed the basis for OSHA’s “multi-employer worksite policy,” under which the agency decided it had the authority to issue citations not only to employers who exposed their own employees to hazardous conditions, but also to employers who created a hazardous condition that endangered employees, whether its own or those of another employer. This policy gave OSHA the ability to issue citations to multiple employers even for violations that did not directly affect the employer’s own employees. By 1994, OSHA’s policy instructed its compliance officers to issue citations to any employer who:

1. -exposed its own employees to a hazardous condition (“exposing employer”);
2. -created a hazardous condition that endangered any employer’s employees (“creating employer”);
3. -was responsible for correcting a hazardous condition even if its own employees were not exposed to the hazard (“correcting employer”); or
4. -had the ability to prevent or abate a hazardous condition through the exercise of reasonable supervisory authority (“controlling employer”).

Although the multi-employer doctrine has particular importance on the construction industry, OSHA has continuously expanded the scope of its multi-employer worksite policy to impose liability on all host employers. This includes manufacturers who subcontract out maintenance work, such as office property managers who subcontract out window cleaning and maintain any level of control over the “means and methods” by which the subcontractor performs the actual work.

For instance, OSHA has applied the multi-employer worksite policy to factory settings, where it cited the factory operator where an employee of a subcontracted cleaning company was killed while performing sanitation work at the factory (IBP, Inc. v. Herman, 1998). More recently, OSHA applied the multi-employer doctrine at a maintenance garage fixed-facility when an outside contractor employee suffered a fatal fall through a skylight while inspecting a rooftop heating, ventilation, and air conditioning system (Secretary of Labor v. Ryder Transportation Services, February 28, 2011).

Effect of OSHA’s Initiative on Host Employers

OSHA’s latest temporary employee initiative places new obligations on host employers. Certainly, host employers should expect OSHA to treat temporary employees the same as its own employees. Thus, host employers must now evaluate their use of temporary employees and their potential exposure to health and safety hazards.

Further, OSHA will also likely expect host employers to provide health and safety training to all employees, no matter what the duration of the employment. This training must also be provided in the language and vocabulary the temporary employees can understand. Thus, if an employer uses a staffing company that employs a largely Russian or Vietnamese  population, the host employer may need to translate its materials into the temporary employees’ native language to ensure all employees understand the training, although there currently is no regulation that requires translation of written safety policies or training materials.

The employer may also have to determine if these employees are literate; if they cannot read, the employer may have to utilize interpreters to provide verbal training that the employee can understand. In other words, OSHA will require host employers to treat temporary and its own employees the same when it comes to protection from hazards and health and safety training, regardless of whether the employee is on-site for one day or one year.

 OSHA's Recordkeeping Guidance

On March 13, 2014, OSHA released a new educational bulletin on injury recording requirements to help protect temporary workers.

OSHA already requires all employers to maintain an OSHA 300 log. This log is used to record all injuries and illnesses that have medical treatment above and beyond first aid, need modified duty or require days away from work.

At the end of each year, the number of injuries is totaled and the number of hours worked is added onto the OSHA 300A form, which is posted from February 1–April 30 of the following year.

So who is responsible for recording temporary worker injuries? 

The OSHA standards state, "Whoever is providing the day-to-day supervision is the employer that needs to record those injuries." Day-to-day supervision occurs when the “employer controls conditions presenting potential hazards and directs the worker’s activities around, and exposure to, those hazards.” In most cases, this is the host employer.

Even in cases where the temporary staffing agency has an on-site supervisor, since the host client controls the conditions, the responsibility of recordkeeping would still fall on the host client.

The full document (in pdf format) issued by OSHA can be found here:

 Thank you for reading.

I have no words for this...

Travelers Edges Out Liberty Mutual To Become Largest Workers' Compensation Insurer

From: The Hartford Courant
March 06, 2014

The Travelers Cos. replaced Liberty Mutual as the largest provider of workers' compensation in 2013, according to an annual list of top insurers by business segment released this week

Liberty Mutual fell to second place after holding the top spot a year earlier, and The Hartford Financial Services Group maintained its third place position both years.

The statistics were revealed in an annual analysis of insurers' market share, released Wednesday by the National Association of Insurance Commissioners.

Last year in workers' compensation, Travelers had $4 billion in earned-premium revenue for workers' compensation. Liberty Mutual had $3.87 billion and The Hartford had $3.3 billion.

In the broader context, State Farm was the top property-casualty insurer in the U.S. if premium revenue for all business segments is added together. State Farm had $55 billion in earned-premium revenue in 2013, up from $53 billion a year earlier. State Farm continued to dominate in the two largest, most lucrative insurance segments: homeowners and personal auto.

After State Farm, the top property-casualty insurers last year by market share, followed by the company's earned-premium revenue, are: Liberty Mutual, $28.9 billion; Allstate, $27.2 billion; Berkshire Hathaway, $22.3 billion; Travelers, $22.8 billion. Berkshire Hathaway owns GEICO.

Top home insurers last year were State Farm, Allstate, Liberty Mutual, Farmers Insurance, United Services Automobile Association. Top personal auto insurers were State Farm, Berkshire Hathaway, Allstate, Progressive and Farmers Insurance.

Property-casualty was a $531.7 billion industry last year, which includes $179 billion from personal auto; $80.2 billion from homeowners' coverage; $54.5 billion from "other liability," which is general liability; $50.4 billion in workers' compensation; $25.8 billion in commercial auto coverage; among other lines of coverage.

Thank you for reading.

Most dangerous workplace in Kansas? The road

From: The Wichita Eagle
Jan. 31, 2014

What’s the most dangerous jobs in Kansas?

It’s not facing down panicky cattle, angry tenants or desperate criminals.

It’s driving in traffic.

The most dangerous job in Kansas in 2012, according to the Kansas Department of Labor’s annual Workplace Non-fatal Injuries and Illnesses report, is as a courier or messenger.

The report is based on workers compensation claims for the year, and it does not include farms and ranches with fewer than 11 employees.

According to the survey, there were 10.2 injuries or illnesses per 100 couriers and messengers.

The data reflect national statistics show that for many years, traffic accidents account for the single largest segment of workers compensation claims in the U.S.

Other top professions for injuries and illnesses last year, with seven or more injuries per 100 workers, were metal refining workers, furniture manufacturing workers, ranchers, nursing and residential care workers, and those who work with nonfinancial intangible assets, such as logos.

Commentary:

This is not only true of Kansas, but the whole United States.In a previous post I commented that the fatality rate for tractor trailer rollovers is almost 50%! Even if you don't have company vehicles, you are still responsible for the injuries sustained to your workers if they are driving for work; such as running to the post office, going to a doctor's appointment for a work related injury.

You should include a safe driving program as part of any safety program.

Trivia....

Four vehicles: a police car, a fire truck, a mail truck, and an ambulance approach a four way intersection that has no traffic control devices (signs, lights, etc.). None of the emergency vehicles have their flashing lights or sirens on. None of the vehicles have their headlights, flashers, or any light on. Each vehicle intends to continue in the direction they are travelling (no one is turning). Who has the right of way?


Answer: the mail truck because it is a Federal Government vehicle and none of of the other vehicles have their flashing lights or sirens on indicating an emergency giving them the right of way.

More trivia: a mail truck can not be stopped by any police officer for any reason while in the course of delivering the mail.

Thank you for reading.