Managing Fatigue

Fatigue is defined as extreme tiredness that results in mental and/or physical exhaustion and can hinder an employee’s ability to perform work safely and effectively. Fatigue in the workplace not only impacts a workers’ mental and physical health, but it can also impact the safety of those around them, as well as their capacity to function. Its side‐effects include decreased performance and productivity and an increase in the potential for errors in judgement, which may result in injuries. 

Per the Department of Labor, long work hours and irregular work shifts are common in our society. Many American workers spend over 40 hours a week at work, and almost 15 million work full time on evening, night, rotating, or other irregular shifts. Work schedules like these may cause worker fatigue.

Shift workers may be scheduled for days, evenings, nights and/or on a rotating or on-call basis. They may work extended shifts (more than 8 hours long), rotating or irregular shifts, or consecutive shifts resulting in more than the typical 40-hour workweek. Long work hours may increase the risk of injuries and accidents and contribute to poor health and worker fatigue. Studies show that long work hours can increase stress, poor eating habits, lack of physical activity, and illness. It is important to recognize worker fatigue symptoms and its potential impact on each worker’s safety and health and on the safety of co-workers.

Four Ways to Manage Fatigue

  1. Stretch and Move

If you are at a guardhouse and unable to leave, find ways to move your body and keep blood flowing. Move your feet in circles and stomp them on the ground. Drum your hands on your thighs. Roll your shoulders and lift your arms up and down. Walk up and down stairs or around the building on breaks.

2. Exercise Your Mind

During downtime, keep your mind active to stave off sleep. Try actively using all your senses while you work. Focus on what you taste, notice what you can smell, and listen intently to all the sounds in your environment. Using your senses this way helps keep your brain active.

3. Stay Hydrated

Drinking soda and coffee can cause your energy to crash and make you abandon your post for frequent bathroom breaks. Drink water instead to keep yourself hydrated and alert. If you need coffee to stay awake, go ahead and indulge in moderation; just try to avoid caffeine in the last few hours of your shift so you can sleep when you are done. 

4. Create Your Own Accountability

 Set 10-minute alarms on your phone or install an app designed to keep you awake. These apps offer different ways to help you fight sleep, such as making noises at random intervals. If there are other officers on duty nearby, exchange messages every so often to help each other stay alert or ask a friend who is awake while working to send you periodic check-in messages.

Sources: 

7 Ways Security Officers Can Stay Awake on Duty. https://www.deggy.com/7-ways-security-officers-can-stay-awake-on-duty.html

Long Work Hours, Extended or Irregular Shifts, and Worker …. https://www.osha.gov/worker-fatigue

Leaders and IT departments worldwide are still working to recover from arguably one of the most prolific cyberattacks ever. If you use Microsoft Exchange Server, you were undoubtedly impacted by the hack, and if you were, you were not alone. The Wall Street Journal reported that the number of customers affected by the attack could reach upwards of 250,000. 

Breaking Down the Exchange Attack 

In early March, Microsoft disclosed that Chinese state-sponsored hackers, a group known as Hafnium, had gained access to organizations’ email accounts through vulnerabilities in its Exchange Server email software. Microsoft identified four vulnerabilities and issued emergency patches for the vulnerabilities for systems going back to 2010. That means flaws were present in Microsoft code for over a decade. 

Microsoft was first alerted to the vulnerabilities by security company Volexity, who found the attackers had been exploiting the flaws since January. The attack does not impact Microsoft’s cloud-based email and calendar service, only its on-prem offering. 

On March 5th, cybersecurity journalist Brian Krebs reported that at least 30,000 organizations across the United States were breached. This included small businesses, towns, cities, and local governments. IT teams continue to patch the vulnerabilities across the country, but as of March 14th, at least 80,000 vulnerable Exchange servers were still exposed on the internet, according to reports.

How the Attack Works

The attack works like this:

  1. Attackers are able to gain access to an Exchange Server either with stolen passwords or exploiting the vulnerabilities to disguise themselves as someone with legitimate access.
  2. Attackers create a web shell to control the compromised server remotely. A web shell is able to be uploaded to a web server, allowing remote access to the server. 
  3. Attackers use this remote access to steal data from the organization, including email data. 

Oh, But it Get’s Worse….

The flaws in the Exchange server are considered zero-days. However, Microsoft sent a proof-of-concept (PoC) code privately to members of its Active Protections Program. This code was leaked, either purposefully or accidentally, according to The Wall Street Journal, who reported that Microsoft had launched an investigation into the leak. Either way, a PoC made exploiting the vulnerabilities substantially easier and opened up the Exchange vulnerabilities, like floodgates, to a wide swath of the internet’s darker denizens. Other nation-states and cybercriminal gangs joined in on the fun. On top of that, a ransomware strain dubbed DearCry began capitalizing on the Exchange vulnerabilities. 

The breach has forced those who use Microsoft’s on-prem email offering to scramble to migrate their email to the cloud. It also forced leaders to ask, did bad guys get in, and if they did, what did they get their hands on? 

Patching the vulnerabilities was a critical step, but it didn’t necessarily eject criminals from internal networks. In some cases, organizations had to revert to backups and rebuild. This is a reason why it is so important to have backups. These emergency situations can arise, and you have to pull the plug immediately. 

But First There Was SolarWinds

The Microsoft Exchange server attack came on the heels of another extraordinary cyber incident. This one occurred late last year and impacted 425 of the US Fortune 500, including telecommunication companies, accounting firms, and all branches of the US military. It began when cybersecurity company FireEye announced they had been a victim of a cyber breach attributed to Russian state-sponsored actors. Further investigation revealed that it was not FireEye that was the point of attack. Instead, it was SolarWinds, a widely-used IT management firm. Attackers had compromised a SolarWinds software update, so when SolarWinds customers applied the update, their systems became infected. 

The incident was massive enough for Congress to call forth executives from SolarWinds and FireEye as well as Microsoft, who was impacted by the hack, for a good old fashion tongue lashing in front of the cameras. While the executives, essentially, pointed fingers at each other, the rest of us were left to wonder how we can protect ourselves from attacks we can’t even anticipate nor prevent?

What Can We Do? 

When you think of third-party vendor attacks, the classic example is Target, which in 2013 has over 40 million credit cards stolen from its point-of-sale systems. The attackers were able to exploit Target’s HVAC vendor to gain access to Target’s network. This is the example that is often cited when we discuss the need to “watch your six” when it comes to giving vendor access to your networks. This was an HVAC vendor, and Target was roundly criticized for its data segmentation practices. 

An HVAC vendor should not have access to any confidential, sensitive, or customer information. However, a technology vendor is a different story, especially one who helps administer your email (in the case of Microsoft) or oversees your network management (in the case of SolarWinds). These types of vendors need the highest level of access and access to essentially everything. There has to be a level of trust there that, almost to an extreme degree. 

Today, it is impossible to do business…to even function without these vendors. We need them. But this reliance comes at a cost. First, we are subject to the extreme cases listed above. We will likely continue to see more of them (as cybercriminals understand how the exploitation of a technology vendor can reap enormous booty). Leaders are also limited in what they can do to protect themselves when a critical technology vendor gets hijacked. 

But there are some things, as a leader, you can do. 

Keep up to Date: One of the biggest things you can do is make sure you are keeping up with what is occurring when it comes to cybersecurity. You should be making cybersecurity a part of your daily feed, so you understand how these types of attacks occur and what you can do to limit the damage when they do occur. There are plenty of great newsletters and threat reports from industry insiders. One I would recommend is The CyberWire (https://thecyberwire.com/). You can sign up for their free daily newsletter. They also release a free daily podcast that runs around 20 minutes. It is a great way to stay on top of the latest in cybersecurity while upping your cybersecurity IQ. 

This will also help in mitigation. In the case of the Exchange breach, it was an enormous challenge to understand how to respond because the attack was so unprecedented. The Cybersecurity & Infrastructure Security Agency (CISA) sent out an alert with some of the tactics, techniques, and procedures to help organizations examine their internal systems for evidence of maleficence. In critical moments, it is important to understand where to turn. 

Keep an Expert on Speed Dial: In critical moments, it is important to understand where to turn. That is why it is helpful to have someone with expert knowledge to give you advice. Don’t seek that person or person(s) out when the emergency is taking place. Have that relationship already built, so it is there when the worst happens, and you need it most? 

Keep Your Systems Up to Date:  Putting aside the fact that the SolarWinds breach was caused by a malicious update, it is critical to push updates as quickly as possible when they are released. This was especially true of the Exchange server vulnerabilities, as we saw direct exploitation of vulnerabilities and Microsoft taking an unusual step of issuing emergency patches. Unpatched vulnerabilities are like a wide-open door to a bank vault. The criminals have a blueprint to get into your systems until the vulnerability has been patched. Make sure you are keeping your systems up to date.     

Keep Your Backups Current: I discussed earlier the importance of backups. You should keep backups that are regularly updated and unconnected from your network. Then when a cyber incident occurs (such as ransomware), you will be able to quickly recover (and hopefully without having to pay any ransom). 

Keep Your Logs in Order: Logs record events that occur within your network. With logs in place, you can detect unusual behavior, pinpoint anomalies, or forensically understand what occurred after an incident. If an attacker is downloading a large number of files, logs can alert you. If an employee is trying to access something he shouldn’t, logs can help catch him. If there is an unusual login attempt from southeast Asia, you may see it in your logs.

Keep an Event Playbook on Hand: Digital Event Response Playbooks (DERPs) are useful when an emergency digital event occurs. What these playbooks do is ensure the entire organization, every department, and every key stakeholder understands what they are responsible for during an event. This helps everyone to be on the same page or rowing in the same direction. It also can ensure that as little time is wasted as possible during the critical first hours of a digital event. Creating a playbook specifically for a cloud vendor exploitation should be on your to-do list if you haven’t already. Reach out to us because we specifically create this type of playbook for clients. We also suggest holding trainings for the playbook as well as tabletop exercises. In these exercises, key stakeholders are able to walk through a real-world scenario using the playbook. This helps the stakeholders understand their role during a digital event. It also aids the playbook owner in understanding how the playbook could be refined or improved.   

When technology vendors inadvertently open holes in your network, you may feel helpless. It can feel like there is nothing you, as a leader, can do. But there are some things you can do to help your organization manage a difficult situation. A little extra preparation today can help in these extreme situations.  

Despite our best efforts to prevent them, emergencies are inevitable. Developing security protocols ahead of time to respond to emergencies is crucial to minimizing or preventing injury, property damage, and even loss of life.

Just as no two emergencies are alike, the needs of each client vary. To ensure we provide the level of support our clients need during a crisis, we work closely with each one to develop procedures tailored to their specific environment. Whether it be an oil pad dealing with dangerous equipment and chemicals, or a high-rise office building ensuring hundreds of people’s evacuation in the event of a fire, TriCorps can answer the call most other security firms cannot.

Our physical security force is made up of men and women experienced in the nuances of emergency response. A good portion of our personnel have served in our nation’s military and/or law enforcement and have been on the front lines when incidents or emergencies occur. Working together with organizations small and large, TriCorps can develop emergency response procedures, provide training and protocols for active shooter threats, and use life-saving equipment such as fire extinguishers, AEDs, and first aid kits when crises occur. These examples of emergency response efforts are just a few of the physical security services we can provide.

“After a recent security incident, I requested an immediate security staffing increase over 100% of the scheduled force with 24-hour coverage. TriCorps not only met the need immediately, they exceeded the numbered request with a highly qualified and professional security officers. “

Corporate Security Director, Energy Client

In our electronic security division, TriCorps can work with organizations to establish protocols such as alerting the appropriate personnel if a specific individual is seen on the property or calling the police if a motion sensor camera captures a trespasser after hours. To ensure these systems meet their full potential, they can be monitored 24/7/365 by TriCorps’ operators in our own Global Security Operations Center.

To mitigate risk and handle emergencies directed at our client’s data and IT infrastructure, TriCorps utilizes the talents of our law enforcement and technology specialists’ to deliver unmatched cybersecurity services. By implementing a variety of network protection protocols and penetration testing, we can identify and mitigate vulnerabilities. In the event of a breach, we can provide forensic analysis to help identify the attack source to aid law enforcement in bringing those responsible to justice.

Threats will always be present, and emergencies will always be a part of our lives. TriCorps can help mitigate risk and respond to emergencies in a way no other company can. Using our Integrated Security Model, TriCorps can provide every aspect of security coverage organizations need to give them, their employees, customers, and families the safest environment possible.