In today’s interconnected world, proper management of cybersecurity issues must be considered in all aspects of business operations, including health and safety management.
You may be wondering, how does cybersecurity and health and safety link?
In recent years, growing cyber attacks have demonstrated exactly why cybersecurity is a growing consideration in health and safety management. Cyber attacks can cause a range of risks for an organisation and their employees, including:
- Informational Risk – where important company, employee and customer data can be stolen and used for criminal activities
- Operational Risk – where there is a major disruption to how you trade and run your business
- Reputational Risk – where a cyber attack could cause reputational damage to your company’s brand
- Financial Risk – where a cyber attack can cause your business to lose money with significant financial impact on post-attack recovery
However, in recent years, the true impact of cybercrime on health and safety has been seen through a rise in cyber-physical attacks.
What is a Cyber-Physical Attack?
A cyber-physical attack is a security breach which has a direct impact on physical environments and health and safety.
A malicious user or hacker can breach systems and take control of the computing or communication components of different operating systems, including water pumps, transportation and pipeline valves for example, which can cause significant damage to property and put lives at risk.
In 2019, hackers took control of construction cranes, excavators, scrapers and other large machinery, highlighting the true health and safety dangers and potential of cyber-physical attacks on industries that rely on heavy machinery, including construction, agriculture and manufacturing.
What are the other cybersecurity risks on health and safety?
Whilst cyber-physical attacks are on the rise, organisations must consider the daily operational risks associated with cyber attacks and health and safety. With poor cyber security risk management, there is a potential for hackers to overrun your systems, causing power outages and system failures.
Attacks on Building Management Systems (BMS)
Building Management Systems (BMS) are vulnerable to cyber attacks without proper security management in place. These systems control several environmental factors in a building, including ventilation, lighting, power, fire and security systems.
A cyber attack has the potential to override a BMS, putting employees’ health and safety at risk in a number of scenarios. Whilst lone working in a building that has been impacted by a BMS cyber attack, employees could face working alone in a room with no power, lighting, or adequate temperature. Furthermore, these lone workers could be faced by intruders who have gained unauthorised access to the building by overriding key security systems.
With this in mind, employers have a duty of care to consider the impact of cyber attacks on the health and safety of their employees. By introducing a lone worker safety solution into their safe system of work, employees can be assured that they can contact anyone for help when they need it most.
Attacks on communication systems
Another major risk to health and safety is the potential for hackers to compromise your internal and external communication systems. Keeping in regular contact with employees is important, especially for remote employees, lone workers and those working from home.
One communication system that faces the most risk is lone worker monitoring systems. Cyber attacks have a major impact on lone worker monitoring, where a breach of an Alarm Receiving Centres (ARC) system, or a breach of a lone worker monitoring system used by an ARC or an organisation could cause major risk towards lone workers.
In the case that a cyber attack has occurred, a lone worker who is in danger of being attacked or may have suffered an injury may find that their SOS call has not been received. Alternatively, an ARC operator may not be able to access the data to accurately respond to an alarm.
Instances like this are why organisations need to consider cyber security risk management in all areas of a business, including health and safety.
How to manage cybersecurity
Organisations should be looking at cyber threats in relation to health and safety on a regular basis, ensuring that all threats are addressed in their overall corporate approach to cybersecurity.
Measures you can put in place include:
- Regularly assessing cybersecurity defences, including all firewalls, malware protection, cybersecurity policies, staff training and regular password management.
- Regularly maintaining and reviewing access management including reviews of programmes on employee devices.
- Regular data back-ups and having a disaster recovery plan in place.
- Ensuring that your own supply chain is resilient against cyber threats, including your HR systems and lone worker monitoring systems.
To find out more about how you can effectively manage cybersecurity, you can check out the National Cyber Security Centre’s 10 Steps to Cyber Security Guide.
Disclaimer: the information provided in this article is for general guidance only and is not legal advice. This article is not a substitute for Health and Safety consultancy. For legal advice, you should seek independent advice .
Post by Scott Gilmer
Scott Gilmer is Safe Shores Monitoring’s Technical Systems Manager. Scott is responsible for the effective management of our technical systems and cyber security measures, ensuring that all threats are monitored, managed and mitigated on a regular basis to ensure that our lone worker service is always available to our customers.
To find out more about Safe Shores Monitoring and our mission to Protect, Assure and Respond to all lone workers and their requirements, please click here. To find out more about how Safe Shores Monitoring manages cyber risks, click here. You can also read more about our industry leading accreditations here.