Tuesday, November 28, 2017

Workplace Safety


I’ve held off writing about this topic waiting for the appropriate time, which seems may never be. Prayers are offered to the victims of the senseless violence that has been taking place all too often. Public spaces and, sadly, places of worship have become unsafe. We have to be alert and on guard at all times, no matter where we go. The intent of the article began as a response to the sexual harassment accusations surfacing in the entertainment industry. Then a man shot several people at business locations in Maryland and Delaware. And the horrific murders in a Texas church. Every week brings more of these stories in the news. Staying on topic I’d like to speak about the hostile work environments caused by both violence and harassment. This article is posted with all due respect and prayers for the victims of recent violence. 

The workplace environment can be unsafe or hostile for several reasons. When the term, workplace safety, is used the first thought goes to accidents and hazards, which are some of the leading causes of injury and death. There can also be violent physical attacks against the business or the employees. Probably the most overlooked is the environment itself which can be toxic because of sexual harassment, bullying, or mistreatment. 

Hostility does not necessarily have to result in violence or injury. Many workers fear the workplace due to environments created due to sexual harassment and bullying. A survey conducted by the Rand Corp., Harvard Medical School, and the University of California, Los Angeles determined that one-fifth of Americans find the workplace environment to be hostile.

Harassment

This type of workplace hostility has come to the forefront with the revelations playing out in the entertainment industry. Everyday more victims are coming forward and not only in that specific industry. The celebrity victims have empowered women and men across all industries to come forward. The Equal Employment Opportunity Commission (EEOC) defines sexual harassment as:
unwelcome sexual advances, requests for sexual favors, and other verbal or physical harassment of a sexual nature and also can include offensive remarks about a person’s sex (male/female/orientation). Harassment is illegal when it is so frequent or severe that it creates a hostile or offensive work environment. Both victim and the harasser can be either a woman or a man, and the victim and harasser can be the same sex. The harasser can be the victim's supervisor, a supervisor in another area, a co-worker, or someone who is not an employee of the employer, such as a client or customer.

The EEOC reported 28, 216 incidents of harassment in 2016 with 6,758 of those being sexual harassment incidents. These numbers do not include charges filed with state or local agencies.

Employers are responsible for providing a safe workplace. This goes well beyond ensuring the physical location is safe and employees are trained in the performance of their duties. Employers are also charged with providing a safe and healthy work environment. This starts with the owners and managers and how they conduct themselves. They must be held to the company standard and train employees on how to make an inclusive workspace.

Training and education of employees should be held at regular intervals. Ensure all employees are made aware that any type of harassment will not be tolerated. All reports must be taken seriously and employees must feel that they can make reports against any employee or supervisor without fear of retaliation. Which itself is a crime.

Violence

Workplace violence can be more than employees returning to work and shooting co-workers. Violence can manifest itself in many forms. The Occupational Safety and Health Administration (OSHA) defines workplace violence as:
any act or threat of physical violence, harassment, intimidation, or other threatening disruptive behavior that occurs at the work site. It ranges from threats and verbal abuse to physical assaults and even homicide. It can affect and involve employees, clients, customers and visitors. Homicide is currently the fourth-leading cause of fatal occupational injuries in the United States.
                       
Following the above definition, OSHA reports over two million incidents of workplace violence every year, with many cases unreported. The Bureau of Labor Statistics reported that there were over 400 workplace homicides in 2015. However, that number does not differentiate between being a victim as a result of the job or the victim of an attack, i.e.-Killed during a robbery of the business v. killed during an attack on the workplace. With this broad definition and the way statistics are captured it is hard to differentiate the specific acts of violence, how they occurred, and against whom. The point being, the workplace can be a dangerous place. Not just physical violence, but less graphic acts of violence can occur as well.

In August 2017, a Sterling, VA woman was convicted and sentenced to three and half years in jail for poisoning co-workers. An investigation into why co-workers had become ill after drinking coffee from the break room machine revealed that the coffee had been tainted. The woman later admitted that she had poured Windex, Ajax, and soap into the coffee machine water tank in an effort to make her supervisor sick. She also admitted to putting cleaning products directly into her supervisor’s coffee cup.

Small business owners have to realize that a violent act can happen anywhere to any type of business. Whether it is a disgruntled employee or customer, or the perpetrator just chooses the business for the act, a violent attack can happen anywhere. Therefore, workplace violence is everybody’s problem. More importantly, prevention is everyone’s responsibility.

Awareness and Prevention

FBI studies have concluded that individuals do not "snap" and suddenly become violent without an antecedent or perceived provocation. Instead, the path to violence is an evolutionary one. There are subtle indicators of the potential for violence. The trick is being aware enough to detect the indicators.

Prevention is everyone’s responsibility. From top to bottom. Every employee must feel that it is there responsibility to protect the workplace. Employers/managers have to know their employees and the atmosphere of the workplace. Watch for changes in behavior and disruptions. Monitor the post disruption atmosphere.

As with harassment issues training is paramount. Make employees feel safe in reporting potential threats.  Drill them on how to handle and respond to incidents. Review company policies. Practice what if scenarios.

Being aware of the possibilities is a good first step to a safe workplace. The weekly incidents in the news show us that we cannot hide our heads in the sand any longer. But being aware is not enough. Business owners have to take the initiative to make changes and educate their employees.

Please feel to free any post. See the blog archive for other posts regarding workplace safety.


Monday, November 13, 2017

Time expired on parking meters


You approach the parking meter. It is a standalone machine in the parking lot; not connected to a building or a visible wired connection. While the meter does accept cash, it also has a credit card slot. You unsheathe your card and slide into the slot as instructed by the screen instructions. The meter reads your card and communicates, wirelessly, with the bank. If the card is authenticated, the transaction is approved and the meter distributes a receipt. Transaction complete. So what just happened? 

In the digital communication-everything is hackable world we live in how are parking meters safe? Research on this topic seems to indicate a risk reward scenario or more likely a Not worth the effort scenario. As we have seen in recent years, any system of any entity is subject to hacking. No matter the type of hardware or the owner. This article continues the discussion regarding the security of parking meters raised in the post Skimmers, August 2017.

The parking meter

Before we get into the security of the parking meter, first a little history.

According to Wikipedia, Massachusetts entrepreneur Roger Babson filed the first patent for a parking meter in 1928. The electric meter was meant to be powered from the battery of the parked car. Either due to design or necessity at the time the Babson meter never caught on. In 1935, Oklahoma City newspaper publisher Carl C. Magee had identified parking issues in the business district and was asked to find a solution. His idea was to regulate parking through coin operated meters associated with spaces determined by lines painted perpendicular to the curb. Magee asked Oklahoma State University engineering professors Holger Thuesen and Gerald Hale to develop a machine. The result was the Park-O-Meter, which Magee received a patent in 1938. The first Park-O-Meter was installed in downtown Oklahoma City in July 1935. Retailers loved the meters as they encouraged a quick turnover of cars and potential customers. Drivers, initially opposed, were forced to accept them. The cost for that first hour was five-cents.

The first meters accepted coins and had a dial to engage the timing mechanism with a red flag to indicate expiration of time. Those meters required a service person to keep the mechanism wound. Later iterations by other companies provided a system that remained wound by the action of the user setting the time, eliminating the need for service personnel. Since the parking meter made its debut there have been many styles and mechanisms deployed. All of which have completed the same task, measuring an amount of time for a price. Manual mechanisms remained in service for fifty some years until advancement in technology allowed for digital operations in the 1980’s.

At this point in our history lesson drivers looking to park their cars still had to use coins. Some machines only accepted one kind of coin. Different variations of the parking meter existed depending on the maintenance and replacement by local governments.  

Again Wikipedia tells us that in 2007 the IPS Group from San Diego, California introduced the solar powered credit card accepting parking meter. (Wikipedia is used as a source because there isn’t much out there in the way of the history of the parking meter)  The so called smart parking meter was born.

Smart parking meters

Advances in wireless technology have been applied to parking meter design to develop the “smart meter”. These meters are solar powered with wireless connectivity. This gives the meters the capability to talk to maintenance crews and banks, allowing for service calls and electronic transactions. This type of technology also allows drivers to pay through the use of phone apps and single machines to regulate multiple spaces. They also can be designed to alert enforcement personnel when cars are over parked.

The market is flooded with types and styles from a variety of vendors. Some municipalities use single pole meters per space and others use machines that regulate multiple spaces. All use wireless connectivity. Which brings up the question-Can they be hacked?

Are smart parking meters secure?

Shortly after the introduction of the smart parking meter three hackers revealed at the Black Hat conference in Las Vegas in 2009 that they had hacked meters in San Francisco. In an attempt to prove the security flaws of the new technology, the hackers’ reverse engineered the technology and found that the machines had little in the way of protection or encryption. They were able to “trick” a variety of meters into providing free parking. This infiltration manipulated the meters but did not attempt to intercept or steal credit card transactions.

Since this report was made public parking meter manufacturers have worked to improve the technology to protect electronic data transfer. Even the FTC issued a report in 2015 encouraging all manufacturers of smart devices (Appliances, thermostats, etc.) to invest more into securing the “Internet of things”

The International Parking Institute released a report titled, "What's What in parking Technology" in 2016. The report describes a point-to-point credit card encryption method, which delivers end-to-end encryption. The method instantaneously converts credit card data into an indecipherable code at the time the card is swiped to prevent hacking. Similar to how Apple Pay creates a token that has no exploitable meaning or value except to the key holders at either end of the transaction. This allows the meters to communicate directly to the banks.

This also means that any credit card data stored on the meter is encrypted as well so that it cannot be read by anyone, including maintenance personnel. As with any electronic transaction it is recommended that you keep your receipt as it contains a bank authorization number on your receipt to reference your transaction with your credit card company.

Hacking the wireless connection to obtain credit data may not be fruitful but there have been a few instances reported regarding skimming. This is when a thief attaches a device over or into the manufacturers credit card slot. The device collects credit card data as they are swiped. The problem is that parking meters are smaller than ATMs and gas pumps. So it is harder to hide the skimming devices. Not that it cannot be done or tried. On ANY type of machine that accepts credit cards you should check for evidence of tampering before swiping your card.  

So, our journey brings us back to the question, is it safe to use your credit card in a smart parking meter? For the most part, yes. The meters themselves either do not store data or the data is encrypted. The transactions also are encrypted. The machines themselves offer little space for skimming devices. Can they be hacked? More than likely a resounding yes as anything can be. Is it worth the criminals’ effort? Other than bragging rights probably not. The pay off is not worth the effort.

Another source of curiosity are vending machines that accept credit cards. There have been no indications that they’ve been targeted. But with what we’ve learned about parking meters, we’ll chalk those up to the pay off is not worth the effort as well.

Please feel free to share any and all posts. See the blog archive for more posts about wireless and personal security
Skimmers August 2017
Pain at the pump October 2016
Taking your identity on vacation June 2013