Why Cybersecurity Matters to Safety Managers (EU/OSHA)

Connectivity frees you up to focus on what you do best – as long as you choose your solution wisely. 

Remember your first smart phone? Your first home automation device? What about the first time you used mobile banking?  

If you’re like most people, it was both exciting and a little scary to test the waters of these new technologies. Over time, however, advanced technologies have become second nature. In fact, they’ve helped make everyday life easier, better, and more efficient. 

Thankfully, worker health and safety has caught up with the technological revolution. After being left in the dark for far too long, connectivity for safety is here, and here to stay. 

There is, however, a “dark side” to living and working in a connected world; namely, breaches, hacks, and cyberattacks.  

Cybersecurity issues are real, prevalent, and growing. In fact, recent reports show that 2020 went down in the record books for the sheer amount of lost data and number of cyberattacks.¹  

For safety, the news is even more alarming. There is a growing number of attacks on connected devices and equipment known as Internet of Things or Iot.²  

For Safety Managers, this is a wake-up call. 

That’s because Industrial IoT (IIoT) devices, including portable gas detectors, are at risk for attack by cybercriminals. 

Cybersecurity and Your Gas Detection Fleet 

What, you may be wondering, could cyberthieves possibly gain from hacking our portable gas detection fleet? 

You’d be surprised. 

Cybercriminals are bent on causing disruption and destruction. Not only do gas detectors contain sensitive information, such as worker location, a connected fleet could potentially allow entry into your network system – and worse. 

That’s why cybersecurity matters. 

Proper layers of protection allow you to reap the many benefits of a connected gas detection program and give you peace of mind about your SaaS (Software-as-a-Service) solution.

Data Protection and Security  

Anytime a device, instrument, or piece of equipment is connected to the internet, your network, or the cloud, security issues and vulnerabilities are a possibility. No device – whether a mobile phone, a smart home thermostat, or a portable gas detector – is 100% immune to attack. 

Here’s a look at the top two things that can go wrong in the absence of cybersecurity measures:

1. Financial Devastation: If a device is not properly secured, it has the possibility of being reached through the internet. Cybercriminals can use this opening to infect an entire network with a type of malicious software known as ransomware. Once infected, cybercriminals will not restore access unless and until a ransom is paid. Experts predict that worldwide ransomware incidents will exceed $265 billion annually in the next 10 years^.3 
2. Compliance Violations: Depending on your industry and where you are located, regulatory agencies and governing bodies have the right to assess sizeable fines for data breaches. From the California Consumer Privacy Act (CCPA) in the U.S. to the General Data Protection Regulation (GDPR) in the European Union, failure to enact data privacy measures have the potential to cost your organization thousands or even the millions. 4,5 

This information is not intended to scare you. It is, however, meant to raise your awareness of the importance and urgency to enact secure connected solutions. 

Again, cybersecurity matters to everyone, including Safety Managers. 

A Checklist: What to Look for in a Connected Worker Solution 

 To see if your proposed or current SaaS solution stacks up to what’s needed to ensure adequate and compliant cybersecurity to support worker and worksite safety without compromise, use this checklist. Answer “yes” for statements that are true and “no” for statements that are not. 

• ISO/IEC 27001:2013 Certified: Is your proposed or current SaaS solution certified by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), guaranteeing both data protection and network security? 
• Access Controls and Authentication: Does it use industry-standard password policies and require verified user authentication? 
• Annual Penetration Testing: Does the solutions provider require annual third-party vulnerability tests on all its applications, infrastructure, and APIs? 
• Backups and Recovery: How often does the provider run backups? Are the backups encrypted? Does the provider perform a daily backup restoration test? 
• Data Access and Usage: Is system and data access restricted by an advanced set of encryption and logging features? 
• Data Privacy Policy: Does the provider have a publicly available policy detailing how information is collected and used? 
• Data Storage: Are the provider’s services and infrastructure hosted in a secure data center, such as the industry-leading Amazon Web Services (AWS)? 
• Encryption in Rest: Is data stored in an encrypted format using AES-256-bit encryption? 
• Encryption in Transit: Does the solution require HTTPS and Transport Layer Security over public networks, encrypting communications to ensure that nothing can be read or manipulated by unauthorized users? 
• Incident Response Plan: Is there a comprehensive incident response plan for suspected and actual incidents? 
• Organizational Security Measures: Does the provider maintain policies and procedures that align with ISO/IEC certification standards? 
• Personnel Security Measures: Does the provider conduct background checks, employ confidentiality agreements, and require employees to undergo regular and rigorous security and privacy training? 
• Secure Software Development: Does the provider avoid the use of data for testing purposes? Does the provider require the use of fully isolated environments for testing, staging, and production? 

Your Turn 

So how many “yes” answers did your current or proposed solution get? Better yet, how confident are you in the security and protection of your connected solution? Or are you planning to remain disconnected in hopes of avoiding cyberattacks? (Remember, hope is never an effective strategy.)

No matter what your answer, it’s critical to be absolutely certain that you are doing all you can to safeguard your workers, worksites, and connected devices with the best, most secure connected solution.

Safety io, responsible for connecting your MSA fleet of portable gas detectors to the MSA Grid software, maintains a rigorous data privacy policy and strict protection system to help ensure that the information from your MSA ALTAIR® devices remain confidential and safe. Safety io also is certified ISO/IEC 27001:2013 for its information security management practices. 

For a better understanding of how to start or continue your connected worker safety journey with cybersecurity top of mind, we invite you to contact us to learn more. 

Sources:

¹ https://www.forbes.com/sites/chuckbrooks/2021/03/02/alarming-cybersecurity-stats——-what-you-need-to-know-for-2021/?sh=2b77b5d58d3d 

² https://www.forbes.com/sites/chuckbrooks/2021/02/07/cybersecurity-threats-the-daunting-challenge-of-securing-the-internet-of-things/?sh=6e8bdba25d50 

³ https://www.zdnet.com/article/the-cost-of-ransomware-around-the-globe-to-go-beyond-265-billion-in-the-next-decade/ 

⁴ https://www.researchgate.net/publication/228141369_Negligence_Liability_for_Breaches_of_Data_Security 

⁵ ARTICLE 29 DATA PROTECTION WORKING PARTYhttps://ec.europa.eu › article29 › document