About:

Contact:

Public entities possess hundreds of thousands of records containing personally identifiable information on their constituents. Creating strong, unique passwords provides a crucial defense from identity theft and financial fraud for municipalities. 

Although widely known as the first line of defense in avoiding cybercrime, passwords have long been firmly established as the weakest link in public entity cybersecurity protocol. Poorly managed passwords remain the most significant and preventable threat to your public entity’s security posture due to the unfortunate reality that people continue to use weak login passwords. To make matters worse, these same passwords are often used across various devices, platforms, and websites. In these cases, by hacking one password, cybercriminals effectively open the doors to your entire digital ecosystem.

Passwords are often the only barrier between a public entity and personal information. While there are several programs that cyber threat actors use to ‘crack’ passwords, choosing strong passwords and keeping them secure can make it more difficult for bad actors to gain unauthorized access to sensitive data.

And as much as we try to convince ourselves that our passwords are impenetrable, professional hackers use tools and tactics to help unveil them in seconds. Weak password security can lead to data breaches, identity theft, and even computer hijacking, allowing criminals to access and exploit your entity’s personally identifiable records.

Are you still using your cat’s name, followed by an exclamation point, as your password? Do you use the same password for a variety of logins? If so, it’s time for a change. And when it comes to protecting yourself, your colleagues, and the community you serve, there’s no better time than the present. 

Four easy steps to becoming a Password Pro: 

  1. Keep it complicated. Consistently updating passwords containing more than ten characters, with a mix of letters, numbers, and symbols, can help significantly reduce your risk of being hacked. 
  2. Don’t make it personal. A study conducted by Morris and Thompson in 1978 demonstrated that it is easier to guess passwords through personal information (family members’ names, birthdays, home addresses, etc.) than to decipher them.
  3. Use random passphrases. A passphrase (e.g., “memo-tiger-thread-glue-button” or “Isn’t that quarterback the best in New England?”) can be easier for you to remember but more difficult to hack. The key to creating solid passphrases is randomness.  
  4. Get Creative. Consider using phonetic replacements, such as “ph” instead of “F.” Use an exclamation point (!) to replace the letters (I) or (L), or make deliberate misspellings, such as “enjin” instead of “engine.”
  5. Get password (and cyber) smart. The helpful tips above are examples of the initial steps you can take to protect yourself, your colleagues, and your community against cybercrime. CIRMA’s member-exclusive Cyber Webinar Series offers contextual scenarios and the latest information on successfully managing password security best practices. Sign in to CIRMA e-learning to access this valuable member benefit, or contact us to get started.  

Most of our professional and personal business is conducted online, and maintaining strong and secure passwords is crucial to mitigating cyber-related risks and exposures. Training and education remain the most effective defense against cybercrime, and knowing how to protect yourself and your organization is easier than ever. Learn at your own pace and when and where you choose with CIRMA’s e-learning resources, 24 hours a day, seven days a week.

If you haven’t taken advantage of the many benefits available through CIRMA’s e-learning platform, contact your local CIRMA Risk Management representative today to get started. There is no additional charge to CIRMA members or their employees for this service. 

Check out CIRMA’s Cyber Center to learn how CIRMA can help your organization prevent and manage cyber exposures.

Cyber Resources Created for CIRMA Members:

red cirma icon
Reporting Cyber Crimes
 Download File
red cirma icon
Faces of Cyber Crime
 Download File
red cirma icon
e-Learning Target Solutions
 Download File
red cirma icon
Cyber Flyer
 Download File
red cirma icon
Cyber Whitepaper
 Download File
red cirma icon
Security Resources
 Download File
red cirma icon
Four Point Risk
 Download File
red cirma icon
Increased Geopolitical Threats
 Download File

Social and Emotional Wellness at Work; How Does Your Entity Measure Up?

The adoption of workplace social and emotional health programs skyrocketed over the past two years due to heightened visibility during the pandemic when remote and high-risk work environments caused or exacerbated employees’ psychological and behavioral health issues. 

As lines continue to blur between work and home life, personal stressors such as financial strain, childcare concerns, and other obstacles can also weigh heavily on the minds of your staff and colleagues. In addition, the effects of stress and trauma can be significantly compounded if an individual does not have stable, positive relationships at work.

Providing social and emotional health programs and resources or enhancing your entity’s existing offerings can make a world of difference. In addition, employees who actively foster social and emotional health within their organizations can help nurture an inclusive and positive culture that will yield significant benefits over time. Below are a few examples to consider:

Recommendations for Improving Social and Emotional Health at Work

1) Be a model for the social and emotional culture you want to see in your organization. Some of your coworkers will prefer to remain private and keep to themselves while managing difficult situations. However, if welcomed, take an active interest in your colleagues’ lives and overall well-being. Engage in routine wellness checks and provide appropriate levels of support when needed to help build trust and provide an emotional safety net for future times of crisis.

2) Make it easy for employees to know whom to talk to or where to go to access social and emotional health resources. Time and time again, studies reveal that what employees want the most in the workplace is training and more easily accessible information about where to go or whom to ask about mental health support. Ensure that all employees understand how they can access emotional support tools and resources within your organization; resources can include an appointed delegate who is equipped to guide personnel to these resources.

3) Establish an employee assistance program. Organizations will typically utilize an employee assistance program to support workplace social and emotional health. Extending these benefits to immediate family members can increase employee effectiveness and increase utilization. In addition, form a working group to help identify needs for more tailored solutions that will best serve your entity’s needs; members of this working group can also assist in implementing these resources, serving as program stewards.

4) Establish a peer-to-peer program. Peer-to-Peer programs have proven effective in providing employees with a productive outlet to discuss social and emotional issues they might be dealing with. In addition, peers can often empathize with their colleagues’ feelings because their experiences are often similar.

Many of us spend a significant percentage of our lives at work—and if someone is struggling with social and emotional concerns, it can be challenging to put them aside and try to ignore them while on the job. However, by implementing the recommendations outlined above, you can help your colleagues and staff be the best versions of themselves— in the office, at home, and beyond.

Have questions about social and emotional health and wellness within your public entity? Contact your Risk Management professional for more information. 

Featured annually during October, and now in its 21st year, CIRMA observes Cybersecurity Awareness Month by highlighting the importance of staying safe online. We will share some of our most vital cybersecurity resources throughout October to help you and your employees understand and overcome existing and emerging cyber exposures. To kick things off, we will explore the topic of social engineering, what it is, and why it is so important.

Social engineering attacks are often highly profitable for cybercriminals and are one of the most common ways they exploit human instincts. Social engineering uses psychological manipulation instead of exploiting technical vulnerabilities and takes advantage of a victim’s instincts and emotions to obtain sensitive information. An attacker uses human interaction to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization’s network. Suppose an attacker cannot gather enough information from one source. In that case, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.

Pretexting, a social engineering tactic used in business email compromise (BEC) scams, remains the primary cause of cybersecurity incidents, with attackers targeting users through existing email threads in their relentless efforts to obtain sensitive data for their financial gain. BEC scams make up about 24% to 25% of money-driven attacks, with the typical transaction amounting to $50,000 annually (2023 Verizon Data Breach Investigations Report).  

Cyber threat actors use various methods to infiltrate network systems and expose sensitive and vulnerable information. Phishing is the most common method of social engineering, where a hacker often convinces their victim to click a malicious link or software in an email. Baiting is another prevalent method of social engineering, referring to bad actors luring their victims into relinquishing sensitive information by tempting them with a valuable object or offer. For example, an attacker may send an email that may appear to be from a coworker, business partner, or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to access the accounts. Attackers also use holidays, epidemics, and natural disasters to solicit personal information and use voice communication and text messages to deceive their victims. 

Attackers use holidays, epidemics, and natural disasters to solicit personal information and use voice communication and text messages to deceive their victims.

 Key findings in the 2024 Verizon Data Breach Investigations Report:

Social engineering attacks are notoriously difficult to prevent, as they depend heavily on the human element. It takes one employee’s mistake to compromise a municipal network’s integrity, demonstrating the significance of training employees on cybersecurity awareness. Data security policies combined with cybersecurity awareness training can assist employees in understanding how to detect and respond to social engineering attacks.

Ensuring municipal and school board employees are aware of and adequately trained on cybersecurity best practices can help minimize the risk of a costly and disruptive data breach. Risk Management offers a Cyber Webinar Series through its exclusive CIRMA member Vector Solutions platform. This robust training and education tool features cybersecurity-related online training courses and webinars proven to educate employees and reduce costly and disruptive cyber exposures.  Courses and webinars are available for employees to learn at their own pace, 24 hours a day, seven days a week.

If you haven’t taken advantage of the many benefits available through CIRMA’s exclusive online training and education platform, contact your local CIRMA Risk Management representative to get started today. There is no additional charge to CIRMA members for this service. Visit CIRMA’s Cyber Center for helpful information on preventing and managing cyber exposures. Contact your local CIRMA Risk Management representative to get started today.

Helpful Cyber Resources for CIRMA Members:

red cirma icon
Reporting Cyber Crimes
 Download File
red cirma icon
Faces of Cyber Crime
 Download File
red cirma icon
e-Learning Target Solutions
 Download File
red cirma icon
Cyber Flyer
 Download File
red cirma icon
Cyber Whitepaper
 Download File
red cirma icon
Security Resources
 Download File
red cirma icon
Four Point Risk
 Download File
red cirma icon
Increased Geopolitical Threats
 Download File

How to ensure you and your employees are protected.

Proper use of personal Protective Equipment (PPE) is crucial for accident prevention in the municipal workplace. From road maintenance crews to police officers managing traffic flows, employees in various municipal roles face a range of hazards daily. PPE plays a pivotal role in safeguarding your employees from potential risks, ensuring their well-being, and enabling them to perform their duties effectively. 

According to the National Library of Medicine, about 40% of employees do not wear personal protective equipment (PPE) in the workplace, exposing themselves to a myriad of potential hazards, injuries, and, in extreme scenarios, fatalities. Public entities should implement and enforce a comprehensive PPE program to mitigate these risks. Raising awareness about the importance of PPE ensures your employees understand its importance, know how to select the appropriate gear for specific tasks, and are properly trained to utilize it. 

Municipal employees engage in diverse tasks that expose them to different risks, from exposure to harmful chemicals to physical injuries. Public entity employees must wear PPE to safeguard themselves from workplace hazards such as physical injuries, chemical exposures, and biological contaminants. Serious workplace injuries and illnesses can result from exposure to chemical, radiological, physical, electrical, mechanical, and other hazards.

Training programs should cover the selection, maintenance, and proper use of PPE, and employees must receive proper training and monitoring to ensure the program’s effectiveness. PPE may include gloves, safety glasses, safety shoes, earplugs or earmuffs, hard hats, respirators, coveralls, vests, and full-body suits.

Personal protective equipment is covered by OSHA 29 CFR 1910.132, which requires that many categories of PPE must meet or be equivalent to the standards set by the American National Standards Institute (ANSI). This section outlines OSHA’s standard, detailing the general requirements for using and providing PPE to employers in the workplace and the importance of implementing a comprehensive PPE program. 

Per OSHA requirements:

Protective equipment, including personal protective equipment for: 

… shall be: 

When employees feel safe and protected, they’re better able to focus on their tasks, leading to improved productivity and efficiency. Public entities that implement the required PPE training and protocol can help avoid accidents, mitigate costly claims, and keep their workforce safe.

Adhering to safety regulations isn’t just about ethical responsibility; it’s also a legal obligation. Municipalities are bound by laws and regulations mandating the provision of PPE to employees exposed to occupational hazards. Failure to comply can result in legal repercussions, including fines and lawsuits. 

Beyond mere compliance with regulations, PPE is a critical component of fostering a safe, productive, and resilient workforce. By investing in quality PPE, enforcing its usage, and cultivating a culture of safety, municipalities not only fulfill their legal obligations but also demonstrate their commitment to employee welfare and public trust. Raising awareness about the importance of PPE ensures your employees understand its importance, know how to select the appropriate gear for specific tasks, and are properly trained to utilize it.

CIRMA offers a PPE training and education series through its exclusive CIRMA member Vector Solutions platform. This robust training and education tool features online training courses and webinars proven to educate employees and reduce workplace injuries and illnesses by wearing the appropriate protective equipment. 

Has your municipality or local taken advantage of the many benefits available through CIRMA’s exclusive online training and education platform? Contact your local CIRMA Risk Management representative to get started today.

How to Support Social and Emotional Wellness in the Workplace

The stigma attached to mental health plays a pivotal role in negative mental health outcomes, alongside limited access to services and misconceptions about the nature and effectiveness of mental health treatment. Numerous employees in public entities encounter trauma due to their work-related experiences. This may encompass secondary trauma, which refers to the emotional strain individuals undergo when exposed to firsthand traumatic incidents recounted by others. Furthermore, the impact of stress and trauma can be greatly magnified when employees lack mental health support from their employers.

Failure to cultivate a workplace culture that advocates for mental health can subject employers to legal risks, including claims of workplace violence or failure to provide a safe working environment under employment laws and regulations. This emphasizes the importance of cultivating a workplace culture that promotes mental health.

Providing social and emotional health resources or strengthening your entity’s current offerings can bring about meaningful changes. Prioritizing mental health in the workplace is essential for promoting a healthier, happier, and more productive workforce. It’s not just about complying with regulations; it’s about creating a workplace culture that values and supports employees’ mental well-being. Addressing the stigma of mental health in the workplace requires a multifaceted approach that involves raising awareness, implementing supportive policies and practices, and fostering a culture of acceptance and inclusion.

Individuals with mental health conditions, including both children and adults, may also have additional risk factors for violent behaviors, influenced by various factors at the individual, family, community, and societal levels. According to SchoolSafety.gov, up to 1 in 5 children in the United States experience a mental health condition each year. Schools are crucial in cultivating safety and improving at-risk students’ behavioral outcomes. By leveraging resources to support the mental health needs of students, educators, and staff, schools can contribute to a safer learning environment. Consequently, improving access to mental health services can contribute to making schools safer.

Municipalities should actively promote the utilization of their Employee Assistance Programs (EAP). EAPs play a critical role in supporting employee well-being by offering confidential counseling and assistance for various personal and work-related challenges. By investing in EAPs and encouraging their utilization, municipal leaders can create healthier, happier, and more productive workplaces for the benefit of their employees and the community as a whole.

District and school administrators play a critical role in improving mental health needs by offering instruction that enhances awareness of mental health and social and emotional development. Connecticut General Statute (C.G.S.) 10-222h addresses the school district’s efforts in prevention and response to bullying in schools. Connecticut local and regional boards of education shall collect the school climate assessments for each school and establish a school climate committee to develop and implement a safe school climate plan to address bullying in schools.

District and school leadership have the discretion to choose a social-emotional learning model that fits the needs of their students and the overall school climate. CIRMA Risk Management does not endorse any particular organization that provides social and emotional learning resources. However, below are some organizations to consider that focus on the education of social and emotional learning:

CIRMA encourages its members to use the following resources to promote mental health:

The stigma attached to mental health, alongside the challenge of recognizing mental health issues, hinders individuals from seeking the necessary mental health services. Municipal and educational leaders have the potential to be proactive in preventing mental health crises by providing social and emotional support and education to their employees and students. Adopting easy-to-implement best practices, such as promoting the utilization of EAPs and focusing on the education of social and emotional learning, is particularly vital for the well-being of students and employees to minimize the risks of untreated mental health conditions.

Have questions? We’re here to help. CIRMA Risk Management offers robust training and education resources that feature mental health awareness and provide best practices for employees to protect their mental health. 

Has your municipality or school board taken advantage of the many benefits available through CIRMA’s online training and education platform for its members? Our e-Learning Center for more information or contact CIRMA Risk Management to get started and set up an e-learning account today. CIRMA e-Learning is an exclusive benefit offered to CIRMA members.

Respect the Zone: A Commitment to Work Zone Safety

It only takes a second. One glance at a phone, one moment of distraction, one wrong move—and a life can be lost in a work zone. Every year, road workers risk their lives to maintain and improve the infrastructure that keeps our communities running. And while we’ve made progress—work zone fatalities dropped 7% between 2021 and 2022—even one death is too many.

That’s why National Work Zone Awareness Week (NWZAW) has been raising awareness for nearly 30 years, reminding all road users to “Respect the zone so we all get home. ”The 2025 commemoration, scheduled for April 21 to 25, will emphasize the critical importance of work zone safety through events such as a National Kickoff Event, “Go Orange Day,” and a powerful Moment of Silence honoring lives lost in work zone incidents.

Work zones create complex and potentially hazardous conditions, such as altered traffic patterns, reduced lanes, closed sidewalks, and active construction equipment. Safely navigating these areas is crucial for municipal employees, first responders, and school transportation professionals—not only for their own safety but also for the well-being of their coworkers, residents, and the road workers who depend on them to drive responsibly.

Shared Responsibility, Collective Action

CIRMA is committed to helping its members reinforce a culture of safety. Through expert-led training and cutting-edge resources, CIRMA Risk Management provides compliance guidance and practical strategies to promote safe driving.

CIRMA members are encouraged to access the following resources:

Public entity leaders like you understand the importance of leading by example, supporting one another, and preventing unnecessary tragedies. Have you ensured that your entity takes full advantage of CIRMA’s valuable and exclusive member safety resources?

 Visit CIRMA.org to access robust training options that feature awareness and statistics of vehicle accidents and provide best practices for safe driving operations. Contact your CIRMA Risk Management professional to get started today and set up an e-learning account. CIRMA e-learning is complimentary for CIRMA members and their employees. 

Contact your CIRMA Risk Management representative today to get started. Because when we respect the zone, we all get home.

The home office has become a coveted commodity. Unfortunately, not all homes offer dedicated office spaces. Because of this, kitchen counters, dining tables, living rooms, or bedroom spaces are doubling as home offices.

CIRMA’s latest whitepaper, Creating a Home Work Environment That Works for You, identifies best practices for employees working from home who face the dilemma of creating a workstation that allows them to be productive and incorporate proper ergonomics. In this whitepaper, we share achievable and straightforward guidance to help you maximize comfort and reduce risks while working from home.

Adopting healthy behaviors outlined in this helpful resource and knowing what to look for when choosing the right space for you can improve your overall well-being and maximize productivity while working remotely.

Creating a home workspace does not require extraordinary upgrades to your home or even purchasing fancy office equipment. Setting up a workspace with basic ergonomic strategies in mind is beneficial in many ways, including promoting productivity and focus and helping to avoid discomfort and social isolation.

Helpful Resources for CIRMA Members:

Take me to the full whitepaper

Download CIRMA’s latest Workplace Safety Works Ergonomics poster

Sprains and Strains; A Preventable Workplace Exposure

Sprain and strain injuries are the most common and costly workplace injuries. Employees can injure their knee, shoulder, wrist, or back while performing everyday work-related tasks.

So what are Sprains?

A sprain is an injury to a ligament (tissue that connects two or more bones at a joint). In a sprain, one or more ligaments are stretched or torn.

What are Strains?

A strain is an injury to a muscle or a tendon (tissue that connects muscle to bone). In a strain, a muscle or tendon is stretched or torn.

The Causes of Sprains and Strains

Sprains and strains can happen suddenly or develop over time. Employees exposed to causative risk factors are more likely to develop a sprain or strain injury.

CIRMA members have reported approximately 11,500 claims over the past five years. While sprain and strain injuries can be frequent and significant to your public entity, the personal costs to the injured employees can be higher. Many are often left in chronic pain or permanently disabled.

The good news is that there are many easy-to-implement and practical steps that municipal and school leaders can take to protect employees. CIRMA members have reduced the number of sprain and strain injuries to employees by 16% over the past five years through resources that educate on avoiding these types of injuries.

Education is key to mitigating risk—download CIRMA’s new workplace safety posters to help raise awareness about injury prevention.  

Safe Lifting

Preventing Injuries

Managing Sprains and Strains

Easy Ergonomics

Access CIRMA’s online portal for more important employee training and education tools and resources on relevant seasonal topics.