The history of law enforcement vehicles can be traced as far back as the 1800s. Initially, police used horses and patrol wagons; however, by the 1920s, the automobile transformed how they performed their duties. While an unfortunate reality, history also teaches that suspects, on occasion, flee from police officers. Police pursuits, while sometimes necessary, are high-risk events that can present significant dangers to suspects, members of the public, other vehicles on the road, and police officers themselves.

In light of these risks, law enforcement agencies must ensure their personnel adhere to their Department and State of Connecticut Pursuit Policies to ensure their and others’ safety and reduce liability. Police departments should also conduct regular police training on their specific pursuit policies to reinforce critical best practices and protocols.

Police Officer Standards and Training Council (POSTC) Model Pursuit Policy 

The POSTC Model Pursuit Policy is a practical resource that helps municipal police departments perform their duties safely and consistently. The document outlines all policy sections to help your department create a tailored policy. The model policy includes sample language on definitions, procedures, operations, responsibilities, tactics, firearm use, termination, inter-jurisdictional pursuits, post-pursuit reporting, alternative measures, and training.

CIRMA Can Help 

Police pursuits are complex issues that have kept leaders up at night since the advent of the modern automobile. Understanding state and local pursuit policies can help officers keep their personnel and communities safe while reducing liability for themselves and their respective police departments. 

CIRMA Risk Management provides a Roll Call Series targeted at Law Enforcement, various law-enforcement-focused training resources, and information curated through our Law Enforcement Advisory Committee.

CIRMA will help you review your department’s policies, including your police motor vehicle pursuit policy. Contact your CIRMA risk management consultant for more information today.

Law enforcement personnel spend extensive time on the road. Paradoxically, building defensive driving skills often receives little attention in basic academy training and is seldom promoted as part of in-service training. The need for defensive driver training is increasingly evident. According to the National Institute for Occupational Safety and Health, 33% of all line-of-duty deaths are motor vehicle-related. Furthermore, countrywide data finds that collisions involving law enforcement vehicles typically occur during routine driving conditions and are often preventable.

Law enforcement should be trained on a consistent basis and practice defensive driving because of their extensive time on the road and the unique demands of their duties. The State of Connecticut has over 90 municipal police departments, employing over 6,500 police officers. Vehicle-related incidents could be prevented if more effective driving techniques were applied behind the wheel. Ensuring municipal law enforcement is adequately trained on defensive driving can help minimize the hazards officers face while performing their duties on the road.

The following are the leading behavior-related hazards that put officers at risk of a crash while performing their duties: 

• Not wearing a seatbelt
• Speeding, mainly through intersections
• Distracted driving, using a mobile data terminal or other electronics
• Experiencing tunnel vision from increased stress

Defensive driver training and education, better driving practices, and increased awareness can help keep law enforcement officers and their communities safe. Officers work together to make their communities safer; they should also take every measure to keep themselves safe. Emergency vehicle operation is a primary activity for municipal law enforcement agencies, which further punctuates the need to routinely train officers on vehicle safety and defensive driving skills. 

CIRMA offers comprehensive defensive driver training resources for law enforcement personnel. Our robust training and education tools feature awareness and statistics of police vehicle accidents, a review of state statutes, and risk management best practices. 

Has your municipality or school board taken advantage of the many benefits available through CIRMA’s exclusive training tools and resources? Contact your local CIRMA Risk Management representative to get started today.

Odds are, if you’re a risk manager or information technology professional, you likely associate October with Cybersecurity awareness. And we can’t blame you. October is, after all, Cyber Security Awareness Month, and the unfortunate circumstances that can arise due to poor cybersecurity practices can be much more frightening than any Halloween scare. That’s why, this week, we’re drawing attention to the prevalence of human error in phishing attacks and the value of employee education and training.

IBM’s 2023 Cost of Data Breach Report identifies phishing as the most prevalent and costliest attack vector, responsible for an average cost of $4.9 million per data breach.

Human error (still) remains the leading cause of cybersecurity breaches, as employees continue to fall victim to phishing attacks. Verizon’s Data Breach Investigation report states that phishing makes up 44% of social engineering incidents. Organizations have battled human error since welcoming technology into the workplace. Whether employees ignore security software updates or fall victim to phishing emails, breaches can evolve from countless avenues due to fundamental human error. 

Over 90% of data breaches and hacks result from phishing scams that appear most frequently through emails, where criminals pose as legitimate institutions to obtain personal information. Successful phishing cyberattacks are costly and can cause substantial interruptions to your operations.

If you’re unsure whether you’ve identified a potential email phishing scam, remember to always err on the side of caution and report it immediately.

If you suspect an email phishing scam, here’s what to look for:

• Poor grammar and spelling
• Blurry and pixelized logos/graphics
• Requests that violate established rules
• Requests that are deemed urgent, lack context, and are outside of normal business operations
• The “From” email address does not match the sender’s actual name or email address
• Suspicious embedded URLs (hover over the link without clicking to see the actual URL address)
• Suspicious attachments with odd, unrecognizable file names 

Educating employees to identify common phishing scam tactics is the first step to mitigating cybercrime. The most effective defense is raising awareness about all types of phishing scams through training and education. Has your municipality or school board taken advantage of the many benefits available through CIRMA’s exclusive online training and education platform? Contact your local CIRMA Risk Management representative to get started today.

Learning how to be cyber-smart has never been more convenient. CIRMA’s online courses and webinars allow employees to learn at their own pace, 24 hours a day, seven days a week. CIRMA offers a Cyber Webinar Series through its exclusive CIRMA member Vector Solutions platform. This robust training and education tool features cybersecurity-related online training courses and webinars proven to educate employees and reduce costly and disruptive cybercrimes, including phishing attacks.  

If you haven’t taken advantage of the many benefits available through CIRMA’s exclusive online training and education platform, contact your local CIRMA Risk Management representative to get started today. There is no additional charge to CIRMA members for this service. 

Reporting Cyber Crimes

Download File

Faces of Cyber Crime

Download File

e-Learning Target Solutions

Download File

Cyber Flyer

Download File

Cyber Whitepaper

Download File

Security Resources

Download File

Four Point Risk

Download File

Increased Geopolitical Threats

Download File

Held every October, and now in its 20th year, CIRMA observes Cybersecurity Awareness Month by highlighting the importance of staying safe online. We will share some of our most vital cybersecurity resources throughout October to help you and your employees understand and overcome existing and emerging cyber exposures.

To kick things off, we will explore the topic of social engineering, what it is, and why it is so important.

Social engineering attacks are often highly profitable for cybercriminals and are one of the most common ways they exploit human instincts. Social engineering uses psychological manipulation instead of exploiting technical vulnerabilities and takes advantage of a victim’s instincts and emotions to obtain sensitive information.

Cyber threat actors continue their relentless efforts to obtain sensitive data by impersonating employees for financial gain. Business Email Compromise (BEC) attacks have doubled over the past year, and represent more than 50% of incidents within a social engineering pattern (2023 Verizon Data Breach Investigations Report).  Social engineering can cost municipalities millions of dollars annually, but more importantly, data breaches can lead to identity theft and operational disruptions. Ensuring municipal and school board employees are aware of and adequately trained on cybersecurity best practices can help minimize the risk of a costly and disruptive data breach.

Cyber threat actors use various methods to infiltrate network systems and expose sensitive and vulnerable information. Phishing is the most common method of social engineering, where a hacker often convinces their victim to click a malicious link or software in an email. Baiting is another prevalent method of social engineering, referring to bad actors luring their victims into relinquishing sensitive information by tempting them with a valuable object or offer.

Attackers use holidays, epidemics, and natural disasters to solicit personal information and use voice communication and text messages to deceive their victims.

 Key findings in the 2023 Verizon Data Breach Investigations Report:

• 97% of cyber threat actors were motivated by financial gain
• 3% of cyber threat actors were inspired by espionage
• Techniques utilized to gain unauthorized access to an organization:
  • 49% stolen credentials
  • 12% phishing
  • 5% exploiting vulnerabilities

Social engineering attacks are notoriously difficult to prevent, as they depend heavily on the human element. It takes one employee’s mistake to compromise a municipal network’s integrity, demonstrating the significance of training employees on cybersecurity awareness. Data security policies combined with cybersecurity awareness training can assist employees in understanding how to detect and respond to social engineering attacks.

CIRMA Risk Management offers a Cyber Webinar Series through its exclusive CIRMA member Vector Solutions platform. This robust training and education tool features cybersecurity-related online training courses and webinars proven to educate employees and reduce costly and disruptive cyber exposures.  Courses and webinars are available for employees to learn at their own pace, 24 hours a day, seven days a week.

If you haven’t taken advantage of the many benefits available through CIRMA’s exclusive online training and education platform, contact your local CIRMA Risk Management representative to get started today. There is no additional charge to CIRMA members for this service. Visit CIRMA’s Cyber Center for helpful information on preventing and managing cyber exposures. Contact your local CIRMA Risk Management representative to get started today.

Critical infrastructure includes resources that provide functions necessary for our way of life. Threats to these resources, including cybersecurity exposures, often have debilitating security, economic, and public health and safety consequences.

The evolving cybersecurity risk landscape demands an evolved response.

Through a collaboration between the Cybersecurity and Infrastructure Security Agency (CISA), the Connecticut Military Department (CTMD) Joint Cyber Team, and industry partners like CIRMA, critical cyber resources are now available to help your public entity address evolving cybersecurity threats head-on. The CTMD Joint Cyber Team offers comprehensive Cyber Assessments to all 169 Connecticut Municipalities. The Team uses Cybersecurity and Infrastructure Security Agency (CISA) and Connecticut Interlocal Risk Management Agency (CIRMA) guidelines to assess cybersecurity and relative operational policies.

Assessments are fully funded by the Division of Emergency Management and Homeland Security (DEMHS).  

Getting started is easy; Contact a CTMD Joint Cyber Team Member to schedule your Assessment. Assessments take approximately 60 to 90 minutes to complete and should include members of your Information Technology (IT) Team.

Your entity will receive a comprehensive report on organizational vulnerabilities to cyberattacks, infrastructure weaknesses, and proven recommendations for corrective action.

Cyber Assessments can help:

1. Reduce the likelihood of a damaging cyber incident
2. Detect malicious activity quickly
3. Respond effectively to confirmed incidents
4. Maximize organizational resilience

Assessments can also be used as a framework to qualify your municipality for cyber insurance and funding. 

Take advantage of this critical resource today to reduce cybersecurity exposures to help strengthen the resilience of America’s infrastructure—including Connecticut cities and towns like yours.

 Remember, training and education remain the most effective defense against cybercrime and knowing how to protect yourself, and your organization is easier than ever. Learn at your own pace and when and where you choose with CIRMA’s e-learning resources, 24 hours a day, seven days a week. If you haven’t taken advantage of the many benefits available through CIRMA’s e-Learning platform, contact your local CIRMA Risk Management representative today to get started. CIRMA members and their employees enjoy access to this exclusive learning platform as part of their membership.

Check out CIRMA’s Cyber Center to learn how CIRMA can help your organization prevent and manage cyber exposures.

Cyber Resources Created for CIRMA Members:

Reporting Cyber Crimes

Download File

Faces of Cyber Crime

Download File

e-Learning Target Solutions

Download File

Cyber Flyer

Download File

Cyber Whitepaper

Download File

Security Resources

Download File

Four Point Risk

Download File

Increased Geopolitical Threats

Download File

Public entities possess hundreds of thousands of records containing personally identifiable information on their constituents. Creating strong, unique passwords provides a crucial defense from identity theft and financial fraud for municipalities. 

Although widely known as the first line of defense in avoiding cybercrime, passwords have long been firmly established as the weakest link in public entity cybersecurity protocol. Poorly managed passwords remain the most significant and preventable threat to your public entity’s security posture due to the unfortunate reality that people continue to use weak login passwords. To make matters worse, these same passwords are often used across various devices, platforms, and websites. In these cases, by hacking one password, cybercriminals effectively open the doors to your entire digital ecosystem.

Passwords are often the only barrier between a public entity and personal information. While there are several programs that cyber threat actors use to ‘crack’ passwords, choosing strong passwords and keeping them secure can make it more difficult for bad actors to gain unauthorized access to sensitive data.

And as much as we try to convince ourselves that our passwords are impenetrable, professional hackers use tools and tactics to help unveil them in seconds. Weak password security can lead to data breaches, identity theft, and even computer hijacking, allowing criminals to access and exploit your entity’s personally identifiable records.

Are you still using your cat’s name, followed by an exclamation point, as your password? Do you use the same password for a variety of logins? If so, it’s time for a change. And when it comes to protecting yourself, your colleagues, and the community you serve, there’s no better time than the present. 

Four easy steps to becoming a Password Pro: 

1. Keep it complicated. Consistently updating passwords containing more than ten characters, with a mix of letters, numbers, and symbols, can help significantly reduce your risk of being hacked. 
2. Don’t make it personal. A study conducted by Morris and Thompson in 1978 demonstrated that it is easier to guess passwords through personal information (family members’ names, birthdays, home addresses, etc.) than to decipher them.
3. Use random passphrases. A passphrase (e.g., “memo-tiger-thread-glue-button” or “Isn’t that quarterback the best in New England?”) can be easier for you to remember but more difficult to hack. The key to creating solid passphrases is randomness.  
4. Get Creative. Consider using phonetic replacements, such as “ph” instead of “F.” Use an exclamation point (!) to replace the letters (I) or (L), or make deliberate misspellings, such as “enjin” instead of “engine.”
5. Get password (and cyber) smart. The helpful tips above are examples of the initial steps you can take to protect yourself, your colleagues, and your community against cybercrime. CIRMA’s member-exclusive Cyber Webinar Series offers contextual scenarios and the latest information on successfully managing password security best practices. Sign in to CIRMA e-learning to access this valuable member benefit, or contact us to get started.  

Most of our professional and personal business is conducted online, and maintaining strong and secure passwords is crucial to mitigating cyber-related risks and exposures. Training and education remain the most effective defense against cybercrime, and knowing how to protect yourself and your organization is easier than ever. Learn at your own pace and when and where you choose with CIRMA’s e-learning resources, 24 hours a day, seven days a week.

If you haven’t taken advantage of the many benefits available through CIRMA’s e-learning platform, contact your local CIRMA Risk Management representative today to get started. There is no additional charge to CIRMA members or their employees for this service. 

Check out CIRMA’s Cyber Center to learn how CIRMA can help your organization prevent and manage cyber exposures.

Cyber Resources Created for CIRMA Members:

Reporting Cyber Crimes

Download File

Faces of Cyber Crime

Download File

e-Learning Target Solutions

Download File

Cyber Flyer

Download File

Cyber Whitepaper

Download File

Security Resources

Download File

Four Point Risk

Download File

Increased Geopolitical Threats

Download File

The home office has become a coveted commodity. Unfortunately, not all homes offer dedicated office spaces. Because of this, kitchen counters, dining tables, living rooms, or bedroom spaces are doubling as home offices.

CIRMA’s latest whitepaper, Creating a Home Work Environment That Works for You, identifies best practices for employees working from home who face the dilemma of creating a workstation that allows them to be productive and incorporate proper ergonomics. In this whitepaper, we share achievable and straightforward guidance to help you maximize comfort and reduce risks while working from home.

Adopting healthy behaviors outlined in this helpful resource and knowing what to look for when choosing the right space for you can improve your overall well-being and maximize productivity while working remotely.

Creating a home workspace does not require extraordinary upgrades to your home or even purchasing fancy office equipment. Setting up a workspace with basic ergonomic strategies in mind is beneficial in many ways, including promoting productivity and focus and helping to avoid discomfort and social isolation.

Helpful Resources for CIRMA Members:

Take me to the full whitepaper

Download CIRMA’s latest Workplace Safety Works Ergonomics poster

Social and Emotional Wellness at Work; How Does Your Entity Measure Up?

The adoption of workplace social and emotional health programs skyrocketed over the past two years due to heightened visibility during the pandemic when remote and high-risk work environments caused or exacerbated employees’ psychological and behavioral health issues. 

As lines continue to blur between work and home life, personal stressors such as financial strain, childcare concerns, and other obstacles can also weigh heavily on the minds of your staff and colleagues. In addition, the effects of stress and trauma can be significantly compounded if an individual does not have stable, positive relationships at work.

Providing social and emotional health programs and resources or enhancing your entity’s existing offerings can make a world of difference. In addition, employees who actively foster social and emotional health within their organizations can help nurture an inclusive and positive culture that will yield significant benefits over time. Below are a few examples to consider:

Recommendations for Improving Social and Emotional Health at Work

1) Be a model for the social and emotional culture you want to see in your organization. Some of your coworkers will prefer to remain private and keep to themselves while managing difficult situations. However, if welcomed, take an active interest in your colleagues’ lives and overall well-being. Engage in routine wellness checks and provide appropriate levels of support when needed to help build trust and provide an emotional safety net for future times of crisis.

2) Make it easy for employees to know whom to talk to or where to go to access social and emotional health resources. Time and time again, studies reveal that what employees want the most in the workplace is training and more easily accessible information about where to go or whom to ask about mental health support. Ensure that all employees understand how they can access emotional support tools and resources within your organization; resources can include an appointed delegate who is equipped to guide personnel to these resources.

3) Establish an employee assistance program. Organizations will typically utilize an employee assistance program to support workplace social and emotional health. Extending these benefits to immediate family members can increase employee effectiveness and increase utilization. In addition, form a working group to help identify needs for more tailored solutions that will best serve your entity’s needs; members of this working group can also assist in implementing these resources, serving as program stewards.

4) Establish a peer-to-peer program. Peer-to-Peer programs have proven effective in providing employees with a productive outlet to discuss social and emotional issues they might be dealing with. In addition, peers can often empathize with their colleagues’ feelings because their experiences are often similar.

Many of us spend a significant percentage of our lives at work—and if someone is struggling with social and emotional concerns, it can be challenging to put them aside and try to ignore them while on the job. However, by implementing the recommendations outlined above, you can help your colleagues and staff be the best versions of themselves— in the office, at home, and beyond.

Have questions about social and emotional health and wellness within your public entity? Contact your Risk Management professional for more information. 

Sprains and Strains; A Preventable Workplace Exposure

Sprain and strain injuries are the most common and costly workplace injuries. Employees can injure their knee, shoulder, wrist, or back while performing everyday work-related tasks.

So what are Sprains?

A sprain is an injury to a ligament (tissue that connects two or more bones at a joint). In a sprain, one or more ligaments are stretched or torn.

What are Strains?

A strain is an injury to a muscle or a tendon (tissue that connects muscle to bone). In a strain, a muscle or tendon is stretched or torn.

The Causes of Sprains and Strains

Sprains and strains can happen suddenly or develop over time. Employees exposed to causative risk factors are more likely to develop a sprain or strain injury.

CIRMA members have reported approximately 11,500 claims over the past five years. While sprain and strain injuries can be frequent and significant to your public entity, the personal costs to the injured employees can be higher. Many are often left in chronic pain or permanently disabled.

The good news is that there are many easy-to-implement and practical steps that municipal and school leaders can take to protect employees. CIRMA members have reduced the number of sprain and strain injuries to employees by 16% over the past five years through resources that educate on avoiding these types of injuries.

Education is key to mitigating risk—download CIRMA’s new workplace safety posters to help raise awareness about injury prevention.  

Safe Lifting

Preventing Injuries

Leading Type Injury

Easy Ergonomics

Access CIRMA’s online portal for more important employee training and education tools and resources on relevant seasonal topics.