The Germs that Kill Your Business

February 15, 2018

By Jim Malcolm, Enviro-Master Services of Denver  | Vendor Bylines —

This headline regarding the flu is alarming:

The Flu is Killing up to 4,000 Americans a Week (Bloomberg, 2/10/18)

Additionally, hepatitis A outbreaks in Colorado are also on the rise. This begs the question: is your restaurant protected from diseases that drive away customers and reduce productivity of your workforce?

Public restrooms harbor contaminants such as e-coli, salmonella, streptococcus, influenza, and staphylococcus, and these same restrooms are the distribution centers for the flu, norovirus, and hepatitis A, if not properly sanitized. The toilet plume, which sprays from a toilet when flushed, launches airborne bacteria across the restroom up to 20 feet. Obviously, the restroom requires attention to keep businesses out of the negative headlines.

Prevent the Spread of Disease

  1. Wash hands frequently – a must for employees!
  2. Add additional hand sanitizers to your restaurant
  3. Keep surfaces and door handles disinfected – applying a germicidal sealant is best practice!
  4. Schedule seasonal deep cleanings – especially during and after flu season
  5. Spray all restroom surfaces with a hospital-grade germicide. Remember the toilet plume? Bacteria and viruses are covering every surface.
  6. Be proactive and have a plan. Don’t hesitate to enlist outside help!

Stay out of the headlines by preventing the spread of disease at your restaurant!

Enviro-Master is the #1 trusted partner for restroom health and safety, as they provide comprehensive solutions to prevent the spread of disease and control odors. (303) 895-6422

Six Steps to Effective, Compliant Hazard Communication

February 9, 2018


Inadequate, noncompliant hazard communication can lead to worker injuries, even death. OSHA’s Hazard Communication Standard (HCS) ensures employees’ right to know and understand the potential hazards of chemicals they work with, as well as safeguards to protect themselves.
OSHA sets forth the following six steps to effective hazard communication:

  1. Identify a point person for hazard communication — This employee is responsible for obtaining safety data sheets (SDSs), planning employee training and managing other elements of program implementation at your organization.
  2. Develop and implement the plan — Hazard communication requires a plan that explains how your organization will conduct its program. The plan should list hazardous chemicals at your worksites and specify labeling, SDSs, training and communication protocols.
  3. Label all containers — Ensure all containers in your facility are labeled. If your organization manufactures or ships chemicals, label them. Labels must include specific information set forth in the Classification and Labeling of Chemicals section below.
  4. Make SDSs available — Obtain an SDS for each hazardous chemical at your workplace, and make SDSs readily available to workers. If you make SDSs available only electronically, make sure there’s a way to provide the SDSs in the event of a power failure or emergency. If you receive chemical deliveries, suppliers should provide accompanying SDSs; if they don’t, request the SDSs.
  5. Formally educate employees — Train employees before they begin work near hazardous chemicals and when new hazards are introduced to the workplace. Conduct multilingual training to accommodate a diverse workforce, and ensure that employees understand the hazards and your organization’s protective measures and equipment.
  6. Evaluate and enhance hazard communication — Periodically evaluate, update and enhance your organization’s program, especially when new hazards are introduced. OSHA’s HCS mandates that hazard communication remains up-to-date, comprehensive and tailored to your organization.

Classification and Labeling of Chemicals

OSHA’s HCS provides classification criteria for the hazards of chemicals, as well as a standardized approach to creating SDSs and labels. Your SDSs must follow a specified 16-section format, and labels must include the following six elements:

  • A product name or identifier, such as “WD-40”
  • A signal word, such as “danger” or “warning”
  • Pictogram(s)
  • Hazard statement(s)
  • Precautionary statement(s)
  • The name, address and telephone number of the chemical manufacturer, importer or other responsible party

Resources
For more information, visit OSHA’s hazard communication webpage. Another helpful resource is the Society of Chemical Hazard Communication. Also, check out Pinnacol’s hazard communication webpages for further information and downloads of a sample written hazard communication program, training materials and more. Pinnacol offers J.J. Keller safety resources on this topic, including training videos, interactive training and safety talks. Or contact Pinnacol’s Safety On Call at safetyoncall@pinnacol.com or 303.361.4700 or 888.501.4752. Our Safety Services Team stands ready to answer questions, provide materials, and help your organization remain compliant and keep your employees safe, healthy and productive.

E-submissions of injury data to OSHA — Who needs to do it, how and by when in 2018 (Hint: Caterers do but Restaurants do not)

January 24, 2018

Many employers are required to use OSHA’s Injury Tracking Application (ITA), which debuted in August last year, to submit their annual summary injury data. New Year’s Eve marked the revised deadline to submit 2016 injury data, and we want to remind you of 2018 deadlines to submit 2017 data.

By July 1 this year, employers with at least 250 employees must submit information to the ITA website from 2017 Forms 300, 300A and 301. By July 1, establishments with 20 to 249 workers in specified industries  (including Caterers) — ones with historically high rates of occupational injuries and illnesses — must enter data from form 300A. In 2019 and beyond, OSHA’s deadline for electronic submissions moves up to March 2.

How to submit data electronically
Electronic data submissions involve a five-step process:
1.  Launch the ITA application from the OSHA webpage.
2.  Create an establishment.
3.  Add 300A summary data.
4.  Submit data to OSHA.
5.  Review OSHA’s confirmation email.

The ITA website will offer three options for submitting data securely: enter data manually, upload a CSV file to submit single or multiple establishments at the same time or use an application programming interface to submit data from the employer’s automated recordkeeping system. The ITA website also will include reporting requirements, an FAQ section and a link for assistance.

Pinnacol resources
Pinnacol’s here to help. As a Pinnacol customer, you can use our OSHA Report Manager. This online tool helps your organization comply with OSHA’s electronic submission requirements and save time in the process. Use the OSHA Report Manager to generate your business’s OSHA 300, 300A and 301 logs. And now, to make submissions even easier, the OSHA Report Manager generates data in the OSHA-approved CSV file format. You can access this tool through Pinnacol’s policyholder portal or by visiting our OSHA recordkeeping webpage. There you’ll find a toolkit to aid compliance, OSHA 300 and 300A logs, and more. We invite you to contact your Pinnacol safety consultant or contact us on our Safety On Call line at 303.361.4700 or 888.501.4752. Pinnacol stands ready to assist your organization in meeting OSHA’s electronic submission requirements.

Here’s further information about the new federal rule from OSHA, as well as the federal register entry.

Trump administration may rescind rule
The Trump administration has taken steps to amend or even rescind OSHA’s electronic recordkeeping rule. And on Oct. 10, 2017, OSHA filed an update that it “continues to develop a Notice of Proposed Rulemaking to ‘reconsider, revise or remove provisions of the [rule],’” as announced in Pres. Trump’s First Regulatory (and Deregulatory) Agenda issued last July. Pinnacol will monitor these developments and apprise you of any changes. Currently, though, all elements of OSHA’s recordkeeping rule remain in effect, and employers should submit injury and illness recordkeeping data to OSHA as required.

Protecting Your Business: Restaurant & Bar Premises Liability

December 12, 2017

By Colorado Restaurant Insurance —

Winter Months are Approaching. How To Prevent Slips, Trips & Falls

It’s true! More than 3 million food service employees and over 1 million guests are injured annually as a result of restaurant slips and falls. Food, water, ice, snow, dirt, sand, and more, can prove to be recipes for disaster; not only for employees, but also for customers and vendors, alike. Many of these injuries are serious, including broken bones, head injuries, twisted ankles and knees, muscle strains and cuts. According to the National Floor Safety Institute, the hospitality industry spends over $2 billion on such injuries each year and these injuries are increasing at a rate of about 10% annually.

Not only can the potential injury from a slip, trip or fall result in pain and suffering for the injured customer, these accidents reflect adversely on your business. In addition, they also impact your insurance claims experience and insurability as a business owner. Your employees should have the knowledge and authority to take corrective action when unsafe conditions or unsafe acts are observed. The safety and well-being of your customers and employees should be front and center within your day-to-day operations. While not every accident is preventable, restaurants and bars should keep safety a top-priority by creating and maintaining a safe environment for their employees and guests by implementing customary industry standards and procedures.

 

Consider implementing recommended safe work practices within your restaurant, including:

  • Provide non-slip matting in areas that tend to be wet.
  • Alert workers/customers to step-ups and step-downs by using hazard tape or other warning signs.
  • Provide adequate lighting, especially in serving and preparation areas.
  • Use portable signage warning of “WET SURFACES” to alert customers of the slippery conditions.
  • Frequently check all critical flooring; aisles, waiting areas & restrooms during business hours to make sure they are dry, clean and free of hazards.
  • All staircases should have proper treads, a sturdy handrails on each side of the stairs and adequate lighting on every flight of stairs
  • Provide mirrors for blind corners.
  • Keep passageways and walkways free of clutter and crowding.

 

Do your safety part outside your restaurant, including:

  • Parking lots and sidewalks should be clean and level.
  • Provide adequate lighting for nighttime use.
  • Redirect any downspouts that empty water onto sidewalks and parking lots.
  • Remove snow and ice as soon as possible after each storm.
  • Have sand and ice melting chemicals available to spread on ice that might form as melting and re-freezing occur.
  • Exterior stairs should be well lit, handrails on each side, and snow and ice removal is extremely important.

Employers have a primary responsibility for protecting the safety and health of their workers and customers. However, employees are responsible for following the Safe Work Practices of their employers. In summary, successful control of the hazards associated with these exposures will result in a safer restaurant environment and reduce injury frequency and severity.

 

Consult Colorado Restaurant Insurance at coinsurance@corestaurant.org or call 303-880-2806 to learn more about how to manage your restaurant risks.

Pinnacol Pointers: Winter Driving and Keeping Workers Safe on Snowy, Sleety Roads

December 10, 2017

Last year motor vehicle crashes cost Pinnacol policyholders an average of $17,980. According to OSHA, when a worker has an on-the-job crash that results in an injury, the cost to the employer is $74,000, and costs can exceed $500,000 when a fatality is involved. In fact, vehicle crashes are the leading cause of death among our nation’s workers. This time of year, wintry roads can prove especially hazardous.

 

Ensure vehicle systems are working properly
Now is a good time to encourage your employees to perform the following vehicle maintenance:

  • Scheduled maintenance: Schedule service for an oil change, coolant flush and brake inspection based on the mileage and manufacturer’s maintenance schedule. Address any maintenance issues with the vehicle’s battery, electrical system, hoses and belts.
  • Fluids: Check to ensure proper oil, coolant, transmission and other fluid levels.
  • Tires: Check for proper tread depth and for signs of damage or uneven wear. Ensure tires are properly inflated.
  • Visibility systems: Inspect turn signals, headlights, brake lights, defrosters (windshield and rear window) and wipers. Install winter windshield wipers.

For more detailed inspection checklists, visit the Colorado Department of Transportation pre- and post-trip vehicle safety checklist and Pinnacol’s vehicle safety checklist.

 

Outfit vehicles with emergency essentials
Workers should be encouraged to outfit their vehicles for winter with emergency kits that include the following items:

  • Cellphone or two-way radio
  • Windshield ice scraper
  • Extra windshield wiper fluid
  • Snow brush
  • Flashlight with extra batteries
  • Shovel
  • Traction aids (bag of sand or granular cat litter)
  • Emergency flares
  • Jumper cables
  • Snacks
  • Water
  • Road maps
  • Blankets, change of warm clothes

 

Pinnacol Resources
For more information on shoring up winter driving safety at your organization, visit Pinnacol.com for articles, checklists, workplace posters and employee training resources. Additional resources are available on the websites of the Occupational Safety & Health Administration, National Highway Traffic Safety Administration and National Safety Council. Or contact Pinnacol’s Safety On Call online or at 303.361.4700 or 888.501.4752. Our safety services team stands ready to answer questions and help keep your workforce safe behind the wheel this winter.

Mistakes Restaurant Owners Make Related to Cyber Liability

October 25, 2017

By Jason VanGotten, Colorado Restaurant Insurance

Even with all the recent news headlines related to data breaches and cyber attacks, the likes of which have never been seen before, cyber liability is a relatively new area of risk that restaurant owners now face. As customer data continues to be obtained and stored by restaurants, the risk of a data breach inside or outside the restaurant continues to increase year over year. Malicious hackers typically steal credit card data from restaurants that accept cards by hacking into point-of-sale systems remotely and seeding those systems with malicious software that can copy account data stored on a card’s magnetic strip. Thieves then use that data to clone the cards and use the counterfeits to purchase high-priced merchandise, or put them up for sale in a so-called theft bazaar such as Joker’s Stash prior to the card-issuing banks cancelling them.

 

In the midst of this are some very dangerous misconceptions held by restaurant owners. These misconceptions keep them from taking necessary steps to better understand their cyber risk and coverage related to such vulnerabilities.

 

Consider these 4 Common Mistakes a Restaurant Owner Can Make in this area of risk management.

 

My general liability insurance protects me in the event of a data breach or cyberattack. Most restaurant owners purchase a general liability or businessowners policy believing their insurance agent has placed this as an optional coverage on the policy. But for now that is very rare. Even if it that were the case, the policy will only provide defense coverage for the insured, typically up to $25,000 to $50,000. Your general liability coverage lacks the breadth needed to properly protect the restaurant owner from the cyber liability losses. A stand-alone cyber policy provides the broadest coverage a restaurant owner needs for third party costs, data breach response, PCI fines levied from card services, notification resources, legal fee’s and forensic costs. Not investigating this closely is akin to leaving your restaurant door open when you leave at night, not a great strategy for ensuring the safety of your restaurant.

 

A stand-alone cyber policy will be unaffordable. Depending on your restaurant size and gross revenues, a typical restaurant owner can expect to pay between $900 to $3,000 annually for a stand-alone cyber policy. However, the risks of loss may be too great to ignore this protection, in particular your brand image after a data breach or cyberattack.

 

My IT company and firewalls installed will protect me. These entities have a service level agreement (SLA) with your restaurant. When was the last time you reveiwed your SLA? Many times these agreements do not protect you, the restaurant owner, instead it protects them from any involvment related to a data breach or cyberattack. Make sure you check your SLA and have a conversation with your IT company to see what they will do for you in the event of a data breach or cyberattack. Many times your employees pose huge risks to the safety of your cyber data, from opening suspicous emails, downloading malware or even losing smartphones with connections or memorized passwords. Remember that a data breach can also occur with employee records that are not well protected or disposed of properly.

 

My merchant services are protection enough. Again, there is a service level agreement between you and your merchant servicing company. While this may give a restaurant owner hope, chances are that you will ultimately be responsible for protecting your customer’s data as it passes through your IT systems. Therefore, you should consider the costs to your restaurant if your merchant services vendor does not agree, or points the finger in your direction for who is responsible.

 

A cyber criminal can strike with little to no warning, leaving the restaurant owner with tremendous clean up cost; from data recovery to rebuilding your restaurant’s brand reputation. An owner or manager can only do so much. The people that deal in the day-to-day operations of the restaurant also need to be aware of what to do and why to do it. As a restaurant owner you owe it to yourself and your employees to investigate this protection and risk before you decide not to worry about it. A restaurant owner must be deliberate and careful in purchasing cyber coverage. Specific risks must be understood and the appropriate coverage identified.

For more information pertaining to cyber liability coverage, please contact Jason VanGotten at jvangotten@corestaurant.org

Cyber Liability – Are You Covered?

October 3, 2017

By Jason VanGotten, Colorado Restaurant Insurance —

 

Originally, I began writing about this back in 2015 when cyber-attacks were starting to become relevant in our world. Now, the world of cyber criminals have fully evolved and results show that 2017 recorded the highest number of cyber-attacks globally. This is evident in the vast amount of attention recently given to cyber-attacks with companies such as Equifax, Sonic, Chipotle, Time Warner, Anthem, Target, and more. Cyber liability is something all businesses need to consider, even the hospitality industry. Considering that your business likely has a website, uses social media, uses internet connected computers, has a point-of-sale system and most importantly an electronic payment processing system, you probably conduct more cyber business than you may be aware of. Yet, when was the last time you discussed this risk with your insurance agent? Cyber criminals have exploited all sizes of business and cyber liability can no longer be ignored.

 

The discussion around cyber exposure/risk is extensive and complicated. Exposures include computer fraud, hacking, ransomware, phishing, malware, adware, lost equipment and even simple mistakes. Some of the most common occurrences within a small business begin with:

 

  1. Online hacking and data theft of confidential information such as credit card numbers, personal identifiable information, social security numbers, date of birth, etc.;
  2. Accidental loss or sharing of proprietary information; and
  3. The inside threat, known as phishing, of employees stealing sensitive account information from employers and customers.

 

There are a lot of misconceptions regarding both your exposure and how to protect yourself. Unfortunately, many times the realization of insurance shortfall comes after something drastic happens. The common mistakes an operator can make regarding cyber liability are:

 

  1. Assuming, because you are a small business you are not a target;
  2. Assuming your general liability policy affords the proper coverage needed to protect against a cyber claim;
  3. Assuming cyber liability coverage is too expensive; and
  4. Assuming your point-of-sale, merchant service, and server (IT) companies afford you coverage/protection when a cyber-attack occurs.

 

The most common cyber liability a restaurant faces is a data breach. A data breach happens when an unauthorized individual gains access to electronic information (typically names, credit or debit card numbers and/or bank account numbers). This information is highly desirable to a criminal looking to sell their stolen information on the “Black Market” or to utilize the information themselves. The costs associated with resolving a potential data breach are significant. According to a 2016 Fortune report, a data breach for the Hospitality Industry can cost approximately $139 per record stolen. Consider that the average time to identify a breach is 201 days and that the average time to contain a breach is 70 days. Therefore, depending on the number of credit card transactions you process monthly and some of the potential efforts needed after a data breach (see below) the costs of a cyber-attack adds up quickly.

 

  1. Costs of notifying affected individuals;
  2. Costs of notifying regulatory authorities;
  3. Regulatory fines at home and abroad;
  4. Forensic costs to discover the cause;
  5. Business income loss;
  6. Cyber extortion payments (Ransomware);
  7. Lost customers and damaged reputation;
  8. Implementation of credit monitoring services;
  9. IT expert services; and
  10. Defense and settlement costs.

 

The lesson in recent stories making the cyber headlines is that security goes far beyond simply having the right technology. It also requires training your employees with the proper mindset, attention to detail, as well as a clear awareness of these possibilities. Remember, you cannot possibly think of everything that might happen. My advice to all restaurant owners is to strongly consider reducing some of your risk through securing your IT systems (update software regularly, train employees, monitor social networks, encrypt data, change passwords and confirm your vendor’s security). Even performing all these recommendations will not ensure full protection from a cyber-attack. Therefore, we also suggest transferring some of the risk by purchasing a cyber liability insurance policy to protect your restaurant from losses you would be forced to pay for if you are to ever experience a cyber-attack and your client data is successfully stolen.

 

For more information regarding cyber liability insurance for restaurants please contact Jason VanGotten at jvangotten@corestaurant.org

Spotlight on Safety – Protecting Your Business

February 1, 2017

By The Denver Police Department

  • Ensure the business is well-lit and eliminate places for criminals to hide near the building.
  • Lock all doors and windows when closed or away from the business. Install double cylinder deadbolts where possible, securing all points of entry, such as gates, fences, roof access, etc.
  • Remove cash from registers and leave the register open at the close of business and secure valuables or merchandise out of sight when closed.
  • Post signs outside your business letting criminals know there isn’t money in the register or safe, and keep track of inventory by marking items or logging serial numbers.
  • Start or join a Business Watch Program to build relationships with neighboring business owners.
  • Install an alarm or surveillance system.

Contact your local Denver Police District for a business safety assessment.