Research + Tech

ABC publishes Safety Performance Report findings

Associated Builders and Contractors has published the findings from its 2024 Safety Performance Report, an annual guide to construction job-site health and safety best practices.

The annual safety report also provides a comprehensive understanding of the effect of deploying ABC’s STEP Safety Management System,® its framework for measuring safety data.

ABC’s research studied more than 900 million work hours completed by participants in the construction, heavy construction, civil engineering and specialty trades in 2023. It identified the following foundation of industry-leading safety best practices:

• Top management engagement. Employer involvement at the highest level of company management produces a 54% reduction in total recordable incident rates and a 52% reduction in days away, restricted or transferred rates.
• Substance abuse prevention programs. Robust substance abuse prevention programs/policies with provisions for drug and alcohol testing where permitted led to a 47% reduction in total recordable incident rates and a 48% reduction in days away, restricted or transferred rates.
• New hire safety orientation. Companies that conduct in-depth indoctrination of new employees into the safety culture, systems and processes based on a documented orientation process experience incident rates 45% lower than companies that limit their orientations to basic health and safety compliance topics.
• Frequency of toolbox talks. Companies that conduct daily, 15- to 30-minute toolbox talks reduce total recordable incident rates and days away, restricted or transferred rates by 81% compared with companies that hold them monthly.

The ABC 2024 Safety Performance Report, as well as previous years’ reports, can be viewed at abc.org.

Protect your email from cyberattacks

Email-based cyberattacks can have disastrous effects on businesses, leading to loss of data, financial damage and a decline in customer trust. Small businesses especially are vulnerable to attacks on email because they often lack the necessary security, and small-business owners may believe their companies are too small to be a target.

A phishing email is an email sent to a recipient with the objective of making the recipient perform a specific task, such as clicking a link or opening an attachment, which can give the attacker access to information. Cofense, an email security provider based in Leesburg, Va., offers the following common characteristics of phishing emails that should raise suspicions.

• Emails demanding urgent action. Phishing emails threaten a negative consequence unless urgent action is taken. Attackers use this approach to rush recipients to act before they study the email for potential risks.
• Emails with bad grammar and spelling mistakes. Many companies apply spellchecking tools to outgoing emails by default to ensure their emails are grammatically correct.
• Emails with an unfamiliar greeting. Emails sent between co-workers typically have informal greetings. Those that start with “Dear” or contain phrases not usually used in informal conversation are from sources unfamiliar with your company’s style of office interaction.
• Inconsistencies in email addresses, links and domain names. Does the email originate from an organization you correspond with often? If so, check the sender’s address against previous emails from the same organization. Determine whether a link is legitimate by hovering over the link to see whether the domain name matches the company sending the email.
• Suspicious attachments. Workplaces often use collaboration tools such as SharePoint, OneDrive or Dropbox to share files. Therefore, internal emails with attachments always should be treated as suspicious.
• Emails requesting login credentials, payment information or sensitive data. Spear phishers can forge login pages to look like the real thing and send an email containing a link that directs the recipient to the fake page. Do not input any information unless you are 100% certain the email is legitimate.
• Emails that are too good to be true. These emails incentivize you to click on a link or an attachment by stating there will be a reward. If the sender of the email is unfamiliar or you did not initiate the contact, this likely is a phishing email.

NRCA offers guidance and a cyber liability insurance program. To learn more, visit nrca.net/cyberpolicy.