The new year is only a few weeks old - and already numerous ransomware cases are known again. Strengthening the line of defense does not necessarily prevent attacks, but it does demolish the hackers' business model. Attacked systems are back online within minutes, with up-to-date data. That is why the extended 3-2-1-1-0 backup rule is to be favored. All companies should introduce and apply this in 2022. The 3-2-1-1-0 rule is considered an important best practice for companies that want to maintain very high service levels while protecting themselves from data loss.

3: Keep at least three copies of your data

In addition to the primary data, there should be at least two other backup files to be adequately protected. The likelihood of "something going wrong" on three devices at the same time is much lower than on two devices - especially if the primary backup is located near the primary data, as is so often the case. In the event of a disaster, the primary data and the primary backup could be lost. The secondary backup should therefore not be located in the immediate vicinity of the primary data.

2: Store backups on two different media

It is recommended to back up one of the backup copies to an internal hard disk drive and the other copy to a removable storage device (tape, external hard disk drive, cloud storage).

Keeping both versions of the backup on the same type of storage media increases the risk of losing all backup data once a failure or cyber-attack occurs.

Alternatively, the primary backup can be on the internal hard disk drives of a physical server and the secondary backup can be on the internal hard disk drives of a NAS, and the hard disk drives of the two systems should be of different brands, sizes, and types.

1: Keep at least one backup copy off-site

At least one backup copy should not be kept at the location where the primary data and the primary backup are located. This is because in the event of some (natural) disaster - such as a fire or flood - everything in that one location could be destroyed. Therefore, if the primary data, the primary backup and the secondary backup are all kept in the same facility, they will be lost forever.

Organizations that do not have multiple locations can store a copy of their backup data in a private cloud through a service provider or in the public cloud. 

1: Save at least one copy offline

It is recommended to keep at least one backup copy offline, thus separate from the network and any IT infrastructure. Examples of offline media are rotating external USB hard disks, analog tapes and object storage with immutability as functionality.

After all, if a hacker successfully gains access to the IT environment, everything on the network is potentially vulnerable. To fully protect the data, the offline copy should be protected with an encryption key to prevent external or internal threats from accessing it over the network. This is commonly referred to as air-gapped backup.

0: Make sure your backups are error-free

Backups are only as good as the process used to check them. First, backups must be monitored daily to find errors and fix them as quickly as possible. Second, it should be ensured that the data is recoverable from the backup by performing recovery tests at regular intervals.

Take the 3-2-1-1-0 rule to heart

The 3-2-1-0 rule is a logical evolution of the better known 3-2-1 rule, which was conceived by world-renowned photographer Peter Krogh. This original rule states that one should always keep three copies of data on two different media and one copy off-site. Given the magnitude and diversity of threats to business continuity in the digital economy, this guideline should be considered a starting point. To achieve the high level of resilience required by the increasingly volatile threat landscape, organizations need to add another 1 and a 0. Not only should a copy be kept offsite, but an offline copy should also be created that is immutable - always keeping in mind that there should be no surprises from errors when data is recovered. Therefore, a solution for testing the recovery must be used to be sure that all stored data can be completely restored in the shortest possible time.

Source: Veeam

On January 27, 2022, the Energy Commission of the Council of States began deliberations on the Federal Act on a Secure Electricity Supply from Renewable Energy Sources (jacket decree). The target values for electricity production from renewable energies envisaged in the Federal Council's dispatch on this law are, in the view of Swissolarthe umbrella organization of the solar energy industry, is set too low to achieve security of supply on the one hand and the net zero target 2050 on the other. Therefore, Swissolar has formulated corresponding demands in an 11-point program presented on January 26, 2022. For example, instead of 39 terawatt hours (TWh) of production in 2050, 50 TWh should be targeted, of which 45 TWh should come from photovoltaic systems. This value corresponds to less than half of the solar potential in Switzerland. Therefore, an annual expansion of 1100 MW (until 2025) or 2000 MW (until 2030) is required. In particular, the enormous potential of photovoltaics on facades and the expansion of hydroelectric storage power must be exploited. In this way, according to Swissolar, the energy supply can also be guaranteed in the winter months.

Create conditions for faster expansion with 11-point program

"Solar energy will provide electricity in Switzerland in large quantities - renewable, timely and cost-effective. However, for this transition to succeed, we need to build more and faster," says Jürg Grossen, president of Swissolar. Electricity imports - for example during the winter - are not an alternative, all the more so "if bilateral agreements are allowed to erode," as Grossen states with regard to the missing electricity market agreement with the EU. All in all, more subsidies are needed for the construction of new photovoltaic plants. According to projections by Swissolar, the current situation is sufficient at most for an increase of 700 MW per year.

The decisive advantage of photovoltaics is that it produces energy where it is needed. But structural measures are only one aspect. Swissolar's demands go further. Directly related to the jacket decree, for example, is the demand for an increase in the grid surcharge of 0.5 centimes per kilowatt hour, as well as a uniformly regulated purchase remuneration, which is based on the market price, but at the same time has a lower limit.

Better integration of photovoltaics into power grids

Also to be considered in this law, according to Swissolar, are the proposals for optimal integration of photovoltaics into the electricity grids. With local energy communities, as they already exist in other European countries, incentives would be set for the construction of PV systems with local self-consumption - without additional subsidies and without the need for expensive grid expansions. For example, a company with a large roof area could build a solar plant on it and sell the electricity generated there locally, e.g. to the neighboring neighborhood. This is not yet possible or attractive today, because a necessary prerequisite would be reduced grid costs.

In addition, tariff incentives must be created to regulate flexibilities at the grid connection point in order to avoid overloads. The booming electromobility will play a decisive role here: The available daily storage capacity in electric cars will be greater than the current daily production of all Swiss nuclear power plants. The power that can be flexibly switched on and off at any time will be up to ten times greater than that of today's nuclear power plants. In order to exploit this potential, the technical standards and political framework conditions must be adapted quickly.

More solar power could be produced

The other proposed measures concern spatial planning: the approval practice must be simplified, also for ground-mounted systems. In addition, the future high demand for solar panels should no longer be met solely by manufacturers from the Far East. The solar industry in Europe, which was still the leader until a few years ago, has now migrated almost exclusively to China, where around 95 percent of the components are currently manufactured - not least thanks to massive state support. This is why Swissolar is also calling on the Swiss government to adopt a little more industrial policy: our country should participate in the rebuilding of a European solar industry and invest in the education and training of skilled workers. Switzerland is already a leader in the development of integrated photovoltaic solutions, e.g. roof tiles or façade panels that produce electricity directly.

Another demand in the 11-point program includes the reduction of unnecessary additional costs and administrative barriers. Solar installers spend around half their time in the office instead of being able to build, complains Noah Heynen, Swissolar board member and CEO of Helion, Bouygues E&S InTec Schweiz AG. The procedures are complicated and make solar installations unnecessarily expensive, he says.

Photovoltaic promotion through obligation and incentives

The cantons are also addressed in the 11-point program: Already 18 cantons have introduced an obligation for new buildings to generate their own electricity, which creates a strong incentive for the construction of photovoltaic systems. More electricity could be produced on the roofs and facades of existing buildings (approx. 66 TWh) than Switzerland currently consumes. Swissolar therefore proposes to introduce an obligation to use all suitable surfaces on new buildings and renovations in all cantons. Tax incentives could also be used to increase the expansion, for example by making the costs of new photovoltaic buildings fully tax-deductible.

However, the ball is in the politicians' court when it comes to implementing this 11-point program. Experience with the CO2 Act, for example, shows that proposals that are overloaded have a hard time with the electorate. Jürg Grossen - who, as you know, is himself a member of the National Council - is convinced, however, that we cannot afford to jeopardize photovoltaics as the mainstay for achieving the net zero target. If the expansion were to be delayed, we would have a real problem in this respect. 

The 11-point program in brief

1. Clear and binding targets for renewable energies
2. Creating professional opportunities in the solar industry
3. Solar components from Switzerland and Europe
4. Increase of the network surcharge and acceleration of the one-off payment
5. Clear and uniform regulation of the purchase price throughout Switzerland
6. Solar obligations for new construction and renovation
7. Removing spatial planning hurdles
8. Reduction of additional costs and bureaucracy
9. Local energy communities
10. Designing grid capacities dynamically, incorporating electromobility
11. Tariff structures/network usage charge

The Digital Ethics Sentiment Barometer of the HWZ and the Centre for Digital Responsibility measures the digital responsibility of companies in Switzerland every year. This year's survey by Cornelia Diethelm, head of the CAS Digital Ethics at the HWZ, shows one thing: The topic of digital ethics has arrived in the consciousness of employees and managers and is considered to be relevant to the reputation of their own company.

Experience with ethically controversial projects

According to the survey, which was conducted from mid-November to the end of December 2021 and in which 225 people participated, a large majority of companies have experience with ethically controversial projects. This relates primarily to the handling of collected data, which enables data analyses and evaluations involving customer data (77%). Other experiences with controversial projects include datafication in the workplace (33%) and dealing with new technologies (32%).

Increasing awareness of digital ethics

Companies are not only sensitized to the responsible handling of data. The survey further shows that ethical issues have already been integrated into internal policies and processes in several companies: Every second person states that the data management (51%) as well as the data strategy (46%) contain corresponding specifications. An ethics policy often exists (38%) or is at least planned. In general, according to Cornelia Diethelm, head of the study: "Large companies have guidelines for data management and data strategy, and they have an ethics policy. Regardless of size, however, many companies are working on ethical guidelines, which our new survey has once again confirmed. "

Digital ethics is a matter for the boss

Fortunately, the survey shows that digital ethics is present at the executive level: management is one of the most important internal advocates. "Digital ethics is digital responsibility in action. For companies, it is a far-sighted investment in good customer relations," says Ralph Hutter, Head of Product Development and Research at HWZ IDB.

However, the central drivers of digital ethics in companies are people from data protection. Differences make it clear that within a company, goals are also pursued that contradict each other. "Consciously addressing digital ethics can help to systemically address internal conflicting goals. Business practices must be brought into line with ethical guidelines that reflect the company's values and are also perceived accordingly from the outside," emphasizes Cornelia Diethelm.

Customers want data security

The survey makes it clear that companies take the expectations of their customers seriously. Companies can position themselves as attractive employers if they take the issue of digital ethics seriously. Those who handle data responsibly are not only investing in good customer relationships. The company can also gain a competitive advantage by positioning itself as a trustworthy company, especially in the face of foreign competitors.

Source: HWZ

Those who want to assess the performance and results of their employees in the home office should exercise caution when using monitoring software. VMware, a leading manufacturer of enterprise software, has published a report entitled "The Virtual Floorplan: New Rules for a New Era of Work" conducted a global study on the new era of work. It shows that the rising performance of employees and the trust built with the new hybrid working models could be jeopardized by the increasing implementation of remote monitoring measures.

Employee monitoring tools widely used

The survey was conducted by the market research company Vanson Bourne. It shows that 68 percent of European companies have either introduced or plan to introduce measures to monitor employee productivity since the shift to hybrid working. These measures include email monitoring (42%), collaboration tools (42%) and web browsing (38%), as well as video surveillance (28%), webcams (27%) and keylogger software (24%). However, 43 percent of organizations that have already implemented device monitoring and 46 percent of those currently doing so are seeing increased or even dramatically increased employee turnover.

Employees notice stronger evaluation of their performance

The study results suggest that companies need to strike a delicate balance in finding new ways to evaluate employee performance beyond their particular office presence. From an employee perspective, three-quarters (74%) agree that the shift to a flexible work environment has led to their performance - and not in traditional metrics such as time spent in the office - being evaluated more by their employers. In addition, 79% of employees believe that telecommuting technologies have enabled them to work more efficiently than before. 72% of the companies had to develop new methods to measure employee productivity. These companies achieved the new approach to controlling productivity through the use of performance-based solutions, such as regular meetings with managers to discuss workload (55%), the use of new project management software (47%), and the evaluation of output and agreed-upon outcomes (53%).

Flexible working environments require new measurement methods

But now that immediate employees are not necessarily sitting a few offices away, employers are developing new ways to monitor and quantify employee productivity. Nearly six in 10 employees (57%) understand that their company has had to develop new ways to monitor productivity as it shifts to hybrid work arrangements, but transparency remains critical. A quarter of employees (25%) do not know if their company has implemented systems to monitor productivity on their devices.

"Digital workspace tools enable people to work from anywhere, and our surveys show that employees feel valued and are more confident. A lack of transparency, surreptitious measurement and hidden control can quickly erode employee trust and lead to talented and motivated employees preferring to quit in a highly competitive and challenging skills market," Peter Trawnicek, Country Manager, VMware Austria, commented on the findings.

The number of cyber attacks is on the rise: Companies, authorities and municipalities are affected, but also healthcare facilities such as hospitals. And reports of successful attacks are increasing in Switzerland: just recently, the ICRC was hit by a cyberattack, and companies such as Stadler Rail, Comparis, Griesser Storen and even the municipality of Rolle in Vaud have also been attacked. In Germany, the MediaMarkt electronics retail chain was affected by an extortion attempt with ransomware in November 2021; servers and systems were compromised, which significantly disrupted operations in stores. According to a company spokesperson, the attack was targeted. In 2020, the Uniklinik Düsseldorf and Funke Mediengruppe were victims: in the case of the latter, a phishing email served as the gateway for a ransomware attack. In such an attack, ransomware acts like an "encryption Trojan" by encoding data indissolubly for the user and only releasing it again against payment of a ransom. Since phishing exploits human weaknesses, it is very difficult to prevent with technical solutions. 

A form of social engineering

Phishing is a so-called social engineering attack: it exploits the weaknesses and guilelessness of people. Phishing e-mails make the recipient believe that he or she is under a certain amount of confidentiality or put him or her under pressure. This entices them to click on a link, initiate a process or disclose confidential information. Three types of phishing can be distinguished:

• In the case of CEO fraud, the attackers pretend to hold a high position within the attacked company in order to inspire trust and to use the authority of the hierarchy and the threat of consequences to entice their victim to transfer a large sum of money, for example. The attackers often take a targeted approach and invest a great deal of time in selecting the company and the appropriate recipients. They often have a foot in the door and know how communication works in the target company.
• The same applies to the spear phishing variant: these mails are specifically tailored to the victim or to a certain victim group. The individualization makes it very difficult to recognize such a mail as phishing. Spear phishing is often the initial attack vector for introducing malware into a company.
• Classic phishing often aims to obtain victims' access data to systems and services. However, these e-mails are not tailored to individuals or groups of individuals, but are sent to a broad mass. It may also happen that a recipient does not use the service addressed in the mail.

Phishing is a constant threat

The danger should not be underestimated, as phishing emails are written with sophistication. They no longer feature per se strange and dubious email addresses of the sender or spelling and grammatical errors. In addition, the range of addressees is extremely broad: All employees who communicate with external parties via email are potential victims. Companies are usually affected by CEO fraud or spear phishing and thus by targeted campaigns. It turns out that phishing attempts are particularly frequent among those addressees whose names and email addresses are publicly listed on the company website, for example - usually, they have less pronounced expertise on the subject of malware than members of IT departments. As a result, it is often precisely those employees who are less sensitized to malware who are targeted by attackers. This makes it more likely that they will click on a link or download a contaminated attachment.

The danger for private individuals is that personal and sensitive data is tapped. Malware can also be infiltrated via phishing e-mails, so that the attacker secures permanent system access unnoticed. He moves invisibly in the network and thus obtains the sensitive data.

In companies, phishing emails are frequent gateways for malware such as ransomware. The attackers can gain control of computers, steal victims' identities and use them to launch further attacks. The victim can also be extorted for a ransom with sensitive data. These attacks are very costly for companies: they result in long IT outages, hinder or prevent business, and damage reputations. If malware is infiltrated, industrial espionage can also take place via phishing.

Prevent phishing with simulations

Since phishing is a psychological weapon and targets human behavior, it is difficult to defend against it on a technological level: Spam filters recognize the emails poorly and thus they usually reach the intended recipient. Using the example of a human resources department, it is possible for them to accept applications via a portal and thus bypass gateways via e-mail.

One effective way to defend against phishing is therefore to train employees and raise their awareness. Simulations and regular campaigns can be used to raise awareness, e.g., of possible entry points, and thus minimize the risk of an attack.

Employees are specifically confronted with the danger of phishing under real, but controlled conditions. Simulations of spear phishing, for example, familiarize them with the attackers' tricks without causing any damage. In such a campaign, phishing e-mails are sent out in a company over several hours or days, to all or to individual persons, groups of persons or departments. The company decides whether or not the employees are informed of this or of the duration.

If a recipient now opens one of the campaign mails or even clicks on the link, their behavior is stored anonymously in a database. This is made possible by user-specific links in the mails. A permanent evaluation is carried out over the agreed campaign period, and the results are summarized and processed at the end. This makes it possible to identify which areas or departments are particularly susceptible to phishing e-mails. Countermeasures can then be taken with training and education.

Communication is key here: It is not about assigning blame, but it must be clear that the simulations are used to build up know-how and that it is a learning scenario. It is also possible to educate employees about the phishing simulation directly after they click on a link, or to keep them in the dark for the time being. The latter is a good idea, as otherwise it is easy for word to get around in companies that a simulation is underway, which can distort the results.

Promoting skepticism and awareness with training

Follow-up training can establish processes to raise awareness and maintain skepticism. Sometimes the name of the boss in an email is enough to prompt immediate action - even without thinking. Employees are therefore provided with features to make it easier to recognize whether an e-mail is valid, for example whether the sender's name and provider match. But it is also important to establish a culture of skepticism, i.e., to ask questions, even if an e-mail from a supposed superior is accompanied by an immediate request for action.

It makes sense for employees to take part in a phishing simulation at regular intervals, for example once a quarter or every six months, depending on the company, in order to achieve the greatest effect, keep the training level high and develop a gut feeling for phishing emails. In doing so, the width of the spread can vary and gateways can be trained again directly with tailored campaigns.

Conclusion

Threat scenarios from cyber attacks are expanding, and more and more companies are affected by ransomware attacks that hinder operations and cause immense costs. The gateway is often phishing emails, through which the attackers gain access to systems and sensitive data and can thus blackmail companies. This worst-case scenario can be prevented by raising employee awareness through targeted phishing simulations and training.

Authors:
Leon Hormel is Cyber Defense Consultant at SECUINFRA Falcon Team in Berlin, Tobias Messinger is Senior Cyber Defense Consultant there. https://www.secuinfra.com/de/news/digitale-bedrohung-phishing/

Nationality is playing less and less of a role in the search for capable employees. Workforces are becoming increasingly international and work across different locations and national borders. This poses a number of challenges for HR managers at internationally operating companies. Compliance regulations in HR and workforce management often differ significantly from place to place and can also change at different times. Compliance with these regulations depends on an organization's ability to respond quickly to changes in existing laws and regulations - or even anticipate them - and then implement appropriate actions and adjustments. Five strategic starting points can help get a handle on compliance management in HR. 

Basis for Compliance Management in Human Resources: Effective Data Management System

The foundation for compliance at the international level is the collection of accurate data. To effectively organize HR data and identify gaps in your records, it is recommended to classify data into the following categories:

• Personnel master data: General employee information on age, base salary, place of residence, education and performance.
• Information on salary components: Records of bonuses, benefits and allowances
• Documents: Signed documents such as contractual agreements and other legally binding documents
• Personnel management data: Information on schedules, attendance and absences

The Data storage is another core issue for data integrity. For international operations, manually storing sensitive employee data in multiple locations is too insecure. This is a problem that many organizations face. Not to mention that this type of storage system often makes it nearly impossible to retrieve employee information in a timely manner. Modern cloud technology - for example, as part of an LMS or workforce management system - can increase data security and enable more efficient processes. If the system provides an audit trail of data changes, interventions in the data can be traced in an audit-proof manner. Ideally, such a system should offer configurable functions that can be adapted to a company's processes. In this way, a secure, cross-site data management system can be established that can be accessed by all responsible parties.

Implement a stable workflow process

Establishing an efficient workflow helps consolidate national and international compliance obligations and streamline work at each site. The resulting benefits include:

• Improved coordination and communication between subsidiaries and local support in each country
• Clearly defined roles and responsibilities that help all team members know who is responsible for what tasks
• Ensure work is consistent between global teams and stays on track
• Reduce operational inefficiencies, inconsistencies, and quality issues.

When teams around the world have clear visibility into the compliance status of the organization, they can better manage data and ensure its integrity.

Develop understanding of the laws and regulations of each country

Companies expect foreign organizations to comply with their laws and regulations. Each market has different challenges in doing so. An essential first step in navigating these waters is to understand local regulations.

To do this, first create a list of the domestic laws your organization complies with, and then identify the corresponding laws in your foreign markets. Flag requirements that exist only in those markets. When in doubt, working with a local expert is a good way to ensure you have captured all laws and regulations that relate to operations in that country.

To ensure compliance with all mandates worldwide, you need to understand the area in which your company operates. This means paying attention to local laws and cultures to ensure a deep understanding of what requirements exist and implementing strategies to engage your employees in the process. It also includes keeping an eye on current events and evaluating them in terms of your company's involvement.

Customize compliance training locally to appeal to employees

Managing employees at a global level requires expertise at a local level. When it comes to implementing compliance training, this is the surest way to gain employee buy-in or genuine participation. Organizations should therefore build programs that match local culture, local labor markets, and the needs of local business units.

Modern systems such as learning management systems (LMS) or a new generation of learning management experience platforms (LMXP) help to respond efficiently to training challenges. By systematizing and automating various aspects of training, global standards can be established and a central platform for program implementation is created.

Learning paths for better training adoption and more efficient evaluation

Developing a technical solution is only one piece of the HR and compliance training puzzle. If the process is completely automated, employees often feel they are not being addressed personally and are less motivated. Individualization empowers and makes them feel that their needs are being addressed in their own environment. For this reason, in order to develop global training programs that are well received and meet with genuine engagement, it is important to become familiar with local markets, cultures and employee needs. With an appropriate LMS solution, specialized learning paths can be established to provide employees with optimally tailored training and content based on their job roles and locations.

Also, when it comes to tracking training completion, such learning paths provide a great way to evaluate training success, as both participants and trainers get a clear snapshot of performance. Instead of having to manually combine and analyze data from multiple reports, the tools built into the learning path automatically aggregate data from all training into a single report. This makes the evaluation of employee training much more efficient.

Source and further information on the topics of compliance management in human resources, among others: https://de.sumtotalsystems.com

At its meeting on January 17, 2022, the Search Committee of the Suva Council Committee elected Gianni Roberto Rossi as CEO of Suva Clinics (Clinique romande de réadaptation Sion and Rehaklinik Bellikon). The 54-year-old will assume his new role on July 1, 2022. The appointment takes place as part of the organizational development of Suva Clinics. The aim is to achieve overarching strategic management as well as harmonization of structures. However, both clinics will remain independent and will be managed by a site management.

Well connected personality

Gianni Roberto Rossi has been CEO of Rehaklinik Bellikon since July 2018 and is very familiar with the concerns of Suva clinics, according to a Suva statement. He is well networked in the Swiss healthcare system and has the best professional and human leadership qualities, it said. His multilingualism (Italian, German, French) was also a decisive factor in his selection. Gianni Roberto Rossi holds an Executive Master in Business Administration from the University of Zurich and a Master in Innovation and Management in Public Administrations from the University Tor Vergata in Rome. In 2013, he obtained a Doctor of Philosophy for his research doctorate.

Suva clinics superordinate steering

Gianni Roberto Rossi is married and the father of three children. He is looking forward to his new challenge: "With my entrepreneurial mindset and ethical principles, I feel I am in the right place at Suva Clinics, which have an excellent reputation throughout Switzerland. My goal is to actively shape strategic developments in the rehabilitation market and thus further strengthen the position of the Sion and Bellikon clinics. Together we will successfully shape the future." And Daniel Roscher, member of Suva's Executive Board, comments: "With his sound economic training, his many years of experience in managing rehabilitation clinics and his winning personality, Gianni Roberto Rossi will skilfully steer, develop and lead the business of Suva clinics into the future."

Source: Suva

Awareness of digital risks and the demand for greater digital transparency and reliability are steadily increasing. Digital responsibility and digital trust are among the new requirements for companies to remain competitive. The market leaders of the future are organizations that actively assume digital responsibility. They put theoretical principles and principles into practice. This should be recognizable to users by means of a seal of approval. On the other hand, providers of digital applications can use the Digital Trust Label to declare their digital responsibility systematically and credibly.

The Digital Trust Label was developed in Switzerland with a special emphasis on the user perspective. Thanks to the participatory and inclusive approach, a label was created that offers organizations the unique opportunity to demonstrate their commitment to digital responsibility. It was developed in the November 2021 presented to the public. Now it is definitely launched.

A clear commitment to digital responsibility

The Digital Trust Label shows the trustworthiness of a digital application, such as a website or app, in clear, visual, and non-technical language that anyone can understand. "Similar to the organic label and the nutritional value table for the analog world, the Digital Trust Label serves as a trust mark in the digital world", explains Doris Leuthard, President of the Swiss Digital Initiative Foundation.

The digital applications are tested against 35 criteria in four dimensions: Security, Privacy, Reliability, and Fairness to users, which includes information about the use of automated decision-making processes. The set of criteria was created by a special Label Expert Committee led by the Swiss Federal Institute of Technology Lausanne (EPFL) and further developed based on feedback from several public consultations. The criteria developed serve as the basis for an independent review.

Swiss Re and Swisscom are the first Digital Trust Champions

The first Digital Trust Champions include Swiss Re and Swisscom, which have already gone through the auditing process for a Digital Trust Label and are allowed to use the label for the audited services. Credit Suisse is currently in the auditing process. Another seven companies have already registered for the labeling process and will begin the audit in early 2022: Atos, Booking.com, Cisco, Credit Exchange, Kudelski IoT, UBS Switzerland AG and wefox. "Financial services require greater trust in digital services more than ever. We support and believe in the Digital Trust Label as a driver for greater transparency and accountability," said Moses Ojeisekhoba, Chief Executive Officer Reinsurance and member of the Group Executive Board of Swiss Re. Urs Schaeppi, CEO of Swisscom adds: "The digital world is fast and easy, but also anonymous. Which digital services can I rely on, which provider can I trust, are the questions that are critical to success. Swisscom supports the Digital Trust Label and the underlying independent audit process because it creates transparency and builds trust in the digital world."

Radiation across industry and national borders

The topic of digital trust is also relevant for the banking sector. André Helfenstein Chief Executive Officer Credit Suisse (Switzerland) Ltd.: "Client trust and security are natural cornerstones of Swiss banking and this also applies in the digital world. Credit Suisse supports the piloting of the Digital Trust Label as it increases transparency regarding data flows and security in digital processes."

The Digital Trust Label sees itself as an example of a practical contribution to bring Swiss traditions and values into the digital world and serves as a starting point for a global movement towards digital responsibility. "There is no better place than Geneva to pioneer and test new tools for digital trust and responsibility. A label can be a way to bring together international stakeholders working on this issue and build global consensus," says Benedikt Wechsler, ambassador and head of the Federal Department of Foreign Affairs' Digitization Division. 

Source: Swiss Digital Initiative. More information about the Digital Trust Label

Stress in vocational training: According to the Job Stress Index 2020 from Health Promotion Switzerland (see chart), 42% of young workers aged 16-24 have too few resources to meet workplace demands, 30% are emotionally exhausted, and their risk of occupational accidents is twice as high. The pandemic has exacerbated this trend. Health-related productivity losses, which in this age group are a good 21%¹⁾ are the economic consequence.

Health promotion in vocational training is urgent

The fact that young workers are increasingly affected by emotional exhaustion is not surprising. After all, they are going through intensive developmental steps that affect almost all areas of life. These are also relevant in the cooperation of the learners with the vocational trainers, superiors as well as teachers in the vocational school. The urgency of specifically promoting the mental health of learners is evident from the aspects and figures mentioned.

At the same time, this increases the demands on those responsible for vocational training. Targeted support offers for the health-promoting management of young employees are therefore welcome. A good point of contact for this are, for example, industry associations, the Association of Vocational Trainers or Apprentice. The latter is a comprehensive range of Health Promotion Switzerland For effective mental health support for learners.

A human and economic gain

Companies in whose culture a systematic BGM is practiced have advantages when it comes to the health-promoting management of learners. Kuhn Rikon AG, for example, introduced a holistic health management system as early as 2006. Since 2009, the company has been awarded the label "Friendly Work Space" certified by Health Promotion Switzerland. The leading cookware manufacturer employs around 190 people in Switzerland. Eleven of them are young employees up to the age of 24, which includes a total of three apprentices in business administration and logistics.

In addition to the usual BGM measures, the company offers its learners individual support, for example:

• Personalized support from recruitment to the final examination, tailored to the specific needs and stage of development.
• The probationary period and interview will take place with the parents.
• The integration of learners into the team. For example, they participate in the monthly Continuous Improvement Process (CIP) meeting.
• The team spirit and the encounter of the apprentices among each other are promoted, e.g. by mutual support with preparation tasks of the inter-company courses or common lunch in the staff restaurant.
• Regular exchange between learners, vocational training officers and supervisors that consciously includes current well-being. This also includes giving the young people sufficient time for their leisure activities.
• An open error culture and appreciative interaction strengthen independent work and thus the learners' awareness of their self-responsibility and self-efficacy.

And this is how health-promoting leadership of learners succeeds. Essentially, three dimensions are decisive here²⁾:

1. Self-direction: The vocational trainers promote their own health. They are role models.
2. Contact with learners: The vocational trainers promote the health of the learners in direct, communicative exchange (behavior-oriented perspective).
3. Design of working conditions: The vocational trainers design the tasks of the learners, their goals and their working environment in such a way that they have a health-promoting effect on the learners (condition-related or relationship-oriented perspective).

¹⁾ Source: Health Promotion Switzerland - Job Stress Index Monitoring 2018 according to Galliker et al. 2018b

²⁾ Source: Franke, Vincent & Felfe, 2011

Live chat for vocational trainees

on tobacco consumption - with experts from Addiction Switzerland. January 31, 2022, 1 to 5 p.m. Participate with the FWS Apprentice Experts App.
An event organized by Health Promotion Switzerland.

Almost every day we read in the media about cyberattacks by criminals that cause considerable damage and even lead to production losses. Companies are increasingly afraid of becoming victims of such attacks themselves. This is also shown by the eleventh Allianz Risk Barometer, for which around 2,700 experts in 89 countries and territories worldwide were surveyed on top risks. Respondents included CEOs, risk managers, brokers and insurance experts. For example, cyber incidents are the top risk for businesses worldwide (44 % of responses), business interruption ranked second globally (42 %), while natural catastrophes jumped to third (25%, up from 6th last year). Climate change concerns also made a big leap forward to 6th place (17%), up from 9th place last year). The outbreak of a pandemic, on the other hand, seems to have lost some of its terror, at least in terms of its impact on the economy: it fell out of the top 3 to 4th place (22%). However, the survey took place before the outbreak of the Omikron variant, Allianz spokesman Daniel Aschoff noted in a media briefing. He did not rule out that the result would be somewhat different in view of the current pandemic situation.

Resilience is becoming a competitive factor

Naturally, the risks are assessed somewhat differently depending on the sector. However, it is noticeable that business interruptions were named as the No. 1 risk globally in more than half of the industries surveyed (in 11 out of 20 sectors), while cyber ranked top in "only" five out of twenty industries. "Business disruption is likely to remain the most important risk issue in 2022," said Christoph Müller, CEO of AGCS, summarizing this year's survey. "For most companies, the biggest fear is not being able to manufacture their products or provide their services. In 2021, disruptions occurred on an unprecedented scale, caused by a variety of triggers: Crippling cyberattacks, the impact of numerous climate change-related weather events on the supply chain, and pandemic-related production problems and transportation bottlenecks wreaked havoc. This year promises only a gradual easing of the situation, although further problems related to Covid-19 cannot be ruled out. Building resilience to the many causes of business disruption is increasingly becoming a competitive advantage for companies." According to the Euler Hermes Global Trade Report, further disruptions in the global supply chain are expected to continue into the second half of 2022. 

Top risks in Switzerland: cyber in first place

In Switzerland, the ranking is also dominated by cyber incidents (1st place with 61%) and business interruption (2nd place with 57%). Market changes, for example caused by volatility, increased competition/new competitors, stagnating markets or market fluctuations (25%), follow in third place. According to Allianz, uncertainty at the political level is also likely to play a role here: The lack of a framework agreement with the EU, unresolved problems in connection with Brexit or even monetary policy would lead to a kind of "feeling of powerlessness" in companies, as Christoph Müller explains.

The biggest climber alongside market changes is climate change (5th place with 17 %). New in the top ten ranks of top risks are the shortage of skilled workers, which ranks 7th (12%), as well as concerns about the failure of critical infrastructure (9th place with 11 %) and loss of reputation (9th place with 11 %). Worries about Covid-19 or another pandemic are of significantly less concern to companies than they were in 2021 (6th place with 15%).

New criminal tactics 

In the context of cyber risk, Christoph Müller sees "double extortion tactics" as particularly worrying: Increasingly, cyber criminals are not only limiting themselves to extorting ransoms after data has been encrypted, but are also subsequently threatening to publish sensitive data if payment is not made again. And further, the cyber threat goes hand-in-hand with military threats, as recent events in Ukraine, for example, would show, Mueller said. "Ransomware has become big business for cybercriminals, who are refining their tactics and lowering the barriers to entry - it hardly takes any technical knowledge to carry out an attack, and the relevant tools can be conveniently booked on the web. The commercialization of cybercrime makes it easier to exploit vulnerabilities on a large scale. We will see more attacks on supply chains and critical infrastructure," explains Ivo Heeb, Underwriting Expert Financial Lines at AGCS in Switzerland.

Business interruption: the constant among the top risks

In a year marked by widespread disruption, the extent of vulnerabilities in modern supply chains and production networks is more apparent than ever. In addition to cyber incidents, the impact of companies' increasing reliance on digitalization and the shift of work to remote locations are also important causes. Natural disasters and pandemics are the other two important triggers for business interruption, according to respondents. "The pandemic highlighted the extent of interconnectedness in modern supply chains and how inherently unrelated events can come together to cause widespread outages. For the first time, the resilience of supply chains has been severely tested on a global scale," says Christoph Müller, CEO of AGCS in Switzerland.

The outbreak of a pandemic remains a major concern for companies. In Switzerland, however, as mentioned above, the threat now ranks only 6th among the top risks. Although the Covid 19 crisis continues to overshadow the economic outlook in many sectors, companies believe they are well prepared for it. The majority of respondents (80 %) believe they are adequately or well prepared for a future wave of pandemics. Improving business continuity management is seen as the most important measure that companies are taking.

Source and further information: www.agcs.allianz.com

Robin Setz joined the corporate group in November 2021 and has assumed responsibility for all QM matters for both SVTI Swiss Association for Technical Inspections and Swiss Safety Center AG. He succeeds Dr. Elisabetta Ramsperger-Prati. SVTI is one of the most important Swiss institutions in the field of technical safety inspection. The purpose of the SVTI is the prevention of accidents, malfunctions and damage and the elimination of hazards in the manufacture and operation of technical equipment of all kinds.

Robin Setz is an expert in quality management, project and process management. He brings many years of experience and has worked in a wide variety of project and quality management functions at internationally active companies. Most recently, as Head of Process Management and Quality at an industrial company, he was responsible for setting up and implementing the process and quality management system. His goal is to ensure that the SVTI Group has a modern quality management system that is appreciated and lived by employees, managers, customers and auditors alike.

His part-time job as a lecturer in project and process management at the University of Applied Sciences Graubünden enables him to build a bridge between theory and practice. 

Source and further information: www.svti.ch