The National Labor Agreement (LMV) for the construction industry, which governs the working conditions of around 100,000 construction workers in Switzerland, expires at the end of 2015.

The construction workers demand for the renewal in particular a better Health protection in bad weatherSnow, rain and wind on a construction site significantly increase the risk of an accident. The Unia trade union therefore wants to achieve that construction workers have a say in deciding when they are allowed to stop work due to dangerous weather conditions - for example in the case of icy scaffolding or slippery floors at height, but also in the case of excessive sunlight and heat.

As Unia reports, the renegotiations are still stalling. The construction workers are demanding that negotiations must now begin quickly - otherwise there is a risk of a contractless situation next year.

This is the result of the study "IT Security and Data Protection 2015" of the self-help organization National Initiative for Information and Internet Security e.V. (NIFIS). According to the study, loss of control over one's own data (73%), internal and external hacker attacks (71%) and one's own ignorance of the existing risks (89%) are currently the main threats to the German economy in cloud computing.

Companies are careless with their data

The NIFIS study also considered other security aspects of cloud computing. According to the majority of experts (66%), modern encryption programs can make it much more difficult to read data - but even they do not offer complete protection against spying. A further 54% attest to the German economy's careless handling of its cloud-based data. It is also worth noting that almost half of the IT experts surveyed (49%) believe that in some cases cloud providers are also too careless with the data they entrust to them. The US Jurisdiction is also contributing to German companies' uncertainty when choosing a cloud provider, according to NIFIS Chairman Attorney Thomas Lapp. According to the study, 65% of the companies surveyed believe that there is a lack of transparency as to whether the cloud service providers that manage their customers' data in Europe do not pass it on to US authorities such as intelligence agencies.

Awareness campaign called for

In order to ease German companies' uncertainty about cloud computing, Lapp is calling for a broad-based education campaign: "The German government and business associations must see the digitization of the German economy as a national task." As part of more intensive cooperation, especially between government and business, an educational campaign must provide information about the dangers and risks of cloud computing, he said. "This would give many companies more security in dealing with the digital cloud and at the same time massively strengthen confidence in the new technology. Moreover, if companies are more aware of the dangers, many of their fears will prove to be unfounded," emphasizes the NIFIS chairman.

According to Lapp, German companies still seem to be under the lasting impression of Prism and Co. According to the NIFIS study, the espionage scandals have made 88% of German businesses more aware of data protection. Accordingly, spending on IT security and data protection will continue to increase in 2015. Almost half of German companies (49%) expect investments to increase by 50% this year. A further 17% even forecast a doubling. Compared with the previous year, significantly more companies thus expect demand for IT and information security to rise.

When cross-reading various magazines and portals on the subject of IT security, it seems to be the norm these days to scare readers as much as possible about (potential) dangers. Malware in any form, DDoS attacks, backdoors - the common user is apparently safe neither from cyber gangsters nor from spying governments. But what reactions does this kind of reporting provoke in readers? Partly resignation along the lines of "There's nothing we can do anyway," or even a diffuse feeling of panic: "How are we supposed to protect ourselves from so many threats?" The supposed solution: It is best to invest in as many solutions as possible that cover all the areas that need to be protected.

Prophylactic thinking in all its glory, but rushing into the purchase of any security products will hardly bring the desired protection, not to mention the presumably too high costs. The market for security solutions has grown considerably in recent years, not least because of the pessimistic forecasts, and at the same time it has become more confusing. A first step towards an adequate security concept can be to approach an independent consultant, e.g. from a system house. These experts have in-depth, up-to-date knowledge of the market and solution areas. A detailed discussion and an analysis of the current situation subsequently provide a clear picture of what is needed or perhaps even superfluous. In addition, customers benefit from comprehensive support during selection, installation and training in the use of the solutions.

By Peter Schneider, sysob IT Distribution

In 2014, MROS received a total of 1,753 SARs, which is the highest number in the history of MROS. The previous high of 1625 reports from 2011 was exceeded by more than one hundred reports.

More than 85% of all reports were submitted by banks. While the number of reports from banks rose by 33% from 1123 to 1495, those from the rest of the financial sector declined. The decline in reports by trustees or asset managers was most pronounced.

Amount reported increased further

The amounts involved increased by 12% to over 3.3 billion Swiss francs in the reporting year. One report exceeded the CHF 200 million threshold, while six other reports involved amounts in excess of CHF 75 million. Together, these seven reports contribute to around one-third of the total amount reported.

The total involved amounts related to reports forwarded to law enforcement agencies is comparable to the figure from the previous year (2.85 vs. 2.8 billion Swiss francs in 2013).

Alleged acts of bribery doubled

In the year under review, the number of reports in which suspected acts of bribery were listed as predicate offenses more than doubled. This is due to a large and complex case in connection with which more than 50 reports were filed. This case was forwarded to the prosecution authorities.

As in previous reporting years, fraud was again the most common predicate offense to money laundering in 2014. The number of relevant reports increased compared to the previous year (448 versus 373 in 2013). Reports relating to phishing, i.e. the fraudulent misuse of an IT system, remained consistently high.

Nine reports of suspected terrorist financing were filed in the reporting year. The situation thus remains comparable with the previous year. Unlike in 2013, when the 33 reports concerned eight individual cases, all nine reports in the reporting year were individual cases.

Strengthening the analytical capacities of MROS

In 2014, 72% of reports were forwarded to law enforcement authorities. The 2014 forwarding rate is thus 7% lower than that of 2013, continuing a trend that has been observed for three years. The decrease in the forwarding rate is due to the fact that MROS is filtering out more reports that cannot be corroborated, which reduces the workload of the prosecution offices. The decline in the rate can be explained by the partial revision of the Anti-Money Laundering Act, which came into force at the end of 2013 and gave MROS the additional option of obtaining information from so-called third-party financial intermediaries. Increased cooperation with foreign counterparties and the prosecution authorities also contributed to this development.

On December 12, 2014, Parliament passed the law implementing the revised recommendations of the Financial Action Task Force (FATF), which is expected to enter into force on January 1, 2016. MROS is directly affected by the changes, as the reporting system has undergone important changes: In the case of suspicious activity reports, assets will no longer be blocked automatically in the future. Now, the financial intermediary will only block the assets once MROS notifies him that the case has been forwarded to the prosecution authorities. Furthermore, the previously very short analysis period for the reports received has been extended to a maximum of 20 days, which will further improve the quality of the analyses.

The amendment also expands the range of predicate offenses. Serious offenses in the area of direct taxes are now also covered. Finally, for cash transactions above a threshold of CHF 100,000, the legislator also made traders subject to a reporting obligation to MROS.

Also related to the adapted FATF recommendations were the work carried out in the year under review within the framework of the National Risk Analysis (NRA) and the collection of statistical data. In particular, MROS carried out updating efforts with regard to the number of judgments issued and discontinuation orders issued in connection with money laundering reports. These figures are published in the Annual Report presents.

"Green workplaces" create special requirements for occupational health and safety. On the occasion of today's World Day for Safety and Health at Work, the International Labour Organization (ILO), the German Social Accident Insurance Institutions (BGs) and the German Social Accident Insurance Institutions (GHIs) are drawing attention to this.

The new job profiles give rise to new risks. For example, a rescue concept for accident victims in offshore wind farms has yet to be developed.

Health protection when handling solar cells is also a new challenge: Novel hazardous substances such as cadmium telluride are being used more and more. In total, a photovoltaic system contains around 15 hazardous substances. This is not only an issue during manufacture, installation and recycling, but must also be taken into account in the event of a fire, for example: Firefighters need special protection if there is a solar system on the roof of a burning house.

According to the ILO, 4.2 million people worldwide already work in the field of renewable energies - and the trend is rising sharply. The ILO expects this figure to rise to 30 million by 2030.

Various News and publications on the subject of green jobs can be found on the ILO website. (in English).

Since the NSA surveillance affair and in the wake of various terrorist attacks around the world, there has been repeated controversy about whether intelligence surveillance should be expanded or rather restricted from a data protection point of view. Therefore, the lecture by Dr. Hans-Georg Maaßen at the annual Computas-The "DuD 2015" data protection congress, which will be held in Berlin on June 15 and 16, 2015, is eagerly awaited.

In addition, European data protection law continues to face realignment, and the draft German IT security law is being discussed, so conference participants are sure to learn a lot of new things.

This year, the problem of balancing national security interests and data protection will be addressed in particular depth, but the topic of cloud computing will also be dealt with intensively. In addition, many other topics will be discussed that may arise in the participants' everyday professional lives, such as app use, video surveillance or when employers use personality tests. Prominent experts, including Andrea Vosshoff, the Federal Commissioner for Data Protection and Freedom of Information, and Ulrich Kelber, Parliamentary State Secretary at the Federal Ministry of Justice and Consumer Protection, will be present to comment on current issues. In addition, data privacy and IT security officers from Deutsche Bahn, Daimler and the German Federal Employment Agency, among others, will report on their professional backgrounds.

Those who expose themselves daily to the sun's UV radiation risk not only a painful sunburn, but also dangerous long-term damage such as skin cancer or eye damage. In addition, the skin ages noticeably faster.

How dangerous the sun is depends on both the individual skin type and the current intensity of UV radiation. On a Website of the Federal Office of Public Health is displayed daily how strong the local UV radiation is in the various locations in Switzerland. In general: Especially from the beginning of May the radiation is very intense. The Swiss Cancer League therefore advises avoiding the sun altogether at midday.

However, those who have to work outside often cannot completely escape the sun. It is therefore important to protect skin and eyesight: with suitable textiles, headgear, sunglasses and sunscreens. The German company Peter Greven Physioderm GmbH, which specializes in skin protection in the workplace, has therefore compiled a compendium on the subject of skin protection in the workplace, containing information and recommendations. It is here available for download.

The European organization Europol reports in its report "Serious & Organized Threat Assessment 2013" that the global impact of cybercrime has reached a value of US$ 3 trillion. That is, it is now more profitable than the global trade in cannabis, cocaine and heroin combined.

The US company Tripwire has investigated how many companies around the world inform the public when they discover an incident. While companies in the USA are obliged to do so, in Europe it is still voluntary.

The startling result: 37% of the companies surveyed said they weren't even sure they would notice a data loss.

The implementation of the "National Strategy for the Protection of Switzerland against Cyber Risks" was once again the topic of this year's "Cyber Country Meeting" of the Sicherheitsverbund Schweiz (SVS) which took place in Bern for the third time.

Around 70 representatives of the Confederation and the cantons met to learn about and exchange information on the milestones already reached and the work developed by the four NCS working groups. The goal is to support the cantons in increasing their resilience and reducing cyber risks.

Products already developed include:

The processes for handling cyber security incidents have been described in incident management. The Swiss Cyber Experts association is part of the relevant processes.

The Crisis Management unit drew up a concept that describes the existing crisis management processes of the Confederation and the cantons in the event of crises with a cyber dimension. This concept will be tested at a strategic seminar with the agencies concerned.

In the area of cybercrime, one-day training courses for police officers will be offered in June 2015. At these trainings, the most important cybercrime phenomena will be explained to the police officers on the basis of phenomenon sheets, which the SVS helped to develop, and the measures to be taken will be pointed out.

In addition to providing information, the event also served to share experiences among participants, promote cooperation and networking between the federal government and the cantons, and collect suggestions and needs from participants in workshops. The next Cyber-Landsgemeinde is scheduled to take place in 2016.

Connected vehicles, whether they are cars, trucks, buses or construction machinery, use various wireless technologies such as WLAN, UMTS, LTE or Bluetooth. These can be used to offer a range of new on-board functions and value-added services that, for example, warn of traffic jams, reduce fuel consumption and CO2 emissions, or increase vehicle performance. Electronic systems for navigation, infotainment, and safety and emergency call applications are also leading to increasing vehicle networking.

However, this also increases the risk of hackers gaining access to vehicles and manipulating essential functions. In addition, information about driving behavior could be used without the driver's knowledge or consent. As with all devices connected to the "Internet of Things," data security is crucial to prevent unauthorized access or remote takeover of a vehicle.

"Ethical Hacker" by BTwho are part of an international team of experienced security experts, test such potentially vulnerable systems using a standardized method. To do this, they imitated hacker attacks to uncover potential vulnerabilities, report them, and recommend courses of action. In the future, BT will also use this expertise to advise vehicle manufacturers, insurance companies and other companies in the automotive industry. In this way, weak points can be identified and remedied before a new vehicle is launched on the market. To ensure that the car remains safe throughout its lifecycle, BT will also provide ongoing support to ward off emerging threats as well.

With BT Assure Ethical Hacking for Vehicles, the possible attack points of a car can be specifically tested. Among other things, the tests check the interfaces accessible inside a car, such as Bluetooth connections, USB ports or DVD drives, but also external connections such as mobile networks or charging plugs. BT focuses on end-to-end security. All external systems connected to the vehicle are therefore also tested and checked. The primary goal is to detect vulnerabilities that allow unauthorized changes to configuration settings or the introduction of malware. Systems that can be used to access a vehicle from the outside include, for example, maintenance technicians' laptops, infotainment providers' servers and other support systems.

"In a few years, the majority of newly manufactured vehicles will be connected to the Internet or other networks - whether to enable navigation, maintenance, cooperative driving or entertainment services," said Udo Steininger, head of assisted and automated driving at the TÜV SÜD. "Drivers will expect the same level of usability in this that they are used to from their smartphone. This will be a major challenge for the automotive industry because cars are equipped with many embedded systems that were not designed to connect to the outside world. Therefore, the industry needs to work with suppliers, IT security specialists and certification bodies to agree on a common approach to interfaces and security standards for the connected car."

Source: BT (Germany)

Two years ago today collapsed the Rana Plaza factory building and buried textile workers inside. 1127 people died, almost 2500 were injured.

Particularly tragic about the disaster: The day before, on April 23, 2013, cracks had already been detected in the building. The police then banned access. However, the factory operators forced their employees, mostly female textile workers, to start work anyway.

After the collapse, Western companies that have their clothes sewn in the country signed an agreement to improve working conditions locally. Since then, a lot has happened - but not enough by a long shot: The occupational health and safety organization IndustriALL, based in Geneva criticizedthat still not a single factory in the country is safe. The promised refurbishments are also lagging far behind schedule.

In addition, according to IndustriALL, US$ 6 million in compensation for those affected is still missing from the total US$ 30 million promised by the garment industry.

When companies launch initiatives that put a stop to cyber criminals before they can even attack, their security improves significantly. This is shown in a study by the consulting firm Accenture and of the Ponemon Institutes.

For the study, 237 companies worldwide were surveyed on the subject of cyber security. The conclusion: companies that prevent attacks from occurring in the first place thanks to cross-company early detection strategies were able to improve their Security Effectiveness Score (SES) by more than half (53 %) last year. Purely reactive companies, on the other hand, improved by only 2%.

The Ponemon Institute's Security Effectiveness Score (SES) is based on a total of 48 security features and practices.

The study identified two ideal types: "Leapfrogs" versus "Laggards". The so-called leapfrogs align their security goals with the company's goals. They focus on security innovation and proactively manage potential cybersecurity risks. The Laggards are different: they rely on traditional prevention and compliance.

The Link to the study (in English)