Going Public Adds New Dimension to Compliance

Sexual Assault & Harassment No Longer Hiding in NDAs
Congress passes bill voiding NDAs in cases of sexual assault, harassment; Biden expected to sign
The Speak Out Act would allow those who have experienced sexual assault or sexual harassment in the workplace - and who have signed NDAs - to talk about their experiences.

The U.S. House of Representatives passed the Speak Out Act on Wednesday. The bill, which the Senate passed by unanimous consent Sept. 29, will head to President Joe Biden's desk.

The White House released a letter in support of the Speak Out Act on Nov. 14.

The Speak Out Act would render unenforceable workplace predispute nondisclosure and nondisparagement clauses involving sexual assault and sexual harassment. It follows a similar bill signed into law in February, the Ending Forced Arbitration of Sexual Assault and Sexual Harassment Act, which invalidated mandatory arbitration agreements in such cases. hrdive.com

Starbucks Workers Plan Walkouts at More Than 100 Cafes

Pro-union baristas say they intend to strike Thursday as they pressure company to bargain on wages, benefits, and staffing levels.

Starbucks Workers United, which recently began bargaining with the company over wages and benefits, said it was the largest coordinated national action taken by the union since it was formed last year. The union posted on social media photos of groups holding up strike signs outside locations that included Los Angeles, Philadelphia and New York City. wsj.com

Stress & Mental Health on OSHA's Radar - But No Regs or Procedures - Yet
Other than for Workplace Violence

OSHA Highlights Stress and Mental Health in the Workplace
OSHA, citing a Centers for Disease Control and Prevention July 2018 publication on Mental Health in the Workplace, has released a Safety and Health Topics bulletin addressing workplace stress and mental health hazards. According to OSHA, these workplace hazards have a range of potential consequences, including related to:

• Job performance
• Productivity
• Work engagement and communication
• Physical capability and daily functioning

OSHA's concern for the mental health of the American workforce is generally supported by the regulated community. But OSHA has no regulations that address workplace stress and generally does not regulate mental health hazards, even to the extent they could be work-related.

OSHA currently has no procedures in place for a workplace stress inspection and has no standards in place indicating what would be considered a violation of the general duty clause and what types of abatement would be feasible or useful. Accordingly, OSHA may not yet be equipped to inspect for hazardous levels of workplace stress or craft a General Duty Clause citation. Therefore, we anticipate the probability of enforcement to be remote in the short term absent an unusual event, such as stress induced workplace violence. However, workplace stress is clearly on OSHA's radar screen and we can anticipate further activity as OSHA comes up to speed on the issue. lexology.com

From OSHA to the DOJ to the SEC - Gov't Agencies Are Cracking Down
OSHA Significantly Increases the Number of Investigators by 19% in 2022

OSHA's staffing levels are higher now than they have been in decades.

The influx of compliance officers coincides with OSHA ratcheting up its enforcement priorities, including increasingly aggressive enforcement and increased penalties. Given the increase in inspectors, there is increased risk for on-site inspections. Employers should make sure that they are "inspection ready." jdsupra.com

SEC Had a Record Year for Enforcement Actions

Whistleblower award program received more than 12,300 tips reporting potential wrongdoing in fiscal 2022

The Securities and Exchange Commission ramped up its enforcement efforts in the last fiscal year, as the markets regulator focused its sights on prosecuting high-profile cases and imposing steep penalties for misconduct under the leadership of Chair Gary Gensler.

The SEC filed 760 enforcement actions in the year ending Sept. 30, up 9% from the year before, according to the agency's annual enforcement report, which was made public Tuesday.

The SEC imposed a total of $6.44 billion in monetary penalties, the highest amount on record and 67% above the previous year. The total includes a record $4.19 billion in civil penalties, and $2.25 billion in the disgorgement of ill-gotten gains, about 6% less than the year before.

The agency imposed more penalties than disgorgements in the last fiscal year, which demonstrates that "the potential consequences of violating the law are significantly greater than the potential rewards," Gurbir Grewal, the SEC's director of enforcement. wsj.com

83% of CFOs Plan to Implement Hiring Freezes: Weekly Stat

Faced with a skills shortage and a looming recession, CFOs said automation and outsourcing are critical for the finance team.

As Q4 and 2022 approaches its final weeks, CFO outlook on the overall economy remains low. Alongside large-scale hiring freezes being forecasted in OneSource Virtual's 2023 CFO Outlook Report, data shows CFOs are putting their staff in the best position to remain productive and not feel overworked, even as their teams pause hiring. Many are implementing automation technology in areas surrounding remedial finance and accounting tasks, freeing up labor for work on other projects that can counteract economic woes by driving growth. cfo.com

NRF Response to Positive Retail Sales Data
Retail Sales Growing as Holiday Season Begins
Retail sales grew again in October as consumers set aside concerns about inflation and many got a jump start on the holiday season, the National Retail Federation said today.

"October retail sales data confirms that consumers continue to stretch their dollars on household priorities, including gifts for family and loved ones this holiday season," NRF President and CEO Matthew Shay said. "With a strong labor market and excess savings, we are expecting a solid five-day holiday shopping weekend, and retailers are prepared to meet their customers with the right inventory, competitive prices and great experiences. We are keeping a close eye on the railway labor negotiations and urge Congress to do everything in its power to avoid a labor strike this holiday season." nrf.com

'Paralyzing' lake effect storm could blitz Buffalo with over 3 feet of snow
Watch Out For Your Buffalo Stores This Weekend

Chipotle to open 250 to 285 restaurants in 2023

First Look: Starbucks' new mega-store in Empire State Building


Quarterly Results

Richemont Six-Month Period Retail Group sales up 21% (1,283 boutiques), Online retail up 19%, Wholesales up 14%, total sales up 24%

Canada's Metro Q4 Food comp's up 8%, pharmacy comp's up 7.4%, sales up 8.1%

Canada's Loblaw Companies Q3 Food retail comp's up 6.9%, Shoppers Drug store comp's up 7.7%, sales up 8.3%

BJ's Wholesale Q3 club comp's up 5.3% excluding gas, digital up 43%, total comp club sales up 9.7%

Target Q3 store comp's up 3.2%, digital sales up 0.3%, total revenue up 3.4%

Lowe's Q3 U.S. store comp's up 3%, Lowes.com up 12%, sales up 2.2%

TJX Q3 U.S. comp's down 2%, net sales down 3%*
   Marmaxx comp's up 3%
   HomeGoods comp's down 16%
   TJX Canada sales down 1%
   TJX Intern. sales down 16%
   *First ever decrease reported on the Daily

Macy's Q3 Comp's down 3.1% on an owned basis & down 2.7% on an owned-plus-licensed basis, digital down 9%, net sales down 3.9%

Bath & Body Works Q3 U.S. & Canada stores sales down 5%, Direct sales down 6%, total net sales down 5%

Kohl's Q3 comp's down 6.9%, net sales down 7.2%

Retail is an Easy Target for Cyberattackers
Cybersecurity issues in retail and smart cities

Countering cybercrime requires collective vigilance and cooperation

Easy targets: smart retail and smart cities

The need for vigilant cybersecurity measures is paramount. The retail sector has proven especially vulnerable. Trustwave reports that retail is on the receiving end of 24% of all cyberattacks, more than any other industry.

Retail's reliance on mixed technology, pairing old point-of-sale systems like cash registers and in-store purchases with cloud-based e-commerce and administrative systems, makes it an ideal target for hackers. On top of that, retail's customer data tends to be high value, often consisting of credit card details, phone numbers, and security questions and answers. The industry's high staff turnover rate also makes it vulnerable. Some 64% of retailers report attempted attacks each month, with the cost of a hack to an e-commerce site currently averaging $4 million. In 2020, cyberattacks cost online retailers a remarkable  £5.9 billion  in the UK alone.

But the problem is not limited to e-commerce. Brick-and-mortar retail stores are at enormous risk too. In fact, part of the reason physical stores have become an easy target for cybercriminals is that in-store management is often inattentive, presuming that such attacks only take place online.

That may have been true at one time, but many physical stores today are increasingly reliant on Internet of Things (IoT) devices. IoT solutions offer extraordinary benefits in-store: indoor navigation, presence detection, and preventive maintenance, to name a few. But if not properly secured, increased digitalization can leave retailers exposed.

Problems and solutions

The emergence of intelligent networks made up of billions of connected devices across a range of sectors has created a whole new world of vulnerabilities for cybercriminals to exploit. Some of the most common cybercrimes are phishing scams, ransomware, data breaches, distributed denial-of-service (DDoS) attacks, and supply chain disruptions. Cybersecurity must continually innovate and adapt to confront a diverse and ever-evolving range of threats.  cio.com

Assessing Cybersecurity Vendors
Build a mature approach for better cybersecurity vendor evaluation

Establishing a thorough, well-planned in-house strategy for assessing cybersecurity vendors and their products is a hallmark of an organization's maturity and can avoid hassles, headaches, and unnecessary expense.

A mature evaluation program begins with a clear understanding of a problem and the solutions intended to solve it, Manrod says. An immature team, by contrast, might chase products for no better reason than an executive saw something they liked at a conference without first defining a clear business need for it.

Furthermore, a mature evaluation team understands and reviews a wide range of solutions before narrowing down to those that meet the business-defined needs, Manrod says. Mature organizations also put greater reliance on testing, rather than believing a vendor's marketing pitches without question. For example, he says, an advanced testing team would replicate the exact tactics, techniques, and procedures (TTP) of an attacker to try and bypass the tool altogether.

No universal framework for vetting cybersecurity vendors

"There is no universal framework that people use to evaluate their security vendors, which is a pity because people replicate work across many different vendors, products, and services. And I am on both sides of this issue - I evaluate companies for investment purposes. Then once we invest, we're on the sell side," she says. "I would love it if there were universal frameworks and standards to use. That would make the sell-side job a lot easier - knowing what to prioritize and how to communicate to customers."

Mature vendor evaluation is aligned with business needs - Align vendor evaluation with the standards that do exist - Evaluate the cybersecurity vendor, not just the product csoonline.com

Protecting Key Credit Card Data
PCI DSS 4.0 is coming: how to prepare for the looming changes to credit card payment rules
New credit card payment processing rules will tighten security and offer more flexibility for enterprises. While they won't come into full effect until 2025, experts say there are significant changes and recommend that consumer-facing business start getting ready for compliance now.

For enterprises that handle credit card data, which means just about every consumer-facing company, payment processing is a mission-critical system that requires the highest levels of security.

However, credit card issuers, merchants, banks, and third-party transaction processors lost $28.58 billion to credit card fraud in 2020, which comes to nearly 7 cents per $100 in purchase volume. And the Nilson Report projects credit card losses will exceed $400 billion over the next 10 years.

In an effort to reduce those losses and keep pace with the rapidly evolving threat landscape, global standards body the Payment Card Industry Data Security Standards Council (PCIDSSC) has issued a major upgrade to its rules governing how credit card data is to be stored, processed and protected. csoonline.com

Disneyland Malware Team: It's a Puny World After All
A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode, an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic.

Electronics repair technicians snoop on your data

Iranian hackers use Log4Shell to mine crypto on federal computer system

Copperas Cove, TX: $50K in collectibles gone after veteran-owned shop burglarized on Veteran's Day
A veteran-owned shop in Central Texas is asking for help finding the burglars who hit Apollo's Sports and Collectibles. Adding insult to injury, the crooks broke into the store on Veteran's Day, leaving the store a mess. Four burglars broke into the store around 2:30 a.m., and in the span of three minutes, stole items from signed cards, jerseys, and helmets. Co-owner and Army veteran, John Bostic, said they took over $50,000 worth of merchandise.  kwtx.com

Boynton Beach, FL: T-Mobile burglarized; More Than $30K In Electronics Stolen, Found In North Broward County
An ex-employee of the T-Mobile store in the Boynton Beach Mall allegedly returned to the store after it closed for Hurricane Nicole - gained entrance - and stole $30,000 worth of phones and other electronics. But Nicolas Castellanos apparently forgot to turn off the GPS tracker that was mixed into the equipment he allegedly stole. The tracker revealed that the equipment exited the store, moved down I-95, then became stationary at a house in the northern Broward County town of Margate. Video surveillance of the actual theft indicated the thief looked a lot like Castellanos who had recently been fired. Castellanos had allegedly texted other employees that he planned to "empty out" the safe. He still had a key to the store and access to the safe at the time of the burglary. bocanewsnow.com

Middlesboro, KY: Police are seeking to identify several suspects after a Jewelry store heist
Six people suspected of stealing from the Antique & Modern Jewelry are being sought by police. Surveillance video appears to show two men entering the store and speaking to a woman behind the counter. Four women later enter the store, with one appearing to reach over a glass cabinet, grab a full display of jewelry and hid it in her clothing. Susannah Cadle's family has owned Antique & Modern Jewelry for years. Cadle said, "They were very pushy. It is a 'Oh, we're going to buy.' They were flashing cash. 'We have this money. We have this money. We want to buy all of this.' And [the store employee] was very careful and very diligent about only getting one piece out at a time but with so many people moving about, they had scarves they were switching in between each other and different things. Just tactics to kind of keep you overloaded sensory-wise." wate.com

Mount Joy Township, PA: Several charged after Adams County police chase, store theft
Several people were charged after a shoplifting call turned into a State Police chase in Adams County. On Nov. 11, Pennsylvania State Police responded to the Under Armour store on Gettysburg Village Drive for a retail theft in progress. Troopers responded and saw seven people fleeing the store while throwing stolen merchandise. One person was apprehended after a foot chase and five others fled in a vehicle. Troopers chased the vehicle and conducted a PIT maneuver to stop the vehicle. Five people fled on foot and three were apprehended. An additional get-away vehicle was located nearby and found to be stolen from Baltimore. One of the suspects was found to have three outstanding warrants, including one for armed robbery. abc27.com

Columbus, OH: Two suspects steal thousands of dollars worth of North Face coats stolen from Polaris store
Columbus police are on the lookout for two suspects who stole $2,600 worth of Northface coats from a Columbus store. According to a Twitter post made by Columbus Police, on Oct. 8, two women walked into a store located on the 1500 block of Polaris Pkwy. The duo filled a shopping cart with a variety of Northface jackets, before wheeling the cart and the merchandise out of its front entrance without paying. 614now.com

Portland, OR: Orox Leather the latest Old Town business to be hit by burglars; over $10,000 loss
Another small business has been hit by crooks. Orox Leather said early Tuesday morning someone broke into their Northwest Portland store and robbed them. Central Police responded to the report in the early morning hours and reported that what appeared to be four individuals robbed the small shop. This isn't the first time the local shop has been targeted. Owners say it's exhausting witnessing the uptick in crime in Old Town. "This really hurts," Orox Leather's owner Martin Martinez said, "it takes away about 20% of our retail." Police estimate that between 200-300 items valued at around $10,000 was stolen. koin.com

Bloomington, IN: $1000 dollars in merchandise stolen at Ulta Beauty
Police are investigating after three people stole about 1000 dollars in fragrance items from Ulta Beauty in the 2800 block of East 3rd Street Sunday around 5:46 p.m. According to police, employees heard alarms going off as a male and two females placed the items into bags while attempting to conceal their identities. The three suspects then fled in a car. bloomingtonian.com

Pontiac, MI: Police seek tips on man, woman in Home Depot retail fraud
A reward of up to $1,000 is being offered for tips leading to the arrest of a man and a woman who used a stolen credit card number to buy paint equipment and supplies. The suspects made the purchase on Nov. 2, 2022, at the Home Depot store at 545 South Telegraph Road in Pontiac, the Oakland County Sheriff's Office said Wednesday. Investigators said they used a stolen credit card number to buy about $745 in merchandise. They were seen loading the items into a late-model black Dodge Ram pickup truck.  detroitnews.com