Do You Consider Cyber Attacks as a Serious Threat?

I’m a new believer that there is no sure defense against data breach attacks.  I learned in the same week, that two of my favorite companies had suffered data breaches.  The one that surprised me was Zappos.com.  As a fairly recent acquisition of Amazon.com, I figured that the two online giants would combine their security technology and make it impossible for anyone to breach their servers or other data.  I obviously figured wrong and realized that no matter how great and beefy a company’s security is, breaches still happen. But not surprising, Zappos executives handled this breach in the best manor possible by notifying those millions of people whose records may have been breached.  In fact, the CEO even tweeted the actual email that he sent to employees of the company explaining how they are handling the situation.  Very respectable.

My mind tends to wander sometimes as I read and as I read the email via twitter, I could not help to wonder how much time, money and effort went into the notification process alone.  There is a law that requires any entity that experiences a data breach to notify everyone whose information may have been breached.  Albeit, I’m sure that Zappos would have sent notifications even if this law did not exist.  It would seem that notification is just the beginning.  After the notification process I’m sure there would be public relations, investigation and forensics and possible lawsuits to deal with.  I have not found anything suggesting that this breach has resulted in any lawsuits.

If you have spent any time with me in the last couple of years, then you know that I do not shut up about this subject.  In fact, this is my second blog regarding this topic within the last few months.  I believe strongly that this is a serious challenge that many business owners have to deal with.  As it is, it seems that there is no absolute defense against data breaches, but every business should have a plan in place, just in case it does happen. For more information regarding this topic, I recommend www.privacyrights.org and http://www.ponemon.org/.

Going Where No Insurance Broker Has Gone Before

            I had a very unique opportunity recently to visit a renewable energy project site with one of my clients.  For the sake of simplicity, this project takes trash and turns it into energy.  When I first heard about the project a few years ago, my mind conjured images of the movie “Back to the Future” when Doc showed up at Marty’s house in the DeLorean-time-machine and started throwing a bunch of trash into a smoking fuel tank.  It’s not quite like that exactly, but not far from it. 

            Some people have asked me, why go all the way to Dallas for two days to tour an energy plant that sits on a landfill?   There are several reasons why I decided to accompany my client to their project site.  First, I am very interested and quite passionate about renewable and clean energy.  So, I jumped at the opportunity to see and learn about a working project in person.  Second, it’s my job as a risk manager to understand as much as possible about the risks that I recommend for insurance coverage.  I focus most of my work and marketing efforts in the energy industry and this was a perfect opportunity to learn and make certain that my clients are protected in the best possible way.  Third, I was the first “insurance broker” that had ever visited the sight.  Sure, there had been insurance inspectors from various carriers that have visited the sight before, but not brokers.  It was my hope to deepen my relationship with this great client and have a chance to show my commitment to supporting their growth and success. 

            I know that there are competent insurance brokers out there that care about their clients and do a good job.  I try to set myself apart from even the good brokers out there by going the extra mile for my clients.  This is why I chose to focus on an industry that I’m actively engaged and interested in.  I can honestly say that my trip to Dallas did not feel like work, but rather more like an enjoyable field trip.  I’m very excited to know that the future looks bright for the ingenious people and companies in the renewable energy industry.  

Need More Cash Flow for Your Business?

I realize that no business owner would answer “NO” to such a question, which is why I want everyone to know about a new way that some Workers’ Compensation (WC) Carriers are setting up premium payments.  

The traditional way of WC is to estimate a whole year of payroll figures, report those figures to the carrier and then get an estimated premium.  So what happens if the payroll numbers end up being different than the estimated payrolls? When the carrier audits the account at the end of the year, it will be determined if the business owes more money or if the carrier owes some money back to the business.  Either way, it’s no fun to write a check to the carrier for a policy that has already expired.  Nor does it feel good to know the carrier has been holding on to money that could have been used for the business, in the case of a refund. 

If a business’ payroll fluctuates from month to month, or if there is a good possibility for growth throughout the year, then the payroll reporting option could be a great one.  It is a simple concept that allows employers to report payrolls to the WC carrier at the end of each payroll period and pay premiums according to the reported amount.  It is simple to set up and here are some of the added benefits:

-          Improved cash flow by paying only what is owed during a payroll period.

-          Elimination of large down payments. (usually at least 25% of estimated annual premium)

-          Minimal audit adjustments, if any. Policies are still subject to audits.

-          No late fee charges.

Every company’s situation is different, but as you can see, there are options for available.

How are you handling your workers’ compensation policies?

5 Myths and Truths about Data Breach Liability

With the sensitive nature of the data that is stored both online and offline, there are many myths around how secure our information really is. Many are unaware of how a data breach can affect their business and personal lives.

Here we discuss 5 myths around data breach and the reality of the situation.

1. Myth - Data thieves only go after big, well-known companies; we are too small to be at risk.
Truth - Most breaches go unreported.  The Ponemon Institute conducted a study of companies of all sizes and found 51% of surveyed companies experienced cyber attacks daily, if not hourly.  In October 2009, a hacker gained access to the network of a small pub and redirected payment information to his computer instead of the credit card processing company.  The hacker has made an undisclosed amount of charges to the accounts of unsuspecting victims.  The investigation is on-going.  

2. Myth - Only companies that transact over the internet have an exposure to data breaches.
Truth - Most incidents of data breaches do not involve a website.  Data thieves know that the easiest way to a gold mine of information is to steal laptops, backup tapes, paper records, etc. 

3. Myth - Our IT Manager says that there is no way anyone could get into our network or data.
Truth - Even the largest companies with the largest IT budgets are successfully breached all the time.  Data breaches can come from outside hackers, but don't forget your former and current employees, vendors and others that have or had access to part of the network.  If your IT person says it's impossible to penetrate your network, it may be time to find a replacement. 

4. Myth - We already have coverage for this in our current policies.
Truth - Unless you have a data breach liability policy or endorsement in your insurance portfolio, you are not covered for the expenses involved for data breaches.  Some of the expenses involved that data breach liability would cover are: Notification Expenses to meet standards of CA law, Public Relations Expenses such as, credit monitoring for the possible victims, Forensics to find out how the breach happened and possible Lawsuits as a result of the data breach.  

5. Myth - It is too expensive to get a Data Breach Liability Coverage.
Truth - It is not as expensive as people may think.  It is priced according to the size of the exposure.  Many small and large businesses are adding this coverage once they understand the monetary damage that even one data breach could incur to their business.  There is also a very large carrier that is offering an endorsement to regular business owners' policies.

As you can see by this short list, there are many out there that are unaware of how to handle their sensitive data and how exposed they really are.

What measures to you take to guard your most sensitive information?

Employment Practices Liability - A Serious, but Overlooked Exposure for Businesses

I've noticed in speaking with many different business owners that some of them do not lose sleep over the idea of an employee suing them or their company.

However, if I follow up with more specific scenarios of what employees may sue for, I find that it sparks a conversation of issues currently happening with that company or it brings to light some concerns that the business owner may have been keeping in a secret hiding place. Consider the following examples of what an EPLI or Employment Practices Liability policy covers and then see if you agree with me that if this is not already part of your insurance portfolio, it should be:

• Wrongful Termination

• Sexual Harassment

• Discrimination

• Wage and Hour dispute

Coverage is not limited to these four examples, but these are the most common. Something to keep in mind is that we cannot always control what our employees do. Employees may harass or discriminate other employees or perhaps a vendor that frequents the office.  Now you have a lawsuit on your hands for something you may not have even known about until you read a letter on an attorney’s expensive looking letterhead.  This policy is one of the easiest to quote and it is well worth the time to do so.  Every company's situation is different and cost can fluctuate based on industries. Please feel free to forward this information on to anyone who could use this information, like anyone with employees! If you have any questions regarding Employment Practices Liability, please contact me at (760) 603-0131.