Your Cyber Liability Policy & Handling Data Breaches Like A Pro

In the digital age we live in, it has never been more critical to have a focused, working cyber liability policy. A data breach for a company is a bad dream but having to tell their customers they’ve undergone a data breach is a nightmare. For this month’s CenterStage, Hierl’s wonderful VP of Property & Casualty, Cathleen (Cathy) Christensen, has brought you some helpful, informative advice on securing a reliable cyber liability policy, enabling you to handle data breaches like a pro.

About Cathleen

Cathleen Christensen is the current Vice President, Property & Casualty of Hierl Insurance, Inc. Cathy’s expertise lends itself well to helping local businesses with their commercial insurance and risk management needs. She attended Alverno College in Milwaukee, WI before her career in insurance. In her 25 years of experience in the industry, she has worked on the insurance company side as an underwriting manager, as well as on the agency side as an account executive. Cathy has also been an entrepreneur herself, which enables her to understand the demands businesses face today.

So, let’s get into it: how do you choose a successful cyber liability policy and avoid business fatal data breaches?

The 3 Big Issues of a Data Breach & How a Cyber Liability Policy Comes In Handy

When it comes to cyber liability, three issues plague business. First, there are 47 states in the United States that have separate data breach laws that regulate what business owners must do when a data breach has occurred. Companies that stretch across more than one state have the complication of knowing and going by these laws. Second, there is the public relation issue – attempting to share you’ve had a data breach with customers in a way that won’t completely destroy your company. The leak of private, customer information can lead to lawsuits, too, which leads us to what’s next. Finally, there is the price tag:

“In 2016, the average cost for each lost or stolen record containing sensitive and confidential information is a hundred and forty-one dollars. This is down ten percent from the previous year, but still incredibly significant.” -Ponemon Data Breach Study

When all three of these issues become a certain reality for your business, you are past the point of being able to protect yourself. You need third-party cyber liability experts to step in and help you handle the laws, the PR, and the price tag. Cyber liability insurance policies are tailored to meet your company’s specific needs and as part of their data breach coverage can include forensic, legal and public relations support. It is important to remember that in today’s environment, no company is immune to the possibility of being a victim of cyber crime. However, there are some things you can do to lower your risk of a data breach.

  1. Employee Corporate Security Policy Education. Did you know it’s more common for an employee to unintentionally leak information than it is to be hacked? This is why it’s crucial to educate your employees on cyber risks, but also to have a clear, focused Corporate Security Policy in place.
  2. Encrypt ALL Confidential Data. Even the simplest of things should be encrypted. Plus, don’t use the same password on EVERYTHING. Have different passwords or codes for as many things as possible. That way, if someone were to hack you, then they can’t unlock everything. If you’re someone who forgets your passwords easily, have a notebook or binder where your company information resides and keep it under lock and key without expressed permission to use.
  3. Backup, Backup, Backup. Let’s say your company’s entire computer system is shut down by a virus and you lose everything. That’s a frightening scenario, right? So, avoid it by having backups and many of them. A general rule of thumb is having three solid backup methods. Perhaps you have a couple online storages where you keep files and an external hard drive. It doesn’t matter – just make sure you have it backed up!

There are also a couple of relevant, key issues Cathy wanted to update employers on:

  • Ransomware & Social Engineering Fraud. The biggest scams of today are these two cyber crimes. Both work to steal company information by acting as perfectly normal requests, surveys or even Facebook personas. Employees fall into their traps, giving out company information freely, not realizing it was under false pretenses. Never, ever give out company information – even on something that seems like an official document – without consulting your manager or boss, first.
  • Federal Communications Commission (FCC). The FCC provides a tool for small businesses that can create and save a custom cyber security plan for your company, choosing from a menu of expert advice to address your specific business needs and concerns. It can be found at www.fcc.gov/cyberplanner.

Don’t sit back and wait for cyber doomsday. Take your policy into your own hands, set company standards, and consider cyber liability insurance to help protect your business from the cost of a cyber attack.

At Hierl, Property & Casualty coverage is a partnership; not a product. We look at your entire organization, listen to you, assess your risk, develop a complete strategy and deliver a full-service solution. Our team of experts start by looking at your risk and helping you to gain Insight™ into what is in store for tomorrow. If you have any questions or are interested in knowing if Hierl’s cyber liability solutions is a good fit for you, please contact Cathy at 920.921.5921.


The Importance of Business Continuity Planning

Download the PDF

Rarely do we ever get advanced notice that a disaster is prepared to strike. Weather, network failures, epidemics and violence are just a few of the disasters that could have an impact on a company’s reputation. Every incident is unique due to the challenges it presents. However, implementing a business continuity plan (BCP) can help give your organization the best shot at success both during and after a disaster. A current, tested plan in the hands of all personnel responsible can help mitigate the potential impact. The absence of a plan doesn’t just mean your organization will take longer than necessary to recover from a crisis – you could go out of business. In this installment of CenterStage, Cathleen Christensen, our VP of Property and Casualty, discusses what a BCP is, why it matters, keeping one in place, and how Hierl can help you build a strategy that works with it.

What is a Business Continuity Plan?

Business continuity refers to maintaining business functions or resuming them in a timely manner in the event of a crisis. Examples of crises include natural disasters such as weather, fire, or an epidemic outbreak like the flu, but also include events involving company reputation, violence and network breaches. A business continuity plan outlines the procedures and instructions an organization must follow in the face of such disasters. The plan not only identifies the internal and external needs of an organization after a catastrophic loss but lays out the path for recovery. Cathleen explains, “A business continuity plan can be the difference between successfully recovering or going out of business.”

Why Does Business Continuity Planning Matter?

The importance of having a business continuity plan cannot be stressed enough. Truth is, 1 in 5 organizations do not recover following a crisis. Severity vs. probability must be factored into the management of your organization. The purpose of having a business continuity plan is not only to prepare for a disaster both during and after, but to mitigate the potential danger and lessen the odds of attack for your organization. Serving as the ultimate disaster plan, it is vital that preparation information is made common knowledge amongst all levels of the organization - from the highest level down. To ensure a healthy and effective BCP, craft a plan following these seven steps:

1. Initial Response

Disruption in the day-to-day operations should trigger everyone to not only know what is wrong, but what – if anything – to do to resolve it immediately. Planning and exercising this element of the plan will eliminate the rush of, “What do I do,” from employees. Proper communication will allow there to be no holes in the plan.

The initial response should also provide a clear sense of who is in ‘charge’ when disaster strikes. Whether it be at a corporate level, regionally or locally, knowing who is overseeing the process towards recovery is vital to the success of a BCP.

2. Stabilization

Regardless of cause, every disruption needs containment to prevent a bad situation from getting worse. It is important to know what happened to cause the event and the potential impact it may bring if left unchecked. Assess the impact, know how to stop the bleeding and devise short and medium-term goals to appropriately address the situation.

3. Activation

Following an impact assessment, identify what services need to be restored. Additionally, note who is responsible for the plan – what will they do, where will they do it and with whom will they do it?

4. Communication

In the event of a disaster, stakeholders might initiate various actions to stabilize or restore services. Timely communication between various respondents is critical to an effective incident response. Communication during an incident should be geared towards management, employees, customers and others who have a stake in the business. The goal is to keep them updated regarding the current state of restoration activities and collaboration with responders.

5. Planned Response

These are the initial response activities that need to be taken to limit the loss of life and property in the time immediately before, during, and after a crisis. Items that could be included are:

  • What types of incidents or crisis situations activate the plan?
  • Who has authority to activate it?
  • Details regarding the incident response team
  • Evacuation procedures
  • Contact lists

6. Extended Response

Actual recovery may take days, weeks, months or even longer. After the initial response the recovery plan outlines the steps you will need to take to get your business running again after an incident or crisis. It includes a realistic time frame in which you can get your operations back on track to minimize financial losses. Forcing yourself to rely heavily on your initial or planned response will only worsen recovery efforts. Be knowledgeable about your staff and the direction the road to recovery is going.

7. Return to Normal

When disruption ends, questions will still need to be answered. These are not limited to questions such as, Is the return to ‘normal’ a ‘new normal’. Other questions could include, “How will work between ‘normal’ operations and post-catch up tasks be managed? How will my information for insurance purposes be collected?”

Maintaining a Business Continuity Plan

With a plan in place, efforts do not cease. To remain disaster ready, you must remain active in your preventative efforts. As the world around us changes, so should your BCP to remain up to date and effective in all threats. Communicating any changes that may have occurred with initial plan to employees is a must. There is no way for all members of your organization to remain ‘in the know’ if they are kept uninformed. With effective communication of the BCP comes proper training. As critical as communicating clearly is with employees, instructing them in a hands-on potential scenario leaves nobody in the dark on recovery execution when disaster strikes.

How Can Hierl Help Business Continuity Planning?

At Hierl, we offer the necessary tools for creating an effective BCP. By working hand-in-hand with your business/organization, we offer the resources to locate and analyze potential risks and to create a team within your business to properly manage disasters. To get started, speak with Cathleen today at 920-921-5921 or cchristensen@hierl.com.

 

Download the PDF


Bettering Health Plan Management Through Modern Healthcare Technology

Taking advantage of modern technology is part of the reason why Hierl excels in providing the best results for our clients. In this installment of CenterStage, we asked our Executive Vice President, Scott Smeaton, to give an in-depth overview of how we use our technological resources to create customized, high-quality, low-cost health plans for our clients.

Technology and Data

There are three steps to developing plans for our clients, when using technology and data. The first step is to identify the client’s cost drivers within their health program(s). For example, we may look at a client’s claims data and find their highest dollar claims are musculoskeletal – such as hip and knee replacements – identifying whether health plan members are going to the higher cost, lower quality provider. These are becoming much more prevalent and are among most plans top cost drivers. With the technology at Hierl, we can import our client’s data – medical and prescription claims and health screening results from wellness – and aggregate it into one technology platform. Doing so, will help keep our clients’ members updated on physician requests and advice.

Competitive Advantage

The second step beyond identifying our client’s cost drivers is to implement management programs and plan designs to address their health plan issues. This kind of technology is newer to the healthcare industry. It can be a great resource and tool that larger employers can use to their advantage. Think about Netflix. They analyze their viewer’s behaviors and apply predictive modeling in a way that they know what their viewers like to watch and when they want to watch it, incorporating those preferences into the ads their customers see. That kind of technology is coming to healthcare, allowing us to look at all claims and behaviors and predict where the next large claim will come from. This helps plan administrators fully understand what’s driving their health plan costs and do something about it through plan design changes, provider relations and contracting, member incentives, and member education and engagement.

Employee Betterment

After identifying areas that can be improved upon and creating a plan to address these cost drivers as discussed above, our third and final step is to create a communication program that will engage and educate employees. Our goal is to help employees understand that, within a healthcare system, there are some providers who perform better than others and cost less. When we give employees the tools and resources they need to be better healthcare consumers, everyone wins. Employer sponsored health plans have lower overall costs. This means their employees and their families lower their out-of-pocket costs, save healthcare dollars for the future, and have better outcomes. Not to mention that a happier, healthier employee is also a more productive employee at work and in the community. Hierl accomplishes this with our “Why Matters” program, which is a custom designed, year-round member education and communication program using a variety of mediums to reach our clients’ members. Through Why Matters, Hierl builds a custom (intranet) and mobile app for our clients to access basic information about their benefits 24/7. Think of it as a homepage to one of your favorite websites that you bookmark in your browser. This is where your members go to research, make decisions, educate themselves on your benefit offerings and how to be a better healthcare consumer. Based on the cost drivers identified through the process above we build out a 12-month calendar of communication materials specifically addressing the areas we’ve identified as a concern and can be delivered via paper, email, mobile app, etc.

Hierl strives to bring our clients the best possible solutions that result in high-quality, low-cost benefits. If you think your company needs to take this step toward improvement, please contact Scott Smeaton at 920.921.5921 or send him an email at ssmeaton@hierl.com.


CenterStage: Distracted Driving Awareness Month

Distraction is Deadly: April is Distracted Driving Awareness Month

In 2015 alone, 3,477 people have died and another 391,000 have been injured due to distracted driving.

Not only is distracted driving hazardous to your life, but it can negatively impact the drivers’ lives that surround you. Distracted Driving Awareness Month is an effort by the National Safety Council to help recognize and eliminate preventable deaths from distracted driving. In honor of Distracted Driving Awareness Month, this month’s CenterStage features Cathleen Christensen, Vice President of Property & Casualty at Hierl Insurance, who will provide safe driving practices and how companies can ensure their employees are using them.

What is Distracted Driving?

Distracted driving is a public health issue that affects us all. According to the National Safety Council, distracted driving is any activity that diverts attention from driving, including talking or texting, eating and drinking, talking to people in your vehicle, adjusting stereo, entertainment or navigation systems. You cannot drive safely unless your attention is fully focused on the road ahead of you, any activity that you partake in simultaneously provides a distraction and increases the risk of a crash.

Awareness for Awareness

Bringing awareness to distracted driving is essentially bringing awareness to awareness. There are three main types of distraction:

  1. Visual – taking your eyes off the road
  2. Cognitive – taking your mind off driving
  3. Manual – taking your hands off the wheel

These days, it’s so easy to be a distracted driver – from texting, to talking on the phone, or even using a navigation system. The biggest one, texting, is especially dangerous because it involves committing all three types of distraction. Some studies even say texting and driving is worse than driving under the influence. So, how can you keep your employees aware while driving?

“Several studies believe, as well as myself, that employers should prohibit any work policy or practice that requires or encourages
workers to text and drive.”

– Cathleen Christensen, VP of Property & Casualty at Hierl

But how can you really get your employees to commit to your ‘No Distracted Driving’ policy? It’s as easy as providing education and solutions. Sometimes, it’s especially effective to have your employees sign a contract stating if they need to use any form of a hand-held device, they must pull over to the side of the road. Remind your employees to drive with their devices off or on silent to keep the urge under control. Plus, several cellular devices have come out with ways to set phones to driving mode, leaving a custom voicemail to anyone who calls while an employee/employer is driving, letting the caller know they will call the caller back later.

Companies suffer from great financial loss yearly due to distracted driving. By putting these safe driving practices in place, you will save lives AND money. If you’d like to get more help on implementing a safe driving policy within your workplace, please contact Cathleen at 920.921.5921.


Getting to Know HSAs, FSAs, and HRAs

This month’s CenterStage features Hierl Benefit Advisor, Tonya Bahr, discussing the differences, similarities, and customizations of HSAs (Health Savings Accounts) versus FSAs (Flexible Savings Accounts), as well as how HRAs (Health Reimbursement Arrangements) may be a great add-on.

About Tonya

Tonya Bahr has 15 years of experience in human resources and benefits. Throughout her HR career, Tonya has been involved in benefit plan designs, wellness program implementations, and open enrollment facilitation. She has a passion for educating employees and business owners on benefit options, helping them make decisions that best fit their personal and financial objectives.

So, which is better for you: a FSA or a HSA?

Comparing the Differences

Health Savings Accounts (HSA) and Flexible Spending Accounts (FSA) are two popular ways employers can help their employees pay for out of pocket expenses associated with their healthcare costs. Both offer pre-tax advantages, which make them attractive. However, the names of these accounts really do distinguish their purposes. One is a SAVINGS account while the other is a SPENDING account.

Here are some tips and advice Tonya says to keep in mind when choosing between an HSA or FSA:

1.    Unlike the FSA, an HSA is portable and flexible. You can never lose the money in the account (both employee and employer contributions) so if you change jobs, change plan types, or don’t use the money in a given year, it all goes with you. The amount you can contribute toward an HSA is greater and the balance in the account earns interest.

2.    With an FSA, you can use the entire contribution amount upfront even if you haven’t contributed the full amount.

3.    With an HSA, you can only use the money actually in the account, but the FSA allows you to use the full contribution amount elected.

4.    You cannot contribute to an HSA and a full FSA at the same time. However, you can have an HSA and Limited FSA. Limited FSAs can only be used toward dental and vision expenses; whereas HSAs and full FSAs can be used toward medical, prescription, dental, and vision. HSA dollars can also be used to pay Cobra premiums, Long Term Care premiums, and Medicare premiums. Once an individual reaches age 65, money in an HSA can be spent on anything. The money is no longer earmarked for qualified medical expenses.

5.    HSAs are only available with High Deductible Health Plans (HDHP). HDHPs can seem a little intimidating at first given employees are responsible for the deductible before copays apply. However, they offer lower premiums, which is money in an employee’s pocket, which can in turn be used to start funding an HSA.

 

HRAs

Health Reimbursement Arrangements (HRA) are a vehicle used to offset increased plan design changes and employee’s out of pocket responsibility. Under an HRA, an employer purchases a plan design (typically a higher deducible option or out of pocket maximum), but they offer their employees a different plan. The difference is paid by the HRA. Employees submit their claims to a third party who manages the HRA and then in turn sends the employee funds to cover the cost of care. This type of scenario can work well for groups that have a healthier population and don’t experience high claim costs.

The savings is in the premium reduction for going with a higher deductible option and the gamble that employees won’t meet the limits of the HRA. Employers take on a risk with this type of arrangement because if a lot of members experience high claims and meet the HRA limits, the employer is the one paying to fund the HRA.

To conclude, employers can have an HRA with either an FSA or an HSA, but there are restrictions on how far down a qualified HDHP can go and still be HSA-qualified. Tonya’s suggestion is to avoid this risk by contacting her and discussing your options. You can contact Tonya Bahr at 920.921.5921 for more information.

Download The Full Article


CenterStage: Effective Employee Benefit Communications

Welcome to our very first CenterStage of 2018! We hope you all had a warm, happy New Year. In this month’s CenterStage, we spoke with Tonya Bahr and Scott Seaton on some helpful tips on “Effective Employee Benefit Communications”.

It is not a one size fits all approach, each group needs to take a look at their population and decide what is best for them.”  -Tonya Bahr, Hierl Employee Benefit Advisor.

  • Emails are efficient for targeting professional staff, especially companies that have companywide email addresses.
  • Letters or texts are the best way to communicate with field or labor employees.
  • A popular way to communicate is by meeting, whether it be a webinar or seminar. Often, companies will mandate that their employees attend informational sessions discussing benefits offered. This allows our clients to efficiently communicate a consistent message out to employees to help understand their benefits.

Paper VS Digital communications

Okay, not really because it’s not a competition!

An online approach works really well for employees but it is also very important for the spouses to be engaged as well. We typically follow up the meetings with a deliverable the employee can bring home to their spouse. This not only allows the spouse to learn more about the benefits available to them, but it also reinforces what was covered in the meeting for the employee.”

-Tonya Bahr

Potential Impact of Good Communication

Good things come to those who wait…. except when understanding your benefits. The sooner employees become educated on why they have unique benefits, the sooner they will put them to use!

Those who don’t understand benefits, don’t utilize them correctly. They are not good consumers of health care.” – Scott Smeaton, Hierl Executive Vice President.

It is important to understand your employee benefits not only for your own health reasons, but also so that you are able to recognize why your employer offers the unique benefits they do.

What differentiates Hierl and how they help effectively communicate benefits?

At Hierl, we look at each client as unique. What works best for one may not be ideal for another. It’s about really being able to understand the culture and provide different communication options such as presentations, visuals, emails, and website.

Hierl shines when it comes to giving employers/employees access to all forms of communication, specifically in the communication campaigns run throughout the year. By assessing the necessary points to communicate and then building quarterly and monthly campaigns around these objectives, Hierl brings unique, strategic solutions to explaining employee benefits. The evidence of communication strategies at work is apparent in the results gathered from clients.

One of the ways companies can measure the success of their program is to measure employee satisfaction. By measuring employee satisfaction after communication campaigns, findings show that the more regularly benefits are communicated, the higher employee satisfaction goes up!” – Scott Smeaton

3 Key Points on Communicating Benefits

  1. Keep it simple- (no explanation needed!)
  2. Try different avenues- one person may prefer email while another prefers paper
  3. Communicate often- benefits communication should take place all year long

Editor’s Note: This article was originally published in August 2017 and was updated in January 2018 for accuracy.