Your Cyber Liability Policy & Handling Data Breaches Like A Pro

In the digital age we live in, it has never been more critical to have a focused, working cyber liability policy. A data breach for a company is a bad dream but having to tell their customers they’ve undergone a data breach is a nightmare. For this month’s CenterStage, Hierl’s wonderful VP of Property & Casualty, Cathleen (Cathy) Christensen, has brought you some helpful, informative advice on securing a reliable cyber liability policy, enabling you to handle data breaches like a pro.

About Cathleen

Cathleen Christensen is the current Vice President, Property & Casualty of Hierl Insurance, Inc. Cathy’s expertise lends itself well to helping local businesses with their commercial insurance and risk management needs. She attended Alverno College in Milwaukee, WI before her career in insurance. In her 25 years of experience in the industry, she has worked on the insurance company side as an underwriting manager, as well as on the agency side as an account executive. Cathy has also been an entrepreneur herself, which enables her to understand the demands businesses face today.

So, let’s get into it: how do you choose a successful cyber liability policy and avoid business fatal data breaches?

The 3 Big Issues of a Data Breach & How a Cyber Liability Policy Comes In Handy

When it comes to cyber liability, three issues plague business. First, there are 47 states in the United States that have separate data breach laws that regulate what business owners must do when a data breach has occurred. Companies that stretch across more than one state have the complication of knowing and going by these laws. Second, there is the public relation issue – attempting to share you’ve had a data breach with customers in a way that won’t completely destroy your company. The leak of private, customer information can lead to lawsuits, too, which leads us to what’s next. Finally, there is the price tag:

“In 2016, the average cost for each lost or stolen record containing sensitive and confidential information is a hundred and forty-one dollars. This is down ten percent from the previous year, but still incredibly significant.” -Ponemon Data Breach Study

When all three of these issues become a certain reality for your business, you are past the point of being able to protect yourself. You need third-party cyber liability experts to step in and help you handle the laws, the PR, and the price tag. Cyber liability insurance policies are tailored to meet your company’s specific needs and as part of their data breach coverage can include forensic, legal and public relations support. It is important to remember that in today’s environment, no company is immune to the possibility of being a victim of cyber crime. However, there are some things you can do to lower your risk of a data breach.

  1. Employee Corporate Security Policy Education. Did you know it’s more common for an employee to unintentionally leak information than it is to be hacked? This is why it’s crucial to educate your employees on cyber risks, but also to have a clear, focused Corporate Security Policy in place.
  2. Encrypt ALL Confidential Data. Even the simplest of things should be encrypted. Plus, don’t use the same password on EVERYTHING. Have different passwords or codes for as many things as possible. That way, if someone were to hack you, then they can’t unlock everything. If you’re someone who forgets your passwords easily, have a notebook or binder where your company information resides and keep it under lock and key without expressed permission to use.
  3. Backup, Backup, Backup. Let’s say your company’s entire computer system is shut down by a virus and you lose everything. That’s a frightening scenario, right? So, avoid it by having backups and many of them. A general rule of thumb is having three solid backup methods. Perhaps you have a couple online storages where you keep files and an external hard drive. It doesn’t matter – just make sure you have it backed up!

There are also a couple of relevant, key issues Cathy wanted to update employers on:

  • Ransomware & Social Engineering Fraud. The biggest scams of today are these two cyber crimes. Both work to steal company information by acting as perfectly normal requests, surveys or even Facebook personas. Employees fall into their traps, giving out company information freely, not realizing it was under false pretenses. Never, ever give out company information – even on something that seems like an official document – without consulting your manager or boss, first.
  • Federal Communications Commission (FCC). The FCC provides a tool for small businesses that can create and save a custom cyber security plan for your company, choosing from a menu of expert advice to address your specific business needs and concerns. It can be found at www.fcc.gov/cyberplanner.

Don’t sit back and wait for cyber doomsday. Take your policy into your own hands, set company standards, and consider cyber liability insurance to help protect your business from the cost of a cyber attack.

At Hierl, Property & Casualty coverage is a partnership; not a product. We look at your entire organization, listen to you, assess your risk, develop a complete strategy and deliver a full-service solution. Our team of experts start by looking at your risk and helping you to gain Insight™ into what is in store for tomorrow. If you have any questions or are interested in knowing if Hierl’s cyber liability solutions is a good fit for you, please contact Cathy at 920.921.5921.


The Importance of Business Continuity Planning

Download the PDF

Rarely do we ever get advanced notice that a disaster is prepared to strike. Weather, network failures, epidemics and violence are just a few of the disasters that could have an impact on a company’s reputation. Every incident is unique due to the challenges it presents. However, implementing a business continuity plan (BCP) can help give your organization the best shot at success both during and after a disaster. A current, tested plan in the hands of all personnel responsible can help mitigate the potential impact. The absence of a plan doesn’t just mean your organization will take longer than necessary to recover from a crisis – you could go out of business. In this installment of CenterStage, Cathleen Christensen, our VP of Property and Casualty, discusses what a BCP is, why it matters, keeping one in place, and how Hierl can help you build a strategy that works with it.

What is a Business Continuity Plan?

Business continuity refers to maintaining business functions or resuming them in a timely manner in the event of a crisis. Examples of crises include natural disasters such as weather, fire, or an epidemic outbreak like the flu, but also include events involving company reputation, violence and network breaches. A business continuity plan outlines the procedures and instructions an organization must follow in the face of such disasters. The plan not only identifies the internal and external needs of an organization after a catastrophic loss but lays out the path for recovery. Cathleen explains, “A business continuity plan can be the difference between successfully recovering or going out of business.”

Why Does Business Continuity Planning Matter?

The importance of having a business continuity plan cannot be stressed enough. Truth is, 1 in 5 organizations do not recover following a crisis. Severity vs. probability must be factored into the management of your organization. The purpose of having a business continuity plan is not only to prepare for a disaster both during and after, but to mitigate the potential danger and lessen the odds of attack for your organization. Serving as the ultimate disaster plan, it is vital that preparation information is made common knowledge amongst all levels of the organization - from the highest level down. To ensure a healthy and effective BCP, craft a plan following these seven steps:

1. Initial Response

Disruption in the day-to-day operations should trigger everyone to not only know what is wrong, but what – if anything – to do to resolve it immediately. Planning and exercising this element of the plan will eliminate the rush of, “What do I do,” from employees. Proper communication will allow there to be no holes in the plan.

The initial response should also provide a clear sense of who is in ‘charge’ when disaster strikes. Whether it be at a corporate level, regionally or locally, knowing who is overseeing the process towards recovery is vital to the success of a BCP.

2. Stabilization

Regardless of cause, every disruption needs containment to prevent a bad situation from getting worse. It is important to know what happened to cause the event and the potential impact it may bring if left unchecked. Assess the impact, know how to stop the bleeding and devise short and medium-term goals to appropriately address the situation.

3. Activation

Following an impact assessment, identify what services need to be restored. Additionally, note who is responsible for the plan – what will they do, where will they do it and with whom will they do it?

4. Communication

In the event of a disaster, stakeholders might initiate various actions to stabilize or restore services. Timely communication between various respondents is critical to an effective incident response. Communication during an incident should be geared towards management, employees, customers and others who have a stake in the business. The goal is to keep them updated regarding the current state of restoration activities and collaboration with responders.

5. Planned Response

These are the initial response activities that need to be taken to limit the loss of life and property in the time immediately before, during, and after a crisis. Items that could be included are:

  • What types of incidents or crisis situations activate the plan?
  • Who has authority to activate it?
  • Details regarding the incident response team
  • Evacuation procedures
  • Contact lists

6. Extended Response

Actual recovery may take days, weeks, months or even longer. After the initial response the recovery plan outlines the steps you will need to take to get your business running again after an incident or crisis. It includes a realistic time frame in which you can get your operations back on track to minimize financial losses. Forcing yourself to rely heavily on your initial or planned response will only worsen recovery efforts. Be knowledgeable about your staff and the direction the road to recovery is going.

7. Return to Normal

When disruption ends, questions will still need to be answered. These are not limited to questions such as, Is the return to ‘normal’ a ‘new normal’. Other questions could include, “How will work between ‘normal’ operations and post-catch up tasks be managed? How will my information for insurance purposes be collected?”

Maintaining a Business Continuity Plan

With a plan in place, efforts do not cease. To remain disaster ready, you must remain active in your preventative efforts. As the world around us changes, so should your BCP to remain up to date and effective in all threats. Communicating any changes that may have occurred with initial plan to employees is a must. There is no way for all members of your organization to remain ‘in the know’ if they are kept uninformed. With effective communication of the BCP comes proper training. As critical as communicating clearly is with employees, instructing them in a hands-on potential scenario leaves nobody in the dark on recovery execution when disaster strikes.

How Can Hierl Help Business Continuity Planning?

At Hierl, we offer the necessary tools for creating an effective BCP. By working hand-in-hand with your business/organization, we offer the resources to locate and analyze potential risks and to create a team within your business to properly manage disasters. To get started, speak with Cathleen today at 920-921-5921 or cchristensen@hierl.com.

 

Download the PDF


April 2018 Safety Matters: Elevator Best Practices

Elevator Best Practices

Millions of employees use elevators each day at work. While elevators are considered one of the safest forms of transportation, it is important to follow best practices and safety precautions when using an elevator.

Boarding the Elevator

Take note of the following procedures for entering an elevator:

  • Make sure you are aware of the risks associated with riding the elevator prior to boarding, such as falls and accidents.
  • Allow all passengers to fully exit the elevator before you begin boarding.
  • Watch your step when entering the elevator, as it may not be exactly level to the floor.
  • Steer clear of the doors once you enter the elevator. Keep all clothes, carry-ons and body parts within the car. Never attempt to stop a closing door.
  • Pay attention to the elevator’s capacity limit. Do not attempt to board an elevator that has reached capacity.

Riding the Elevator

Keep in mind the following procedures for riding an elevator:

  • Stand as close to the elevator wall as possible. Be sure to leave as much room as possible for others.
  • Pay close attention to floor indications and transitions to ensure you are able to exit at the right time.
  • Press the “door open” button in the event of the elevator stopping on a floor without opening its doors.
  • Be courteous of other passengers on the elevator. Do not push other riders in front of you when exiting and be sure to move out of the way of passengers when they exit the elevator.

Watch your step as you exit to avoid tripping on uneven ground.

In Case of Emergency

Although rare, elevator accidents and malfunctions do happen. Keep in mind the following procedures in the event of an elevator emergency:

  • Never use an elevator in the event of a fire. Always take the stairs.
  • Remain calm at all times. If you are in a stalled elevator, utilize the alarm button or phone button to contact emergency services.
  • Reassure those who are panicked in the situation. Remind everyone that they are safe inside the elevator.
  • Do not engage in horseplay.
  • Do not try to exit the elevator or pry open the doors. Always wait for trained professionals to arrive.

While elevators are considered one of the safest forms of transportation, it is important to encourage best practices and safety precautions to all employees or building occupants that frequent the elevator.

Download Full Newsletter

Brought to you by


RISK INSIGHTS: April 2018

The #MeToo movement.

The #MeToo movement has spread across the globe since gaining traction in Hollywood, and small business owners should see it as a wake-up call for preventing sexual harassment in the workplace.

Small Businesses Most Vulnerable to Sexual Harassment Claims

In wake of the #MeToo movement, awareness of sexual harassment has increased, but not necessarily at small businesses. Unlike their larger counterparts, small businesses are more vulnerable to sexual harassment claims because they’re less likely to have formal workplace policies in place.

According to the CNBC/SurveyMonkey Small Business Survey of more than 2,000 small business owners, only half of businesses with 5-49 employees had formal sexual harassment policies in place. That number decreased to 39 percent at businesses with less than five employees. That’s a stark contrast to businesses with 50 or more employees, as 85 percent said they had formal sexual harassment policies in place.

Eleven percent of the businesses surveyed said they issued companywide reminders of their sexual harassment policies and reporting procedures as a result of the #MeToo movement and other high-profile sexual harassment accusations. Nine percent said they’ve reviewed policies regarding diversity and gender equality. Seven percent have required new or additional training, and 4 percent have issued new reporting procedures. However, 61 percent of all businesses surveyed did not take any of the above precautions.

Role of HR

Complicating matters for small businesses is that two-thirds of those surveyed lacked an official human resources professional, meaning that the business owner was responsible for handling any harassment claims.

Only 3 percent said it was the job of human resources personnel to handle harassment issues and 10 percent said they had no specified way to handle harassment at all. Without a designated, unbiased person to speak to about harassment, employees may be afraid to report it for fear of retaliation.

Protect Your Business

A lack of a formal policy and procedures for handling sexual harassment in the workplace doesn’t mean that a business owner is exempt from liability. Although federal law exempts small businesses with less than 15 employees from the requirement to have a sexual harassment policy, it’s in their best interest to establish one.

Other than the fact that state laws may have smaller thresholds for requiring a formal policy, the financial and reputational costs are too high to risk running a business without one.

This Risk Insight Newsletter is Brought to You By:

Download the April P&C Newsletter


Commercial Risk Advisor - April 2018

Insurance carriers, courts and regulatory agencies will begin to examine businesses closely to ensure that they take sexual harassment seriously and take steps to protect their employees and customers.

It’s always been important to protect your business and employees from sexual harassment, but recent high-profile cases show the importance of re-examining this topic at your business. Social movements such as the “Me Too” campaign have drawn attention to sexual harassment in the workplace, resulting in a growing number of misconduct allegations. These allegations can result in a wide variety of claims and lead to serious financial and reputational damage.

Insurance carriers, courts and regulatory agencies will begin to examine businesses closely to ensure that they take sexual harassment seriously and act to protect their employees and customers.

3 Questions to Ask When Addressing Sexual Harassment at Your Business:

How do you encourage employees to report inappropriate conduct?

The best way to address sexual harassment allegations is to respond quickly. Employees should be regularly reminded that there won’t be any retaliation for reporting inappropriate behavior. You should also ensure that there are multiple ways for employees to make anonymous reports to management.

Does your employee harassment training address your workplace’s unique traits?

A standard workplace policy is a good starting point for addressing sexual harassment, but you should also think about how your employees interact with co-workers and customers.

Do your insurance policies include exclusions for sexual harassment?

Many commercial general liability policies exclude claims for sexual harassment. Although employment practices liability insurance can provide you with coverage, you also need to ensure that policy periods offer coverage throughout the statute of limitations in your area.

1 in 8 drivers are uninsured and liable for damage and medical bills, according to a new study.

Even if you don't use commercial vehicles, employees who use their personal vehicles for any kind of business-related task can put you at risk:

25% of all vehicles in the United States are used for business in some way.
The average uninsured motorist claim is almost $20,000
Most personal auto policies don't provide coverage for uninsured or underinsured drivers without an endorsement.

Uninsured drivers cause about 1 out of every 8 accidents.

3 Defensive Driving Tips That Could Save Your Life

Many jobs require employees to drive a company vehicle. While most drivers are cautious and attentive, accidents can occur without warning—even if the operator has years of experience.

When accidents happen, it can be incredibly costly for employers. What’s more, just one accident can cost employees their job or lead to serious, debilitating injuries.

One way to stay safe while you’re on the road for a job is through defensive driving. Being a defensive driver means driving to prevent accidents in spite of the actions of others or the presence of adverse driving conditions.

To avoid accidents through the use of defensive driving, do the following:

  • Remain on the lookout for hazards. Think about what may happen as far ahead of you as possible, and never assume that road hazards will resolve themselves before you reach them.
  • Understand the defense. Review potentially hazardous situations in your mind after you see them. This will allow you to formulate a reaction that will prevent an accident.
  • Act quickly. Once you see a hazard and decide upon a defense, you must act immediately. The sooner you act, the more time you will have to avoid a potentially dangerous situation.

Defensive driving requires the knowledge and strict observance of all traffic rules and regulations applicable to the area you are driving in. It also means that you should be alert for illegal actions and driving errors made by others and be willing to make timely adjustments to your own driving to avoid an accident.

Keeping in mind the above tips will not only keep you safe on the job, but in your personal life as well.

Poor indoor air quality can cause chronic headaches, allergies, fatigue and irritation of the lungs, among other symptoms.

Download the Newsletter

A monthly safety newsletter from


OSHA Safety Cornerstones - April 2018 Newsletter

IN THIS ISSUE

OSHA Delays Beryllium Rule Enforcement

The agency also clarified requirements for the construction and shipyard industries.

Majority of Establishments Failed to Submit 2016 Electronic Reporting Data

A delayed compliance date and confusion about exemptions caused many establishments to fail to report 2017 data electronically.

OSHA Releases Two New Fact Sheets on Electricity Safety

These new resources can help protect employees who frequently work around electricity and downed power lines.

OSHA Delays Beryllium Rule and Clarifies Requirements for Construction and Shipyards

Although OSHA’s final rule on beryllium exposure in the general, construction and shipyard industries became effective on May 20, 2017, the agency recently announced that it will delay enforcement until May 11, 2018. OSHA also announced that some of the rule’s requirements will vary between the three affected industries.

Beryllium is a toxic metal that’s commonly found in machine parts, electronics and aircraft. The metal is a known carcinogen and can also cause respiratory problems, skin disease and many other adverse health effects. For these reasons, OSHA has lowered the exposure limits for employers in the general, construction and shipyard industries:

  • The permissible exposure limit (PEL) of an eight-hour average has been lowered to 0.2 micrograms per cubic meter of air (μg/m3). The previous PEL was 2.0 μg/m3, a limit that OSHA found to pose a significant health hazard to employees.
  • The short-term exposure limit (STEL) over a 15-minute period has been lowered to 2.0 μg/m3.

Although the new beryllium rule contains additional requirements, OSHA will only require the construction and shipyard industries to follow the new PEL and STEL. The agency stated that employees in these industries don’t frequently work near dangerous amounts of beryllium and are protected by the safety requirements found in other OSHA standards.

General industry employers must follow these additional beryllium control methods:

  • Provide exposure assessment to employees who are reasonably expected to be exposed to beryllium.
  • Establish, maintain and distinguish work areas that may contain dangerous amounts of beryllium.
  • Create and regularly update a written beryllium exposure plan.
  • Provide adequate respiratory protection and other personal protective equipment to employees who work near beryllium.
  • Train employees on beryllium hazards and control methods.
  • Maintain work areas that contain beryllium and—under certain conditions—establish facilities for employees to wash and change out of contaminated clothing or equipment.

According to a new report from Bloomberg Environment, a majority of the establishments that were required to submit 2016 injury and illness data under OSHA’s electronic reporting rule failed to do so. OSHA expected to receive about 350,000 reports, but the agency only received just over 150,000.

The final date to submit 2016 injury and illness reports was Dec. 31, 2017, but this date was delayed a number of times as OSHA worked to build its Injury Tracking Application and improve its cyber security. Bloomberg also attributes the large number of missing reports to confusion about exemptions, as OSHA received over 60,000 reports from exempt establishments.

Under the rule, the following establishments must submit data electronically:

  • Establishments with 250 or more employees that are required to keep injury and illness records must submit OSHA Forms 300, 300A and 301.
  • Establishments with 20 to 249 employees that work in industries with historically high rates of occupational injuries and illnesses must submit OSHA Form 300A.

The final date to submit 2017 injury and illness data electronically is July 1, 2018. Beginning in 2019, data from the previous calendar year must be submitted by March 2 annually.

NEWS & NOTES:

OSHA Releases Two New Fact Sheets on Electricity Safety

OSHA has released two electricity fact sheets in order to protect employees who frequently work with electricity and power lines. According to the Electrical Safety Foundation International, electricity causes over 150 fatalities and 1,500 injuries in U.S. workplaces every year.

Here are some of the topics included in the first new fact sheet, which can provide tips for engineers, electricians and other employees who work with electricity:

  • Generators
  • Power lines
  • Extension cords
  • Equipment
  • Electrical incidents

The second fact sheet focuses on downed electrical wires and can help employees involved in recovery efforts following disasters and severe weather events.

Protecting employees from electrical hazards not only keeps your business productive, it can also save you from costly OSHA citations. The agency’s electrical wiring method standard is one of the top 10 most frequently cited standards nearly every year.

For resources that can help safeguard your business against electrical hazards, contact us today.

Download the Newsletter

Provided by Hierl Insurance Inc.


Safety Focused Newsletter - April 2018

How Indoor Air Quality Affects Health

Indoor air quality (IAQ) has a direct impact on your health, comfort, well-being and productivity. Poor IAQ can cause chronic headaches, allergies, fatigue and irritation of the lungs, among other symptoms.

What’s more, when IAQ is poor, it can have a direct effect on your productivity. If you are worried about the IAQ at your workplace, watch out for these symptoms:

  • Dryness or irritation of the eyes, nose, throat and lungs
  • Shortness of breath and fatigue
  • Nausea, headaches and dizziness
  • Chronic coughing and sneezing

If you suspect you are suffering from the effects of poor IAQ at your workplace, keep track of your symptoms and speak with your manager. As with many occupational illnesses, individuals may be affected differently.

If you are experiencing symptoms that your co-workers aren’t, that doesn’t mean an IAQ problem doesn’t exist and it’s still important to notify your employer. If your symptoms persist, consider speaking to a qualified medical professional.

3 Defensive Driving Tips That Could Save Your Life

Many jobs require employees to drive a company vehicle. While most drivers are cautious and attentive, accidents can occur without warning—even if the operator has years of experience.

When accidents happen, it can be incredibly costly for employers. What’s more, just one accident can cost employees their job or lead to serious, debilitating injuries.

One way to stay safe while you’re on the road for a job is through defensive driving. Being a defensive driver means driving to prevent accidents in spite of the actions of others or the presence of adverse driving conditions.

To avoid accidents through the use of defensive driving, do the following:

  • Remain on the lookout for hazards. Think about what may happen as far ahead of you as possible, and never assume that road hazards will resolve themselves before you reach them.
  • Understand the defense. Review potentially hazardous situations in your mind after you see them. This will allow you to formulate a reaction that will prevent an accident.
  • Act quickly. Once you see a hazard and decide upon a defense, you must act immediately. The sooner you act, the more time you will have to avoid a potentially dangerous situation.

Defensive driving requires the knowledge and strict observance of all traffic rules and regulations applicable to the area you are driving in. It also means that you should be alert for illegal actions and driving errors made by others and be willing to make timely adjustments to your own driving to avoid an accident.

Keeping in mind the above tips will not only keep you safe on the job, but in your personal life as well.

4 Tips for Safe Driving:

Avoid Distractions.

Be Alert.

Keep a Safe Distance.

Don't Speed.

Poor indoor air quality can cause chronic headaches, allergies, fatigue and irritation of the lungs, among other symptoms.

Download the Newsletter

A monthly safety newsletter from