Meeting cybersecurity risks head-on: A guide to breach preparedness

How would you manage a data breach? No company is immune to cyberattacks and data breaches. Read on to learn how you can prepare your business.


Gauging a company’s true data breach risk from the outside is a difficult endeavor for insurers, with challenges both technical and informational. But even less attention has been paid to how companies would manage a breach if it happened, which has an enormous impact on the toll of the final damage.

No organization is immune to breach. If the National Security Agency can lose data, anyone can lose data, yet the scope of the current issue is still astounding.

According to another insurance company's 2017 cyber readiness report, 72% of large U.S. businesses — nearly three out of four — and 68% of small- and mid-sized businesses — about seven in ten — reported cyber incidents in the previous year. Among these, close to half (47%) experienced two or more cyber incidents during that same time.

The largest breaches, affecting big-name companies like Equifax, Target, Home Depot and many others, drew substantial headlines because of the huge number of identities involved. But almost every business holds some sensitive information, either regarding its customers or its own intellectual property, finances or employees. In fact, smaller organizations often lack the internal resources to dedicate towards preparedness, making them very attractive targets for hackers.

Assessing the threats to your business

The first challenge with measuring a company’s risk exposure relates to the industrywide problem of tying compliance and policy to actual security. A company may have checked all the right boxes on paper, but doing so guarantees little about their actual cyber risk position.

The second issue is that people often matter much more than technology.

The public conversation focuses on high-profile hacking events, but data breaches are even more likely to be the result of internal issues, including breakdowns in training, procedure or plain old mistakes.

The overwhelming majority of all cyber attacks are successfully executed with information stolen from employees who unwittingly give away their system ID and access credentials to hackers or provide a gateway via a malware link embedded in some form of communication.

One of the most important components of an effective data breach readiness program is mandatory and frequent training to remind employees about the importance of security awareness.

Education information security best practices can help arm a team against threats such as phishing, man-in-the-middle attacks, malware, and ransomware, substantially lowering the long-term risk.

An accurate understanding of a company’s sector-specific risks is another important point of departure in corporate cybersecurity. Healthcare employees, for instance, need to be especially on guard for EHR-related attacks and RDP server breaches, like the ones instigated by the SamSam virus (which took down Allscripts last month).

Other industries are more vulnerable to loopholes in common business apps; still, others are more frequently victims of point-of-sale malware or e-mail phishing scams. Once businesses understand where and how they are most likely to be targeted, they can begin providing training that takes into account the need for added vigilance in these specific areas.

The final challenge in correctly identifying breach risk involves understanding the extent to which recovery costs can vary. Discrepancies in cost depend not only on the severity of the breach, but also on how well the organization responds. Globally, the average cost to recover from a security breach is $158 per impacted individual, but that varies from of $60 to $400 per person.

While more companies than ever before are now either considering or have taken out some form of cyber insurance, this should not be considered an unloadable risk. Smart organizations are increasingly focusing on proactively identifying data breaches and preparing to efficiently react to them in advance of a data breach crisis.

Proper preparation means more education

The most devastating impacts of a data breach can only be avoided by coupling breach awareness and prevention efforts with readiness and response planning ahead of a cybersecurity incident.

Comprehensive breach readiness plans break down both pre-emptive and retrospective action steps by department: it’s sensible, for example, to task IT personnel with monitoring cloud connectivity and identifying network loopholes while entrusting financial staff with detecting suspicious activity along company bank and credit accounts.

Customer relations experts and account managers, on the other hand, are likely the best resources for overseeing client communications during and after a data breach, helping to re-establish trust and informing their consumer-facing workforce.

Here, inter-departmental communication is paramount: all workers should understand how and to whom they are to report possible breaches or scams, and when such breaches occur, the entire company should know what to expect employees in every department to do next.

Even for the most cyber-savvy corporations, however, internal resources alone are not enough these days. Outside resources are often critical to mitigating the threat of cyber attacks; Stop them once they start and restore company functions in a breach’s aftermath.

Establishing relationships and negotiating agreements with external subject matter experts is better done far in advance of an actual data breach. Contractual terms can be negotiated without the chaos and urgency of a crisis situation. The same is true for interfacing with law enforcement and regulatory agencies.

Knowing whom to contact and having an established communication chain can pay off when trying to execute an urgent data breach response.

Both internally and externally, the human element of cybersecurity remains a business’s best defense across an ever-widening threat landscape. With the right planning and a rapid response team, companies should be able to withstand a breach with the least damage possible, limiting losses – and claims.

SOURCE: Thompson, J. (2 March 2018) "Meeting cybersecurity risks head-on: A guide to breach preparedness" (Web Blog Post). Retrieved from https://www.propertycasualty360.com/2018/03/02/meeting-cybersecurity-risks-head-on-a-guide-to-bre/


6 ways HR can help prevent a data breach

Employees are often an organization's first line of defense against cyberattacks. Continue reading to learn the 6 ways HR can play a critical role in preventing data breaches.


Employees are an organization's first line of defense against and response to cyberattacks—which have become widespread in recent years. HR, in particular, can play a critical role in protecting sensitive information and minimizing employer liability.

Data breaches can lead to enormous liability, said Danielle Vanderzanden, an attorney with Ogletree Deakins in Boston. Some losses are easy to calculate, such as time spent on help desk activities, investigations and legal defense. Other losses are harder to quantify, such as reputational damage to the business. But it's clear that the costs can be staggering: The average total organizational cost of a data breach in the United States is $7.35 million, according to a 2017 study.

Whether a worker intentionally sold customer data, unintentionally left a laptop on a train or carelessly left boxes of medical records unattended in a high-traffic area of a hospital, employers can wind up paying millions of dollars in damages.

So what can HR do to mitigate these costs? In large part, data security is an issue for the technology department, but HR professionals can help ensure that effective programs are in place, Vanderzanden said at the 2018 Society for Human Resource Management Employment Law & Legislative Conference. Specifically, HR can lead the way by:

  1. Knowing who is hired. Protecting personally identifiable information (PII) starts with properly vetting job candidates who will have access to sensitive information: those being considered for HR, payroll and finance positions, to name a few.
  2. Accounting for equipment. During the onboarding process, employers should complete a checklist so that they have a record of all the equipment each employee receives. Then, at the time of separation, the checklist should be consulted to ensure that all equipment is returned and workers don't walk out of the building with sensitive information.
  3. Training employees to spot issues. Workers may not always know how to identify an issue—such as a phishing scam through which a cybercriminal sends an e-mail that looks like it came from someone in the company. An employee may quickly respond to the message and divulge personal information that can be used to access payroll and other information. Employees should be trained on how to identify scams and also should know what to look for in a legitimate company e-mail, such as a standard signature line, a photo of the sender and a company e-mail address.
  4. Encouraging workers to speak up. When a breach or attempted breach occurs, employees who handle PII must feel comfortable stepping up and notifying the appropriate staff. This is essential for resolving the situation, but also because employers must provide certain notices when information is compromised.
  5. Carefully crafting BYOD policies. Bring-your-own-device (BYOD) policies may turn into bring-your-own-breach policies in practice, Vanderzanden said. The more mobile the device, the easier it is for an unauthorized person to walk away with the device and any sensitive information that is stored on it. If employers are going to have a BYOD policy, they should have written policies about what will happen if the device is lost or stolen and what will happen upon termination of employment. Among other things, they should also have a procedure for remotely wiping data from the device.
  6. Building a culture of compliance. Representatives from different business functions—such as IT, HR, security and finance—should work together to ensure that data security measures are ingrained in the organization's practices. Moreover, compliance and cooperation must start in the C-suite. HR can play a role in influencing senior management about the importance of having everyone in the organization follow security procedures.

Check State Laws

HR professionals should note that state laws are the primary source of potential identity-theft liability for employers. "State laws in this area are a patchwork collection and are neither uniform nor completely consistent," said Patrick Fowler, an attorney with Snell & Wilmer in Phoenix, in an interview with SHRM Online. California and Massachusetts have been more active than other states in passing data privacy legislation, but virtually all of the states have data breach notification laws at this point, he noted. Employers should make sure they know what is required under relevant state laws.

SOURCE: Nagele-Piazza, L. (14 March 2018) "6 ways HR can help prevent a data breach" (Web Blog Post). Retrieved from https://www.shrm.org/resourcesandtools/legal-and-compliance/employment-law/pages/6-ways-hr-can-help-prevent-a-data-breach.aspx


Your Cyber Liability Policy & Handling Data Breaches Like A Pro

In the digital age we live in, it has never been more critical to have a focused, working cyber liability policy. A data breach for a company is a bad dream but having to tell their customers they’ve undergone a data breach is a nightmare. For this month’s CenterStage, Hierl’s wonderful VP of Property & Casualty, Cathleen (Cathy) Christensen, has brought you some helpful, informative advice on securing a reliable cyber liability policy, enabling you to handle data breaches like a pro.

About Cathleen

Cathleen Christensen is the current Vice President, Property & Casualty of Hierl Insurance, Inc. Cathy’s expertise lends itself well to helping local businesses with their commercial insurance and risk management needs. She attended Alverno College in Milwaukee, WI before her career in insurance. In her 25 years of experience in the industry, she has worked on the insurance company side as an underwriting manager, as well as on the agency side as an account executive. Cathy has also been an entrepreneur herself, which enables her to understand the demands businesses face today.

So, let’s get into it: how do you choose a successful cyber liability policy and avoid business fatal data breaches?

The 3 Big Issues of a Data Breach & How a Cyber Liability Policy Comes In Handy

When it comes to cyber liability, three issues plague business. First, there are 47 states in the United States that have separate data breach laws that regulate what business owners must do when a data breach has occurred. Companies that stretch across more than one state have the complication of knowing and going by these laws. Second, there is the public relation issue – attempting to share you’ve had a data breach with customers in a way that won’t completely destroy your company. The leak of private, customer information can lead to lawsuits, too, which leads us to what’s next. Finally, there is the price tag:

“In 2016, the average cost for each lost or stolen record containing sensitive and confidential information is a hundred and forty-one dollars. This is down ten percent from the previous year, but still incredibly significant.” -Ponemon Data Breach Study

When all three of these issues become a certain reality for your business, you are past the point of being able to protect yourself. You need third-party cyber liability experts to step in and help you handle the laws, the PR, and the price tag. Cyber liability insurance policies are tailored to meet your company’s specific needs and as part of their data breach coverage can include forensic, legal and public relations support. It is important to remember that in today’s environment, no company is immune to the possibility of being a victim of cyber crime. However, there are some things you can do to lower your risk of a data breach.

  1. Employee Corporate Security Policy Education. Did you know it’s more common for an employee to unintentionally leak information than it is to be hacked? This is why it’s crucial to educate your employees on cyber risks, but also to have a clear, focused Corporate Security Policy in place.
  2. Encrypt ALL Confidential Data. Even the simplest of things should be encrypted. Plus, don’t use the same password on EVERYTHING. Have different passwords or codes for as many things as possible. That way, if someone were to hack you, then they can’t unlock everything. If you’re someone who forgets your passwords easily, have a notebook or binder where your company information resides and keep it under lock and key without expressed permission to use.
  3. Backup, Backup, Backup. Let’s say your company’s entire computer system is shut down by a virus and you lose everything. That’s a frightening scenario, right? So, avoid it by having backups and many of them. A general rule of thumb is having three solid backup methods. Perhaps you have a couple online storages where you keep files and an external hard drive. It doesn’t matter – just make sure you have it backed up!

There are also a couple of relevant, key issues Cathy wanted to update employers on:

  • Ransomware & Social Engineering Fraud. The biggest scams of today are these two cyber crimes. Both work to steal company information by acting as perfectly normal requests, surveys or even Facebook personas. Employees fall into their traps, giving out company information freely, not realizing it was under false pretenses. Never, ever give out company information – even on something that seems like an official document – without consulting your manager or boss, first.
  • Federal Communications Commission (FCC). The FCC provides a tool for small businesses that can create and save a custom cyber security plan for your company, choosing from a menu of expert advice to address your specific business needs and concerns. It can be found at www.fcc.gov/cyberplanner.

Don’t sit back and wait for cyber doomsday. Take your policy into your own hands, set company standards, and consider cyber liability insurance to help protect your business from the cost of a cyber attack.

At Hierl, Property & Casualty coverage is a partnership; not a product. We look at your entire organization, listen to you, assess your risk, develop a complete strategy and deliver a full-service solution. Our team of experts start by looking at your risk and helping you to gain Insight™ into what is in store for tomorrow. If you have any questions or are interested in knowing if Hierl’s cyber liability solutions is a good fit for you, please contact Cathy at 920.921.5921.


Cryptocurrencies and what they mean for businesses

Technology has added efficiency and modern conveniences to daily life. Among these conveniences, computer experts have managed to apply digital traits to new, online currencies that are commonly called cryptocurrencies.

Simply put, cryptocurrency is digital money that operates independently of a bank and can be used similarly to cash around the world. However, the digital nature of these new currencies add some benefits that appeal to consumers and have led to their increasing popularity. Bitcoin—the most popular cryptocurrency—was declared legal tender in Japan in 2017, and online services like Microsoft, Overstock and PayPal also accept the currency.

While it can be easy to get caught up in the excitement and potentially lucrative nature of cryptocurrencies, it’s important to understand how they work as well as their positives, negatives and risks.

How Do Cryptocurrencies Work?

While it may seem confusing on the surface, the way cryptocurrencies function is actually quite simple. Like most currencies used around the world, cryptocurrencies store value, have specific exchange rates and are limited in supply. However, most cryptocurrencies are decentralized and work without administrators, and instead rely on encryption technology and verification to make transfers. This means that there is no central authority that manages the creation and use of cryptocurrency.

In the place of a central authority, most cryptocurrencies implement a network that allows users to make transactions directly between each other. These networks use a shared system of private keys and public ledgers to authenticate new transactions and create an encrypted log of past transactions. Bitcoin, the first cryptocurrency to implement this form of authentication, encourages users to participate in the system by rewarding them with additional bitcoins. In fact, this is the only way that new bitcoins circulate.

Despite concerns over cryptocurrencies like bitcoin, they aren’t going anywhere soon as an alternative method of payment, investment or means of raising capital.

To use cryptocurrencies, consumers and businesses must first acquire a cryptocurrency wallet account. These accounts work like a bank, but are designed specifically for individuals who want to purchase or accept cryptocurrency. Most cryptocurrency coins have an official wallet or recommended third-party wallets, and it’s important to conduct thorough research before choosing a service.

After you have acquired a wallet, you can purchase cryptocurrencies on open exchanges and use them for a variety of transactions. You can even convert cryptocurrencies to cash at a later date if you so choose.

The Positives and Negatives of Cryptocurrencies

Before adopting cryptocurrency at your business, you must consider how this new technology’s benefits and drawbacks may impact your operations.

The Benefits of Cryptocurrencies

  • Little or no processing fees—Unlike credit cards and other traditional forms of payment, cryptocurrencies often have no processing fees. This is because transactions are facilitated through the cryptocurrency’s public network on what’s known as a blockchain. Transactions are recorded on the blockchain chronologically, and users can create, verify and enforce transactions without an intermediary or central authority.
  • High transaction speed—Credit and debit card payments often take two to three days to process and clear. With cryptocurrencies, transactions happen in real time and take about 10 minutes or less. As an added bonus, cryptocurrency transactions are final, which means consumers can’t dispute a charge and negate a sale.
  • Increased payment options—The more payment options you can provide as a business, the better. As such, cryptocurrency has the potential to attract a wider customer base.

The Drawbacks of Cryptocurrencies

  • Price volatility—The value of bitcoins and other cryptocurrencies can change drastically over a small period of time. Bitcoin reached a value of $17,000 in January 2018 before falling to $7,000 less than a month later.
  • Anonymity—While the details of cryptocurrency users and transactions are often held in a public ledger, names and locations are encrypted. This can be an issue when complying with regulations on customer identification or fraud protection.
  • Cyber security—Cryptocurrencies exist digitally, and the proof of ownership is often limited to the private keys used to authenticate transactions. This makes cryptocurrencies a prime target for hackers, especially because many businesses aren’t aware of how to protect this new form of currency.

Should You Accept Cryptocurrency?

While global companies like Amazon and Microsoft accept cryptocurrency, that doesn’t necessarily mean it’s right for your organization, especially if you’re a small business. Before using cryptocurrency, it’s important to conduct adequate research and understand how it may impact your company. In addition, you should speak to a qualified insurance broker to determine how using cryptocurrency opens you up to new risks.

To learn more, contact Hierl Insurance Inc. today.

Download the PDF here.


Self-driving tech could put motor carriers back in the driver’s seat

Self-driving vehicles may feel like something that will only be available in the distant future, but autonomous technology is already having an impact on the transportation industry. Many motor carriers are promoting new equipment to attract tech-savvy drivers, and advanced safety sensors are helping decrease accidents on the road.

Over 30 automakers and technology companies are working to make trucks fully autonomous, and many states have already passed self-driving legislation that allows for testing on public roads. But, even though this technology offers motor carriers a way to increase efficiency and improve safety, there are a number of topics your business needs to consider before adopting self-driving trucks.

The Different Levels of Automation

Most of the technology used in autonomous vehicles is an evolution of common safety features that use vehicle-mounted cameras and sensors, such as automatic brakes, lane departure systems and blind spot alerts. However, self-driving technology takes this concept a step further by having these systems work together to perform some or all driving functions.

Because there are multiple self-driving systems in development that offer different levels of autonomy, most companies use a system developed by SAE International to classify levels of autonomous vehicles. Levels 0-2 mainly define limited control systems that are commonly available in consumer and commercial vehicles:

  • Level 0: No automation—The driver performs all driving tasks, but automated system issue warnings may be present.
  • Level 1: Driver assistance—The vehicle and driver may share control in limited circumstances, such as adaptive cruise control and parking assistance. However, the driver must be ready to retake control at all times.
  • Level 2: Partial automation—The vehicle has combined automatic functions (such as controlling acceleration and steering simultaneously), but the driver must be constantly engaged and aware of the surrounding environment.

Self-driving trucks can offer motor carriers a way to increase efficiency and improve safety, but there are a number of topics to consider before these vehicles are adopted widely.

Levels 3-5 define vehicles that are commonly referred to as autonomous or self-driving:

  • Level 3: Conditional automation—A driver must still be present, but doesn’t have to monitor the environment. However, they must be ready to take control at all times and with no notice.
  • Level 4: High automation—The vehicle can perform all driving functions under certain conditions, and switching control back to the driver may be optional.
  • Level 5: Full automation—The vehicle can perform all driving functions at all times.

How Can Self-driving Trucks Help Carriers?

Self-driving trucks could help motor carriers address a number of common issues:

  • Safety—Properly functioning self-driving systems operate without the chance of human error and can react to changing traffic patterns faster than a regular driver.
  • Driver shortage—Regulations likely won’t allow vehicles to operate without a driver in the near future. However, the technology will attract applicants who don’t want to spend long stretches of time in full control of a commercial truck.
  • Increased efficiency—Autonomous technology can give carriers real-time information on location, maintenance status and traffic patterns in order to increase efficiency and better manage fleets.
  • Cost reductions—Motor carriers can reduce costs by sending autonomous trucks on more fuel-efficient routes or by platooning the vehicles together to reduce air drag.

What Risks Does This Technology Present?

Although autonomous technology is advancing rapidly, there are still a number of risks and obstacles to overcome before the vehicles can be widely adopted:

  • Public perception—Advanced sensors generally make self-driving trucks safe, but recent high-profile collisions and fatalities during tests have lowered the public’s opinion of the technology.
  • Long-term employment—Autonomous technology will help to attract new drivers in the near future, but some experts believe that fully independent vehicles may someday eliminate millions of jobs.
  • Liability—The liability of an accident involving human-driven vehicles is fairly easy to judge. However, self-driving trucks bring a nonhuman factor into the equation that makes it difficult to determine if an operator, technology developer, manufacturer or other party is at fault for an accident.
  • Compliance—Individual states, cities and jurisdictions currently manage laws regarding the testing and use of self-driving trucks, making interstate commerce more complicated. However, the FMCSA recently requested feedback on the regulations that would have to be updated, modified or eliminated to safely allow for the use of autonomous vehicles. Key questions discussed by the agency include the following:
    • How will motor carriers ensure automatic systems are functioning properly?
    • What changes, if any, should be made to distracted driving regulations?
    • How will enforcement officials determine a vehicle’s SAE classification level, and would easily identifiable classification signage negatively affect other drivers?
    • How should a driver’s hours of service be recorded when using an automated driving system?

Considering Your Options

As self-driving vehicles continue to develop, your business should carefully consider how both the advantages and risks of this new technology will impact its operations. Contact us at 920-921-5921 today for help analyzing your unique risk exposures.

Download the PDF here.


Construction Risk Advisor - July 2018 Edition

DATA SCIENCE TO BOOST EFFICIENCY AND SAFETY


In order to improve worker safety and boost efficiency, about 20 construction companies have launched data science initiatives over the past few years.

One of those pioneers is a Boston-based company whose data scientists have developed an algorithm that analyzes photos from its job sites and then scans them for safety hazards. The algorithm then correlates those images with its accident records.

Although the technology still needs some fine-tuning, the company hopes to use the algorithm to rate project risks. As a result, the technology could prove extremely helpful in detecting elevated threats and then intervening with safety briefings.

Combining the data collected from these efforts could also be used to forecast project delays. Although data science is somewhat new to construction, a recent McKinsey report said that firms could boost productivity by as much as 50 percent through real- time analysis of data.

Newsletter Provided by: Hierl's Property & Casualty Experts

Download Full Newsletter

AVOIDABLE ESTIMATION MISTAKES IN CONSTRUCTION


In the past three years, only 31 percent of construction projects came within 10 percent of their budgets, according to RSMeans, a provider of construction cost information. Completing projects within budget is a constant challenge for many contractors. Here are five estimating mistakes to be aware of, along with best practices to combat them.

1. Unrealistic expectations—Don’t rely on ideal orworst-case scenarios, which can lead to impractical estimates. Find the middle ground to avoid setting expectations too high and blowing timelines.

2. Flying solo—Don’t be afraid to use outside data sources from a credible third party. Create a realistic estimate by including a combination of your own historical data and their custom data.

3. Lack of or wrong permits—If you lack permits or have the wrong type, work can come to a standstill. Factor proper permits into your estimate, as well as their corresponding costs.

4. Unclear parameters—Parameters must be established clearly at the onset of each project.Make sure you clearly understand your clients’limitations and restrictions before creating an estimate to avoid unnecessary change orders.

5. Missing details—A lack of knowledge, missing items or generalized task descriptions can lead to estimates that are too low. Take the time to account for all necessary materials, labor and equipment by referencing similar work done in the past or detailed cost data from a third party.


Cyber Risks and Liabilities July/August 2018

Training Staff to Guard Against Cyber Attacks


Using mobile devices to work remotely is becoming the new norm. But when your employees use phones, tablets and laptops to access your networkand do their jobs, they’re essentially providinghackers with more entry points, leaving your organization highly vulnerable to attacks.

No matter how many security measures you take,they’re useless if you don’t supplement them withemployee training. Here are five ways to help employees protect your company from cyber attacks:

  1. Offer training on phishing and spam. Show your employees what to look for so they can alert IT if they receive a suspicious email. You can also use phishing simulator training tools, which attempt to trick your employees into opening the wrong types of email. The employees who click on those emails can then be flagged for additional training.
  2. Provide strong password training. Passwords should be changed on a regular basis and contain more than seven characters, an uppercase letter, a number and a symbol.
  3. Teach employees to report problems. Even if your employees clicked on something they shouldn’t have, it’s important that they feel comfortable reporting their infractions so any potential threat can be addressed immediately.
  4. Insist that your employees update all software when new updates become available.Vulnerabilities spread like wildfire among hackers. If employees fail to perform updates,they’re allowing hackers access to the device and possibly your entire network.
  5. Give remote access and Wi-Fi training and set up a virtual private network (VPN). Any employee that works remotely should use that VPN at all times for all activities.

Businesses Need Both Cyber Threat Intelligence and Business Risk Intelligence


Devising an all-encompassing strategy that protects your organization from cyber criminals, data breaches and other cyber security threats is no easy task. You need to ensure protection from not only hackers, but also the actions of your own staff.

Your employees may not intentionally threaten your organization, but without proper training and policies on using, storing and transferring data, there will always be a chance of them inadvertently putting your business at risk. In order to protect against such threats and react accordingly, businesses need to two types of intelligence: cyber threat intelligence and business risk intelligence.

Cyber Threat Intelligence

Cyber threat intelligence is information that has been collected, evaluated and analyzed. It involves looking outward, always being on the defense for potential cyber threats and turning unknown threats into well-known, mitigated threats. Cyber threat intelligence helps organizations understand the threat landscape they face and improve the effectiveness of their defense.

Cyber security analysts can use the data from their own internal security systems and outside vendors to build an understanding of the threats they face. They may also enlist the help of outside providers who understand the behavior of cyber criminals, as well as the long-term trends and short-term risks that might affect a particular sector.

Business Risk Intelligence

Business risk intelligence addresses the broader risks facing a business, including the digital risks. Due to the connected nature of the “internet of things,” business risk intelligence can also include cyber threat intelligence. But unlike cyber threat intelligence—which primarily affects the day-to-day operations of a company’s chief information security officer—the impact of business risk intelligence is likely to be felt across the entire executive suite.

A company with business risk intelligence is aware of the broad risks it faces. That may include insider threats to the physical security of staff or the risk of engaging with third-party vendors in the supply chain. Any type of activity that can alter business operations can be combatted with business risk intelligence.

Save Your Website from ADA Lawsuits


The Americans with Disabilities Act (ADA) of 1990 prohibits discrimination based on disability, which involves ensuring that everyone has reasonable access to all areas of public life. Although the ADA doesn’t explicitly mention the internet, the federalgovernment has taken the position that Title III of the ADA covers access to websites of public accommodations, including service and rental establishments, retail stores, educational institutions and recreational facilities.

Currently, ADA website compliance is only mandatory for government-managed websites. However, the absence of laws enforcing ADA compliance for websites ofpublic accommodations hasn’t prevented people from filing lawsuits againstcompanies that don’t meet the suggested guidelines.

Businesses in health care, government and education have been the most common targets of these lawsuits. Attorneys looking for easy money typically target small businesses’ websites by offering a low settlement fee. If your business is targeted by an ADA website compliance grievance, consider taking the following steps in response:

  1. Review the grievance for credibility. A lawsuit may likely begin by citing“violations of the Americans with Disabilities Act, Title 42 U.S.C. 12101 and12181.” It may also include an inexpensive settlement option—a prime indicator that the lawsuit has no legs to stand on and is likely a scam.
  2. Consult a lawyer. Doing so will help determine the credibility of the threat and stop future threats to your business.
  3. Respond to the plaintiff. Ask your attorney to draft something explaining thatyou’ve reviewed their grievance and consulted a lawyer. Realizing that you’vesought legal help may scare away anyone trying to file a lawsuit.
  4. Update your website. Do this regardless of whether there is a legal need. If your site is easily accessible by people with disabilities, you may see beneficial returns from those users.

Newsletter Provided by: Hierl's Property & Casualty Experts

Download Full Newsletter


Safety Focused Newsletter - July 2018

Back Strain: A Workplace Risk for Every Employee


Back injuries are common in the workplace and are typically the result of a strain or sprain to back ligaments or muscles, the spinal cord, thoracic spine, lumbar spine, sacrum or coccyx. What’s more, you don’t need to work in a manual labor-intensive job to experience back problems. Employees of all kinds can maintain back health by keeping these tips in mind during their workday:

  • Take small breaks throughout your workday and stretch regularly.
  • Manage your stress level to reduce discomfort and back pain.
  • Exercise and stay active to reduce your chances of developing back pain.
  • Adjust your posture frequently.
  • Position your desk chair so your feet are flat on the floor.
  • Lift with your knees, and keep what you are lifting close to your body. Ask a co-worker to assist you when performing tasks that require heavy lifting, pushing, pulling or throwing.
  • Drink enough water and eat a healthy diet. This helps keep your spinal discs hydrated and healthy.
  • Watch where you walk. Many back strain injuries are the result of involuntary motion, like an attempt to recover from a slip.It may also be a good idea to work with your manager to plan your working hours in a way that helps you avoid long periods of repetitive work.

EMPLOYEES DO NOT NEED TO WORK IN THE CONSTRUCTION INDUSTRY OR A MANUAL LABOR- INTENSIVE JOB TO EXPERIENCE BACK PROBLEMS.

5 WAYS TO IMPROVE COMMUNICATION

  1. AVOID CLICHÉS
  2. BE BRIEF
  3. BE SINCERE
  4. AVOID ARGUMENTS
  5. ALLOW OTHERS TO RESPOND WITHOUT INTERRUPTION

How Employees Can Improve Workplace Communication


Communication is key in all aspects of life, but especially in the workplace. Without good communication, employees and productivity can suffer.

However, there are things you can do to establish better communication and improve the way things are done at your workplace. When it comes to interacting with your co-workers, keep in mind the following:

Make sure you are being clear and concise.

This applies not only to face-to-face conversations, but also to emails and all other types of communication. Your messages should be complete and include everything you want to convey.

Listen carefully. Don’t respond to what someone has said—aloud or in your head—until they have finished speaking. If you start thinking about a response before your co- worker has gotten their message across, you could miss important pieces of information and derail the conversation.

Summarize what you’ve said. After you’vegiven a long-winded speech or written an extensive email, go over the basic, most important points. This will help refresh yourlistener’s memory and potentially weed outopportunities for miscommunication.

Make meetings meaningful. Schedule a meeting to elaborate on complex tasks and make the most of scheduled time. Don’tstray from the topic, and keep conversations productive.

Follow up in writing. No matter how compelling a meeting or conversation was, it’s likely that people will not remember everything that was shared. For important matters, follow up with an email that highlights key takeaways from the conversation or meeting.

Above all, it’s important to be mindful ofyour body language and tone when you communicate. Together, these strategies ensure clear, effective correspondence.

Newsletter Provided by: Hierl's Property & Casualty Experts

Download Full Newsletter


Agriculture Risk Advisor- July/August 2018

FARM BILL UPDATE


On June 13, in a 20-1 vote, a Senate panel approved a modest, bipartisan rewrite of federal farm and nutrition programs. The sole vote against the bill was by Sen. Chuck Grassley, R-Iowa, because his amendment to limit subsidy payments was omitted.

If passed, the legislation would renew farm programs that include subsidies for crop insurance, farm credit and land conservation. It would also extend the Supplemental Nutrition Assistance Program (SNAP)—formerly known as the Food Stamp Program—which helps feed more than 40 million people.

The House failed to pass a version of this bill in May due to a still unresolved immigration debate. Contrary to the Senate farm bill, the House is asking for greater job training opportunities for SNAP recipients. However, the bill has been heavily criticized for what some call a poor design and the possibility that it could exclude 2 million people from SNAP.

The current food and farm bill expires at the end of September. Although enacting the legislation this year is unlikely, a short-term extension is expected when the bill is brought back to the floor.

NEW WEB TOOLS FOR CATTLE MARKET


Two new web tools created by the Noble Research Institute will allow cattle producers to easily access Oklahoma cattle auction data. The tools include a price slide table and market charts.

PRICE SLIDE TABLE

The first web tool is a breakdown of the price slide (PS) and value of gain (VOG) for the reported markets. The PS and VOG tool looks at the sales receipts for the selected market, as well as frame size, gender, yield grade and the sale date to give producers a glimpse at the type of cattle buyers are looking for.

Cattle with notes about their features aren’t included in the table in order to prevent the PS and VOG from being affected. However, a link to the original USDA- AMS report is provided near the top of the page for producers who want more details and to see where the original data was taken from.

MARKET CHARTS

The second web tool is a set of charts for slaughter, feeder and replacement cattle. The tool offers an option to compare each group across whichever markets the user selects, either during a specific year or across years.

The auction comparison tool was designed to provide producers with information to help them in their marketing and purchasing options. By comparing years, producers can better evaluate how the current year is stacking up against previous years for a particular market.

Newsletter Provided by: Hierl's Property & Casualty Experts

Download Full Newsletter


The Importance of Business Continuity Planning

Download the PDF

Rarely do we ever get advanced notice that a disaster is prepared to strike. Weather, network failures, epidemics and violence are just a few of the disasters that could have an impact on a company’s reputation. Every incident is unique due to the challenges it presents. However, implementing a business continuity plan (BCP) can help give your organization the best shot at success both during and after a disaster. A current, tested plan in the hands of all personnel responsible can help mitigate the potential impact. The absence of a plan doesn’t just mean your organization will take longer than necessary to recover from a crisis – you could go out of business. In this installment of CenterStage, Cathleen Christensen, our VP of Property and Casualty, discusses what a BCP is, why it matters, keeping one in place, and how Hierl can help you build a strategy that works with it.

What is a Business Continuity Plan?

Business continuity refers to maintaining business functions or resuming them in a timely manner in the event of a crisis. Examples of crises include natural disasters such as weather, fire, or an epidemic outbreak like the flu, but also include events involving company reputation, violence and network breaches. A business continuity plan outlines the procedures and instructions an organization must follow in the face of such disasters. The plan not only identifies the internal and external needs of an organization after a catastrophic loss but lays out the path for recovery. Cathleen explains, “A business continuity plan can be the difference between successfully recovering or going out of business.”

Why Does Business Continuity Planning Matter?

The importance of having a business continuity plan cannot be stressed enough. Truth is, 1 in 5 organizations do not recover following a crisis. Severity vs. probability must be factored into the management of your organization. The purpose of having a business continuity plan is not only to prepare for a disaster both during and after, but to mitigate the potential danger and lessen the odds of attack for your organization. Serving as the ultimate disaster plan, it is vital that preparation information is made common knowledge amongst all levels of the organization - from the highest level down. To ensure a healthy and effective BCP, craft a plan following these seven steps:

1. Initial Response

Disruption in the day-to-day operations should trigger everyone to not only know what is wrong, but what – if anything – to do to resolve it immediately. Planning and exercising this element of the plan will eliminate the rush of, “What do I do,” from employees. Proper communication will allow there to be no holes in the plan.

The initial response should also provide a clear sense of who is in ‘charge’ when disaster strikes. Whether it be at a corporate level, regionally or locally, knowing who is overseeing the process towards recovery is vital to the success of a BCP.

2. Stabilization

Regardless of cause, every disruption needs containment to prevent a bad situation from getting worse. It is important to know what happened to cause the event and the potential impact it may bring if left unchecked. Assess the impact, know how to stop the bleeding and devise short and medium-term goals to appropriately address the situation.

3. Activation

Following an impact assessment, identify what services need to be restored. Additionally, note who is responsible for the plan – what will they do, where will they do it and with whom will they do it?

4. Communication

In the event of a disaster, stakeholders might initiate various actions to stabilize or restore services. Timely communication between various respondents is critical to an effective incident response. Communication during an incident should be geared towards management, employees, customers and others who have a stake in the business. The goal is to keep them updated regarding the current state of restoration activities and collaboration with responders.

5. Planned Response

These are the initial response activities that need to be taken to limit the loss of life and property in the time immediately before, during, and after a crisis. Items that could be included are:

  • What types of incidents or crisis situations activate the plan?
  • Who has authority to activate it?
  • Details regarding the incident response team
  • Evacuation procedures
  • Contact lists

6. Extended Response

Actual recovery may take days, weeks, months or even longer. After the initial response the recovery plan outlines the steps you will need to take to get your business running again after an incident or crisis. It includes a realistic time frame in which you can get your operations back on track to minimize financial losses. Forcing yourself to rely heavily on your initial or planned response will only worsen recovery efforts. Be knowledgeable about your staff and the direction the road to recovery is going.

7. Return to Normal

When disruption ends, questions will still need to be answered. These are not limited to questions such as, Is the return to ‘normal’ a ‘new normal’. Other questions could include, “How will work between ‘normal’ operations and post-catch up tasks be managed? How will my information for insurance purposes be collected?”

Maintaining a Business Continuity Plan

With a plan in place, efforts do not cease. To remain disaster ready, you must remain active in your preventative efforts. As the world around us changes, so should your BCP to remain up to date and effective in all threats. Communicating any changes that may have occurred with initial plan to employees is a must. There is no way for all members of your organization to remain ‘in the know’ if they are kept uninformed. With effective communication of the BCP comes proper training. As critical as communicating clearly is with employees, instructing them in a hands-on potential scenario leaves nobody in the dark on recovery execution when disaster strikes.

How Can Hierl Help Business Continuity Planning?

At Hierl, we offer the necessary tools for creating an effective BCP. By working hand-in-hand with your business/organization, we offer the resources to locate and analyze potential risks and to create a team within your business to properly manage disasters. To get started, speak with Cathleen today at 920-921-5921 or cchristensen@hierl.com.

 

Download the PDF