“My advice is to do all you can from a risk management standpoint but you also need insurance because you never know what can happen.” – Cathleen Christensen, Vice President of Property and Casualty
In today’s world, a day does not pass without a large company being featured on the news because they are suffering from a data breach or hacking incident that has threatened personal information.
Cyber security is a concept that has become a high priority in the past five years. Since this issue is fairly new, demand for cyber insurance is emerging, since most cyber related claims are currently not covered under a standard insurance program. The questions that arise the most regarding cyber security and liability are about understanding the level of exposure a company’s data faces and knowing what cyber coverage encompasses.
Large companies are not the only ones at risk, it is often small businesses that are most vulnerable simply because they are not prepared. Most small (under 250 employees) businesses do not have the IT staff necessary to help protect a business. Even manufacturing companies are at risk because while credit card information is a large component, it is not the only type of attack. Can you afford the risk of not protecting your employee, client and company data?
With 10+ years of experience addressing cyber risks, Hierl’s process of approaching cyber security begins with an assessment of a client’s risk and exposure. This involves knowing what data a client has, who has access to it, how it’s stored and how they are backing it up. Hierl can expertly evaluate the coverage that is necessary to keep an organization secure.
Because it is an emerging coverage, cyber insurance plans are not standard. Hierl advises a three-fold type of coverage including:
The best policies offer assistance to help you to work through things if something was to ever happen, as well as forensic and technical assistance to determine how the breach occurred.
“Many organizations that have suffered cyber-crime are sophisticated, big businesses. If they can’t stop these attacks from happening, most other businesses can’t either.”
If it is determined quickly that a breach has happened and a good backup exists a company can recover quickly and the attack is much less damaging. However, when a company’s data gets out in the wild is when attacks become most expensive.
The 2016 Ponemon Institute Cost of Data Breach study reported that the average cost of a lost record rose from $154 in 2015 to $158 in 2016. Even if, you only have 20 employees now and that doesn’t seem all that bad…you need to think about how many employee records do you have from the past 10 years? Cyber-attacks don’t just affect current records nor do they only target employee data but client and company data too. This type of insurance is becoming a must have coverage for businesses because of how sophisticated these attacks have become
Three reasons to explore cyber coverage for your business:
To download the full article click Here.
Is your company properly protected from cybersecurity threats? Find out how to protect yourself from online threats thanks to this great article from Prperty & Casualty 360 by Christopher Roach.
As businesses are spending millions of dollars on technology and software to protect themselves from cybercrimes, they may be missing a leading cause of cybercrime by not investing their money in training their own employees.
Human error is the leading cause of cybercrimes, according to BakerHostetler’s 2016 Data Security Incident Response Report. Some of the most prominent companies learned that all too well in the last calendar year, as costly mistakes by their employees left their business vulnerable to hacks.
In the spring of 2016, Snapchat was the victim of a phishing scam, where hackers posing as the CEO convinced an employee to email them the personal information — IRS Form W-2 data — of about 700 current and former employees of the organization. This included employee names, Social Security numbers, wages, stock-option gains and benefits. Shortly after the information was released, the employee realized that the original request was not legitimate. Everyone affected by the scam was quickly notified and offered free credit monitoring and identity theft insurance.
A human mistake was also the leading cause of a recent breach of Premier Healthcare, a multispecialty healthcare provider. After the billing department failed to secure its computers, a laptop computer was stolen from its headquarters. The electronic protected health information (ePHI) that could have been accessed from the single laptop could affect roughly 200,000 patients. The laptop was password-protected but not encrypted.
Employees reported the stolen laptop as soon as they realized it was missing, and the company took a number of steps to locate the laptop and identify the thief, including notifying patients and filing a police report. Fortunately, the laptop was returned and a comprehensive forensic analysis revealed the laptop had not been powered on since it went missing.
This year, Snapchat, Premier Healthcare and every other business big, medium or small, must invest in cybersecurity protection. They have to prepare their employees for the worst.
Here are three cybersecurity resolutions that offices need to make going forward:
In addition to sending around a list of dos and don’ts on how to prevent cyberattacks to employees, companies could get more creative when it comes to training their staff. Businesses should consider using gamification for training exercises to present real-life scenarios to employees.
One way to do this is by having “pretend” hackers try to obtain proprietary information from employees. If an office doesn’t properly react, it could provide as a great lesson for everyone. If they react correctly they could win a prize. Every employee poses a risk, so training each individual is a critical element of cybersecurity.
Hackers are always going to be one step ahead due to the ever-changing cybersecurity landscape. In preparation, companies must have a cyber response plan in place and need to be ready to respond to multiple scenarios.
Employees need to understand how to identify risks and the appropriate individuals or departments where they should report findings. In addition, every employee should be taught best practices, like how to create stronger passwords or how to spot suspicious emails, so that they can use good judgement when online. If you suspect something, report it.
The most important thing that business can do is identify their “crown jewels,” which are their data assets that are most critical to their organization and customers. Once the crown jewels have been identified, a company’s security team can establish targeted cybersecurity controls to insure this data is secure and recoverable.
While doing this, companies should make sure to conduct a penetration test to find out if their most important assets are vulnerable to hackers. This approach will save time and money. It’s not practical or cost effective to put the same level of protection on all data, so target the data that’s most important to the business.
See the original article Here.
Roach C. (2017 March 24). 3 wise cybersecurity solutions for 2017 [Web blog post]. Retrieved from address http://www.propertycasualty360.com/2017/03/24/3-wise-cybersecurity-solutions-for-2017?slreturn=1491841086&page_all=1
Check out this free upcoming webinar from Society Insurance about ” Reducing Outdoor Slip, Trip and Falls”
Reducing Outdoor Slip, Trip and Falls
Friday, April 28, 1 p.m. – 2 p.m. CDT
Click here to register.
Doing everything possible to prevent slip, trip and falls is not just a priority – it’s a necessity!
This live webinar focuses on identifying hazards that could cause outdoor slip, trip and falls. Society’s risk management experts will also discuss corrective actions that can help to reduce the occurrence of these incidents and injury losses.
Register now and pass it on! All are welcome and every business can benefit from the information in this webinar.
Have you noticed more auto accidents lately? Then check out this interesting article from Property Casualty 360 about the reasons why auto accidents are on the rise by Denny Jacob
According to the National Safety Council, traffic deaths increased 6 percent to 40,200 — the first time since 2007 that more than 40,000 have died in motor vehicle crashes in a single year.
The 2016 total follows a 7 percent rise in 2015. Much of this is attributed to continued lower gasoline prices and an improving economy which has increased motor-vehicle mileage.
In addition, the U.S. Department of Transportation’s early estimates show the motor vehicle traffic fatalities for the first nine months of 2016 increased about 8 percent as compared to the motor vehicle traffic fatalities for the first nine months of 2015. Preliminary data reported by the Federal Highway Administration (FHWA) shows that vehicle miles traveled (VMT) in the first nine months of 2016 increased about 3 percent.
All 10 National Highway Traffic Safety Administration (NHTSA) regions experienced increases during the first nine months of 2016. In particular, the South, Southeast and Northeast saw motor vehicle traffic fatalities spike between 11 and 20 percent alone.
Here are 5 factors contributing to the increase in auto accident rates:
Cheap gas and diesel, plus a stronger economy, has caused high road density with more cars on the road. The Department of Transportation’s Federal Highway Administration shows that driving jumped 3.5 percent over 2015, the largest uptick in more than a decade. Americans drove more than 3.15 trillion miles, equivalent to around 337 round trips from Earth to Pluto. The previous record, around 3 trillion miles, was set in 2007.
Beyond texting and driving, from Bluetooth to Snapchat, approximately 660,000 drivers are attempting to use their phones while behind the wheel of an automobile. On top of that, we now have sensors and technologies that respond to our every move in vehicles. We have apps that connect to center consoles and more touch-screen technology in vehicles than ever before
A new study from AAA Foundation for Traffic Safety show that millennial drivers (more 19- to 39-year-old drivers) are texting, speeding and running red lights. They also think it’s OK to speed in school zones. While the statistics improve for older drivers, it’s not by much. From a commercial driver standpoint, the experience (or inexperience) of drivers can lead to more auto accidents overall.
Think about your grandfather’s car. If the engine blew, you went to a mechanic who fixed the problem. Now, everything in a car is connected by a computer. If one fuse blows, it will likely have an impact on other parts of the vehicle. Yes, computers make it easier and quicker to fix, but overall costs tend to be higher, especially because cars on the road are much newer.
Ultimately, we pay for the technology (computers, advancements in bodywork, HVAC, etc.). To diagnose many computer issues and the dozens of sensors requires a scan tool that is capable of accessing the thousands of manufacturer-specific trouble codes and data streams. A good one can cost $7,000 alone.
No surprise, the cost of medical care has increased, most of which are spinal and soft tissue injuries. According to the Mayo Clinic, more than 35 percent of spinal cord injuries are caused by vehicle accidents (truck, automobile, or motorcycle). Think about this — medical spending for spinal care per patient increased by 95 percent from $487 to $950 between 1999 to 2008, accounting for inflation.
But think about the full picture, which compounds the issue. You get whiplash (direct medical cost), have to stay home for a few weeks (loss of income) and get physical therapy (cost of post-injury medical care — according to one estimate, about 25 percent of whiplash injury patients end up suffering chronic pain). The costs can triple from an economic and quality-of-life perspective, costing the U.S. $2.7 billion per year.
Jacob Denny (2017 March 02). 5 reason why auto accidents are on the rise [Web blog post]. Retrieved from address http://www.propertycasualty360.com/2017/03/02/5-reasons-why-auto-accidents-are-on-the-rise?page_all=1
With flu season in full swing here are some great tips from Travelers on how to protect the workplace from getting sick.
Every year, without fail, flu season hits. While the influenza virus poses high health risks for individuals, an outbreak at the office can also affect business operations. All it takes is one employee and one sneeze to put others at risk and spread the virus.
According to the Centers for Disease Control and Prevention, flu viruses can spread to people from up to 6 feet away through droplets made by sneezing, coughing or talking.* Even before showing symptoms, an infected employee who sneezes during a meeting or coughs at someone’s desk without covering his or her mouth can expose others to the flu.
Small businesses can be even more vulnerable if multiple employees call in sick due to flu-related illnesses. Fewer hands on deck could potentially impact productivity and operations.
Author (Date). Cold & flu prevention in the workplace [Web blog post]. Retrieved from address https://www.travelers.com/resources/workplace-safety/cold-and-flu-prevention-in-the-workplace.aspx
For the unprepared, workers’ compensation (WC) issues can be both confusing and costly. Fortunately for employers, there are ways to actively engage WC issues to influence their outcomes.
Through management controls and active involvement in the WC process, your organization can effectively influence related costs. To do so you will have to establish a number of your own processes that guide decision making throughout your organization.
Areas requiring WC management can be divided into three main categories. These categories include facets that may range from the simple to the complex, but as a whole, address vital issues that can negatively influence WC costs in your company.
Workplace Safety Means Fewer Claims
Simply put, reducing claims reduces costs. Establishing a safety-minded culture throughout every level of your company is essential to keeping workers injury free. However, establishing such a culture isn’t an overnight solution. To be successful, an ongoing commitment to safety must be made. Such a commitment must be supported by management and given the necessary resources to succeed.
Developing comprehensive safety policies for employees builds a firm foundation for your safety culture to grow. Such policies also encourage OSHA compliance, further improving your safety efforts while helping you avoid costly fines.
Mitigate Loss After an Injury
Unfortunately, even with all the right programs in place, it is still possible for accidents to happen. When a workplace incident occurs how you respond can greatly influence the outcome of the claim. Prompt claim reporting is essential to keeping costs down. It is also important to have a designated injury management coordinator, someone who can supervise open claims and work with both employees and medical personnel to facilitate the timely recovery.
The longer an employee is out of work the more expensive their claim will be. Return-to-work programs that allow injured employees to come back to work at a limited capacity during the recovery process, are one of the most effective tools business owners have to reduce the severity of a claim.
Managing Your Mod
Insurers use what is known as an experience modification factor, or mod, to calculate the premiums you pay for workers’ compensation coverage. By managing your exposures and promoting safety it is possible to manage your mod and decrease your premium rates.
Like a good safety program, controlling your mod is an ongoing process. To reap the benefits of lower premiums you will have to keep in regular contact with your insurance provider to ensure they have the most accurate data to use in their calculations.
On Dec. 19, 2016, the Occupational Safety and Health Administration (OSHA) issued a final rule amending its recordkeeping regulations. The amendments were adopted to clarify that an employer’s duty to create and maintain work-related injury or illness records is an ongoing obligation. The final rule becomes effective on Jan. 18, 2017.
The clarification explains that an employer remains under an obligation to record a qualifying injury or illness throughout the fiveyear record storage period, even if the incident was not originally recorded during the first six months after its occurrence. The final rule does not create any additional or new recordkeeping obligations for employers.
OSHA requires employers to create and maintain records about workplace injuries and illnesses that meet one or more recording criteria. Specifically, employers must:
Create and update a log of work-related injuries and illnesses (OSHA 300 Form);
Create and maintain injury and illness incident reports (OSHA 301 Form); and
Create and display an annual summary of workplace incidents (OSHA 300A Form) between Feb. 1 and April 30 of each year.
Employers must keep these records for at least five years. The five-year retention period begins on Jan. 1 of the year following the year covered by the records. For example, the five-year retention period for incident reports created on Jan. 23, 2015, June 15, 2015, and Nov. 4, 2015, begins on Jan. 1, 2016.
Penalties for Noncompliance
OSHA has the authority to issue citations and assess fines against employers that violate recordkeeping laws. However, in general, the OSH Act does not allow for a citation to be issued more than six months after the occurrence of a violation.
OSHA is of the opinion that a violation exists until it is corrected. Therefore, the six-month period to issue citations and assess penalties begins on the date of the last instance of the violation. For example, if a violation that started on Feb. 1 was corrected on May 15, the six-month period would begin on May 15, and OSHA would have until Nov. 15 to issue a citation.
OSHA also asserts that uncorrected violations are considered ongoing violations, and that each day of noncompliance is subject to a separate penalty.
The Final Rule
According to OSHA, adopting the final rule and amending its recordkeeping regulations was necessary because the previous regulations did not allow OSHA to enforce an employer’s incident recording obligation as an ongoing requirement. In fact, a federal circuit court has held that the former regulations did not authorize OSHA to “cite the employer for a record-making violation more than six months after the recording failure.” The court also noted that there is a discrepancy between the OSH Act and the regulations, and that while the OSH Act allows for continuing violations of recordkeeping requirements, the specific language in the regulations does not implement this statutory authority and does not create continuing recordkeeping obligations.
The federal court interpretation of previous regulations meant that employers were no longer responsible for recording or storing workplace incidents if OSHA failed to detect and penalize employers for omitted recordable incidents within the six-month period. For this reason, OSHA issued its proposed amendments on July 29, 2015.
Impact on Employers The final rule and amended regulations do not create additional or new recordkeeping regulations, and employers will not be required to record incidents that they were not previously required to record.
This clarification simply makes it possible for OSHA to penalize employers for a recordkeeping violation within six months of the last date of noncompliance, not the first date when a violation occurs. OSHA believes that the clarification will encourage employers to comply with record-making and recordkeeping obligations even when these records are not produced within the first six months of when a recordable incident takes place. In other words, the clarification discourages employers from ignoring record-making and recordkeeping obligations solely because six months have transpired since the occurrence of a recordable incident.
This also means that OSHA now has a window of up to 66 months (five years and six months) after the occurrence of a recordable incident to enforce record-making and recordkeeping requirements.
Finally, the amended regulations emphasize an employer’s ongoing duty to create and maintain records and increasingly justify OSHA’s ability to assess penalties against a violating employer for each day of noncompliance, until the maximum penalty amount is reached or the employer corrects the violation
The Bureau of Labor Statistics (BLS) recently released statistics on work-related injuries and illnesses in 2014. According to the BLS, two key factors are used to measure the severity of these injuries and illnesses:
* Incidence rate: The number of cases, per 10,000 full-time employees, of injuries and illnesses that require time away from work.
* Average days away from work: The average number of days an employee spends away from work to recover from an injury or illness. The BLS found that the overall incidence rate of nonfatal occupational injury and illness cases in 2014 was 107.1, down from a rate of 109.4 in 2013. The number of days away from work was approximately the same in both years. Additionally, the BLS detailed the most common workplace injuries and illnesses, as well as the most commonly affected parts of the body.
Common Injuries and Illnesses
Sprains, strains and tears were the most common workplace injury in 2014. The incidence rate for these injuries was approximately 38.9 cases per 10,000 full-time employees, which represents a decrease from 2013’s rate of 40.2 cases. However, these are still significant injuries; on average, workers with sprains, strains or tears needed 10 days away from work to recover.
The statistics also show that soreness and pain were common injuries, but generally required fewer days away from work.
Commonly Affected Parts of the Body
The upper extremities (e.g., hands, shoulders) were most affected by injuries and illnesses in 2014, with an incidence rate of 32. Hands accounted for 40 percent of those cases, the most among upper extremities. However, shoulder injuries and illnesses required an average of 26 days away from work to recover, more than any other part of the body.
The BLS specifically noted that musculoskeletal disorders (MSDs) accounted for 32 percent of all workplace-related injuries and illnesses in 2014. Although the incident rate of MSDs was lower than it had been in 2013, these injuries can affect employees in any industry.
For more information on preventing workplace injuries and illnesses, contact Hierl Insurance Inc. today.
OSHA requires employers to keep and maintain records of work-related injuries and illnesses. However, if an employee develops an injury or illness while performing a personal task or is injured outside of his or her normal work hours, it can be difficult to determine your OSHA obligations. That’s why OSHA recently clarified the requirements necessary for an injury or illness to be exempt from recordkeeping requirements.
In the clarification, OSHA presented an example in which an employee brought a plow to work, which he intended to loan to a co-worker. After the employee’s regular shift ended, he attempted to move the plow to the co-worker’s truck. However, in the process, the employee injured his back.
OSHA stated that the injury presented in this example would not be considered work-related, and would therefore be exempt from recordkeeping regulations. This is because the injury met both of the requirements needed to fall under the personal-task exemption:
* The injury or illness must solely be the result of an employee performing a personal task at the workplace
* The injury or illness must occur outside of an employee’s assigned work hours, including during formal and informal break times.
The Federal Motor Carrier Safety Administration (FMCSA) recently released a final rule that will create a national drug and alcohol testing clearinghouse for commercial driver license (CDL) holders who operate commercial motor vehicles (CMVs). Under the rule, drivers will be added to the clearinghouse if they test positive for drugs or refuse to perform a test required by the Department of Transportation (DOT). Then, employers will be able to review the testing history of applicants, drivers who work for more than one motor carrier and long-term employees.
Once the clearinghouse has been created, employers will be required to do the following:
* Search the clearinghouse at least once every year for current drivers.
* Review the system for any information on driver applicants.
The agency has stated that the rule will assist employers in determining whether a driver needs to begin or continue a return-to-service process before driving a CMV. And, although the final rule became effective on Jan. 4, 2017, compliance will not be required until Jan. 6, 2020.