“My advice is to do all you can from a risk management standpoint but you also need insurance because you never know what can happen.” – Cathleen Christensen, Vice President of Property and Casualty
In today’s world, a day does not pass without a large company being featured on the news because they are suffering from a data breach or hacking incident that has threatened personal information.
Cyber security is a concept that has become a high priority in the past five years. Since this issue is fairly new, demand for cyber insurance is emerging, since most cyber related claims are currently not covered under a standard insurance program. The questions that arise the most regarding cyber security and liability are about understanding the level of exposure a company’s data faces and knowing what cyber coverage encompasses.
Large companies are not the only ones at risk, it is often small businesses that are most vulnerable simply because they are not prepared. Most small (under 250 employees) businesses do not have the IT staff necessary to help protect a business. Even manufacturing companies are at risk because while credit card information is a large component, it is not the only type of attack. Can you afford the risk of not protecting your employee, client and company data?
With 10+ years of experience addressing cyber risks, Hierl’s process of approaching cyber security begins with an assessment of a client’s risk and exposure. This involves knowing what data a client has, who has access to it, how it’s stored and how they are backing it up. Hierl can expertly evaluate the coverage that is necessary to keep an organization secure.
Because it is an emerging coverage, cyber insurance plans are not standard. Hierl advises a three-fold type of coverage including:
The best policies offer assistance to help you to work through things if something was to ever happen, as well as forensic and technical assistance to determine how the breach occurred.
“Many organizations that have suffered cyber-crime are sophisticated, big businesses. If they can’t stop these attacks from happening, most other businesses can’t either.”
If it is determined quickly that a breach has happened and a good backup exists a company can recover quickly and the attack is much less damaging. However, when a company’s data gets out in the wild is when attacks become most expensive.
The 2016 Ponemon Institute Cost of Data Breach study reported that the average cost of a lost record rose from $154 in 2015 to $158 in 2016. Even if, you only have 20 employees now and that doesn’t seem all that bad…you need to think about how many employee records do you have from the past 10 years? Cyber-attacks don’t just affect current records nor do they only target employee data but client and company data too. This type of insurance is becoming a must have coverage for businesses because of how sophisticated these attacks have become
Three reasons to explore cyber coverage for your business:
To download the full article click Here.
Great article from our partner, United Benefit Advisors (UBA) by Tara Marshall
I’ve looked at clouds from both sides now
From up and down and still somehow
It’s cloud illusions I recall
I really don’t know clouds at all
— Joni Mitchell, “Both Sides, Now”
And like that song from 1969, it appears that most employees really don’t know cloud computing at all. In an article on the Society for Human Resource Management’s website titled, “Public Enemy No. 1 for Employers? Careless Cloud Users, Study Says,” a North American IT solutions and managed services provider called Softchoice found that 1 in 3 users of cloud-based apps (e.g., Google Docs and Dropbox) download the app without letting their IT department know. Cloud computing became popular a few years ago because people could store all their documents, photos, and other information and then access that data from anywhere at any time and on any device.
What makes this such a bad situation is not the cloud computing itself, but that the vast majority of employees lack any sense of cybersecurity. That same study found that 1 in 5 employees:
Complicating this further is that the employees who actually do use passwords usually have weak passwords. That is, they are easy to guess (e.g., “1234,” “password,” or their username). Rather than leave a company and its network vulnerable to attack, some IT people suggest a ban on cloud accounts for work.
Security breaches involving a company’s intellectual property can be very costly. Sometimes referred to as “ransomware,” the important data of an organization will either be stolen or encrypted and will not be released until a fee is paid.
A better solution to a ban on cloud accounts would be to educate employees on the necessity for cyber security, train them to improve their online security habits, and remind them that IT rules are in place to make a company more secure, not make it more difficult for employees to be productive. Cyber thieves are clever and when they can’t break into a system using technology, they often rely on the flaws of human nature.
As we become more and more connected to the Internet, we leave ourselves and the companies where we work more accessible to cyber threats. It’s imperative that employees keep everything locked down.
See the original article Here.
Marshall T. (2017 March 14). Workplace cybersecurity begins with employees [Web blog post]. Retrieved from address http://blog.ubabenefits.com/workplace-cybersecurity-begins-with-employees
Check out this free upcoming webinar from Society Insurance about ” Reducing Outdoor Slip, Trip and Falls”
Reducing Outdoor Slip, Trip and Falls
Friday, April 28, 1 p.m. – 2 p.m. CDT
Click here to register.
Doing everything possible to prevent slip, trip and falls is not just a priority – it’s a necessity!
This live webinar focuses on identifying hazards that could cause outdoor slip, trip and falls. Society’s risk management experts will also discuss corrective actions that can help to reduce the occurrence of these incidents and injury losses.
Register now and pass it on! All are welcome and every business can benefit from the information in this webinar.
Have you noticed more auto accidents lately? Then check out this interesting article from Property Casualty 360 about the reasons why auto accidents are on the rise by Denny Jacob
According to the National Safety Council, traffic deaths increased 6 percent to 40,200 — the first time since 2007 that more than 40,000 have died in motor vehicle crashes in a single year.
The 2016 total follows a 7 percent rise in 2015. Much of this is attributed to continued lower gasoline prices and an improving economy which has increased motor-vehicle mileage.
In addition, the U.S. Department of Transportation’s early estimates show the motor vehicle traffic fatalities for the first nine months of 2016 increased about 8 percent as compared to the motor vehicle traffic fatalities for the first nine months of 2015. Preliminary data reported by the Federal Highway Administration (FHWA) shows that vehicle miles traveled (VMT) in the first nine months of 2016 increased about 3 percent.
All 10 National Highway Traffic Safety Administration (NHTSA) regions experienced increases during the first nine months of 2016. In particular, the South, Southeast and Northeast saw motor vehicle traffic fatalities spike between 11 and 20 percent alone.
Here are 5 factors contributing to the increase in auto accident rates:
Cheap gas and diesel, plus a stronger economy, has caused high road density with more cars on the road. The Department of Transportation’s Federal Highway Administration shows that driving jumped 3.5 percent over 2015, the largest uptick in more than a decade. Americans drove more than 3.15 trillion miles, equivalent to around 337 round trips from Earth to Pluto. The previous record, around 3 trillion miles, was set in 2007.
Beyond texting and driving, from Bluetooth to Snapchat, approximately 660,000 drivers are attempting to use their phones while behind the wheel of an automobile. On top of that, we now have sensors and technologies that respond to our every move in vehicles. We have apps that connect to center consoles and more touch-screen technology in vehicles than ever before
A new study from AAA Foundation for Traffic Safety show that millennial drivers (more 19- to 39-year-old drivers) are texting, speeding and running red lights. They also think it’s OK to speed in school zones. While the statistics improve for older drivers, it’s not by much. From a commercial driver standpoint, the experience (or inexperience) of drivers can lead to more auto accidents overall.
Think about your grandfather’s car. If the engine blew, you went to a mechanic who fixed the problem. Now, everything in a car is connected by a computer. If one fuse blows, it will likely have an impact on other parts of the vehicle. Yes, computers make it easier and quicker to fix, but overall costs tend to be higher, especially because cars on the road are much newer.
Ultimately, we pay for the technology (computers, advancements in bodywork, HVAC, etc.). To diagnose many computer issues and the dozens of sensors requires a scan tool that is capable of accessing the thousands of manufacturer-specific trouble codes and data streams. A good one can cost $7,000 alone.
No surprise, the cost of medical care has increased, most of which are spinal and soft tissue injuries. According to the Mayo Clinic, more than 35 percent of spinal cord injuries are caused by vehicle accidents (truck, automobile, or motorcycle). Think about this — medical spending for spinal care per patient increased by 95 percent from $487 to $950 between 1999 to 2008, accounting for inflation.
But think about the full picture, which compounds the issue. You get whiplash (direct medical cost), have to stay home for a few weeks (loss of income) and get physical therapy (cost of post-injury medical care — according to one estimate, about 25 percent of whiplash injury patients end up suffering chronic pain). The costs can triple from an economic and quality-of-life perspective, costing the U.S. $2.7 billion per year.
Jacob Denny (2017 March 02). 5 reason why auto accidents are on the rise [Web blog post]. Retrieved from address http://www.propertycasualty360.com/2017/03/02/5-reasons-why-auto-accidents-are-on-the-rise?page_all=1
Great article from Property Casualty 360 about 5 trends that will impact cybersecurity in 2017 by Gary S. Miliefsky
It’s not unexpected any more: We awaken to learn that yet another national retailer has been hacked, and once again credit-card information for millions of customers is at risk.
Yet, despite all the publicity these security breaches receive and all the warnings consumers hear, cyber criminals still achieve success — and they’re becoming more brazen than ever.
Sometimes it can feel like the cyber criminals are working harder than the people who are supposed to be protecting our information, but when consumers and businesses are vigilant, they can foil those cyber criminals despite all their scheming.
We should be asking ourselves: Why not prevent breaches instead of reacting to them? Corporate America and consumers don’t need to sit around waiting to become cybercrime victims.
To that end, here are some cyber security trends and factors worth knowing about for the rest of 2017 and beyond:
As unsettling as it is to think about, the truth is there’s generally a long lag time between when a breach happens and when it’s discovered. The average is 280 days, which means if cyber criminals hack your system today, it could be about nine months before anyone realizes there’s a problem.
For just about any organization, employees are the first line of defense — and the weakest link. Typically, when a breach happens behind a firewall it’s because someone was tricked into clicking on a link they shouldn’t have. Employees need to be educated to prevent these kinds of attacks.
A breach can prove costly to companies, which is why cyber insurance is a growing field. Just as homeowner’s insurance doesn’t keep your house from catching fire, though, cyber insurance doesn’t guard against a breach. However, it is important for businesses to adopt a policy that can help the company that’s hit by a breach regain its financial footing.
Most breaches happen behind firewalls. You’ll need more than antivirus to stop the bad guys. This includes anti-phishing tools, network access control (NAC), zero-day malware quarantining and other next-generation approaches focusing on the root cause of how you get breached.
Without a NAC solution, you won’t be able to tell who is on your network, including if the cleaners are plugging in a laptop at midnight or if a consultant is on the wrong VLAN, like human resources or payroll where you don’t want them to have access.
In addition, you should find and fix all your common vulnerabilities and exposures. You can learn more about them at the National Vulnerability Database at nvd.nist.gov or cve.mitre.org. By finding and fixing your holes, you’ll have a stronger, less exploitable infrastructure.
Consumers can’t always count on how well their bank or their favorite retailer handles cyber security. Anyone can take steps to be safer. Change passwords frequently. Put a sticker over your laptop’s webcam when you’re not using it. Protect your smartphone by turning off WiFi, Bluetooth, NFC and GPS except when you need them. Delete cookies and your browsing history regularly. When consumers learn the importance of mobile-device “hygiene,” both they and the places they work are at less risk of suffering a data breach or los
Miliefsky (2017 March 03). 5 trends and factors that continue to impact cybersecurity in 2017 [Web blog post]. Retrieved from address http://www.propertycasualty360.com/2017/03/03/5-trends-and-factors-that-continue-to-impact-cyber?slreturn=1488916705&page_all=1
With flu season in full swing here are some great tips from Travelers on how to protect the workplace from getting sick.
Every year, without fail, flu season hits. While the influenza virus poses high health risks for individuals, an outbreak at the office can also affect business operations. All it takes is one employee and one sneeze to put others at risk and spread the virus.
According to the Centers for Disease Control and Prevention, flu viruses can spread to people from up to 6 feet away through droplets made by sneezing, coughing or talking.* Even before showing symptoms, an infected employee who sneezes during a meeting or coughs at someone’s desk without covering his or her mouth can expose others to the flu.
Small businesses can be even more vulnerable if multiple employees call in sick due to flu-related illnesses. Fewer hands on deck could potentially impact productivity and operations.
Author (Date). Cold & flu prevention in the workplace [Web blog post]. Retrieved from address https://www.travelers.com/resources/workplace-safety/cold-and-flu-prevention-in-the-workplace.aspx
Great article from our partner, United Benefit Advisors (UBA) by Nancy Bourque
The Occupational Safety and Health Administration (OSHA) recently released a final rule on the procedures for the handling of whistleblower complaints under Section 1558 of the Patient Protection and Affordable Care Act (ACA). The regulations protect employees (which includes former employees and applicants for employment) who may have been subject to retaliation for seeking assistance under certain affordability assistance provisions, or for reporting potential violations of the ACA’s consumer protections.
Employers are prohibited from discharging or retaliating against an employee who:
A covered employee, or a person acting on their behalf, may file a complaint within 180 days of an alleged violation. Section 18C’s whistleblower protections do not replace any protections that a whistleblower may have under the Employee Retirement Income Security Act (ERISA) Section 510. Whistleblowers may bring claims under either, or both statutes if their whistleblowing is protected under both.
The complaining employee must demonstrate:
If OSHA finds there is reasonable cause to believe a violation has occurred, the employer’s obligations include reinstatement of the complaining employee to his or her original position, back pay with interest, compensatory damages and legal expenses.
Practically speaking, this means that both large and small employers should ensure that employees who apply for, or receive, an APTC or tax credit are not singled out, retaliated against, or treated differently from employees who do not receive a tax credit. Employers should consider ensuring that individuals, who have access to that information, properly protect and firewall information relating to Marketplace coverage, enrollment, subsidies, or tax credits.
Bourque N. (2017 January 10). Handling of retaliation complaints under section 1558 of the affordable care act[Web blog post]. Retrieved from address http://blog.ubabenefits.com/handling-of-retaliation-complaints-under-section-1558-of-the-affordable-care-act
For the unprepared, workers’ compensation (WC) issues can be both confusing and costly. Fortunately for employers, there are ways to actively engage WC issues to influence their outcomes.
Through management controls and active involvement in the WC process, your organization can effectively influence related costs. To do so you will have to establish a number of your own processes that guide decision making throughout your organization.
Areas requiring WC management can be divided into three main categories. These categories include facets that may range from the simple to the complex, but as a whole, address vital issues that can negatively influence WC costs in your company.
Workplace Safety Means Fewer Claims
Simply put, reducing claims reduces costs. Establishing a safety-minded culture throughout every level of your company is essential to keeping workers injury free. However, establishing such a culture isn’t an overnight solution. To be successful, an ongoing commitment to safety must be made. Such a commitment must be supported by management and given the necessary resources to succeed.
Developing comprehensive safety policies for employees builds a firm foundation for your safety culture to grow. Such policies also encourage OSHA compliance, further improving your safety efforts while helping you avoid costly fines.
Mitigate Loss After an Injury
Unfortunately, even with all the right programs in place, it is still possible for accidents to happen. When a workplace incident occurs how you respond can greatly influence the outcome of the claim. Prompt claim reporting is essential to keeping costs down. It is also important to have a designated injury management coordinator, someone who can supervise open claims and work with both employees and medical personnel to facilitate the timely recovery.
The longer an employee is out of work the more expensive their claim will be. Return-to-work programs that allow injured employees to come back to work at a limited capacity during the recovery process, are one of the most effective tools business owners have to reduce the severity of a claim.
Managing Your Mod
Insurers use what is known as an experience modification factor, or mod, to calculate the premiums you pay for workers’ compensation coverage. By managing your exposures and promoting safety it is possible to manage your mod and decrease your premium rates.
Like a good safety program, controlling your mod is an ongoing process. To reap the benefits of lower premiums you will have to keep in regular contact with your insurance provider to ensure they have the most accurate data to use in their calculations.
On Dec. 19, 2016, the Occupational Safety and Health Administration (OSHA) issued a final rule amending its recordkeeping regulations. The amendments were adopted to clarify that an employer’s duty to create and maintain work-related injury or illness records is an ongoing obligation. The final rule becomes effective on Jan. 18, 2017.
The clarification explains that an employer remains under an obligation to record a qualifying injury or illness throughout the fiveyear record storage period, even if the incident was not originally recorded during the first six months after its occurrence. The final rule does not create any additional or new recordkeeping obligations for employers.
OSHA requires employers to create and maintain records about workplace injuries and illnesses that meet one or more recording criteria. Specifically, employers must:
Create and update a log of work-related injuries and illnesses (OSHA 300 Form);
Create and maintain injury and illness incident reports (OSHA 301 Form); and
Create and display an annual summary of workplace incidents (OSHA 300A Form) between Feb. 1 and April 30 of each year.
Employers must keep these records for at least five years. The five-year retention period begins on Jan. 1 of the year following the year covered by the records. For example, the five-year retention period for incident reports created on Jan. 23, 2015, June 15, 2015, and Nov. 4, 2015, begins on Jan. 1, 2016.
Penalties for Noncompliance
OSHA has the authority to issue citations and assess fines against employers that violate recordkeeping laws. However, in general, the OSH Act does not allow for a citation to be issued more than six months after the occurrence of a violation.
OSHA is of the opinion that a violation exists until it is corrected. Therefore, the six-month period to issue citations and assess penalties begins on the date of the last instance of the violation. For example, if a violation that started on Feb. 1 was corrected on May 15, the six-month period would begin on May 15, and OSHA would have until Nov. 15 to issue a citation.
OSHA also asserts that uncorrected violations are considered ongoing violations, and that each day of noncompliance is subject to a separate penalty.
The Final Rule
According to OSHA, adopting the final rule and amending its recordkeeping regulations was necessary because the previous regulations did not allow OSHA to enforce an employer’s incident recording obligation as an ongoing requirement. In fact, a federal circuit court has held that the former regulations did not authorize OSHA to “cite the employer for a record-making violation more than six months after the recording failure.” The court also noted that there is a discrepancy between the OSH Act and the regulations, and that while the OSH Act allows for continuing violations of recordkeeping requirements, the specific language in the regulations does not implement this statutory authority and does not create continuing recordkeeping obligations.
The federal court interpretation of previous regulations meant that employers were no longer responsible for recording or storing workplace incidents if OSHA failed to detect and penalize employers for omitted recordable incidents within the six-month period. For this reason, OSHA issued its proposed amendments on July 29, 2015.
Impact on Employers The final rule and amended regulations do not create additional or new recordkeeping regulations, and employers will not be required to record incidents that they were not previously required to record.
This clarification simply makes it possible for OSHA to penalize employers for a recordkeeping violation within six months of the last date of noncompliance, not the first date when a violation occurs. OSHA believes that the clarification will encourage employers to comply with record-making and recordkeeping obligations even when these records are not produced within the first six months of when a recordable incident takes place. In other words, the clarification discourages employers from ignoring record-making and recordkeeping obligations solely because six months have transpired since the occurrence of a recordable incident.
This also means that OSHA now has a window of up to 66 months (five years and six months) after the occurrence of a recordable incident to enforce record-making and recordkeeping requirements.
Finally, the amended regulations emphasize an employer’s ongoing duty to create and maintain records and increasingly justify OSHA’s ability to assess penalties against a violating employer for each day of noncompliance, until the maximum penalty amount is reached or the employer corrects the violation
The Bureau of Labor Statistics (BLS) recently released statistics on work-related injuries and illnesses in 2014. According to the BLS, two key factors are used to measure the severity of these injuries and illnesses:
* Incidence rate: The number of cases, per 10,000 full-time employees, of injuries and illnesses that require time away from work.
* Average days away from work: The average number of days an employee spends away from work to recover from an injury or illness. The BLS found that the overall incidence rate of nonfatal occupational injury and illness cases in 2014 was 107.1, down from a rate of 109.4 in 2013. The number of days away from work was approximately the same in both years. Additionally, the BLS detailed the most common workplace injuries and illnesses, as well as the most commonly affected parts of the body.
Common Injuries and Illnesses
Sprains, strains and tears were the most common workplace injury in 2014. The incidence rate for these injuries was approximately 38.9 cases per 10,000 full-time employees, which represents a decrease from 2013’s rate of 40.2 cases. However, these are still significant injuries; on average, workers with sprains, strains or tears needed 10 days away from work to recover.
The statistics also show that soreness and pain were common injuries, but generally required fewer days away from work.
Commonly Affected Parts of the Body
The upper extremities (e.g., hands, shoulders) were most affected by injuries and illnesses in 2014, with an incidence rate of 32. Hands accounted for 40 percent of those cases, the most among upper extremities. However, shoulder injuries and illnesses required an average of 26 days away from work to recover, more than any other part of the body.
The BLS specifically noted that musculoskeletal disorders (MSDs) accounted for 32 percent of all workplace-related injuries and illnesses in 2014. Although the incident rate of MSDs was lower than it had been in 2013, these injuries can affect employees in any industry.
For more information on preventing workplace injuries and illnesses, contact Hierl Insurance Inc. today.