Your company's old papers could be treasure to a thief

A company's old box of papers may seem insignificant. But if the data is right, thieves could see that old box of papers as a gold mine.

Travelers Casualty and Surety Company of America lays out a similar scenario for you to consider.

You built your company with singular vision, always investing in the latest equipment and technology to keep you out front. Years of work and now you have 400 employees and robust systems throughout the manufacturing business.

RELATED: Developing a Cyber Breach Strategy

Then the FBI called. Hundreds of fraudulent tax returns had been filed to the IRS by “employees” claiming to work for you. You can’t believe it — your systems are secure and well-protected. But now it’s your name, your company and your people at risk.

You hired an investigator to determine how this information got out. Turns out a criminal stole a box of paper W-2 forms as they were being moved to storage. One box with 298 pieces of paper contained everything the thieves needed. You paid for credit monitoring for your employees but someone tipped off the local media and the story was out. Now you had to protect your business and reputation so you hired a public relations firm to help contain the crisis.

Investigators, credit protection, lawyers, crisis consultants - all because of an old box of papers.

According to the NetDiligence® Data Breach Cost Calculator* the estimated costs of the 298 lost records for the manufacturer could be:

Lost Records Cyber Awareness
An average event of this type impacts 28,000 records driving the average cost to a business to $1,700,000.**

Risk Management Tips:

  • An information retention policy should be established and include guidance on what types of information should be retained, how long it should be retained and procedures for destruction of unneeded data.
  • New hire training and regularly scheduled refresher training courses should be established in order to instill the data security culture of your organization.
  • Create, implement and test an incident response plan.

*The NetDiligence® Data Breach Cost Calculator and other tools are available to insureds on the Travelers’ eRisk Hub®.
**Ponemon 2015 Cost of Data Breach Study, NetDiligence Cyber Claims Study 2014

Proprietary and Confidential

Originally posted on

You know what they say about people who assume. When it comes to a company’s intellectual property, never assume anything. Just because you think something is proprietary and confidential doesn’t mean that it is, or that someone else will feel the same way you do. That’s why it’s a good idea to always err on the side of caution and make sure any documents that are part of a company’s intellectual property are labeled as such, password protected if necessary, and mentioned in the employee handbook as such. This may not keep them from getting stolen, but it will help a company should it need to file suit.

On Society for Human Resource Management, an article titled, Identify Your Trade Secrets to Prevail in IP Theft Litigation, lists a case where information was taken and used by a former employee because it wasn’t properly labeled as proprietary and confidential. Furthermore, it wasn’t identified in the employee handbook as a trade secret, nor was the employee required to sign a noncompete agreement. The issue at hand was a list of people, including their names, addresses, phone numbers, etc., held by the company. An employee took that list and used it for a competing business. The argument was that everyone within the company understood that the list was only for business purposes and was not publicly known, nor available to the public. The court, however, disagreed and ruled that the list was not a trade secret or confidential and proprietary information. The list was available to all staff and to the people on the list, so the company wasn’t trying to guard the secrecy of the information. Furthermore, most of the information was available in the public domain.

So, what is the lesson here for employers? Regardless of what the information may be, what technologies it may contain, or who has access to it, make sure everyone knows that it’s part of the company’s intellectual property and put in place safeguards that ensure this.

What kinds of safeguards are necessary? According to the article, as long as a company takes reasonable precautions by taking time to set up a system to protect information believed to be important, confidential, or proprietary, the system doesn’t have to be perfect.

So by limiting access to the information, keeping it secure, informing everyone who has access that the information is confidential, and designating the information as such in the employee handbook. It’s also a good idea, according to the article, to remind departing employees during their exit interview about any confidentiality obligations.

If something is worth protecting, then it’s worth the extra time and effort needed to ensure its security. Proprietary and confidential mean just that, and these terms should be taken seriously and not applied haphazardly.

Can your smartphone tell you if you have depression?

Originally posted by Carina Storrs on on July 15, 2015.

Getting a diagnosis of depression usually involves filling out questionnaires about your mood and undergoing lengthy interviews with a psychiatrist. But smartphone apps might be able to handle some of that work, and at least tell you if you are at risk of depression, simply by collecting GPS and other data, according to a new study.

Researchers at Northwestern University in Illinois tested an app they developed called Purple Robot. It uses data from a number of sensors in the smartphone that detect location, movement, phone usage and other activities to assess if a user is likely to have depression.

"The main reason for the development of the app is to see if we can objectively and passively identify if people are depressed," said Sohrob Saeb, a postdoctoral research fellow at the Feinberg School of Medicine at Northwestern University who is one of the developers of Purple Robot.

In the study of Purple Robot, Saeb and his colleagues at Northwestern and Michigan State University looked at GPS or phone usage data among 28 participants for two weeks.

They found that Purple Robot could identify 87% of the participants in the group who were determined to be at risk of depression according to PHQ-9, a nine-question test for depression, based only on GPS data on how much users moved between their regular locations. The more users moved around, the less likely they were to fall into the at-risk category.

In addition, by identifying the participants who used their phone the most, including everything from texting and playing games but not talking on the phone, Purple Robot could detect 74% of those in the at-risk group. Data on both GPS and phone usage were not available for enough participants to let the researchers see how well Purple Robot performed when both data sets were available, Saeb said.

However, PHQ-9 is only a screening tool that tells you if you have an above-average chance of having depression and is not enough to diagnose depression, said Dr. Scott Monteith, clinical assistant professor of psychiatry at Michigan State University, who has not been involved in developing or researching Purple Robot or other smartphone apps.

The way the test was used in the study, with a low cutoff score, it probably incorrectly identified many of the participants as being at risk of depression who were not, he added.

To get a better idea of the effectiveness of Purple Robot, the researchers are going to do a study involving more participants over a longer period to see if the app can detect changes in behavior over time, Saeb said. In addition, the group will see if they can improve Purple Robot's ability to spot depression by including additional data, such as how long people talk on the phone and who they talk to.

Depression is a debilitating illness that affects about 17% of people at some point in their lives. Meanwhile, it is estimated that by 2025 more than 5 billion people in the world will have a smartphone, and their sensing capability will be above and beyond that of today's iPhones, Androids and Blackberries.

There are probably hundreds of apps that promise to improve your mental health, from offering tests to gauge your depression risk to providing information about depression treatments. Others, like Purple Robot, are in the development stage.

Optimism and DBSA Wellness Tracker are two of the apps on the market that track your mood. goes further and analyzes data such as how much users move around on the weekends and how long they talk on the phone, as well as users' reports of their health, to alert them and their health care providers about concerns with their behavior and mental health., which is in use at about 30 medical centers, is available through health care providers and as part of research studies.

However the problem with all the apps that are designed to warn about depression risk is that their effectiveness has not been demonstrated, Monteith said.

It is not clear how good these apps are at picking out people who have depression, Monteith said. What's more, it is not clear how these apps would be "embedded into a broader continuum of care" to ensure that a person or their doctor went from getting an alert from the app, for example, to that person getting a diagnosis of depression and getting proper care, he added.

Even if researchers can get a better handle on the effectiveness of these apps, there are still numerous questions regarding risks, especially about the data they collect not being secure and private, Monteith said.

"The data from these types of apps could potentially end up in anyone's hands, if the data are moved offshore, which a lot are," said Monteith, who co-wrote a recent article on health care data privacy. Another way data security could be compromised is that when a company is bought, the buyer may not have to adhere to the original terms and conditions about how the data are used, he added.

Experts including Monteith worry that once data get into the wrong hands, that could potentially jeopardize a person's ability to get a job, get life insurance or get a loan.

The best way to keep data secure, at least from hackers and thieves, would be to make sure the users control their data, such as by keeping it stored encrypted on their phone, and have apps analyze the data on phones, and never have it sent back to the app developers or other companies, according to Dr. Deborah C. Peel, leader of Patient Privacy Rights, a nonprofit advocacy organization. Monteith is on the advisory board of Patient Privacy Rights.

As for Purple Robot, some of these concerns may not apply for now. Saeb and his colleagues work with encrypted data. However if they eventually make the app public, if they can demonstrate its effectiveness, they would have all the data on secure servers at Northwestern. This type of data centralization, even on secure servers, is a "honeypot" for hackers, Peel said.

So far, the analyses that Purple Robot is doing are really only for research purposes, Saeb stressed. In addition to the work he is involved in, there is also research on whether the app can pick up signs of bipolar disorder among users.

The app gets its name because the color of Northwestern University is purple, and because the developers hope the app can act like a robot and automatically alert a user of his or her mental health risk and also make recommendations to possibly mitigate the risk, such as using the phone less or getting out of the house, Saeb said.

Despite concerns surrounding these apps, Monteith said he is "totally in favor of research [on them], that's what we need to do." However, he urged that researchers consider both effectiveness and risks in their studies. "We need to look at what the FDA looks at" when deciding whether to approve medical treatments and devices, Monteith said.

“Friending” Your Doctor

Originally posted by

The term “friending” refers to adding someone to a list of friends on a social media website. This list is more of a contact database rather than meaning someone on it is actually your friend. And yet, the popularity of social media can’t be ignored.  It’s everywhere and we use it to connect with our family, friends, and coworkers. Now, think about what we could do if we used this to communicate with our doctor.

The first thing you're probably thinking is that it will violate the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA), but you wouldn’t use it to share sensitive, confidential information that crosses professional and ethical boundaries. You would use it to manage your health care and access health information.

If health care organizations can figure out how to use Facebook, or other social media websites, to their benefit, then they will have a real advantage with their patients. In an article on The Huffington Post titled,Communicating With Your Doctor On Facebook May Be The Future Of Healthcare, it said that many organizations (also known as telemedicine and is the use of electronic and telecommunications technologies to provide health care from a distance) are well on their way to utilizing email and social media. For example, telehealth organizations have electronic ways for patients to use messaging, access test results, track their health, etc.

A study published in the Journal of General Internal Medicine, showed that many patients are interested in this type of communication, but they may be unaware that it’s available. If you’re still not sold on the concept of communicating with your doctor via email or social media, consider the benefits. You could have faster and ‘round-the-clock access to health care professionals. In addition, you would be able to better manage and monitor your health care and do it from the comfort and privacy of your own home. Doctors and health care organizations would benefit from the “social” aspect by extending their clinical reach to people in rural areas or outside the typical radius of a health care facility. Furthermore, they could provide real-time information so that the community at large can benefit from their expertise.

As with all technology, there are pros and cons as well as a definite learning curve associated with it. While this can initially limit both the patients’ and doctors’ ability to effectively use the new technology, once they become more familiar with the ins and outs, they should feel confident enough to rely on its benefits.

Better Learning through Social Media

Originally posted by

Social media is not often associated with learning -- unless you want to learn about the latest gossip concerning your friend or a celebrity -- yet it is emerging as the next tool for employers to improve upon the learning environment for their workforce.

This is not to say that employers should jump on the bandwagon. Just because the cool kids are doing it doesn’t mean that it’s the right tool for every learning situation. An employer should focus on the goal of what needs to be accomplished and then determine whether social media can help take employees there faster, better, or more easily.
If it’s determined that social media is the way to go, then an article on Society for Human Resource Management’s website titled, Social Media Can Enhance Employees' Learning, has a few recommendations on how trainers can use it to its full advantage. Primarily, if social media is to be incorporated into a training program, then it needs to be utilized before, during, and after each session.

Trainers need to embrace social media as a collaborative gathering place for employees. People are able to share notes, ideas, materials, concerns, and expectations in order to maximize the value they receive during the training sessions. In fact, trainers and organizers, not just participants, must participate in order for the sessions to be successful. You can expect others to offer input if the leaders are not willing to jump in first. The author of the article says that the “holy triangle” of social media is to give/ask/thank while creating enthusiasm for the program.

Equally important to social media training is the follow-up once the sessions are complete. Just because it’s over, doesn’t mean that it has to be over. The trainer, organizer, or both should collect feedback on the program while also sharing references, resources and providing connections that will help participants continue to learn and grow.

From the comfort of one’s own home or office, employees have access to other people who have the same passion as they do about a particular topic and are willing to share their knowledge. HR leaders need to think of social media as the ultimate study group that never stops and then evaluate whether social media fits into their corporate culture.

Anatomy of a Hack

Originally posted by Zurich American Insurance Company.

Once hackers set their sights on a target with access to sensitive company information, attacks may ensue from multiple directions – in the office, at home or on the move. Anatomy of a Hack describes what you and your company can do to help limit exposures.

The risk of having sensitive company data lost and stolen has grown exponentially over the last few years, largely due to the increased use of the Internet and the interconnectedness of everything we do. As the likelihood of a data breach continually escalates, so does the cost.

Read more here.

Check out the “Anatomy of a Hack” infographic here.

 Copyright © 2015 Zurich American Insurance Company

Technology plays growing role in benefits

Originally posted January 27, 2015 by Mike Nesper on

Employers of all sizes are increasingly shifting toward using technology for enrolling in and managing their employee benefits. The market for technology-based platforms has been “growing leaps and bounds over past the five-plus years,” says Mark Rieder, an Austin-based senior vice president at NFP.

Ten to 15 years ago, he says, only large groups were focused on technology. Today, “they’re all very much interested in becoming more efficient,” Rieder says. “Technology has become affordable enough to [deploy] regardless of size.”

Offering a variety of support tools is important to help employees make the best selections, Rieder says. Employees want to be able to compare the cost of a procedure at various providers, he says. “Transparency tools are becoming more and more of a hot topic,” Rieder says. “Folks want to know what they’re buying.”

Employees also want to manage all of their needs — payroll, HR, benefits — in one location, Rieder says. The goal is to have a useful platform when it’s needed but not be in the employee’s face when they don’t, says Michael Askin, senior consultant with Mind Over Machines, a Maryland-based software development technology company.

The fact that many employers are still using paper isn’t necessarily a bad thing, Askin says. “There are lessons to be learned from other industries,” he says. Perhaps more importantly, paper protects employee information from hackers, Askin says. Ultimately, the goal of a technology-based platform is to increase employee engagement without increasing security exposure, he says.

A common misconception about security breaches is where the vulnerability lies, Askin says. “Most security issues are actually internal,” he says. For consumers, Askin recommends having a credit card for Internet-only purchases.

The "No Phones" No-No

Source: United Benefit Advisors, LLC

Saying that most people are addicted to their smartphones is nothing new, and most of us would deny that we have that addiction. Yet, according to an article in Workforce titled Keep Your (Mobile) Enemies Close, mobile analytics firm Flurry reported in April that the number of mobile addicts -- people who check their phones more than 60 times a day -- had increased 123% to 179 million.

That's why saying "no phones" during a meeting, presentation, or other group activity is not going to make someone, no matter what their age, turn off their phone. Some people divert their attention in order to play the latest game or check the most recent stock price. Others just have to text their romantic interest at least 10 times an hour lest they think the other person won't love them. And then there are just some people who refuse to let a call go to voice mail, regardless of its importance. We can argue that this is disrespectful, but in reality we've all done it at some point and meant no disrespect even though it caused us to stop paying attention.

The worst part about these distractions is that it also distracts the person next to you. Can anyone honestly say that if they see someone texting or playing a game that they are able to ignore it? In that same article, Ken Graetz, director of teaching, learning, and tech services at Winona State University in Minnesota, said, "Attention is very much like a flashlight -- you focus it on certain things." Very few of us can truly multitask, and when we focus our attention on one thing, we're taking it away from another.

So what's a person to do? If you're hosting a meeting, or are presenting during a conference, how can you get people to give you their full, undivided attention?  Conversely, if you're attending a meeting or presentation, how can the speaker engage you enough so that you ignore your smartphone or tablet? The answer is not to ban these devices, but to incorporate them.

Why do this? In Psychology Today, articles as far back as July 2013 and as recent as September 2014 talk about "nomophobia" -- the fear of being without, or beyond reach of a mobile device. A full 66% of all adults suffer from this and it's worse for high school and college students. That's why incorporating mobile devices in order to increase attendee engagement is so crucial.

One of the easiest ways to do this is to use an app (mobile application) that allows attendees to download and view their own copy of the presenter's slides or meeting organizer's agenda. You can also send out polling questions if you really want to up your game. You can set up an online forum and tell people to add their thoughts or comments during the presentation so that the entire group can benefit. A great example of this is what the AMC network has done with its hit TV show, The Walking Dead. Their "Story Sync" online feature (also an app) provides viewers with trivia, polls, exclusive pictures and video.

While you may think this would keep people from paying attention to what's going on, it actually increases their attention as well as retention of what was being presented.  Furthermore, it still allows people to get their mobile "fix" without any feelings of guilt.


Holiday Sales Go Up: So Does the Risk of a Cyber Attack

Originally posted by Susan Solovic.
As if small business owners needed anything else to worry about this holiday season, Experian ® Data Breach Resolution (a partner company of Experian® and a leader in the data breach resolution industry) has a warning: As holiday shopping creates a surge in transactions, small businesses need to be diligent about preparing for a cyber-attack. With more and more large corporations putting a bigger chunk of their resources into cyber-security, those nasty folks looking to skim accounts will need a new victim. And it could very possibly be your small business.
The holiday shopping season not only brings a boost in sales but also an increase in cyber theft. Thieves prefer to target small- to medium-sized businesses because so many lack the resources or expertise to manage cyber-security effectively. Retailers are especially vulnerable to cyber-criminals who want to hijack credit card data. Unfortunately, customers aren't the only victims. Among small businesses that suffer a breach, a staggering 60 percent go out of business after six months. For that reason alone, small businesses need to pay extra attention to data security during the holidays.
Even though the business might be small, the amount of data you have stored is not. Everything from customer and employee records to vendor account information could be at risk.
Michael Bruemmer, vice president at Experian Data Breach Resolution, says it's important to not only try to prevent a breach, but also prepare for a breach, just in case. Bruemmer also says small businesses are increasingly targeted, further raising their need to focus on data security. Here are some of his low-cost suggestions for preventing and managing a data breach:
1. Conduct a risk assessment. Identify the most sensitive information that could be at risk. Victims whose payment cards and Social Security numbers were compromised suffered the highest rates of related fraud. Small businesses should understand the data most likely to be targeted and prioritize what is needed to protect that data.
2. Put plans in place. Investing time in developing a security and incident response plan can save on hard costs later. There are many resources available to help small businesses get started, including Experian's free Data Breach Response Guide.
3. Understand the problem (and make sure your employees understand it, too). The National Small Business Association's 2013 Small Business Technology Survey states that nearly a quarter of small businesses acknowledged "little to no understanding of cyber-security." Anyone's actions could create vulnerabilities. Train employees on security precautions, including bring-your-own device (BYOD) policies.
4. Consider cyber insurance. Small businesses generally don't have a risk manager or IT department dedicated to data security. A good cyber insurance policy can help mitigate cyber-security risks.
5. Listen to the experts. Make a list of outside partners that can be contacted when a data breach occurs. Engaging experts in legal counsel and resolution consulting can help businesses prepare to respond quickly and effectively after a breach, which may mitigate regulatory fines, lawsuits and reputational damage. These consequences could result in potentially significant financial losses.

U-M connected and automated vehicle initiative announces founding corporate partners

Source: University of Michigan, September 5, 2014

ANN ARBOR—A diverse group of companies will be the founding partners in the University of Michigan's Mobility Transformation Center, a major public-private initiative that aims to revolutionize the movement of people and goods in society.

Spanning such sectors as auto manufacturing, suppliers, intelligent transport systems, insurance, telecommunications, data management and mobility services, the MTC's Leadership Circle will join with government and academic partners to lay the foundations for a commercially viable system of connected and automated vehicles.

Plans call for implementing a working system in Ann Arbor by 2021.

"We are on the threshold of a transformation in mobility that the world hasn't seen since the introduction of the automobile a century ago," said MTC Director Peter Sweatman. "Only by bringing together partners from these sectors, as well as from government, will we be able to address the full complexity of the challenges ahead as we all work to realize the opportunities presented by this emerging technology.

"I am thrilled with the diversity and global reach of the new ecosystem of companies and agencies we have created. Our Founding Leadership Circle provides a unique nucleus for collaboration, deployment and rapid learning in connected and automated mobility."

Connected vehicles, commonly known as V2V, have been tested extensively by the U-M Transportation Research Institute in the U.S. Department of Transportation's Safety Pilot Model Deployment in Ann Arbor. The results have been used to support the recent Advanced Notice of Proposed Rulemaking announcement by the National Highway Traffic Safety Administration.

Connected vehicle technology, including vehicles that can communicate with one another and with the surrounding infrastructure (V2I), has the potential to avoid the majority of serious crashes when extensively deployed.

With the help of the Michigan Economic Development Corporation, MTC is building on this two-year deployment of approximately 3,000 vehicles to create the world's largest V2V deployment of 9,000 vehicles in Ann Arbor.

The center is also working with the Michigan Department of Transportation and industrial partners to provide sufficient V2I infrastructure in Southeast Michigan to support an unprecedented deployment of 20,000 connected vehicles. The vehicles will be supported by a connected road network and developmental set of highway corridors.

In addition to their definitive role for safety, connected vehicles will accelerate the deployment of one of the most exciting concepts in transportation today: vehicle automation. To make the most of this convergence, MTC is developing an off-roadway facility for testing connected and automated vehicles.

"This is the next big thing for the state that put the world on wheels," said MDOT Director Kirk Steudle. "We are thrilled to join our partners in private industry and the University of Michigan in supporting groundbreaking research to keep our state in the lead in building the safest and most efficient vehicles in the world."

Spanning 32 acres on U-M's North Campus Research Complex, the Mobility Transformation Facility is a unique off-roadway cityscape with the broad range of complexities that vehicles encounter in urban and suburban environments. Scheduled to be completed this fall, it includes four-lane roads with intersections, roadway markings, traffic signs and signals, sidewalks, benches, simulated buildings, streetlights, parked cars, pedestrians and obstacles such as construction barriers.

The facility was designed and constructed in partnership with MDOT and is available to Leadership Circle members to work collectively on big-system issues as well as on specific technological developments.

With the goal of accelerating progress in the development and implementation of connected and automated technology, Leadership Circle members will work together to identify emerging opportunities as well as the barriers to realizing them, anticipate and help shape key standards and regulations, and help guide the direction of the research.

"The collective potential of our founding Leadership Circle for innovation and constructive public-private engagement is immense," Sweatman said. "Working together, this new group of partners will provide a voice of reason in this exciting technological landscape, while moving forward with a sense of urgency for accelerated deployment."

MTC's research program will draw on a wide range of expertise from U-M's schools and colleges.

"We have key strengths in engineering and science, but the challenges ahead are not just technical," Sweatman said. "We will engage faculty from across campus to address interrelated legal, political, regulatory, social, economic and urban planning issues."

Founding members of the Leadership Circle are each committing $1 million over three years to create a vibrant R&D ecosystem, and to support the MTC and its programs. A broader range of companies will engage in the work of the Center as Affiliates.

"With more than 375 public and private automotive R&D centers representing organizations from around the world, extensive manufacturing facilities and an exceptional pool of talent, Michigan is uniquely positioned to spark the transformation of mobility worldwide," said Nigel Francis, senior vice president at the MEDC's Automotive Office. "The MTC is playing a critical role in catalyzing the diverse technologies, talent and resources from this region and beyond needed to accelerate progress and usher in a new era of mobility."