Cyber Attacks: A Growing Business Interruption Threat

When you think about what usually causes a business interruption, natural disasters such as fires, earthquakes and floods probably come to mind first. These events can physically damage your property and equipment, making your workspace unusable for a time. The damages from Hurricane Katrina and Superstorm Sandy are great examples of how a natural disaster can put a halt to a business’ day-to-day operations. Many of those affected businesses remain closed to this day.

While natural disasters are still the main reason for an interruption, another cause is quickly moving up the ranks: cyber attacks. As businesses continue to rely on computers and digital storage of essential data, cyber attacks will continue to be a potential exposure. Read on to learn how a cyber attack could lead to a business interruption and what you can do to mitigate the risk.

How can a cyber attack cause a business interruption?
Hackers, thieves and other unauthorized individuals have become adept at exploiting weaknesses in a business’ computer system, whether through traditional hacking methods or social engineering. There are several types of attacks that could completely cripple your ability to perform normal business activities, including:

  • Malicious code that renders your website unusable
  • Distributed denial of service (DDoS) attacks that make your website inaccessible to employees and customers alike
  • Viruses, worms or other code that deletes critical information on a business’ hard drives and other hardware

It is quite easy to see how any of these events might leave your company scrambling to do business. Unfortunately, many smaller businesses don’t have the manpower available to detect the problem and work on fixing it, which only increases the length of an interruption.

Third-party interruptions can have a major effect on your business
You can still be affected even if it isn’t your business that experiences a cyber attack. Imagine what would happen if one of your vendors suffered an attack, resulting in a complete shutdown of its warehouse or website. Unfortunately, attacks on third parties are often out of your control. Such an event could have a profound effect on how much business you are able to do, and that would trickle down to your customers, who may rely on your products or services.

Ways to prevent a cyber attack from causing a business interruption
A common saying in the cyber security world is, “It’s not if you’ll be a victim of a data breach, but when.” While 100 percent protection is impossible, you can help lower your chance of business interruption due to a cyber attack by following these tips:

  • Create a formal, documented risk management plan that addresses the scope, roles, responsibilities, compliance criteria and methodology for performing cyber risk assessments. This plan should include a characterization of all systems used at the organization based on their functions, the data they store and process, and their importance to the organization.
  • Make sure all firewalls and routers are secure and kept up to date.
  • Implement a cyber security policy that educates employees about the dangers of computer intrusions and how to prevent them. Morris & Reynolds Insurance can help you draft a cyber security policy specifically tailored to your company.
  • Download and install software updates for your operating systems and applications as they become available.
  • Implement a strict password policy and have employees change system passwords every 90 days.
  • Limit employee access to company data and information, and limit authority to install software.
  • Make sure you are covered by a cyber liability insurance policy.

How can cyber liability coverage help?
Most traditional commercial general liability (CGL) policies will not cover business interruption losses due to a cyber event. Luckily, cyber liability coverage can fill that void.

Should your business be unable to perform normal business operations, a cyber liability policy can help pay for expenses related to an interruption. The coverage pays for:

  • Lost income due to the event
  • Profits that would have been earned had the event not occurred
  • Operating expenses, such as utilities, that must be paid even though business temporarily ceased
  • Rented or leased equipment

Cyber liability coverage also helps protect your business from the following events:

  • Data breaches, including costs for customer notification, some legal costs and credit monitoring for those affected
  • Damages to third-party systems, if, for example, an infected email from your servers crashes the system of a customer or vendor
  • Data or code loss due to a natural disaster or malicious activity. Physical destruction of equipment is covered under a different policy.
  • Cyber extortion, including ransomware, which is malicious code installed into a computer on your network that prevents you from accessing it until a ransom is paid

Even though business interruptions due to cyber attacks are relatively uncommon, being unprepared for one could prohibit you from doing business as usual. Contact Morris & Reynolds Insurance today to find out how we can help you avoid a business interruption.

The Benefits of OSHA Compliance

OSHA

With all the possible OSHA violations and potential fines, ensuring OSHA compliance within your company can seem like a daunting task—but it doesn’t have to feel that way.

OSHA compliance can help you reduce your workers’ compensation costs, avoid inspections and eliminate costly fines. It also makes your workplace safer for your employees.

Start with Recordkeeping
Do you have an employee who is responsible for recording all cases of injury or illness? If you don’t, this is a good place to start on your road to OSHA compliance.

Generally, human resources departments are responsible for OSHA compliance, but sometimes this is the safety manager’s responsibility—every company is different. Either way, someone should be responsible for OSHA compliance, as keeping up with new and changing safety regulations can help you avoid accidents and complaints.

Benefits of OSHA Compliance
Complying with OSHA standards can reduce your workers’ compensation costs by helping you eliminate unsafe workplace conditions and making your company a safer place to work.

Compliance also means you are more likely to avoid inspections from an OSHA compliance officer. OSHA regulations state that OSHA can inspect your workplace without notice. But businesses with complaints filed against them have a higher chance of inspection, so your chances are greatly diminished if you’re complaint-free. In the same vein, OSHA compliance can help you avoid costly fines, since you have inspected your workplace and corrected any violations or unsafe conditions. If your workplace is compliant, you are less likely to receive complaints, inspections and any subsequent fines.

Tools You Can Use to Be Ready for OSHA
You should always be ready for OSHA inspections, and tools like an online OSHA log can help you be prepared.

Tracking injuries and incidents in an online OSHA log keeps all the information you need in one place, and can easily be printed to share with employees or any OSHA inspectors who visit.

Plus, by storing all your incident information in an online log, you can easily analyze it to spot trends, benchmark against national data, and isolate potential problem areas based on division, time period or injury type.

Compliance is the Key
Morris & Reynolds Insurance has the tools you need to save time, work more efficiently and keep your workplace compliant with OSHA standards. Contact us today at 305.238.1000. We want your workplace to be as safe as you do.

 

OSHA Reporting Requirements

OSHA Reporting & Recordkeeping Overview

2015 OSHA Benchmarking Report

OSHA Recordkeeping Forms

OSHA Injury
Recording Flowchart

OSHA Workers’ Rights

OSHA Federal
Penalty Schedule

OSHA Severe Violator Enforcement Program

Creating a Workers’ Compensation Process

By developing a cohesive workers’ compensation process, you can play an active role in reducing related costs.

For the unprepared, workers’ compensation (WC) issues can be both confusing and costly. Fortunately for employers, there are ways to actively engage WC issues to influence their outcomes.

Through management controls and active involvement in the WC process, your organization can effectively influence related costs. To do so you will have to establish a number of your own processes that guide decision making throughout your organization.

Areas requiring WC management can be divided into three main categories. These categories include facets that may range from the simple to the complex, but as a whole, address vital issues that can negatively influence WC costs in your company.

Workplace Safety Means Fewer Claims
68181Simply put, reducing claims reduces costs. Establishing a safety-minded culture throughout every level of your company is essential to keeping workers injury free. However, establishing such a culture isn’t an overnight solution. To be successful, an ongoing commitment to safety must be made. Such a commitment must be supported by management and given the necessary resources to succeed.

Developing comprehensive safety policies for employees builds a firm foundation for your safety culture to grow. Such policies also encourage OSHA compliance, further improving your safety efforts while helping you avoid costly fines.

Mitigate Loss After an Injury
Unfortunately, even with all the right programs in place, it is still possible for accidents to happen. When a workplace incident occurs how you respond can greatly influence the outcome of the claim. Prompt claim reporting is essential to keeping costs down. It is also important to have a designated injury management coordinator, someone who can supervise open claims and work with both employees and medical personnel to facilitate the timely recovery.

The longer an employee is out of work the more expensive their claim will be. Return-to-work programs that allow injured employees to come back to work at a limited capacity during the recovery process, are one of the most effective tools business owners have to reduce the severity of a claim.

Managing Your Mod
Insurers use what is known as an experience modification factor, or mod, to calculate the premiums you pay for workers’ compensation coverage. By managing your exposures and promoting safety it is possible to manage your mod and decrease your premium rates.

Like a good safety program, controlling your mod is an ongoing process. To reap the benefits of lower premiums you will have to keep in regular contact with your insurance provider to ensure they have the most accurate data to use in their calculations.

More Information
For more information on Worker’s Compensation coverage, contact Morris & Reynolds Insurance at 305.238.1000, or visit our website’s Workers Compensation page.

Using Life Insurance to Fund a Buy-Sell Agreement

A chief concern among business owners is what will happen upon the death of one of the owners: how will it affect the business, the other owners and the heirs of the deceased owner? Surviving owners want to ensure the continuity of ownership and not risk having a large share of ownership fall into the hands of potentially inexperienced heirs of the deceased. In addition, they want to protect themselves and the company financially. On a personal level, owners want to also ensure that their family is financially secure and compensated fairly in the event something happens to them.

life_insurance_header_img

What is a Buy-Sell Agreement?
A buy-sell agreement can address all of these concerns. It is a contract among business owners that, upon the death of one of the owners, requires the remaining owners or the company itself to purchase the deceased’s interest in the company according to the agreed upon terms of the contract. In addition, the deceased’s heirs are required to comply by selling their inherited interest at the previously agreed-upon price.

The best way to fund a buy-sell agreement is through life insurance. This ensures that funds are immediately available when a death occurs; plus, death benefit proceeds are generally income tax free. In addition, the funds used to buy the deceased’s share are purchased for pennies on the dollar.

Advantages of a Life Insurance Funded Buy-Sell Agreement

  • Establishes a valuation of a deceased owner’s interest in the business for estate tax purposes.
  • Establishes a mutually agreeable price and terms to reduce potential future litigation or friction.
  • Helps facilitate a smooth transition of management.
  • Ensures that the family of the deceased receives cash instead of unmarketable stock.
  • Protects the company’s liquidity needs at a potentially vulnerable time.

Types of Buy-Sell Life Insurance Plans
Cross Purchase Plans

  • Each owner purchases a life insurance policy on the other owners and is a named beneficiary of the policy.
  • Upon the death of an owner, each surviving owner receives the life insurance proceeds income tax-free and uses the proceeds to purchase the deceased’s business interest.
  • Heirs of the deceased receive an agreed-upon payment for their inherited business interest.

Entity Plans

  • The company purchases life insurance policies on each owner, naming itself as sole beneficiary.
  • Upon the death of an owner, the company receives the life insurance proceeds and uses said proceeds to purchase the deceased’s business interest.
  • Heirs of the deceased receive an agreed-upon payment for their inherited business interest.

Morris & Reynolds Insurance understands the complexities of buy-sell insurance policies and we are here to help you protect your business, your assets and your family. Contact us today at 305.238.1000 or visit our website: www.morrisandreynolds.com for more information.

Cyber Security

Every day, more than 1 million people become victims of cyber crime. Cyber criminals look for the weak spots and then attack, no matter how large or small the organization.

Every day, more than 1 million people become victims of cyber crime, according to a study by Symantec, a computer security software company. Businesses, both large and small, are increasingly reliant on the Internet for daily operations, creating attractive and potentially lucrative targets for cyber criminals.

With such heavy use of and reliance on computers and the Internet by both large and small organizations, protecting these resources has become increasingly important. Learning about cyber attacks and how to prevent them can help you protect your company from security breaches.

Cyber Attacks Compromise Your Company
Cyber attacks include many types of attempted or successful breaches of computer security. These threats come in different forms, including phishing, viruses, Trojans, key logging, spyware and spam. Once hackers have gained access to the computer system, they can accomplish any of several malicious goals, typically stealing information or financial assets, corrupting data or causing operational disruption or shut-down.

Both third parties and insiders can use a variety of techniques to carry out cyber attacks. These techniques range from highly sophisticated efforts to electronically circumvent network security or overwhelm websites to more traditional intelligence gathering and social engineering aimed at gaining network access.

Cyber attacks can result directly from deliberate actions of hackers, or attacks can be unintentionally facilitated by employees—for example, if they click on a malicious link.

A breach in cyber security can lead to unauthorized usage through tactics such as the following:

  • Installing spyware that allows the hacker to track Internet activity and steal information and passwords
  • Deceiving recipients of phishing emails into disclosing personal information
  • Tricking recipients of spam email into giving hackers access to the computer system
  • Installing viruses that allow hackers to steal, corrupt or delete information or even crash the entire system
  • Hijacking the company website and rerouting visitors to a fraudulent look-alike site and subsequently stealing personal information from clients or consumers

cyber_liability_header_img

Cyber attacks may also be carried out in a manner that does not require gaining unauthorized access, such as denial-of-service attacks on websites in which the site is overloaded by the attacker and legitimate users are then denied access.

The Vulnerable Become the Victims
The majority of cyber criminals are indiscriminate when choosing their victims. The Department of Homeland Security (DHS) asserts that cyber criminals will target vulnerable computer systems regardless of whether the systems belong to a Fortune 500 company, a small business or a home user.

Cyber criminals look for weak spots and attack there, no matter how large or small the organization. Small businesses, for instance, are becoming a more attractive target as many larger companies tighten their cyber security.

Simple Steps to Stay Secure
The DHS, which issues bulletins and alerts that provide information on potential cyber threats, has issued more than 5,000 alerts and advisories in a single year. With cyber attacks posing such a prominent threat to your business, it is essential to create a plan to deal with this problem. Implementing and adhering to basic preventive and safety procedures will help protect your company from cyber threats.

Following are suggestions from a Federal Communications Commission roundtable and the DHS’s Stop.Think.Connect. program for easily implemented security procedures to help ward off cyber criminals. These suggestions include guidelines for the company as well as possible rules and procedures that can be shared with employees.

Security Tips for the Company

  • Install, use and regularly update anti-virus and anti-spyware software on all computers.
  • Download and install software updates for your operating systems and applications as they become available; if possible, choose the automatic update option.
  • Change the manufacturer’s default passwords on all software.
  • Use a firewall for your Internet connection.
  • Regularly make backup copies of important business data.
  • Control who can physically access your computers and other network components.
  • Secure any Wi-Fi networks.
  • Require individual user accounts for each employee.
  • Limit employee access to data and information, and limit authority for software installation.
  • Monitor, log and analyze all attempted and successful attacks on systems and networks.

Security Tips for Employees

  • Use strong passwords (a combination of uppercase and lowercase letters, numbers and special characters), change them regularly and never them share with anyone.
  • Protect private information by not disclosing it unless necessary, and always verify the source if asked to input sensitive data for a website or email.
  • Don’t open suspicious links and emails; an indication that the site is safe is if the URL begins with https://.
  •  Scan all external devices, such as USB flash drives, for viruses and malicious software (malware) before using the device.

Most importantly, stay informed about cyber security and continue to discuss Internet safety with employees.

Don’t Let it Happen to Your Company
According to the DHS, 96 percent of cyber security breaches could have been avoided with simple or intermediate controls. Strengthening passwords, installing anti-virus software and not opening suspicious emails and links are the first steps toward cyber security.

Begin implementing cyber-safety procedures today to protect your company, clients and employees from the invisible but costly threat of cyber attacks.

More Information
For more information on Cyber Liability coverage, contact Morris & Reynolds Insurance at 305.238.1000, or visit our website’s Cyber Liability page.