Data Breach Response Plan

Our business associates at Regions Bank have put together a great article on creating a Data Breach Response Plan. Q1 2019 to Q1 2020 reported a 273% increase in data breach exposing 8.4 billion records, from insurance providers to credit bureaus, 2021 is expected to report higher threats. In the last couple of weeks there has been a lot of noise surrounding cyber security, which brings to light what the projections or expectations for this upcoming year are. IBM identified that it takes companies an average of 280 days to identify and contain a breach/cyber security occurrence.

So What is a Data Breach Response Plan? In short, it is a roadmap for your company to follow should a breach occur. Similar to an Emergency Response Plan but for your data and IT platform. Top points from Regions’ article:

  • Build a Response Team; from Executive level through HR down to customer support and external vendors
  • Include and detail specifics for the following in your plan:
    • Identify breach; triggering events
    • Contain the breach
    • Notify Data Breach Team and initiate plan
    • Investigate
    • Notify internal and external relations of breach; as required by law
    • Safeguard data
    • Conclusion and review meeting; team meets to analyze breach and make adjustments to the existing plan

My personal add on this is to research and obtain a cyber security insurance policy, mitigate your cyber risk. Cyber insurance protects against damages caused by electronic threats to your computer systems or data. Cyber threats can lead to the theft, damage or misuse of sensitive information or other vital technologies and can result in downtime and recovery costs that often include specialized repairs and legal fees

Forbes’ article “The Best Cybersecurity Predictions for 2021 Roundup” gives us some insight as to what we can expect. Here are some of the highlights, click on the article link above for the full article.

  • 2020 reported cyberattacks on healthcare facilities in the U.S. affecting 17.3 million people in 436 breaches tracked by the U.S. Department of Health and Human Services (HHS) Breach portal.
  • Amid an expectation of decline to revenues in 2021, 51% of executives plan to increase cybersecurity budgets

Govtech.com has also chimed in on where we need to protect ourselves for 2021 and what is expected to be at greatest risk; high points listed below, click link above for full article (interesting and informative read):

  • Increase attacks expected on home computers and networks; scary seeing as though many of us are still working remotely
  • Dark web expected to allow criminals access to purchase more sensitive corporate information
  • App stores through mobile devices and smartphones are expected to be attacked
  • Cloud base push for storage will likely create gaps in security
  • Application Programming Interfaces (API) threat models are high targets for enterprise breaches

Here at Libertate Insurance, data is a viable part of what allows us to do what we do for our clients. We hold data security at a high level of importance to our brand. We also know that the best reaction is a planned reaction. Putting a plan in place to protect your organization and your clients is important. We offer programs for cyber security that can further protect you, should you fall victim to the latest trends in the world of scams. Please contact us to review program details and understand the benefits of obtaining a cyber security policy.

Regions Bank Treasury Management sends out information on Emerging COVID-19 Scams

Be aware of Emerging Covid-19 Scams
Author credit: Jeffrey Taylor of Regions Treasury Management Products and Services

Several government agencies have issued a bulletin warning of a new type of COVID-19 scam. Along with the previously reported scams involving personal protective equipment (PPE), COVID-19 testing, and economic stimulus payments, fraudsters are now leveraging the availability of the COVID-19 vaccine. According to the bulletin, victims are being coerced to make an out-of-pocket payment for the vaccine and provide personally identifiable information with a false promise to move their name up on the list of vaccine recipients.

The FBI warns of the following potential indicators of fraudulent activity:

  • Advertisements or offers for early access to the vaccine upon payment of a deposit or fee
  • Requests asking for out-of-pocket payment to obtain the vaccine or be added to the COVID-19 vaccine waiting list
  • Offers to provide additional medical testing or procedures when obtaining the vaccine
  • Marketers offering to sell and/or ship doses of a vaccine, domestically or internationally, in exchange for payment of a deposit or fee
  • Unsolicited emails, telephone calls, or personal contact from someone claiming to be from a medical office, insurance company or COVID-19 vaccine center requesting personal and/or medical information to determine eligibility to participate in clinical vaccine trials or obtain the vaccine
  • Claims of FDA approval for a vaccine that cannot be verified
  • Advertisements for vaccines through social media platforms, email, telephone calls, websites or unsolicited/unknown sources
  • Unsolicited emails, telephone calls, or personal contact from someone claiming to be a government official requiring you to receive a COVID-19 vaccine


Tips to avoid COVID-19 vaccine-related fraud:

  • Consult your state’s health department website for up-to-date information about authorized vaccine distribution channels
  • Check the FDA’s website (fda.gov) for current information about vaccine emergency use authorizations
  • Consult your primary care physician before undergoing any vaccination
  • Don’t share your personal or health information with anyone other than known and trusted medical professionals
  • Check your medical bills and insurance explanation of benefits (EOBs) for any suspicious claims and promptly report such information to your health insurance provider
  • Follow guidance from the CDC and other trusted medical professionals


General techniques for online/cyber fraud prevention:

  • Verify the spelling of web addresses, websites, and email addresses that look trustworthy but may be imitations of legitimate websites
  • Ensure operating systems and applications are updated to the most current versions
  • Update anti-malware and anti-virus software and conduct regular network scans
  • Do not enable macros on documents downloaded from an email unless necessary and only after ensuring the file is not malicious
  • Do not communicate with or open emails, attachments, or links from unknown individuals
  • Never provide personal information of any sort via email. Be aware that many emails requesting your personal information may appear to be legitimate
  • Use strong two-factor authentication, using biometrics, hardware tokens, or authentication apps
  • Disable or remove unnecessary software applications

If you believe you are a victim of a COVID-19 scam, please call Regions Client Services immediately at 1-800-787-3905, and report it to the FBI at www.ic3.gov; wwwtips.fbi.gov; or 1-800-CALL-FBI.

Want more information, or have questions?
For more helpful practices regarding fraud prevention, please visit regions.com/stopfraud and www.regions.com/fraud-prevention.

SBA Issues New PPP Update

On January 6, 2021, the SBA (Small Business Administration) issued guidance on PPP (Paycheck Protection Program) by way of 2 interim final rules (IFR). The SBA will use the consolidated guidance of PP1 and these 2 IFRs to apply to PPP2. Withum, tax and assurance advisors, has put together a summary of the guidance to help us understand. Check out the full article here.

The biggest take-away for me is that borrowers under PPP1 are eligible for loans under PPP2; see article above for eligibility details of visit that SBA website. If you are interested in applying for the second round , the SBA has provided a list of Participating Lenders. Round 2 will be handled similarly through private lenders for management of the loans as well as the forgiveness application process. If you currently have a banking relationship contact your representative for guidance, as I learned with PPP1, each institution handles the program processing differently.

For more detail on the interim rulings you can check out the SBA webpage for PPP here.

Welcome to 2021, I will say it was nice to see that a second round of assistance is being offered up for small business. These days we always need to remember to look for the silver lining, be thankful for what we have, and be strategic in planning for our needs.

Reminders for you New Year’s Celebrations

Yet another post about Covid-19 safety, but this is our new normal so here we go! With the close of 2020 and all of its wonderful tidings (pun-intended), how do we safely celebrate the Hope of the New Year without bringing additional risk of Covid-19? The CDC has some pointers, check out this link for their article on “Holiday Celebrations and Small Gatherings.”

In Summary

If possible stay within your Risk Pod! Your Risk Pod are those that have been part of your pandemic social group and have been taking measures to reduce the spread of the virus. People that have not been a continued part of your Risk Pod add different levels of risk for exposure.

Covid-19 is mostly spread through respiratory droplets through talking, coughing or sneezing. Find out how people have been feeling before you open your home; don’t be afraid to monitor for fevers before entry.

This virus is also known to be of spread concern through contaminated surfaces and then contact made via nose, mouth or eyes. Keep cleaning supplies nearby and use them regularly.

If your celebration is a must try and schedule for an outdoor function where people can practice social distancing. Make sure ample access for hand washing is available.

Back in May of 2020 the R Naught or reproduction number (R0) of Covid-19 was between 2 and 3 for the United States meaning for each 1 person infected the virus, on average, can be spread to 2 or 3 additional people. As of December 7th the United States was reporting R0 between 1 and 1.25. We saw spikes in new cases in November. For more Covid-19 tracker information check out Covid19-projections. There is a great amount of machine learning visuals and information on the virus here.

Whatever your celebratory activities are to ring in 2021, we at Libertate Insurance hope you Have Fun and Stay Safe! Don’t kiss strangers at the Drop of the Ball! Keep your Mask On!

COVID-19 Relief Bill

Our friends at NAPEO are always keeping us up to date with pertinent information impacting PEOs and Small Businesses. They released the following yesterday related to the COVID-19 Relief Bill.

COVID-19 Relief Bill: What It Means for PEOs & Small Business

Yesterday, the House passed an omnibus spending bill that included $1.4 trillion to fund the federal government and $900 billion of additional COVID relief by a vote of 399-53. The Senate then passed the legislation by a vote of 92-6. The bill now heads to the White House, where President Trump is expected to sign it.

Tax Provisions

The omnibus spending bill – which is almost 5,600 pages long – contained many tax provisions that impact PEOs. Randy Hardock and Courtney Zinter of Davis & Harman (NAPEO’s outside tax counsel) have prepared a document containing the details of these provisions and how they apply to PEOs.

Specific tax provisions of interest to PEOs include:

  • Paid Sick and Family Leave Credits
    • Extends the paid sick and family leave credits against employment taxes from the Families First Coronavirus Response Act (FFCRA) for three additional months to March 31, 2021.
    • The bill does not extend the FFCRA’s mandate to provide paid sick leave or paid family and medical leave beyond December 31, 2020.
  • Changes to the Employee Retention Tax Credit (ERTC)
    • Repeals the provision denying the ERTC to employers receiving a PPP loan. Instead, mechanisms would be created to prevent the same wages from being used for both PPP loan forgiveness and the ERTC.
    • Extends the ERTC to apply to wages paid before July 1, 2021 (instead of January 1, 2021).
    • Increases the credit percentage from 50 percent to 70 percent of applicable wages.
    • Increases the per-employee limitation on applicable wages from $10,000 total to $10,000 per calendar quarter. In combination with the increased credit percentage, this would increase the maximum credit per employee from $5,000 to $7,000 per quarter (up to $14,000 for the first two quarters in 2021).
    • The following language was added to the ERTC provisions that specifically addresses PEOs: Any forms, instructions, regulations, or guidance described in paragraph (2) shall require the customer to be responsible for the accounting of the credit and for any liability for improperly claimed credits and shall require the certified professional employer organization or other third-party payor to accurately report such tax credits based on the information provided by the customer. [Emphasis added.]
      It is not clear whether this provision applies retroactively or just to new credits taken in 2021.
    • Makes the ERTC available if the business experienced a decline of at least 20 percent in gross receipts (instead of a 50 percent decline) as compared to the same calendar quarter in the prior year.
    • Modifies the small employer definition of qualified wages to apply to employers that have 500 or fewer employees (instead of 100 of fewer employees).
  • Creates a temporary employee retention credit of 40 percent of qualified wages up to $6,000 (maximum credit of $2,400 per eligible employee) for eligible employers affected by certain qualified disasters. This credit is retroactive and does not apply to COVID-related disasters.
  • The bill also extends the Work Opportunity Tax Credit for five years.

Paycheck Protection Program and Other Small Business Assistance

In addition to the tax provisions, the COVID-19 relief portion of this legislation contains additional assistance for small businesses, which NAPEO has been lobbying Congress in support of. Specifically, it contains the following provisions designed to assist small businesses:

  • Creates a second loan from the Paycheck Protection Program, called a “PPP second draw” loan for smaller and harder-hit businesses, with a maximum amount of $2 million.
  • Creates a simplified application process for loans under $150,000.
  • Expands the expenses that can be covered by a PPP loan.
  • Makes 501(c)6 organizations that do not lobby eligible for PPP loans.
  • Makes the expenses covered by PPP loans tax deductible.

Details on these provisions can be found on this document provided by the Community Banker’s Association.

Unemployment Insurance

The COVID-19 relief provisions also make the following changes to unemployment insurance:

  • Unemployed individuals get an additional $300 per week from December 26, 2020 to March 14, 2021.
  • Extends and phases out Pandemic Unemployment Assistance (PUA), a temporary federal program covering self-employed and gig workers, to March 14, 2021 and extends benefits from 39 to 50 weeks with all benefits ending April 5, 2021.
  • Extends and phases out Pandemic Emergency Unemployment Compensation (PEUC) which provides additional weeks when state unemployment runs out, to March 14, 2021 (after which no new applications) through April 5, 2021.
  • Extends provisions to March 14, 2021, including interest-free loans to the states.

No federal money was provided to shore up the short falls in state unemployment funds.

Miscellaneous Provisions

The omnibus spending bill contained so-called “tax extenders,” which are temporary provisions in the tax code that are designed to support specific economic activities. There are two provisions of interest to PEOs that have been extended for five years. They are: 

  • The employer credit under section 45S for paid family and medical leave, originally enacted as part of tax reform in 2017.
  • The expanded exclusion for employer-provided educational assistance, including student loan repayment benefits as enacted as part of the CARES Act. NAPEO has lobbied in support of this provision.

For more information visit NAPEO’s COVID-19 Resource Center or contact Thom Stohler.

NAPEO is offering a webinar on this bill and the impacts for PEOs and their clients on January 8th at 2pm EST. Not a Member of NAPEO? Find out how to join here.

Looking for a PEO or have questions on whether or not a PEO is right for you; visit our site at Libertate Insurance and get the questions you have answered.

Q4 2020 Cyber Risks & Liabilities Update

Some important trends that are threatening our businesses and ways to protect yourself.

How to Avoid Electronic Signing Service Scams

Although utilizing an electronic signing service can be a convenient way for your organization to digitally sign and exchange important documents (e.g., contracts, tax documents and legal materials) with stakeholders, doing so also carries significant cybersecurity risks.

Cybercriminals can utilize a variety of scamming techniques to trick electronic signing service users into sharing sensitive information, such as their signature, financial information and other personal data. From there, the criminals can use that information for a range of destructive purposes—including identity theft and other costly forms of fraud. These scams have become an increasingly prevalent threat in the midst of the ongoing COVID-19 pandemic, as many organizations have transitioned to fully remote operations.

In fact, DocuSign—a popular electronic signing service provider—recently released a statement regarding several new phishing scams that cybercriminals have implemented to fool victims into thinking they are using DocuSign’s services. These scams entail the victim receiving a fraudulent email that appears to be from DocuSign, urging them to either click on a malicious link (which then downloads malware on the individual’s device) or provide their personal information (which scammers then access to commit fraud).

Whether your organization uses DocuSign or a different electronic signing service, it’s important to educate yourself and your stakeholders—including employees, investors, customers and suppliers—on how to detect and avoid falling victim to these phishing scams. That being said, consider the following cybersecurity tips:

  • Be wary of responding to emails that claim to be an electronic signature request—especially if you weren’t expecting a request or don’t recognize the name of the individual or organization sending the request. Trusted senders would let you know they are sending a signature request before doing so.
  • Never click on links from electronic signature emails that appear suspicious—especially if the URLs for those links redirect to websites that aren’t secure or recognizable.
  • Review electronic signature emails for generic wording, grammatical errors and misspellings (both in the body of the email and within the sender’s email address). These mistakes are often key indicators of a phishing scam.

Cybersecurity Trends to Prepare for in 2021

This past year saw a wide range of changes and advancements in workplace technology utilization for organizations of varying sectors and sizes. But as digital offerings continue to evolve, so do cybersecurity threats. That’s why it’s crucial to remain up-to-date on the latest technology trends and adjust your cyber risk management strategies accordingly. As your organization starts to prepare for 2021, keep the following emerging cybersecurity concerns in mind:

  • Remote work issues—While remote working is a valuable method for protecting staff from the ongoing COVID-19 pandemic, this practice can also lead to increased cybersecurity vulnerabilities for your organization. After all, many employees may not have the same security capabilities in their work-from-home arrangements as they do in the workplace. As such, make sure your organization provides remote staff with appropriate cybersecurity training and resources, as well as implements effective workplace policies and procedures regarding cybersecurity.   
  • Cloud hijacking concerns—Especially with more employees working from home than ever before, maintaining cloud security is crucial. Cloud breaches have become more common in the past year, as cybercriminals have developed a method for hijacking cloud infrastructures via credential-stealing malware. To avoid this concern, utilize trusted anti-malware software and update this software regularly.   
  • Elevated ransomware threats—Cybercriminals continue to create new and improved ransomware attack methods each year. According to recent research from Cybersecurity Ventures, ransomware attacks are expected to cost organizations more than $20 billion in 2021, with an attack estimated to take place every 11 seconds. To help protect your organization from ransomware attacks, use a virtual private network, place security filters on your email server and educate staff on ransomware prevention.
  • Data privacy expectations—As more and more organizations start storing sensitive information on digital platforms, data privacy is a growing concern. If your organization stores sensitive information digitally, it’s vital to utilize proper security techniques to protect such data (e.g., encryption) and abide by all relevant data privacy regulations.
  • Skills shortages—Despite ongoing advancements in workplace technology, cybersecurity skills shortages have become a major issue for many organizations—with the demand for cybersecurity professionals exceeding the number of individuals that are qualified for such a role. This shortage emphasizes the importance of investing in effective cybersecurity tools across all workplace devices to help minimize your risks. 

With these trends in mind, it’s important now more than ever for your organization to secure adequate cyber insurance. Otherwise, you run the risk of your organization lacking the appropriate coverage and dealing with hefty out-of-pocket costs in the event of a cyber incident.

Smart Device Security Best Practices

As remote work continues to be a popular offering for many organizations, some employees have begun taking advantage of their own smart devices—such as smartphones or tablets—for work-related purposes.

While this practice can certainly help employees expand their remote work capabilities, utilizing smart devices within a work setting can lead to elevated cybersecurity risks. This is because your employees’ smart devices may not be initially equipped with the security measures necessary to defend against cybercriminals, thus increasing the likelihood of a cyberattack taking place.

Don’t let employees’ smart devices lead to a cybersecurity disaster within your organization. Utilize the following guidance to promote smart device security:

  • Establish a Bring Your Own Device (BYOD) policy that includes standards employees must uphold when using their smart devices for work-related purposes.
  • Have employees create complex passwords for their smart devices. Encourage staff to enable multifactor authentication on their devices, if possible.
  • Restrict employees from connecting to public Wi-Fi networks on their smart devices. Be sure to establish a virtual private network for staff to use to ensure a safe, secure connection.

Have employees conduct routine software updates on their smart devices to prevent potential security gaps.

For additional cybersecurity guidance and coverage, contact Libertate Insurance today, we are offering Cybersecurity Programs.

2021 Employee Benefit Trends

Our friends at NAPEO released trends to watch out for as reported by Employee Benefit News; highlights from the full article below.

Increasing Health Insurance Premiums Employers will likely start shopping and looking for more cost manageable healthcare plans as health insurance premiums are trending 54% increases over the past 11 years as reported by the Society for Human Resource Management (SHRM). SHRM also reported, “Employers expect a moderate health plan cost increase next year of 4.4 percent, on average, compared to this year, according to early results…”. The concern here is that this trend of continued increase is outpacing the consumer price index and wage growth.

Telehealth We have seen a large uptick in the push and use of telehealth with the COVID-19 pandemic. 2021 will continue to grow this field of medical care. Telehealth benefits have been able to provide medical coverage for acute, chronic, primary and specialty care.

Personalized Benefits Packages Companies may start offering more non-medical offerings for a more customized employee benefit packages. Packages will start with the basic health insurance and paid time off benefits and expand to include optional add-ons like pet insurance, short-term disability, access to legal services, whole or term life, hospital stay, accident insurance to mention a few.

Mental Health Employers are waking up to the mental health wellness of their employees and how it can be a direct impact o their organizations. Employers are educating themselves on reducing workplace stress. Many benefits package now include behavioral health with both onsite and virtual medical plans.

Not partnered with a PEO? Connect with us and let us know how we can help! Find out more on our website here.

Small Business Snapshot

Our friends at NAPEO released the 2020 4th Quarter Small Business Snapshot, click on the link for more details.

Source: NAPEO; Opportunity Insights Economic Tracker, Small Business Revenue tracker, revised data, updated November 9,2020.

Some of the interesting data reported and tools noted below:

  • Small business reports 31% lower daily revenue than Q1;
  • 74% of small business are reporting large or moderate negative impact related to the pandemic;
  • The Wells Fargo/Gallup Small Business Index through 2020 Q3 is showing the current trend in line with Q3 2008 as well as future expectations; Check out the Wells Fargo website for Small Business Resources to help with your 2021 Business Plan;
  • The Unemployment rate is showing a 3.3% increase from Q3 2019 with Hawaii, Nevada and New York showing the highest.

Not partnered with a PEO? Connect with us and let us know how we can help! Find out more on our website here.