About James Buscarini

- Co-Founder of ZoneCare USA, LLC., a national provider of medical wheelchair, ambulatory and stretcher transportation, translation, & durable medical equipment services for injured workers compensation patients. Acquired by One Call Care Management out of Jacksonville, FL in 2008 - Architected, recruited, hired and lead a nationwide sales team made up of top earning industry producers - Proliferated gross revenue growth and profitability to > 26 million dollars (pre-acquisition of ZC USA by the buyer, Monitor Clipper Capital & MSC/Medical Services Company, Jacksonville, FL) in 2008 - Co-Founder, Managing Member, EVP of National Sales @ Speedy Re-Employment and Medicare Set Asides & selectMRI (a national diagnostics network) also purchased by Monitor Clipper & MSC in 2008 - Organized capital infusion after launching DENTALWORKS USA, a nationwide network provider of dental services to the workers compensation space - Won new and organic business contracts & quickly achieved run rate of >3 million annually securing nationwide, marquee contracts with exclusive provider rights to the likes of BCBS FL, AIG, PMSI & Healthcare Solutions - Captured 35% + market share in the dental space for workers’ compensation dental claims - Written quote from a friend, "James possesses a strong right brain, a strong left brain and an even stronger middle brain. If you're not familiar with the middle brain it's the rare ability to treat all people with respect and make them feel important!" - Sold record breaking deal first 90 days in technology space - Recognized as part of LinkedIn’s "Top 1% most viewed”

This is Why You Should Double Check Your Cyber Insurance Policy

Image

Whether a business is in healthcare, accounting, legal, real estate, manufacturing, etc., most of a business’ important assets are digital. (Government municipalities are included too.) To make matters complicated, it’s very common for these digital assets to be stored in various systems and locations, intertwined with a third party’s digital information. With so many opportunities for disaster, steps must be taken to insure this critical information.

Cyber insurance is a new frontier that is rapidly evolving as the industry gets its bearings. Many companies are finding that their current cyber policies have very minimal coverage in case of a cyber breach, and the majority of these policies will not come close to providing the necessary breach coverages to the business or municipality.

When looking at your existing or new cyber policy, it’s important to consider these types of coverages:


As we have come to realize, the idea that security starts and ends with the purchase of a pre-packed firewall is simply misguided

Art Wittman

1. Privacy Breach Notification

Some reports estimate the notification and credit monitoring costs alone are over $100 per record, so if you had 1,000 compromised records, this alone could cost $100,000 or more.

2.Data Loss Restoration

Believe it or not, many large insurance carriers have policy exclusions for the replacement and restoration of data, so be very careful in this area when reviewing your policy.

3. Privacy Liability

This covers for the theft or loss of private information related to customers and other third-party information that is in your care.

4. Regulatory and PCI Defense

Many industries are under strict regulatory control, and breaches may result in fines and other penalties from these regulatory agencies.

5. Public Relations

If an enterprise has a breach, the bad press they receive can do significant long term reputational damage and can also be used by competitors to their advantage. This coverage will help hire a public relations firm to mitigate the reputational damage your name brand might incur.

6. Cyber Crime

If your organization is threatened with various cyber threats such as malicious code that will result in financial loss or data loss, this coverage is needed for the reimbursement of the costs associated with these threats.

7. Defense and Settlement costs

A breach affecting a lot of customers may result in lawsuits and financial settlements, so insurance coverage is needed to offset these potentially enormous costs.

8. Consulting and Forensic Fees

If a breach does occur, the upfront investigative process will require a lot of professional expertise and a lot of money, and this specific coverage will offset these significant costs.

9. Business Continuity

If a hack causes your business to lose income, this coverage will reimburse you for these losses.

It takes 20 years to build a brand or company reputation and a few minutes within a cyber incident to ruin it

Stephane Nappo

For a free cyber insurance policy evaluation, contact Libertate Insurance today at 813-367-7574 or email me, James Buscarini at jbuscarini@libertateins.com.

Our professionals are happy to review and discuss your firm’s existing cyber liability insurance policy and the relation to your unique business requirements, needs and cyber coverage. Our goal is to help your PEO and client companies navigate the cyber liability insurance landscape and identify potential vulnerabilities that could be exposed based on your existing technology network and infrastructure. Finally, we want to make sure that in the event of a ransomware attack, business email compromise or phishing expedition your firm has adequate coverage in each of the areas that you might be vulnerable to be targeted in.

CYBER RISKS & LIABILITIES – Penetration Testing Explained

Image

Keeping workplace technology up and running is vital to any organization’s success. While this task seems feasible, it’s growing harder and harder each year as cybercriminals expand their reach.  It’s not enough to simply protect workplace technology with software and security protocols. It’s also critical for your organization to test the overall effectiveness of these protocols on a regular basis. That’s where penetration testing can help.

Essentially, penetration testing consists of an IT professional mimicking the actions of a malicious cybercriminal to determine whether an organization’s workplace technology possesses any vulnerabilities and can withstand their attack efforts. Conducting a penetration test can help your organization review the effectiveness of workplace cybersecurity measures, identify the most likely avenues for a cyberattack and better understand potential weaknesses.

Review this guidance to learn more about what penetration testing is, the benefits of such testing and best practices for carrying out a successful test within your organization.

What Is Penetration Testing?


Put simply, penetration testing refers to the simulation of an actual cyberattack to analyze an organization’s cybersecurity strengths and weaknesses. This testing usually targets a specific type of workplace technology, such as the organization’s network(s), website, applications, software, security systems or physical assets (e.g., computers and smart devices). Penetration testing can leverage various attack methods, including malware, social engineering, password cracking and network hacking, among others. Generally speaking, penetration testing is often performed by a professional from a contracted IT firm who is not associated with the organization being assessed in any way. This helps the cyberattack simulation seem as authentic as possible. Penetration testing is typically either external or internal in nature. The primary differences between these forms of testing are as follows:

  • External penetration testing requires the IT expert to attack an organization’s external-facing workplace technology from an outside perspective. In most cases, the IT professional won’t even be permitted to enter the organization’s physical establishment during external penetration testing. Rather, they must execute the cyberattack remotely—often from a vehicle or building nearby—to imitate the methods of an actual cybercriminal.
  • Internal penetration testing allows the IT expert to attack an organization’s internal-facing workplace technology from an inside perspective. This form of testing can help the organization understand the amount of damage that an aggrieved employee could potentially inflict through a cyberattack. 

In addition to these testing formats, there are also two distinct types of penetration tests. How much information an organization provides the IT professional prior to the cyberattack simulation will determine the penetration test type. Specifically:

  • An open-box test occurs when the IT expert is given some details regarding the organization’s workplace technology or cybersecurity protocols before launching the attack.
  • A closed-box test occurs when the IT expert is provided with no details other than the organization’s name before conducting the attack.

Ultimately, the penetration testing format and type should be selected based on the particular workplace technology elements or cybersecurity measures that an organization is looking to evaluate.


Benefits of Penetration Testing

Penetration testing can offer numerous advantages to your organization, including:

  • Improved cybersecurity evaluations—By simulating realistic cyberattack situations, penetration testing can help your organization more accurately evaluate its varying security strengths and weaknesses—as well as reveal the true costs and of any security concerns.
  • Greater detection of potential vulnerabilities—If any of your workplace technology or other cybersecurity protocols fail during a penetration test, you will have a clearer picture of where your organization is most vulnerable. You can then use this information to rectify any security gaps or invest further in certain cyber initiatives.
  • Increased compliance capabilities—In some sectors, organizations are legally required to engage in penetration testing. For example, the Payment Card Industry Data Security Standard calls for organizations that accept or process payment transactions to execute routine penetration tests. As such, conducting these tests may help your organization remain compliant and uphold sector-specific expectations.
  • Bolstered cybersecurity awareness—Mimicking real-life cyberattack circumstances will highlight the value of having effective prevention measures in place for your employees, thus encouraging them to prioritize workplace cybersecurity protocols.

Penetration Testing Best Practices

Consider these top tips for executing a successful penetration test within your organization:

  • Establish goals. It’s crucial for you to decide what your organization’s goals are regarding the penetration test. In particular, be sure to ask:
  • What is my organization looking to gain or better understand from penetration testing?
  • Which cybersecurity threats and trends are currently most prevalent within my organization or industry? How can these threats and trends be applied to the penetration test?
  • What specific workplace technology elements or cybersecurity protocols will the penetration test target?
  • Select a trusted IT professional. Consult an experienced IT expert to assist your organization with the penetration test. Make sure to share your organization’s goals with the IT professional to help them understand how to best execute the test.
  • Have a plan. Before beginning the penetration test, work with the IT expert to create an appropriate plan. This plan should outline:
  • The general testing timeframe
  • Who will be made aware of the test
  • The test type and format
  • Which regulatory requirements (if any) must be satisfied through the test
  • The boundaries of the test (e.g., which cyberattack simulations can be utilized and what workplace technology can be targeted)
  • Document and review the results. Take detailed notes as the penetration test occurs and review test results with the IT expert. Look closely at which cybersecurity tactics were successful during the attack simulation and which measures fell short, as well as the consequences of these shortcomings. Ask the IT professional for suggestions on how to rectify security gaps properly.
  • Make changes as needed. Based on penetration test results, make any necessary adjustments to workplace technology or cybersecurity protocols. This may entail updating security software or revising workplace policies.
  • Follow a schedule. Conduct penetration testing at least once every year, as well as after implementing any new workplace technology.

If you are a Risk Manager or Principal of a PEO and want to learn how you could help protect your client company’s interests through our affordable Master Cyber Liability program, eMail James Buscarini, Fl License #A036520 at jbuscarini@libertateins.com to find out more. The Master Cyber program is written through Axis, an A rated carrier, 250K in coverage, no underwriting, and a revenue generator!

White House Issues Ransomware Prevention Guidance to Businesses

In a recent letter addressed to corporate executives and business leaders, the White House emphasized that
bolstering the nation’s resilience against cyberattacks is a main priority for President Joe Biden’s administration.
Specifically, as ransomware attacks continue to rise in both cost and frequency throughout the country, the
federal government is urging businesses to take this evolving cyber threat seriously.

These attacks—which entail a cybercriminal deploying malicious software to compromise a business’s network or
sensitive data and demand a large payment be made before restoring this technology or information—have
quickly become a growing concern across industry lines. In fact, the latest research provides that ransomware
attacks have increased by nearly 150% in the past year alone, with the median ransom payment demand
totaling $178,000 and the average overall loss from such an attack exceeding $1 million.

While the White House has begun working with both domestic and international partners on various strategies to
prevent ransomware attacks, the Biden administration is also encouraging businesses to play their part in
minimizing this rising cyber concern. Rather than viewing ransomware attacks as a minor cyber risk, the federal
government is instructing businesses to view these attacks as a significant exposure—one with the potential to
wreak havoc on their key operations.

As such, the Biden administration is recommending that businesses convene with their senior leadership teams
to review their ransomware exposures and implement these top cybersecurity measures:


  • Utilize the federal government’s best practices. Businesses should be sure to incorporate the best
    practices outlined in the Biden administration’s Executive Order on Improving the Nation’s Cybersecurity. This
    includes the following practices:
    o Implementing multi-factor (MFT) authentication on all workplace technology
    o Leveraging endpoint detection and response tools to identify and deter suspicious network activity
    o Encrypting sensitive data to make it less accessible to cybercriminals
    o Developing a trusted and skilled workplace cybersecurity team
  • Ensure an effective incident response plan. All businesses should have cyber incident response plans in
    place. These plans outline proper response protocols and offer steps for minimizing potential damages during
    cyberattacks. Businesses should make sure to include several ransomware attack scenarios within their
    response plans and routinely test these scenarios with their cybersecurity teams. Based on test results,
    businesses should revise their response plans accordingly.
  • Conduct frequent data backups. In addition to the federal government’s best practices, businesses should
    also prioritize securely backing up all sensitive data, images and other important files on a regular basis.
    Conducting such backups can help businesses remain operational and continue to access crucial data in the
    event that any workplace technology is compromised in a ransomware attack. Data backups should remain
    offline (not connected to key business networks) and be routinely tested.
  • Keep critical networks separated. In order to keep ransomware attacks from fully disrupting their operations, businesses should attempt to segment their various workplace networks (e.g., sales production, and corporate) from one another rather than having a unified network. Access to each network should be restricted to those who use them to conduct their job tasks. Networks should only allow internet access as needed. That way, businesses can avoid becoming completely compromised by single-network ransomware attacks and continue performing critical functions.

  • Maintain updated security software. To help safeguard workplace technology from ransomware threats,
    businesses should equip their systems and devices with adequate security software—such as antivirus
    programs, firmware protections and firewalls. Further, this software must be regularly updated to remain
    effective. That being said, businesses should also consider utilizing centralized patch management systems to
    keep security software on a consistent update schedule.
  • Review workplace cyber security protocols. Apart from testing their response plans, businesses should
    also regularly assess whether their existing workplace cybersecurity policies, procedures and software are
    sufficient in protecting against current risks—such as ransomware threats. In particular, businesses should
    consider using a third-party penetration tester to review their ransomware defense tactics and overall
    cybersecurity capabilities. Businesses should work with their trusted cybersecurity teams and IT experts to
    make workplace adjustments as needed (e.g., updating policies or purchasing new security software).

For additional risk management guidance and insurance solutions email me James Buscarini, PCA at jbuscarini@libertateins.com or call me at 813.367.7574.

BUSINESS INSIGHTS

Brought to you by the insurance professionals at Libertate Insurance Services



6 Benefits to Attract and Retain Small Business Employees

Attracting and retaining employees is a constant struggle for organizations of any size, but it’s particularly so for small businesses. With smaller teams, employers need to hold onto talent whenever possible. And that can be a challenge, especially when resources are scarce as they are currently amid the lingering effects of the COVID-19 pandemic.

That’s why it’s critical for small employers to tailor their benefits offerings in a way that attracts and retains the most employees. One of the best ways to start this process is by surveying existing and potential employees. Employers can ask workers what types of benefits would interest them the most, then use that data to inform benefits decisions.

While each workforce will have unique needs and interests, there are some commonalities seen among small business employees. This article outlines six of the most popular benefits that small businesses are using to attract and retain employees.

1. Health Insurance

2. Leave Benefits

3. Performance Bonuses

4. Retirement Planning

5. Professional Development

6. Wellness Benefits

Health insurance – is consistently one of the most desired benefits among small business employees. That may be because healthcare is so expensive and is unaffordable without employer-sponsored insurance. Amid the COVID-19 pandemic, having good health coverage is more critical than ever. This provides employers with an opportunity. By offering generous health benefits, employers can compete for top talent. In fact, doubling down on health insurance might be a better option for some employers than adding other ancillary benefits that employees don’t need or want.

2. Leave Benefits – The ability to take time away from work is an important consideration for employees. And, in the wake of the COVID-19 pandemic, employees may have more caregiving responsibilities than they had before—making scheduling flexibility all the more important. Leave benefits will vary by workplace, but they typically include paid time off (PTO), vacation days and sick time. These types of leave usually come with specific use requirements. For employers looking to attract and retain employees, expanding these benefits could be a great leverage tool. This may include allowing faster PTO accrual, providing more sick days or allowing for flexible scheduling.

3. Performance Bonuses – Employees want to be recognized for their hard work. Failing to do so can lower morale and affect retention. Introducing performance bonuses as an employee benefit can be a way to combat this. Performance bonuses will vary, but the general idea is to compensate employees in some way for a job well done. How this looks in practice will depend on the employer. For instance, employees might receive incentives such as gift cards, cash, additional PTO or other perks, depending on their achievement. However, before implementing such bonuses, employers should ensure compliance with any applicable workplace laws regarding employee compensation.

4. Retirement Planning – Financial security is very important to employees, and that sentiment grows as employees near retirement age. It’s also top of mind for those struggling financially thanks to the COVID-19 pandemic. Employees invest their time and energy into their work. As a tradeoff, many employees want their employers to invest in their retirements in return for years of service. Offering a 401(k) with contribution matching can be a powerful attraction and retention tool, as it demonstrates an employer’s investment in their workers in the long term. 

5. Professional Development – Employees may leave a workplace simply because they want other opportunities or need more of a challenge, rather than being driven solely by compensation. Additionally, surveys suggest employees have been putting off job changes during the COVID-19 pandemic, meaning a wave of turnover may be coming soon. Employers may want to think proactively about ways to keep employees around.

In other words, when it comes to top performers, employers should be reluctant to let these employees go. That’s where professional development comes in. Generally, this involves cross-training employees on other positions or otherwise preparing them to take on additional responsibilities. This helps provide the employee with more growth opportunities while still keeping them within the business. Offering such development opportunities also signals to prospective employees that a workplace has upward mobility and is willing to help workers along with their career pathing goals—two factors that can weigh heavily in recruiting conversations.

6. Wellness Benefits – Wellness is a hot topic these days, and employees are looking more and more for employers who take wellness seriously. This can be especially true in the wake of the COVID-19 pandemic, where health consequences are interwoven with everyday decisions. In fact, through the lens of the pandemic, ignoring wellness initiatives may be interpreted as ignoring overall health—something employers obviously want to avoid.  

Different workplaces will offer different wellness benefits, but the purpose of any of them is generally to increase employees’ overall well-being. For instance, benefits may include mental health counseling, health breakroom snacks, gym memberships, fitness trackers, yoga sessions or other perks. When it comes down to it, employees want to feel like their employers care about them as individuals. This means prioritizing well-being.

“Everyone talks about building a relationship with your customer. I think you build one with your employees first.”

– Angela Ahrendts (Senior Vice President, Apple)

Conclusion

Knowing which employee benefits to offer as attraction and retention tools isn’t always easy. One of the best places to start is by surveying current and prospective employees, as the offerings are meant for them. Beyond that, the perks listed in this article have been shown to be popular among employees—making them a viable option to try as well.

However, these benefits aren’t employers’ only option to help attract and retain employees. Reach out to Libertate Insurance today to learn more about these perks and other potential incentives.

5 Ways Cyber Business Interruptions Differ from Traditional Interruptions


Content taken from Andrew G. Simpson’s May 2021 article in the Insurance Journal and is a reformatted post

While a typical business interruption can often be a confusing insurance situation, the picture gets even muddier when it involves cyber coverage.

According to Chris Mortifoglio, who is a Certified Public Accountant and a Certified Fraud Examiner (CFE), understanding the “nuances and differences” of a cyber insurance business interruption exposure or claim compared to a traditional one is more important now than ever.

“I will tell you that in my experience business interruption is often the most misunderstood part of property coverage. Part of that has to do with the fact that it can be very subjective. If you have 10 accounts looking at the same set of financial data, you’ll oftentimes receive 10 different calculations or estimates of what a business interruption loss might be,” said Mortifoglio, who has been dealing with business interruption exposure assessments and claims for more than a decade as the director of forensic accounting at Procor Solutions and Consulting in New York.

A cyber business interruption risk can be difficult to estimate and manage. To further the understanding of cyber BI, Mortifoglio identified five areas where cyber BI differs from traditional BI: period of measurement; period of restoration; personnel involved; geographic constraints, and reputational risk.

1. PERIOD OF MEASUREMENT

The differences between traditional and cyber business interruption begin with the period of measurement or evaluation of lost business income, a period that typically runs shorter for cyber. The timing of a cyber incident can have a major effect on the amount of a potential loss. “Traditionally, when you have a property loss, you’re usually valuing the disruption for a period of weeks or months or years as it takes time to physically repair the property damage that was occurring,” he said. In a cyber incident, the loss may last for just a few hours or a few days. This much shorter time period requires detailed or as Mortifoglio refers to it “granular” on the impact and the disruption on a company. “This means that in order to properly evaluate cyber business interruption, you need much more granular levels of data, maybe even hourly revenue data, or certainly daily sales data, as opposed to a traditional business structure loss where, in some cases, monthly profit and loss statements are enough to evaluate the impacts of the loss,” he said. The granular data is particularly important, for example, when the business operates 24 hours a day, 7 days a week making online sales. “There may be much more greater impacts, and there may be more of a need to really drill down into the disruptions that happen at different times of the day. What happened at midnight versus what happened at 8:00 am?” he explained. When comparing traditional versus cyber BI coverage, the waiting periods following an event before coverage begins are usually different as well. The waiting period for a cyber policy is often denoted in hours, whereas a traditional policy is typically for at least a few days, although it may be written as 48 hours or 72 hours, as opposed to perhaps a 12 hour waiting period for a cyber business interruption loss.

2. PERIOD OF RESTORATION

Another difference is the period of restoration. Defining the period of restoration is very important because that drives the ultimate value of a cyber business interruption loss. The period of restoration is defined as starting on the date of loss, which is the date of physical damage, and ending on the date “when the repairs should have been completed if the insured had utilized due diligence and dispatch.” That period of time is the period of time that an insurance policy will provide coverage for any loss of business income. But determining when this period starts or ends is not always easy. “When it comes to property losses, there’s usually a very clearly defined start to that business interruption period, known as the date of loss. We can define very easily what that period of indemnity is and what a potential extended period of indemnity is because it all depends on the physical damage,” he said. If a fire, earthquake or hurricane impacts an organization, it’s not hard to define when that physical damage occurred. That is the starting point for the period of restoration. However, when it comes to cyber, “there is much less certainty, not only to when a cyber event has started, but also when a cyber event ended” including when the system was repaired and there no longer is a breach. These dates are critical to figuring out the period of time that’s going to be evaluated for a cyber business interruption loss. Mortifoglio recited some questions that come up when evaluating cyber business interruption: “When did the loss start? How do we know that it started at this point in time? Was there a full disruption for an organization or just partial. For example, was it a specific system that was impacted, an email system or an accounting system that went down? And then when did this loss end?”

3. PERSONNEL INVOLVED

So in addition to requiring more and different types of data, and presenting complexities around the period of restoration, cyber business interruption also typically calls for more personnel to become involved from an organization. Mortifoglio cited a need for personnel from the risk manager and legal counsel to financial, technology and operations officers as well as others to contribute to the assessment. First and foremost is the risk manager, the “quarterback of the insurance recovery process” who is helping to manage the actual claims process once something happens, not to mention being the purchaser of the insurance on the front end. After a loss has happened, somebody from the accounting or finance department — perhaps the CFO or the controller—should be called upon to provide the financial data required to quantify any business interruption loss. In addition, it’s important to have someone from operations to assure that the full impacts of the loss are being documented and also connected to the actual financial calculation. And there’s more. “You now have to bring in more folks from your organization to help really provide the picture in the story of what happened and help to properly and accurately quantify cyber business interruption,” Mortifoglio added. This means calling in folks from the IT team to help to identify the status of the cyber incident and define the period of indemnity and the period of restoration. “That’s going to help narrow down the exact period of time that we need to evaluate from a financial perspective to quantify the loss,” he said. Also, the chief systems or technology officer may be needed to oversee data privacy and records issues that may come up in a cyber incident. The legal department may also deal with privacy issues, general legal ramifications and coverage issues, as well as interface with outside counsel brought in to help deal with a cyber breach. “The addition to these extra personnel can add to the complexity of the process,” the Procor executive said.

4. GEOGRAPHIC CONSTRAINTS

Whereas a traditional business interruption claim may be geographically constrained, the same is not always true for cyber exposure. In a traditional scenario, the property damage is contained to either a single location or region that has been hit by a widespread catastrophe. “Think of a hurricane that hit the state of Florida, and if you’re an organization that has multiple locations there, you may have multiple instances of damage. You may have multiple locations that are being impacted,” he noted. When it comes to a cyber loss, these geographic constraints do not exist and an entire organization could be impacted around the globe at the same time. “If you are an organization with a global presence and you have systems that are connecting all of your physical locations around the globe, then a cyber incident may impact you around the globe without any sort of restraints as far as geographic regions. With traditional business interruption, organizations can mitigate their risk by spreading out their operations geographically to avoid a catastrophe, really hampering the entire organization. When it comes to a cyber loss, those types of geographic constraints no longer apply,” he said. For risk mitigation purposes, Mortifoglio stressed the importance of understanding that if a global organization is running systems used by the entire workforce, all operations around the globe can be impacted immediately. “It can make it more complex because you can’t just look at a single isolated location. You have to look at the interconnectivity of your systems to see if something were to happen to them, what would the operational impacts be on your organization? And that’s what’s going to help you evaluate the potential cyber business interruption,” he said. In short, there are no geographic constraints with cyber business interruption and therefore it is harder to mitigate.

5. REPUTATIONAL RISK

Finally, cyber BI carries with it a reputational risk that traditional property business interruption does not. When there is a traditional BI loss such as a fire at a factory, customers and the general public usually do not to have any sort of reaction. Most of the time, the general public is not even aware of the fire and here is no effect on the company’s reputation. However, if a company is hacked and customer records are stolen, Mortifoglio said this can result in a “breach of trust in the public’s eye” and the reputation of an organization can be significantly harmed, often resulting in extended financial losses. In the case of a data breach, even though the system has been repaired and the breach fixed quickly, customers may be hesitant to return to do business with the organization “until they have absolute confidence that it won’t happen again. It’s hard to determine how long that might go on.” However, the forensic specialist noted, cyber business interruption policies are building in coverage to help recover any losses tied to the transitional risks, in a way that is similar to the extended period of indemnity coverage in traditional property policies. “The thought is that once a cyber incident is repaired and a breach is fixed, there may be lingering impacts due to some reputational risk” and there should be coverage there to help capture those losses, Mortifoglio said.

“The notion of implied meaning is the root of misunderstanding.”

— Eric Parslow

PEO Compass brings insight to your PEO related business through real-time reporting, application of innovative technologies, and expert opinions on the industry’s most turbulent topics.  Learn about the latest trends in healthcare, risk management, workers’ compensation, and many other topics that affect the PEO community. To register and start receiving breaking industry news, legislative updates, small business, risk management, safety, property casualty, and all things relevant to the industry of professional employment organizations (PEO) click on the link below to register for free.


The Risk with Search Engines

It’s no secret that your technology company depends on the capabilities of your computer systems to function. You should be aware that simple actions your employees take could be putting your company’s equipment and networks at risk of cyber-crime, including cyber-attacks, cyber theft and other computer security incidents. The average cost of a single cyber-attack is incalculable—cyber-attacks can directly target finances and ruin a business’ reputation. Your business is at stake, and you should do everything you can to protect yourself.


The Risks of Web Searches

As an employer, you should educate your employees about searching for certain topics on the internet due to the risk of coming across websites encrypted with viruses or malware that could be detrimental to your computer systems. Stress that the potential for cybercrime could affect employees individually as well as the business as a whole. More than 90 percent of companies surveyed by the DOJ incurred either monetary loss, system downtime loss or both because of cybercrime, so take it upon yourself to put search engine guidelines in place.


The Web’s Most Dangerous Search Terms

Common term searches conducted online one can expose your business to the risk of cyber-crime. Encourage employees to avoid following suspicious results in search engines. Any result that promises free products or materials is suspect. The least risky search terms are usually health-related topics and searches about economic news. It is essential to remember that the number of dangerous search terms is ever changing. Hackers want to impact

the highest amount of people with the least amount of effort, so they aim for popular search terms most. Ill-intentioned hackers also adapt quickly to the fast-paced nature of the internet and the public circle, so oftentimes social or celebrity events popular at a given moment climb quickly to the top of the internet’s most dangerous search terms and are a high risk for infecting your company’s computers. According to the DOJ, industries considered a part of critical infrastructure businesses account for a


Simple actions your employees take could put your company’s equipment and networks at risk of cyber-crime, including cyber-attack, cyber theft and other computer security incidents.


disproportionate amount of computer security incidents. If your company is in any of these industries, be especially careful about internet searches to ensure computer safety and protect against potentially devastating loss, both monetary and in down time:

  • Agriculture
  • Chemical and drug manufacturing
  • Computer system design
  • Finance
  • Health care
  • Internet service providers
  • Petroleum mining and manufacturing
  • Publications/broadcasting
  • Real estate
  • Telecommunications
  • Transportation and pipelines

Take Precautions to Protect Your Business


There are examples of companies and organizations around the globe that had to shut down operations to address a large-scale virus or other malware issue. These problems can affect both large and small businesses and can cost hundreds of thousands of dollars to fix. Avoid putting yourself at risk by doing the following:

  • Enact a stricter internet use policy
  • Put more strict website blockers or filters in place
  • Educate employees about the hazards that risky search engine exploration can present

Some of these solutions may cost you in the short run but lowering your risk will ultimately save your company in potential identity fraud, monetary cyber theft or informational cyber theft in the future.

NAPEO announces in-person conference opening back up for September 27-29, 2021

NAPEO‘s President, Mr. Pat Cleary has exciting news about future in-person meetings and events!

The following post was from an eMail to the members from NAPEO’s President, Mr.Pat Cleary regarding the status of upcoming events and the status on in-person attendance.


Ten months ago to the day, I sent an email stating that due to COVID-19 and the associated risks that the committee voted against having the annual SAGE event and conference. It was a heartbreaking email to write, in that the conference was a speck of hope for us all, something out in the far distance that we all looked forward to, when this damned thing would be over. But it was not to be. I attached the email here because re-reading it today, it’s a bit of a time capsule, and reminds us of a low point that we experienced – and survived – together.

So today I’m writing with some very good news: I just this hour signed our contract with the JW Marriott San Antonio Hill Country to hold our conference there – in person – on September 27 – 29 this year. Just about every conversation I have had with any NAPEO member over the past few months has included a discussion of when we would be able to meet again in person. We are all suffering Zoom fatigue, that’s for sure. Looking at the email below, I said, “We want to gather with our members, and as soon as it’s safe to do so, we will.” Every organization has its own level of risk tolerance. Our litmus throughout has been the health and safety of our members and of our team here at NAPEO. Comforted and fortified by the upward trend in vaccinations and downward trend in cases – and the slow easing of restrictions – we will hold our first in-person meeting, our CFO Seminar, at the end of June (location TBD) and hold our Georgia Leadership Council Forum in-person on June 28. And the conference in September. 

I’ve said so many times that the arc of meetings during COVID was like this: Plan the meeting, book the hotel, promote the meeting, watch the registrations climb, meeting draws near, registrations begin to cancel, then the meeting cancels. We did that dance too many times in 2020. For our November Board of Directors meeting, we asked our 24 Board members if they wanted to meet virtually or in person. Twenty two said they wanted to meet in person, so we planned the meeting. The week before, in the face of too many cancellations, we moved the meeting to virtual. It was a discouraging, defeating, and tiresome cycle.

So if the cancellation of the 2020 in-person conference was a sign of despair, let this now be a sign of hope, of light, and of hopefully reaching the end of this pernicious thing that has dogged us for so long. As I said in the email below, “The sun will shine again.” And indeed it will – in San Antonio, in September.

I want to thank all of you who have stood by us, who have gamely pivoted with us to the virtual world. It wasn’t a world we wanted, but it was the world we were handed. I want to especially thank our associate members. The face to face meeting is their lifeblood, an option they didn’t have for the past year. They, too, stood with us, and we are grateful. And finally, I want to thank my team here at NAPEO. I use the royal “we” all the time, but the truth is they are the ones who are doing the innovating, the pivoting, the work. 

As I always say, this thing isn’t completely over yet, but we appear to be moving in the right direction. I look forward to seeing – and celebrating with – you all in San Antonio. 

All the best,

Pat Cleary
President & CEO
NAPEO
707 N. St. Asaph St.
Alexandria, Va. 22314
703-739-8163

10 Workplace Safety Considerations for Small Business Owners

Image

Content utilized to create this post was from Forbes Magazine’s Human Resources Council (includes Megan Leasher, Nicole Smartt Serres, Sameer Penakalapati, Tracy Cote, Chris Stanzione, Subhashree Chaudhuri, Courtney Peterson, Tina R. Walker, Kristin Fowler & Madhukar. Govindaraju)

The vaccines have arrived and the numbers are trending up, down and all around depending on what network your watching and who you are speaking with. The fact is small, midsize and enterprise level businesses are considering what approach they should take for getting their staff back to work in an office environment. The majority of small and mid-sized employers are looking at using a blended approach, meaning they plan on implementing more work from home flexibility with their existing in office staff. 59% of those that are working from home support a work schedule that allows working from the office and at home. We wanted to provide 10 impactful considerations for employers as they forge forward.

TEN WAYS TO CREATE A SAFE WORK ENVIRONMENT


  1. There is no one-size-fits-all approach

Have a plan that fits your cultural goals and direction. Your plan should be a blend of meeting all safety & risk management guidelines from a legal perspective along with proper consideration for what the organization and its people need.

2. Communication is not a one way street

Involve trusted staff to carry the message of your risk & safety policies. Encourage employee participation in the development process. When your employees feel that their input is valued your office will be engaged in carrying your message. Design the process to be sustainable at all levels of your organization.

3. Proper work-life balance impacts mental health

Employees may be asked to get used to another new normal. Whether that means coming back into the office on a more regular basis or permanently, try and remember that by and large employee mental wellness suffered throughout the pandemic. As you take steps to protect the safety and health of your workforce, do not overlook mental health and wellness. Everybody has unique circumstances that may adversely impact their mental well being so little adjustments like extending flexible work hours can go a long way to employee satisfaction.

4. Play by the same set of rules – that means everybody

It is easy to become disregardful of even the most sensible of guidelines that have been established for the greater good of the group. Implementing common-sense guidelines supported by your state or OSHA need to be followed by everybody. Consistency is the key for resonating the message. Send out reminders as often as necessary and echo your message firmly. Somebody who refuses to abide by clearly defined rules may need to be sent home. Be relentless about making sure everybody is playing by the same set up rules.

5. Be mindful of each other’s responsibilities

Small to mid-sized businesses need to be aware of the risk and safety management responsibilities and the varying degrees the employer and the employee are responsible for. When it comes to providing a safe working environment, provide safety options, consider alternative ways of doing a job safely, and engage employees in a mutually agreeable way. Remaining open-minded and reserving judgement is crucial as well.


6. Tap into available consultative and training resources

Shameless self-promotion is coming in five, four, three, two and one; do you have access to safety and health resources through an agency, consultant or expert… such as a Libertate Insurance for example? Inquire about the available voluminous resources that your reliable partners posses when it comes to evolving environments, laws and compliance requirements! Leverage your partnerships especially those involved in your firm’s best interest and you will be amazed at what “we”, I mean they will be able to help you with.

7. Put safety policies front and center

Do you remind employees about the ongoing safety and mask campaign? Chances are safety policies are not necessarily the primary thought running through your employees minds while racing from desk to printer and back. Your firm’s culture needs to foster regular engagement to the point it becomes second nature. Emotional intelligence goes a long way in the delivery of your message. Remind employees of the care and concern leadership has for their well being, it will be appreciated.

8. Make health and safety part of your organization’s culture

It is all of our responsibility to protect each other and minimize risks. When you see something, say something. Avoid expecting somebody else to see and say something. Every member of the organization can play an active role and should.

9. Do they understand your expectations

If you create a health and safety culture with team members that own the message and every member of the organization is singing the same safety tune, you have won the expectation battle. Do not allow the loose ends or the uninformed be the squeaky wheel. Be consistent, be vigilant and be clear about what is expected.

10. Get creative about getting input from office and field staff

Companies have implemented daily check-ins, reporting processes and employee task forces to encourage information about risk and safety to flow in daily. Create a safety game, make sure managers are listening, remember one voice and one message. Make safety and risk management happen.