Protecting Your Organization Against Cyber Attacks

In today’s world everyone is susceptible to cyber attacks. In recent years, cyber attacks have emerged as one the more significant threats facing organizations of all sizes. According to a recent report from the information Systems Audit and Controls Association (ISACA), cyberattacks currently reign as the fastest growing form of crime. Some of the most common cyber attacks from 2020 were social engineering, ransomware, software update issues and web application attacks. These attacks can carry serious consequences for your organization-including lost data, disrupted operations, revenue loss, and legal fees. Consider the following measures to protect your organization from ransomware attacks:

Educate your employees. The biggest threat to your cyber security is your employees. According to historical claim data analyzed by Willis Towers Watson, 90% of all cyber claims stemmed from some type of employee error or behavior. Train your employees on how to prevent and respond to a malware attack.

Implement smart software. Install strong spam filters, anti-virus and malware programs, firewalls and patch management systems on all devices.

Enforce access controls. Only allow trusted, competent and qualified individuals access to sensitive systems or data. Such as multi-factor authentication, VPN and remote desktop protocol.

Ensure business continuity. Be sure to back up data frequently. In additional, conduct annual penetration testing and vulnerability assessments.

Ensure adequate coverage. It’s crucial to secure proper insurance coverage to stay protected in the event of a cyberattack. After all, even with proper cybersecurity measures in place, attacks can still occur.

The below link is a Cyber Risk Exposure Scorecard. After completing all of the questions, total the score to determine your organization’s level of cyber risk.

At Libertate, we want to insure that every organization is protected and prepared. We offer the following solutions and services for PEO’s and their client companies.

  • We have access to over 25 cyber carriers for the PEO.
  • Master cyber programs to protect PEO client companies.
  • Incident response platform to help identify cybersecurity issues. The cloud based platform has a 100% detection and close ratio. It is also backed by a $250K warranty should it fail the end user.
  • Our experts can evaluate your current cyber coverage that is placed outside of our agency.

For additional cyber security guidance and insurance solutions, contact us today at sales@libertateins.com.

Data Breach Response Plan

Our business associates at Regions Bank have put together a great article on creating a Data Breach Response Plan. Q1 2019 to Q1 2020 reported a 273% increase in data breach exposing 8.4 billion records, from insurance providers to credit bureaus, 2021 is expected to report higher threats. In the last couple of weeks there has been a lot of noise surrounding cyber security, which brings to light what the projections or expectations for this upcoming year are. IBM identified that it takes companies an average of 280 days to identify and contain a breach/cyber security occurrence.

So What is a Data Breach Response Plan? In short, it is a roadmap for your company to follow should a breach occur. Similar to an Emergency Response Plan but for your data and IT platform. Top points from Regions’ article:

  • Build a Response Team; from Executive level through HR down to customer support and external vendors
  • Include and detail specifics for the following in your plan:
    • Identify breach; triggering events
    • Contain the breach
    • Notify Data Breach Team and initiate plan
    • Investigate
    • Notify internal and external relations of breach; as required by law
    • Safeguard data
    • Conclusion and review meeting; team meets to analyze breach and make adjustments to the existing plan

My personal add on this is to research and obtain a cyber security insurance policy, mitigate your cyber risk. Cyber insurance protects against damages caused by electronic threats to your computer systems or data. Cyber threats can lead to the theft, damage or misuse of sensitive information or other vital technologies and can result in downtime and recovery costs that often include specialized repairs and legal fees

Forbes’ article “The Best Cybersecurity Predictions for 2021 Roundup” gives us some insight as to what we can expect. Here are some of the highlights, click on the article link above for the full article.

  • 2020 reported cyberattacks on healthcare facilities in the U.S. affecting 17.3 million people in 436 breaches tracked by the U.S. Department of Health and Human Services (HHS) Breach portal.
  • Amid an expectation of decline to revenues in 2021, 51% of executives plan to increase cybersecurity budgets

Govtech.com has also chimed in on where we need to protect ourselves for 2021 and what is expected to be at greatest risk; high points listed below, click link above for full article (interesting and informative read):

  • Increase attacks expected on home computers and networks; scary seeing as though many of us are still working remotely
  • Dark web expected to allow criminals access to purchase more sensitive corporate information
  • App stores through mobile devices and smartphones are expected to be attacked
  • Cloud base push for storage will likely create gaps in security
  • Application Programming Interfaces (API) threat models are high targets for enterprise breaches

Here at Libertate Insurance, data is a viable part of what allows us to do what we do for our clients. We hold data security at a high level of importance to our brand. We also know that the best reaction is a planned reaction. Putting a plan in place to protect your organization and your clients is important. We offer programs for cyber security that can further protect you, should you fall victim to the latest trends in the world of scams. Please contact us to review program details and understand the benefits of obtaining a cyber security policy.

Q4 2020 Cyber Risks & Liabilities Update

Some important trends that are threatening our businesses and ways to protect yourself.

How to Avoid Electronic Signing Service Scams

Although utilizing an electronic signing service can be a convenient way for your organization to digitally sign and exchange important documents (e.g., contracts, tax documents and legal materials) with stakeholders, doing so also carries significant cybersecurity risks.

Cybercriminals can utilize a variety of scamming techniques to trick electronic signing service users into sharing sensitive information, such as their signature, financial information and other personal data. From there, the criminals can use that information for a range of destructive purposes—including identity theft and other costly forms of fraud. These scams have become an increasingly prevalent threat in the midst of the ongoing COVID-19 pandemic, as many organizations have transitioned to fully remote operations.

In fact, DocuSign—a popular electronic signing service provider—recently released a statement regarding several new phishing scams that cybercriminals have implemented to fool victims into thinking they are using DocuSign’s services. These scams entail the victim receiving a fraudulent email that appears to be from DocuSign, urging them to either click on a malicious link (which then downloads malware on the individual’s device) or provide their personal information (which scammers then access to commit fraud).

Whether your organization uses DocuSign or a different electronic signing service, it’s important to educate yourself and your stakeholders—including employees, investors, customers and suppliers—on how to detect and avoid falling victim to these phishing scams. That being said, consider the following cybersecurity tips:

  • Be wary of responding to emails that claim to be an electronic signature request—especially if you weren’t expecting a request or don’t recognize the name of the individual or organization sending the request. Trusted senders would let you know they are sending a signature request before doing so.
  • Never click on links from electronic signature emails that appear suspicious—especially if the URLs for those links redirect to websites that aren’t secure or recognizable.
  • Review electronic signature emails for generic wording, grammatical errors and misspellings (both in the body of the email and within the sender’s email address). These mistakes are often key indicators of a phishing scam.

Cybersecurity Trends to Prepare for in 2021

This past year saw a wide range of changes and advancements in workplace technology utilization for organizations of varying sectors and sizes. But as digital offerings continue to evolve, so do cybersecurity threats. That’s why it’s crucial to remain up-to-date on the latest technology trends and adjust your cyber risk management strategies accordingly. As your organization starts to prepare for 2021, keep the following emerging cybersecurity concerns in mind:

  • Remote work issues—While remote working is a valuable method for protecting staff from the ongoing COVID-19 pandemic, this practice can also lead to increased cybersecurity vulnerabilities for your organization. After all, many employees may not have the same security capabilities in their work-from-home arrangements as they do in the workplace. As such, make sure your organization provides remote staff with appropriate cybersecurity training and resources, as well as implements effective workplace policies and procedures regarding cybersecurity.   
  • Cloud hijacking concerns—Especially with more employees working from home than ever before, maintaining cloud security is crucial. Cloud breaches have become more common in the past year, as cybercriminals have developed a method for hijacking cloud infrastructures via credential-stealing malware. To avoid this concern, utilize trusted anti-malware software and update this software regularly.   
  • Elevated ransomware threats—Cybercriminals continue to create new and improved ransomware attack methods each year. According to recent research from Cybersecurity Ventures, ransomware attacks are expected to cost organizations more than $20 billion in 2021, with an attack estimated to take place every 11 seconds. To help protect your organization from ransomware attacks, use a virtual private network, place security filters on your email server and educate staff on ransomware prevention.
  • Data privacy expectations—As more and more organizations start storing sensitive information on digital platforms, data privacy is a growing concern. If your organization stores sensitive information digitally, it’s vital to utilize proper security techniques to protect such data (e.g., encryption) and abide by all relevant data privacy regulations.
  • Skills shortages—Despite ongoing advancements in workplace technology, cybersecurity skills shortages have become a major issue for many organizations—with the demand for cybersecurity professionals exceeding the number of individuals that are qualified for such a role. This shortage emphasizes the importance of investing in effective cybersecurity tools across all workplace devices to help minimize your risks. 

With these trends in mind, it’s important now more than ever for your organization to secure adequate cyber insurance. Otherwise, you run the risk of your organization lacking the appropriate coverage and dealing with hefty out-of-pocket costs in the event of a cyber incident.

Smart Device Security Best Practices

As remote work continues to be a popular offering for many organizations, some employees have begun taking advantage of their own smart devices—such as smartphones or tablets—for work-related purposes.

While this practice can certainly help employees expand their remote work capabilities, utilizing smart devices within a work setting can lead to elevated cybersecurity risks. This is because your employees’ smart devices may not be initially equipped with the security measures necessary to defend against cybercriminals, thus increasing the likelihood of a cyberattack taking place.

Don’t let employees’ smart devices lead to a cybersecurity disaster within your organization. Utilize the following guidance to promote smart device security:

  • Establish a Bring Your Own Device (BYOD) policy that includes standards employees must uphold when using their smart devices for work-related purposes.
  • Have employees create complex passwords for their smart devices. Encourage staff to enable multifactor authentication on their devices, if possible.
  • Restrict employees from connecting to public Wi-Fi networks on their smart devices. Be sure to establish a virtual private network for staff to use to ensure a safe, secure connection.

Have employees conduct routine software updates on their smart devices to prevent potential security gaps.

For additional cybersecurity guidance and coverage, contact Libertate Insurance today, we are offering Cybersecurity Programs.

Report: COVID-19 Accounts for 1-in-9 California Workers’ Comp Claims in 2020

Wow — We are seeing a depletion of capacity/increased costs for health care and other “client-facing” industries.  The why —

“CWCI says that brings the total for the year to 41,861 claims, or 11.2% of all California job injury claims reported for accident year 2020. Those claims included 224 death claims, up from 160 reported as of Aug. 10.”

.005 of all claims in California are a COVID19 fatality year to date.  The unknowns are the reopens, adjusted reserves and longevity of the severe and critical patients.  Still much unknown –

September 28, 2020

The California workers’ compensation COVID-19 claim count continued to grow in August, albeit at a much slower rate than in July, with new data showing that as of Sept. 21, the state had recorded 5,130 COVID-19 claims with August injury dates, according to data compiled by the California Workers’ Compensation Institute.

CWCI says that brings the total for the year to 41,861 claims, or 11.2% of all California job injury claims reported for accident year 2020. Those claims included 224 death claims, up from 160 reported as of Aug. 10.

The latest claim count shows that the number of COVID-19 claims reported to the Division of Workers’ Compensation doubled from May to June, then increased another 16% in July. The numbers reported for August, however, fell sharply, even accounting for the lag in the reporting of COVID-19 claims, according to CWCI.

The CWCI projects there could ultimately be 8,208 COVID-19 claims with August injury dates. Given that the latest tally suggests COVID-19 claim volume may have peaked in July, CWCI is now projecting 48,086 COVID-19 claims with January through August injury dates, which is less than the January through July projection from last month.

CWCI reports that the distribution by industry shows health care workers continue to account for the largest share of California’s COVID-19 claims, filing 38.1% of the claims recorded for the first 8 months of this year, followed by public safety/government workers who accounted for 15.8%. Rounding out the top five industries based on COVID-19 claim volume were retail trade (7.6%), manufacturing (7.6%), and transportation (5.0%). In addition, the percentage of denied COVID-19 claims declined to 28.6% from CWCI’s May report of 35.5%.

Related:

Phishing Scam Targeting PEOs

See below from our friends at NAPEO…

 

 

 

 

Today, a PEO notified NAPEO that they and their clients were the victims of a novel phishing scam. Under this scheme, fake Google advertisements were created to mimick the PEO’s legitimate ads and appeared when any variation of the PEO’s name was searched. The phony ads then redirected anyone who clicked on them to a phony log-in page for the PEO’s payroll software. The unaware victims had their personal information captured, including usernames and passwords.

The PEO is working with Google to take down the fraudulent ads. They have also notified all victims and have secured any jeopardized accounts.

Please remain vigilant against these types of scams. You should also consider checking to see if any of your company’s Google ads are being mimicked to commit fraud. Additionally, you should consider recommending that all clients and employees enable two factor authentication, where available.

 

The New Normal….Pandemic Insurance Products

It was only a matter of time before insurers began to develop products to cover pandemics.  The products range from traffic monitor apps that pay insureds based on a minimum threshold to relapse coverage that protects businesses forced to shut down a second time.  The complete article from Reuters is below.

————————-

Insurers are creating products for a world where virus outbreaks could become the new normal after many businesses were left out in the cold during the COVID-19 crisis.

While new pandemic-proof policies might not be cheap, they offer businesses from restaurants to film production companies to e-commerce retailers ways of insuring against disruptions and losses if another virus strikes.

The providers include big insurers and brokers adding new products to existing coverage, as well as niche players that see an opportunity in filling the void left by mainstream firms that categorize virus outbreaks like wars or nuclear explosions.

Tech firm Machine Cover, for example, aims to offer policies next year that would give relief during lockdowns. Using apps and other data sources, the Boston-based company measures traffic levels around businesses such as restaurants, department stores, hairdressers and car dealers.

If traffic drops below a certain level, it pays out, whatever the reason.

“This is the type of coverage which … businesses thought they had paid for when they bought their current business interruption policies before the coronavirus pandemic,” the company’s founder Inder-Jeet Gujral told Reuters.

“I believe this will be a major opportunity because post-COVID, it would be as irresponsible to not buy insurance against pandemics as it would be to not buy insurance against fire.”

The company is backed by insurer Hiscox and individual investors, mostly from the insurance and private equity world.

Restaurants in Florida’s Miami-Dade County, where Mayor Carlos Gimenez on Monday ordered dining to shut down soon after reopening, are now reeling, said Andrew Giambarba, a broker for Insurance Office of America in Doral, Florida.

“It’s been like they made it to the ninth round of the fight and were holding on when this punch came out of nowhere,” said Giambarba, whose clients include restaurants that did not get payouts under their business interruption coverage.

“Every niche that is dealing with insurance that is affected by business interruption needs every new product they can have.”

Filling the Void

Pandemic exemptions have helped some insurers emerge relatively unscathed and the sector has largely resisted pressure to provide more virus cover. Indeed, some insurers that paid out for event cancellations and other losses have removed pandemics from their coverage.

British risk managers association Airmic said last week that the pandemic had contributed to a lack of adequate insurance at an affordable price and most of its members were looking at other ways to reduce risk.

To help fill the void in a locked-down world, Lloyd’s of London insurer Beazley Plc, started selling a contingency policy last month to insure organizers of streamed music, cultural and business events against technical glitches.

“These events are completely reliant on the technology working and a failure can be financially crippling,” said Mark Symons, contingency underwriter at Beazley.

Marsh, the world’s biggest insurance broker, has teamed up with AXA XL, part of France’s AXA, and data firm Arity, which is part of Allstate, to help businesses such as U.S. supermarket chains, restaurants and e-commerce retailers cope with the challenges of social distancing.

With home deliveries surging, firms have hired individual drivers to meet demand, but commercial auto liability insurance for “gig” contractors with their own vehicles is hard to find.

Marsh and its partners devised a policy based on usage with a price-by-mile insurance, which can be cheaper than typical commercial auto cover as delivering a pizza doesn’t have the same risks as driving people around.

“Even when the pandemic is over, we believe last-mile delivery will continue to grow,” said Robert Bauer, head of Marsh’s U.S. sharing economy and mobility practice.

A report by consultants Capgemini showed that demand for usage-based insurance has skyrocketed since COVID-19 first broke out and more than 50% of the customers it surveyed wanted it.

However, only half of the insurers interviewed by Capgemini for its World Insurance Report said they offered it.

Bespoke Cover

Since businesses are only now learning how outbreaks can affect them, some new products are effectively custom-made.

Elite Risk Insurance in Newport Beach, California, has been offering “COVID outbreak relapse coverage” since May for businesses forced to shut down a second time, its founder Jeff Kleid said.

The policies are crafted around specific businesses and only pay out when certain conditions are met, Kleid said.

For film and television production companies that could be when a cast member contracts the virus, forcing them to stop shooting. Another client, which raises livestock for restaurants, is covered for a scenario in which it would be impossible to get animal feed.

Such policies do not come cheap. A $1 million policy could cost between about $80,000 to $100,000 depending on the terms.

“The insurance … is costly because it covers a risk that does not have a historical basis for calculating the price,” Kleid says.

And in March, when COVID-19 ravaged northern Italy, Generali’s Europ Assistance offered medical help, financial support and teleconsultations for sufferers when discharged from hospital, on top of regular health insurance.

It sold 1.5 million policies in just two weeks and now has 3 million customers in Europe and United States.

Some insurers are also working on changes to employee compensation and health insurance schemes. With millions of workers not expected to return to offices anytime soon, some large insurers in Asia are preparing coverage to account for that, according to people familiar with those efforts.

At least one Japanese insurer has started work on a product to cover employees for injury while working at home, they said.

“Working from home will be the new normal for years to come. That would make the scope of the employee compensation scheme meaningless if a person suffers an injury while at home,” said a Hong Kong-based senior executive at a European insurer.

(Reporting by Noor Zainab Hussain in Bengaluru, Suzanne Barlyn in Washington Crossing, Pennsylvania, Carolyn Cohn in London and Sumeet Chatterjee in Hong Kong; additional reporting by Muvija M; Editing by Tomasz Janowski and David Clarke)

https://www.insurancejournal.com/news/international/2020/07/10/575081.htm

 

Brief Update on Recent Activities By David Daniel, Florida PEO Lobbyist

Image result for florida

Update on Recent Activities related to COVID-19 from FAPEO –

There is a lot of COVID-19 related activity we have been working on for Florida PEOs as we face these uncertain times.  This email is intended summarize our recent work.

Emergency Orders at DBPR

With the required annual financial reports due to the Department of Business and Professional Regulation we contacted Secretary Beshears and asked that he issue an order delaying their due date.  Secretary Beshears indicated to us would be taken care of.

DBPR Emergency Order 2020 – 01 was issued March 16.  In the order Secretary Beshears suspends and tolls for 30 days any existing renewal deadline for a license, permit registration or certificate.

DBPR Emergency Order 2020 – 03 was issued March 23, 2020.  The order suspends and tolls through May 31, 2020 all time requirements, notice requirements and deadlines for final agency action or applications for permits, licenses, rates and other approvals under any statutes or rules.

Unemployment Compensation

As you can imagine there are reports from DEO of increased filings for unemployment compensation insurance.  While the UC Fund has significant resources available, as we have seen in the last recession, the unemployment compensation trust fund can go from flush to negative in a short amount of time.

It is expected with the dramatic decline in business activity related to the social distancing and businesses closures, employers will be forced to make some tough decisions with their workforce.  As you know, 443.131 F.S allows the Department of Economic Opportunity the ability to not charge an employer’s unemployment compensation contribution rate for a declared national disaster or an disaster of national significance.  Further, 443. 116 F.S. creates the short-time compensation program which allows an employer to reduce work for employees in lieu of layoffs with DEO approval.  We have requested DEO make the decision that this event and the subsequent layoffs which will follow are not chargeable to an employer’s unemployment compensation rate.  Further we have asked that if an employer chooses a short-time compensation arrangement it would also not be chargeable to their UC rate.

To that end, last week Governor DeSantis indicated in a press conference this event would not be charged to an employer’s unemployment compensation rate.  We are awaiting the official announcement from DEO.  There is no word yet on the short-time compensation and will let you know when we hear more from DEO.

Essential Business Sectors under CISA Guidance

The state and the country have been grappling with the impacts of decisions on social distancing, shelter in place orders and mandatory business closures.  Several counties have already issued emergency orders closing non-essential employers including Miami-Dade, Broward, Alachua and Duval counties.  We have asked the Governor’s Office to include professional employer organizations as essential critical infrastructure workers in any statewide emergency order mandating business closure.  At the direction of the Governor’s Office, we have based our request on Cybersecurity and Infrastructure Security Agency guidance.  (See attached)

While the decision to issue a statewide emergency order closing all non-essential businesses has as not been made to date, our proactive efforts have placed us in the best possible position to remain open.

Additional Readings – Statues Issued

443.131 F.S. – Click here to read more.

443.1116-F.S. – Click here to read more.

DBPR – Emergency Order 2020 – Click here to read more.

CISA Guidance on Essential Critical Infrastructure Workers – Click here to read more. 

State of Florida Emergency Order – Click here to read more.

 

Big Data – How Can It Help You?

“Big data” is present in every part of business and society in today’s world. Every medication that hits the shelves goes through extensive study and comparison utilizing big data. Every intersection with a traffic light uses big data to determine the length of time for each color. Gas prices, food prices, utility bills, EVERYTHING undergoes analysis using big data.

But you may ask, “but David, how does this affect my PEO?”

Answer your own questions and many more at 3:45 today at NAPEO featuring our CEO Paul Hughes!

Big Data – AI/ML Predictive Analytics and the Potential for PEO
Sheldon Brechtel, Jr., Executive Vice President – CIO, CCMSI
John Harman, SVP PEO Solutions Group, Aon
Paul Hughes, CEO, Libertate Insurance, LLC
Chase Pettus, Predictive Analytics, Gradient A.I.

 

If you’d like to know more about what is going on at NAPEO, see the schedule here!