White House Issues Ransomware Prevention Guidance to Businesses

In a recent letter addressed to corporate executives and business leaders, the White House emphasized that
bolstering the nation’s resilience against cyberattacks is a main priority for President Joe Biden’s administration.
Specifically, as ransomware attacks continue to rise in both cost and frequency throughout the country, the
federal government is urging businesses to take this evolving cyber threat seriously.

These attacks—which entail a cybercriminal deploying malicious software to compromise a business’s network or
sensitive data and demand a large payment be made before restoring this technology or information—have
quickly become a growing concern across industry lines. In fact, the latest research provides that ransomware
attacks have increased by nearly 150% in the past year alone, with the median ransom payment demand
totaling $178,000 and the average overall loss from such an attack exceeding $1 million.

While the White House has begun working with both domestic and international partners on various strategies to
prevent ransomware attacks, the Biden administration is also encouraging businesses to play their part in
minimizing this rising cyber concern. Rather than viewing ransomware attacks as a minor cyber risk, the federal
government is instructing businesses to view these attacks as a significant exposure—one with the potential to
wreak havoc on their key operations.

As such, the Biden administration is recommending that businesses convene with their senior leadership teams
to review their ransomware exposures and implement these top cybersecurity measures:


  • Utilize the federal government’s best practices. Businesses should be sure to incorporate the best
    practices outlined in the Biden administration’s Executive Order on Improving the Nation’s Cybersecurity. This
    includes the following practices:
    o Implementing multi-factor (MFT) authentication on all workplace technology
    o Leveraging endpoint detection and response tools to identify and deter suspicious network activity
    o Encrypting sensitive data to make it less accessible to cybercriminals
    o Developing a trusted and skilled workplace cybersecurity team
  • Ensure an effective incident response plan. All businesses should have cyber incident response plans in
    place. These plans outline proper response protocols and offer steps for minimizing potential damages during
    cyberattacks. Businesses should make sure to include several ransomware attack scenarios within their
    response plans and routinely test these scenarios with their cybersecurity teams. Based on test results,
    businesses should revise their response plans accordingly.
  • Conduct frequent data backups. In addition to the federal government’s best practices, businesses should
    also prioritize securely backing up all sensitive data, images and other important files on a regular basis.
    Conducting such backups can help businesses remain operational and continue to access crucial data in the
    event that any workplace technology is compromised in a ransomware attack. Data backups should remain
    offline (not connected to key business networks) and be routinely tested.
  • Keep critical networks separated. In order to keep ransomware attacks from fully disrupting their operations, businesses should attempt to segment their various workplace networks (e.g., sales production, and corporate) from one another rather than having a unified network. Access to each network should be restricted to those who use them to conduct their job tasks. Networks should only allow internet access as needed. That way, businesses can avoid becoming completely compromised by single-network ransomware attacks and continue performing critical functions.

  • Maintain updated security software. To help safeguard workplace technology from ransomware threats,
    businesses should equip their systems and devices with adequate security software—such as antivirus
    programs, firmware protections and firewalls. Further, this software must be regularly updated to remain
    effective. That being said, businesses should also consider utilizing centralized patch management systems to
    keep security software on a consistent update schedule.
  • Review workplace cyber security protocols. Apart from testing their response plans, businesses should
    also regularly assess whether their existing workplace cybersecurity policies, procedures and software are
    sufficient in protecting against current risks—such as ransomware threats. In particular, businesses should
    consider using a third-party penetration tester to review their ransomware defense tactics and overall
    cybersecurity capabilities. Businesses should work with their trusted cybersecurity teams and IT experts to
    make workplace adjustments as needed (e.g., updating policies or purchasing new security software).

For additional risk management guidance and insurance solutions email me James Buscarini, PCA at jbuscarini@libertateins.com or call me at 813.367.7574.

BUSINESS INSIGHTS

Brought to you by the insurance professionals at Libertate Insurance Services



6 Benefits to Attract and Retain Small Business Employees

Attracting and retaining employees is a constant struggle for organizations of any size, but it’s particularly so for small businesses. With smaller teams, employers need to hold onto talent whenever possible. And that can be a challenge, especially when resources are scarce as they are currently amid the lingering effects of the COVID-19 pandemic.

That’s why it’s critical for small employers to tailor their benefits offerings in a way that attracts and retains the most employees. One of the best ways to start this process is by surveying existing and potential employees. Employers can ask workers what types of benefits would interest them the most, then use that data to inform benefits decisions.

While each workforce will have unique needs and interests, there are some commonalities seen among small business employees. This article outlines six of the most popular benefits that small businesses are using to attract and retain employees.

1. Health Insurance

2. Leave Benefits

3. Performance Bonuses

4. Retirement Planning

5. Professional Development

6. Wellness Benefits

Health insurance – is consistently one of the most desired benefits among small business employees. That may be because healthcare is so expensive and is unaffordable without employer-sponsored insurance. Amid the COVID-19 pandemic, having good health coverage is more critical than ever. This provides employers with an opportunity. By offering generous health benefits, employers can compete for top talent. In fact, doubling down on health insurance might be a better option for some employers than adding other ancillary benefits that employees don’t need or want.

2. Leave Benefits – The ability to take time away from work is an important consideration for employees. And, in the wake of the COVID-19 pandemic, employees may have more caregiving responsibilities than they had before—making scheduling flexibility all the more important. Leave benefits will vary by workplace, but they typically include paid time off (PTO), vacation days and sick time. These types of leave usually come with specific use requirements. For employers looking to attract and retain employees, expanding these benefits could be a great leverage tool. This may include allowing faster PTO accrual, providing more sick days or allowing for flexible scheduling.

3. Performance Bonuses – Employees want to be recognized for their hard work. Failing to do so can lower morale and affect retention. Introducing performance bonuses as an employee benefit can be a way to combat this. Performance bonuses will vary, but the general idea is to compensate employees in some way for a job well done. How this looks in practice will depend on the employer. For instance, employees might receive incentives such as gift cards, cash, additional PTO or other perks, depending on their achievement. However, before implementing such bonuses, employers should ensure compliance with any applicable workplace laws regarding employee compensation.

4. Retirement Planning – Financial security is very important to employees, and that sentiment grows as employees near retirement age. It’s also top of mind for those struggling financially thanks to the COVID-19 pandemic. Employees invest their time and energy into their work. As a tradeoff, many employees want their employers to invest in their retirements in return for years of service. Offering a 401(k) with contribution matching can be a powerful attraction and retention tool, as it demonstrates an employer’s investment in their workers in the long term. 

5. Professional Development – Employees may leave a workplace simply because they want other opportunities or need more of a challenge, rather than being driven solely by compensation. Additionally, surveys suggest employees have been putting off job changes during the COVID-19 pandemic, meaning a wave of turnover may be coming soon. Employers may want to think proactively about ways to keep employees around.

In other words, when it comes to top performers, employers should be reluctant to let these employees go. That’s where professional development comes in. Generally, this involves cross-training employees on other positions or otherwise preparing them to take on additional responsibilities. This helps provide the employee with more growth opportunities while still keeping them within the business. Offering such development opportunities also signals to prospective employees that a workplace has upward mobility and is willing to help workers along with their career pathing goals—two factors that can weigh heavily in recruiting conversations.

6. Wellness Benefits – Wellness is a hot topic these days, and employees are looking more and more for employers who take wellness seriously. This can be especially true in the wake of the COVID-19 pandemic, where health consequences are interwoven with everyday decisions. In fact, through the lens of the pandemic, ignoring wellness initiatives may be interpreted as ignoring overall health—something employers obviously want to avoid.  

Different workplaces will offer different wellness benefits, but the purpose of any of them is generally to increase employees’ overall well-being. For instance, benefits may include mental health counseling, health breakroom snacks, gym memberships, fitness trackers, yoga sessions or other perks. When it comes down to it, employees want to feel like their employers care about them as individuals. This means prioritizing well-being.

“Everyone talks about building a relationship with your customer. I think you build one with your employees first.”

– Angela Ahrendts (Senior Vice President, Apple)

Conclusion

Knowing which employee benefits to offer as attraction and retention tools isn’t always easy. One of the best places to start is by surveying current and prospective employees, as the offerings are meant for them. Beyond that, the perks listed in this article have been shown to be popular among employees—making them a viable option to try as well.

However, these benefits aren’t employers’ only option to help attract and retain employees. Reach out to Libertate Insurance today to learn more about these perks and other potential incentives.

Benefits of Utilizing Post-Offer Medical Questionnaires in Your Hiring Practices

Prescient National produced this thought provoking look at how to effectively use Post-Offer Medical Questionnaires as a part of your hiring practices. The original post can be found by clicking here.

When companies think of managing their Workers’ Compensation costs, several key programs may come to mind. For example, Early Return to Work, Post-Accident Drug Testing, and establishing a network of medical providers have become second nature in the course of doing business.  While these post-claim activities will reduce costs after a claim has been filed, preventing a loss starts with strong hiring practices.

A comprehensive hiring program contains several standard components, such as pre-employment drug screening, criminal background checks, and reference checks. But perhaps none are more important than the Post-Offer Medical Questionnaire (POMQ). As health conditions, such as obesity, diabetes, and previous surgeries continue to contribute to Workers’ Compensation costs, employers who incorporate the POMQ can rest easy knowing they’ve taken every step necessary to ensure that employees can perform the essential functions of the job, without endangering themselves or others.

What is a POMQ and How Does it Mitigate Potential Injuries?

The POMQ is a document with questions about a prospective employee’s prior medical history.  The POMQ helps an employer understand if the individual will be able to complete the essential functions of the job with or without a reasonable accommodation. Its goal is to help match the candidate to the physical requirements of the job and prevent putting an employee in a job that could be unsafe for him or her, other employees, and the company. It’s good stewardship. 

Let’s use an example to illustrate:  An employer in the home healthcare industry employs nurses who travel from one home to another to provide care. The company conducts pre-employment drug screening, motor vehicle record checks, as well as criminal background checks and reference checks, but it does not use a POMQ as part of its hiring practices.  One day, while making a sandwich for a client, an employee bends over to pick up a piece of silverware that has fallen off the counter. When he stands up, he feels pain in his lower back and decides to file a Workers’ Compensation claim. When the claim is received by the insurance carrier, it is determined that the employee has had two prior back surgeries and that picking up the piece of silverware has aggravated his pre-existing back condition. After a doctor’s assessment, the employee is scheduled for a third back surgery, which will cost approximately $100,000. It is estimated that this claim alone will increase the employer’s experience modification rate from a 1.00 to a 1.50, which will cost the firm $500,000 in additional Workers’ Compensation premiums over the next three years. The employer was shocked to learn of the employee’s prior health condition and is frustrated that the employee cannot return to a “light duty” job, because the employee has been written completely out of work.  Additionally, the employer is worried that the employee was placed in a position that required lifting and walking assistance for an elderly client, and wonder about future lawsuits from “negligent hiring” practices.

In the example above, the employer could benefit greatly from the effective use of a POMQ.  Uncovering the prospective employee’s prior back surgeries would have allowed the employer to make a well-informed hiring decision, which would protect both the employee and its client population from injuries. For the POMQ to be “effective”, an employer must follow the rules of its use.

How to Use the POMQ

Under the Americans with Disabilities Act (ADA), employers are allowed to conduct medical inquiries of prospective employees as long as certain rules are followed. First, the document can only be used after a job offer has been made (i.e., “post-offer”), but before the employee is placed into the job. This means, for example, an employer cannot ask an applicant to complete a POMQ while filling out an application. Just as with background checks and drug tests, POMQs can also be part of the contingent post-offer process, but only if all new employees in the same job category are required to complete a POMQ.  All information on the POMQ is protected health information and must be handled responsibly (typically by HR), kept confidential, and secured separately. 

An applicant must be provided with a copy of the written job description that outlines the physical requirements of the job. The questions on the POMQ must be “job-related and consistent with business necessity.” This means that the job must contain physical exertion that has been documented and is essential. It also means that employers cannot inquire about any family medical history. The job description in our home healthcare scenario, for example, may require employees in the position to be able to lift 50 lbs. The POMQ will include a question related to the amount of weight an individual can comfortably lift unassisted. If the candidate is unable to meet this requirement, the employer will solicit a medical opinion and provide the doctor with a copy of the written job description. The candidate can meet with his or her own physician or with the company physician to determine if the job requirement can be met and what, if any, accommodations can be made to meet those requirements.  

Depending on the physician’s medical assessment, the employer (assisted by feedback from the candidate), must determine if the recommended “reasonable accommodation(s)” can be made to enable the candidate to meet the essential requirements of the job. This may involve modifying the job, if possible, or purchasing additional equipment to help with the task, depending on whether this is a reasonable expectation for the business to undertake. If no reasonable accommodation is available, an employer can withdraw the offer. 

POMQ Red Flags

There are certain red flags to look for in a POMQ. Ensure that every question on the POMQ is answered. Often, we see a candidate forget to complete a question or perhaps even refuse to answer a question. All questions should be addressed to avoid potential issues down the road. Look carefully to see if the candidate documents something that doesn’t match with the requirements of the job to address any discrepancies or potential problems. Also, make sure the document is signed by the candidate. 

Note: If a candidate is untruthful on the POMQ and aggravates a pre-existing injury on the job, in many states the claim may be denied. In most cases, the injury/aggravation must be to the same body part where he or she suffered a prior injury which was not disclosed. Typically, it must also be established that the employer would not have hired the employee if he or she had indeed disclosed the prior injury and the injury would not have allowed him or her to safely perform the essential functions of the job, with or without a reasonable accommodation.

At Prescient National, we believe that well-informed hiring decisions drive down costs and improve employers’ profitability. Used correctly, a POMQ is a good tool to optimize employee safety and to help mitigate potential claims. Hiring employees fit for duty is productive for the staff, insulates an employer from legal liability, and enhances safety throughout the organization.

Moody’s Says COVID Impact on Insurance was ‘Moderate’

Moody’s opinion echos that of NCCI regarding the impact of COVID on the Workers’ Compensation system. More rate decreases to come???

Neither COVID-19 nor legislation enacted because of it has seriously harmed the creditworthiness of the property and casualty insurance sector, according to a report released by Moody’s Investors Service on Friday.

Businesses have filed about 1,700 business-interruption claims because of COVID-19 shutdowns, but those cases are largely being decided in favor of insurers, Moody’s said.

“US property policies typically require direct physical loss or damage to the property for business interruption losses to be compensated,” Moody’s said. “Moreover, most policies specifically exclude coverage for losses caused by a virus or communicable disease.”

But the battle for coverage, of course, is far from over. Only 20% of the cases filed have been resolved so far.

“A handful of courts have recently ruled in favor of insured parties despite standard policy wordings,” the report says. “Additionally, court decisions are subject to appeal, a process that could take years to resolve.”

Moody’s says it believes that ultimately, policy provisions will limit insurers’ business-interruption losses is the United States.

Photo by Nick Fewings on Unsplash

“Nevertheless, we expect the ongoing litigation will lead to inconsistent outcomes, appeals to higher courts, elevated legal costs, and some uncertainty on this matter for the next couple of years,” the report says.

For workers’ compensation, which makes up 14% of commercial line P&C premiums, the coronavirus pandemic has had only a “moderate” impact on claim costs, the report says. Moody’s echoed a report by the National Council on Compensation Insurance released earlier this month that said total COVID-19 workers’ comp losses amounted to $260 million in the US.

“The severity of these claims was generally low with 95% of the claims less than $10,000,” Moody’s said. “With more states enacting presumption laws in 2021, insurers will see additional claims but we expect them to be moderate.”

While the passage of presumption laws led to more claims for work comp, state lawmakers also enacted laws that limit exposure for commercial liability. Moody’s said the coronavirus liability protection for businesses that was adopted by most states is a “credit positive” for insurers.

The report says eventually, government might step in to create a public-private risk sharing agreement to cover business interruptions caused by future pandemics. Moody’s said bills were introduced in a number of states last year that would have required insurers to pay COVID-19 business-interruption claims, but none passed.

“With an eye toward future pandemics, some insurers and US legislators are considering public-private risk sharing arrangements to compensate small and large businesses for business interruption caused by pandemics,” the report says. “Common elements of these proposals are that P&C insurers would administer the coverage and assume a limited portion of the risk, while the US government would assume the bulk of the risk.”

5 Ways Cyber Business Interruptions Differ from Traditional Interruptions


Content taken from Andrew G. Simpson’s May 2021 article in the Insurance Journal and is a reformatted post

While a typical business interruption can often be a confusing insurance situation, the picture gets even muddier when it involves cyber coverage.

According to Chris Mortifoglio, who is a Certified Public Accountant and a Certified Fraud Examiner (CFE), understanding the “nuances and differences” of a cyber insurance business interruption exposure or claim compared to a traditional one is more important now than ever.

“I will tell you that in my experience business interruption is often the most misunderstood part of property coverage. Part of that has to do with the fact that it can be very subjective. If you have 10 accounts looking at the same set of financial data, you’ll oftentimes receive 10 different calculations or estimates of what a business interruption loss might be,” said Mortifoglio, who has been dealing with business interruption exposure assessments and claims for more than a decade as the director of forensic accounting at Procor Solutions and Consulting in New York.

A cyber business interruption risk can be difficult to estimate and manage. To further the understanding of cyber BI, Mortifoglio identified five areas where cyber BI differs from traditional BI: period of measurement; period of restoration; personnel involved; geographic constraints, and reputational risk.

1. PERIOD OF MEASUREMENT

The differences between traditional and cyber business interruption begin with the period of measurement or evaluation of lost business income, a period that typically runs shorter for cyber. The timing of a cyber incident can have a major effect on the amount of a potential loss. “Traditionally, when you have a property loss, you’re usually valuing the disruption for a period of weeks or months or years as it takes time to physically repair the property damage that was occurring,” he said. In a cyber incident, the loss may last for just a few hours or a few days. This much shorter time period requires detailed or as Mortifoglio refers to it “granular” on the impact and the disruption on a company. “This means that in order to properly evaluate cyber business interruption, you need much more granular levels of data, maybe even hourly revenue data, or certainly daily sales data, as opposed to a traditional business structure loss where, in some cases, monthly profit and loss statements are enough to evaluate the impacts of the loss,” he said. The granular data is particularly important, for example, when the business operates 24 hours a day, 7 days a week making online sales. “There may be much more greater impacts, and there may be more of a need to really drill down into the disruptions that happen at different times of the day. What happened at midnight versus what happened at 8:00 am?” he explained. When comparing traditional versus cyber BI coverage, the waiting periods following an event before coverage begins are usually different as well. The waiting period for a cyber policy is often denoted in hours, whereas a traditional policy is typically for at least a few days, although it may be written as 48 hours or 72 hours, as opposed to perhaps a 12 hour waiting period for a cyber business interruption loss.

2. PERIOD OF RESTORATION

Another difference is the period of restoration. Defining the period of restoration is very important because that drives the ultimate value of a cyber business interruption loss. The period of restoration is defined as starting on the date of loss, which is the date of physical damage, and ending on the date “when the repairs should have been completed if the insured had utilized due diligence and dispatch.” That period of time is the period of time that an insurance policy will provide coverage for any loss of business income. But determining when this period starts or ends is not always easy. “When it comes to property losses, there’s usually a very clearly defined start to that business interruption period, known as the date of loss. We can define very easily what that period of indemnity is and what a potential extended period of indemnity is because it all depends on the physical damage,” he said. If a fire, earthquake or hurricane impacts an organization, it’s not hard to define when that physical damage occurred. That is the starting point for the period of restoration. However, when it comes to cyber, “there is much less certainty, not only to when a cyber event has started, but also when a cyber event ended” including when the system was repaired and there no longer is a breach. These dates are critical to figuring out the period of time that’s going to be evaluated for a cyber business interruption loss. Mortifoglio recited some questions that come up when evaluating cyber business interruption: “When did the loss start? How do we know that it started at this point in time? Was there a full disruption for an organization or just partial. For example, was it a specific system that was impacted, an email system or an accounting system that went down? And then when did this loss end?”

3. PERSONNEL INVOLVED

So in addition to requiring more and different types of data, and presenting complexities around the period of restoration, cyber business interruption also typically calls for more personnel to become involved from an organization. Mortifoglio cited a need for personnel from the risk manager and legal counsel to financial, technology and operations officers as well as others to contribute to the assessment. First and foremost is the risk manager, the “quarterback of the insurance recovery process” who is helping to manage the actual claims process once something happens, not to mention being the purchaser of the insurance on the front end. After a loss has happened, somebody from the accounting or finance department — perhaps the CFO or the controller—should be called upon to provide the financial data required to quantify any business interruption loss. In addition, it’s important to have someone from operations to assure that the full impacts of the loss are being documented and also connected to the actual financial calculation. And there’s more. “You now have to bring in more folks from your organization to help really provide the picture in the story of what happened and help to properly and accurately quantify cyber business interruption,” Mortifoglio added. This means calling in folks from the IT team to help to identify the status of the cyber incident and define the period of indemnity and the period of restoration. “That’s going to help narrow down the exact period of time that we need to evaluate from a financial perspective to quantify the loss,” he said. Also, the chief systems or technology officer may be needed to oversee data privacy and records issues that may come up in a cyber incident. The legal department may also deal with privacy issues, general legal ramifications and coverage issues, as well as interface with outside counsel brought in to help deal with a cyber breach. “The addition to these extra personnel can add to the complexity of the process,” the Procor executive said.

4. GEOGRAPHIC CONSTRAINTS

Whereas a traditional business interruption claim may be geographically constrained, the same is not always true for cyber exposure. In a traditional scenario, the property damage is contained to either a single location or region that has been hit by a widespread catastrophe. “Think of a hurricane that hit the state of Florida, and if you’re an organization that has multiple locations there, you may have multiple instances of damage. You may have multiple locations that are being impacted,” he noted. When it comes to a cyber loss, these geographic constraints do not exist and an entire organization could be impacted around the globe at the same time. “If you are an organization with a global presence and you have systems that are connecting all of your physical locations around the globe, then a cyber incident may impact you around the globe without any sort of restraints as far as geographic regions. With traditional business interruption, organizations can mitigate their risk by spreading out their operations geographically to avoid a catastrophe, really hampering the entire organization. When it comes to a cyber loss, those types of geographic constraints no longer apply,” he said. For risk mitigation purposes, Mortifoglio stressed the importance of understanding that if a global organization is running systems used by the entire workforce, all operations around the globe can be impacted immediately. “It can make it more complex because you can’t just look at a single isolated location. You have to look at the interconnectivity of your systems to see if something were to happen to them, what would the operational impacts be on your organization? And that’s what’s going to help you evaluate the potential cyber business interruption,” he said. In short, there are no geographic constraints with cyber business interruption and therefore it is harder to mitigate.

5. REPUTATIONAL RISK

Finally, cyber BI carries with it a reputational risk that traditional property business interruption does not. When there is a traditional BI loss such as a fire at a factory, customers and the general public usually do not to have any sort of reaction. Most of the time, the general public is not even aware of the fire and here is no effect on the company’s reputation. However, if a company is hacked and customer records are stolen, Mortifoglio said this can result in a “breach of trust in the public’s eye” and the reputation of an organization can be significantly harmed, often resulting in extended financial losses. In the case of a data breach, even though the system has been repaired and the breach fixed quickly, customers may be hesitant to return to do business with the organization “until they have absolute confidence that it won’t happen again. It’s hard to determine how long that might go on.” However, the forensic specialist noted, cyber business interruption policies are building in coverage to help recover any losses tied to the transitional risks, in a way that is similar to the extended period of indemnity coverage in traditional property policies. “The thought is that once a cyber incident is repaired and a breach is fixed, there may be lingering impacts due to some reputational risk” and there should be coverage there to help capture those losses, Mortifoglio said.

“The notion of implied meaning is the root of misunderstanding.”

— Eric Parslow

PEO Compass brings insight to your PEO related business through real-time reporting, application of innovative technologies, and expert opinions on the industry’s most turbulent topics.  Learn about the latest trends in healthcare, risk management, workers’ compensation, and many other topics that affect the PEO community. To register and start receiving breaking industry news, legislative updates, small business, risk management, safety, property casualty, and all things relevant to the industry of professional employment organizations (PEO) click on the link below to register for free.


The Risk with Search Engines

It’s no secret that your technology company depends on the capabilities of your computer systems to function. You should be aware that simple actions your employees take could be putting your company’s equipment and networks at risk of cyber-crime, including cyber-attacks, cyber theft and other computer security incidents. The average cost of a single cyber-attack is incalculable—cyber-attacks can directly target finances and ruin a business’ reputation. Your business is at stake, and you should do everything you can to protect yourself.


The Risks of Web Searches

As an employer, you should educate your employees about searching for certain topics on the internet due to the risk of coming across websites encrypted with viruses or malware that could be detrimental to your computer systems. Stress that the potential for cybercrime could affect employees individually as well as the business as a whole. More than 90 percent of companies surveyed by the DOJ incurred either monetary loss, system downtime loss or both because of cybercrime, so take it upon yourself to put search engine guidelines in place.


The Web’s Most Dangerous Search Terms

Common term searches conducted online one can expose your business to the risk of cyber-crime. Encourage employees to avoid following suspicious results in search engines. Any result that promises free products or materials is suspect. The least risky search terms are usually health-related topics and searches about economic news. It is essential to remember that the number of dangerous search terms is ever changing. Hackers want to impact

the highest amount of people with the least amount of effort, so they aim for popular search terms most. Ill-intentioned hackers also adapt quickly to the fast-paced nature of the internet and the public circle, so oftentimes social or celebrity events popular at a given moment climb quickly to the top of the internet’s most dangerous search terms and are a high risk for infecting your company’s computers. According to the DOJ, industries considered a part of critical infrastructure businesses account for a


Simple actions your employees take could put your company’s equipment and networks at risk of cyber-crime, including cyber-attack, cyber theft and other computer security incidents.


disproportionate amount of computer security incidents. If your company is in any of these industries, be especially careful about internet searches to ensure computer safety and protect against potentially devastating loss, both monetary and in down time:

  • Agriculture
  • Chemical and drug manufacturing
  • Computer system design
  • Finance
  • Health care
  • Internet service providers
  • Petroleum mining and manufacturing
  • Publications/broadcasting
  • Real estate
  • Telecommunications
  • Transportation and pipelines

Take Precautions to Protect Your Business


There are examples of companies and organizations around the globe that had to shut down operations to address a large-scale virus or other malware issue. These problems can affect both large and small businesses and can cost hundreds of thousands of dollars to fix. Avoid putting yourself at risk by doing the following:

  • Enact a stricter internet use policy
  • Put more strict website blockers or filters in place
  • Educate employees about the hazards that risky search engine exploration can present

Some of these solutions may cost you in the short run but lowering your risk will ultimately save your company in potential identity fraud, monetary cyber theft or informational cyber theft in the future.

How Can There Be a Gap in Coverage?

…if coverage does not exist in the first place!

We have argued appropriately that coverage cannot exist based on a lack of insurable interest of the non co-employed employee. Not co-employment, not who was or was not payrolled, someone in the system knowingly committed fraud or else coverage would exist. This is not a “gap”, it is “black and white” in terms of coverage being purchased/provided or not.  The beauty of the workers’ compensation system is “The Great Tradeoff” – if you as the employer buy workers’ compensation (wc), you are protected from suit. Said simply, pay the wc insurance premiums and the employee base will be taken care of to the letter of the law.  In all States and DC (except TX, OK and NJ have opt out provisions), workers’ compensation is a mandatory purchase at certain employee counts (4 + typically).  There is no excuse to be ignorant of the need for workers’ compensation nor to pay the premiums necessary to ensure the proper medical and lost time payments due to an injured worker.  In all States, penalties and misdemeanors/ felonies follow with the lack of purchase of wc. 

In NO state is an industry group targeted as a proposed safety net to those that have failed to purchase insurance and committed fraud.  Instead, the fraudsters have a safety net to take the heat off them for not purchasing wc and doing the right thing in the first place. Since all states manage workers’ compensation differently with their own unique rules and rate sets, it falls upon each State to manage the occupational accident and illness exposure of its citizens.

Every state has some form of “subsequent” or “second injury” fund to make sure the cost of employers to hire prior workers’ comp claimants is offset and affordable.  This form of labor umbrella allows for employees to find gainful employment without putting their employers at increased financial risk based on prior events/claims.

Thirty-nine states/district out of 51 have what is generally known as an “Uninsured Employer Fund” (UEF).  In these states, it is all about making sure the injured worker(s) get treatment and benefits first, with the responsibility of the lack of insurance investigated at the same time with the appropriate parties.  The employer(s) whom were responsible for not buying insurance are held accountable, and most importantly, the claimant gets the benefits they deserve without delay and hopefully litigation.

The following 12 States do not have a UEF in order of population:

  • Texas (opt outs allowed)
  • Florida
  • Georgia
  • North Carolina
  • Indiana
  • Alabama
  • Louisiana
  • Iowa
  • Mississippi
  • Arkansas
  • Nebraska
  • Vermont

In these states, for the innocent claimants that have unscrupulous employers that do not wish to purchase workers’ compensation, there is little recourse outside of litigation.  

Not buying wc is fraud. Go after the perpetrators of the frauds and allow for a safety net for those that should matter the most – those the system is built to serve – the claimants.  An uninsured employer fund makes certain the Florida worker is covered, with the bill to be determined post-investigation.

It should be noted that either the Department of Labor or Department of Insurance of most UEF states are the governing authority and therefore something new would not need to be created.  A few states DCBS’ also handle.

Fears of unsafe conditions raise worker rights concerns

 

As the numbers of COVID-19 infections continue to climb, employment attorneys say fearful workers have limited rights in refusing to work, while employers have legal obligations to provide a safe place to work.

It’s an intersection legal experts say calls for enhanced communication between companies and their workers and a constant adherence to evolving state and federal laws guiding work during the pandemic.

“Companies need to assure employees they are on top of this; it goes a long way,” said Matt Hinton, New York-based partner for risk consulting firm Control Risks Ltd. He says the issue is one to watch as more states lift restrictions.

The Occupational Safety and Health Administration and the Centers for Disease Control and Prevention have both issued guidelines on workplace safely. As of Wednesday, at least one state — Oregon — is gearing up to create permanent workplace safety guidelines for infectious diseases.

A majority of employers say they have plans in place. And safety professionals are telling employers to encourage employee engagement in safety protocols. Yet concerns are growing over whether employers are doing enough. On Monday, unions representing some 60,000 Nevada hospitality workers sued three casino properties over alleged unsafe working conditions related to the coronavirus.

Worker fear is a genuine concern, but it’s not enough to refuse work, said Courtney Malveaux, Richmond, Virginia-based principal and attorney with Jackson Lewis P.C.

The rule is a worker must have a “specific” concern, he said. An example would be if the workplace is not clean, or the worksite is not following local regulations such as requiring individuals to wear masks.

“A generalized fear of COVID does not provide a basis for refusing to work; it has to be a specific fear of a circumstance at that employee’s workplace,” Mr. Malveaux said. “It also has to be a fear that is made in good faith and is reasonable to others.”

An employee with a compromised immune system or other health issue that puts him or her at risk for COVID-19 complications could be protected by the Americans with Disabilities Act, which would require the employer to work to find the employee an accommodation, such as an alternative work environment, he said. Any concern with work “must be specific to the workplace or the employee” with a health condition, he said.

Maurice Emsellem, Berkeley, California-based program director of the National Employment Law Project, said worker rights advocates are calling on the federal government to outline more specific guidelines for those who refuse work under certain conditions. He said that what is in place among OSHA, CDC and ADA may not be enough.

There is also concern that state unemployment agencies are not keeping up with the changing landscape. “(Workers) are vulnerable because they lose their unemployment benefits if the state agencies don’t do the right thing,” he said. “In general, workers have to know they can refuse unsafe work.” In most states, a worker who quits a job cannot collect unemployment benefits.

Expect litigation, said Maxfield Marquardt, Los Angeles-based counsel and associate director for regulatory affairs at Trusaic Inc., a compliance technology company. Many state laws create parameters for employees to work “at will,” he said.

“An employee has the right to not show up for work,” he said. “But will they keep their jobs? … An employer can say, ‘You want to work? Come in.’”

Disagreements over whether conditions are safe, or whether an employer is following safe guidelines, are “part of the reason you are going to see a lot of litigation,” Mr. Marquardt said. “Litigation and regulatory guidance are evolving at a fast pace. OSHA could change its guidelines Friday; the CDC may change its guidelines again.” How can companies avoid the potential legal mess? Pay attention and consider the federal, state and local workplace mandates as “the bare minimum” in ensuring safe working conditions, Mr. Hinton said. “The employee sentiment is the important piece,” he said. “Have a path for your employees to raise their hand and say, ‘This isn’t working.’”

Listening to employees will be key, said Kim Brunell, Washington-based associate director at Control Risks. “You have to have a collaborative approach to safety,” she said. “Employers that do that best consider the context of a particular work environment.”

 

Originally posted on July 1st, 2020 by Louise Esola for Business Insurance