Archive for the ‘Underwriting Matters’ Category

Hey Everyone … Let’s Not Go Phishing!

November 16th, 2020 by admin

Let’s take a moment to talk about one of the most feared issues facing the businesses, government and medical industries of our world today: a data breach.

It seems like every day we hear a news story regarding the theft of some database of a major retailer, credit card company, hospital or health insurer and even the federal government. But what, really, is a data breach?

Margaret Rouse of WhatIs.com defines a data breach as an incident in which sensitive, protected or confidential data has been viewed or stolen or used by an individual unauthorized to do so. These breaches may involve personal identifiable information such as social security numbers, addresses and driver’s license numbers. They can also include personal health information and medical records. The taking of intellectual business property and trade secrets would also be considered a data breach.

Whichever of these occurs, they all have one thing in common: They are never good and are usually costly.

The most common form of a data breach is an attack by a cyberhacker, which often comes from a phishing email that was clicked on by an employee. The hacker intends to break into a corporate or government network to steal sensitive data. But not all breaches are of the dramatic “black hat” legend we sometimes hear about and see in movies and TV shows. For example, if a hospital, retail or other company employee is not authorized to read certain data but looks at it over the shoulder of someone working on a computer or reading a file, this would also be considered a breach.

There are a number of industry guidelines and government regulations in place to ensure compliance of the handling of personal and sensitive information. The most common of these is the health care industries’ Health Insurance Portability and Accountability Act (HIPAA), which defines who can view your health records. Anyone who has seen a doctor or been to a clinic or hospital has no doubt signed a HIPAA form.

A lot of us may not be aware, but in the corporate world there is also something known as the Payment Card Industry Data Security Standard (PCI DSS), which dictates who may handle and use things such as credit card numbers, PINs and bank account numbers in conjunction with a person’s identity. If a company’s employee who is not otherwise authorized to use any of the information listed above were to do so and their action causes a breach resulting in a theft, then that corporation or organization could face fines and/or civil or criminal prosecution.

It’s a good idea to teach employees about phishing emails and how to avoid them. It might be as simple as looking for misspelled words and sentences where the syntax is off, or just noticing when you hover over the email address that it’s not what it appears to be. There are also programs that your IT department can install to help block some phishing emails.

It is almost inevitable that most companies keep some kind of sensitive or personal data in their files. This information is needed to process orders, service, payroll, billing, payment services, etc. However, if this data were to fall into the wrong hands, it could cause a lot of damage — the loss or your customers’ trust and business, as well as that of your employees and vendors, not to mention the cost of the security breach and possible civil litigation.

Especially during the pandemic times, when there is such an increase in telework, teledoc and tele-learning, potential exposure is at an all-time high. In order to help businesses protect their data from harmful breaches, the Federal Trade Commission has developed a guide with five key principles for protecting personal information:

TAKE STOCK — Know what personal information you have in your files and on your computers. Any effective data security plan starts with assessing what information you have, where it is and who has access to it. This would involve taking inventory of all computers, laptops, mobile devices, flash drives, disks and any other equipment that stores sensitive data. Talk to your respective company departments and staff and put together a complete picture of who sends sensitive information, how your business receives this information, what kind of information is being collected at each entry point, where this information is to be kept and who can and should have access to this information. It is also pertinent to check to see if there are any laws in your area with regard to data security.

SCALE DOWN — Keep only what you need for your business. If there is not a legitimate need to store this sensitive data, then don’t keep it. You should only hang on to this information for as long as it is necessary to conduct your business. Things like social security numbers should only be in areas that involve taxes and benefits and should not be used for things like employee ID numbers. Don’t keep credit card information if it is no longer needed after a sale or payment. Develop a records retention policy for what information will be kept and for how long.

LOCK IT — Protect the information that you need to keep. Many data compromises happen the old-fashioned way, with lost or stolen paper documents. Develop a security program for all sensitive paper documents, CDs, Zip drives, etc. Keep these under lock and key and keep control of who has keys and the number of keys available. Institute a workstation security policy for when employees are not at their station, log-on and log-off procedures, as well as a clear desk policy. Any sensitive data that is in transit either by carrier or via the internet should have encryption codes or PIN access. There are many other methods that can be implemented, such as restricting software download ability and a secure password management control.

PITCH IT — Properly dispose of what you no longer need. What looks like a sack of trash to you can be a gold mine for an identity thief. Leaving credit card receipts, papers or CDs with personal information in a dumpster facilitates fraud and exposes consumers to the risk of identity theft. Effectively dispose of paper records by shredding, burning or pulverizing them before discarding. Make shredders readily available throughout the workplace, including next to the copier. If available in your area, contract with a licensed document removal company to dispose of your paper documents securely. When disposing of computers and portable electronic devices, make sure the data is wiped clean using data erasing software.

PLAN AHEAD — Create a plan for responding to security incidents. Even though you have taken the steps necessary to protect your sensitive data, breaches can still happen. Have a plan to respond. Designate a senior member of your staff to coordinate and implement this plan. If computers are compromised, disconnect them from your network. Investigate where and how to close off the area of vulnerability. Have a list of whom should be notified regarding the incident both in and outside your organization. You may need to notify consumers, law enforcement, insurance carriers, credit bureaus and other businesses that may be affected. Many states and the federal bank regulatory agencies have laws or guidelines addressing data breaches. You may also want to consult your legal counsel.

The Federal Trade Commission is available to help prevent fraudulent, deceptive and unfair business practices and provide the marketplace with information to help consumers spot, stop and avoid these actions. For more detailed information on the steps listed above, contact FTC.gov or call, toll-free, 1-877-FTC-HELP. The information is valuable, but it’s free.

Explore all your options for cyber and network data liability risk, because even with the best intentions, plans and programs implemented, you may still experience a data breach.

One way to provide protection for your business when this does occur is to have a Network Data and Security Liability insurance policy in place. If your business uses the internet, then it is exposed to a cyber-risk that most likely is not covered under your current commercial insurance policy. In fact, typical general liability policies often do not cover activities associated with website publishing or network security. If that is not enough to convince someone to put this coverage in place then consider the following: The average cost per record of a data breach is approximately $180-$200 per record.

How many customers do you have if there was a breach, and how much insurance have you purchased for cyber exposures? According to a national survey, many businesses do not have the tools or procedures like the ones described early in this article in place to detect identity theft or a response plan to deal with the loss. Most victims do not even know that their data has been compromised until it’s too late. Statistics show that 86% of the breaches were discovered by a third party and that 92% of breaches were from external sources — 80% of these from overseas and 58% from organized crime sources.

There are also regulatory requirements currently in place that apply to most businesses and organizations. Data breach notification laws are in effect in most states, and they require the notification of customers in the event of a data breach. The Red Flag Rule now being enforced by the FTC requires organizations to have identity theft protection programs in place or be subject to penalties and or fines.

The compliance costs to notify customers as well as the risk of incurred fines and penalties can and will drive up your costs and could be even worse. So don’t leave your business unprotected. Telcom, in partnership with our insurance vendors Great American and Travelers, have insurance policies that can put protection in place for your business and your customers. Please contact your account executive or Telcom at TIG@telcominsgrp.com for more information on how to put this important coverage in place.

Any company can be exposed to risk when hiring the services of outside independent contractors or subcontractors. The goal of any business owner or risk manager is to reduce exposures and protect their organization’s financial interests. Transfer of risk to another party through a combination of contracts and insurance is one method that can be used.

A certificate of insurance form is a standardized document that provides evidence of insurance coverage. It will include the contractor’s coverage types and liability limits. Other information that you request may be listed on the document under the Description of Operations/Locations/Vehicles section.

When your company hires subcontractors, it is extremely important to get a certificate of insurance from each subcontractor working for you. Even if you trust your subcontractors and have worked with them in the past and knew they carried insurance at that time, you should require them to provide an updated certificate of insurance each time you hire them for a new job.

At minimum, Telcom recommends requiring subcontractors doing work for you to carry the following limits:

  • General Liability in the amount of $1 million per occurrence and $2 million aggregate
  • Auto liability at $1 million limits
  • Workers’ compensation at statutory limits

We also recommend that subcontractors carry at least a $1 million umbrella policy as an additional layer of protection and that the subcontractor list your business as an additional insured on the certificate of insurance.

Our goal is to protect you, and obtaining a certificate of insurance before the work is started will help us to do so if that contractor does damage or is injured.

Wrongful Termination

May 13th, 2020 by admin

“It was Johnson, Sir!”

“Johnson, you’re fired!”

Thus begins what can be a long journey down the road of wrongful termination and its legalities. Susan M. Heathfield, a noted human resources professional, describes wrongful termination in her article on About.com as ending a person’s employment for reasons that are discriminatory and unlawful. Wrongful termination also occurs when an employer fails to follow its written procedures for employee termination.

In just about every state there is what is known as “employment at will.” This defines the relationship between employers and employees as that the company does not offer a tenured or guaranteed employment for any period of time to any employee without an employment contract or written direction from the CEO/president. In this arrangement the company or the employee can terminate employment at any time, with or without cause and with or without notice.

This does not, however, allow a Wild West-type environment for the employer. There are certain laws in effect that protect employees from wrongful termination, and there are a host of situations that are protected and overseen by the Equal Employment Opportunity Commission.

The EEOC was created through the Civil Rights Act of 1964 and officially began its operations July 2, 1965. The EEOC is responsible for enforcing federal laws that make it illegal to discriminate against a job applicant or employee because of the person’s race, color, religion, sex (or pregnancy), national origin, age (40 or older), disability or genetic information. It is also illegal to discriminate against a person because they complained about discrimination, filed a charge of discrimination or participated in an employment discrimination investigation or lawsuit. These laws apply to all types of work situations, including hiring, firing, promotions, harassment, training, wages and benefits.

Headquartered in Washington, D.C., the EEOC has 50 field offices serving every part of the United States and has the authority to investigate charges of discrimination against employers who are covered by the law. The agency’s role in an investigation is to fairly and accurately assess the allegation of the charge and then make a finding. If its staff finds that discrimination has occurred, they will try to settle the charge. If they are not successful in reaching a settlement, they have the authority to file a lawsuit to protect the rights of individuals and the interests of the public. The EEOC also serves as an educational and technical resource to prevent discrimination before it occurs.

In its early days, the EEOC was sometimes referred to as the “toothless tiger” by many civil rights groups because of its lack of enforcement powers. Its reach has improved in recent years, however, and if one were to receive a notice of complaint from the EEOC, it would be prudent to respond swiftly and try to rectify the situation.

Federal law is but one way to determine a wrongful termination. Others include:

Breach of contract: The employer has a legal obligation to uphold all components of an employment contract, union-negotiated or otherwise. You will find that the majority of these contracts include specified employment-termination clauses that must be honored by the employer.

Breach of implied contract: The employer must take care that it does not imply in writing or verbally that employment is protected or guaranteed. This is where a good employee handbook comes into play. A thorough employee handbook will outline the guidelines and expectations of employment, and specify that it is not a contract. Most employers have their employees sign off on an employee handbook statement. If you have employees and you do not have an employee handbook in place, you are just asking for trouble. We have resources to help with templates if you need help developing a handbook.

Breach of covenant of good faith and fair dealings: A terminated employee will try to prove that their termination was unfair, that they were fired for no reason. If the employer follows its own guidelines outlined in an employee handbook, unfair termination will be very difficult to prove if the employer has kept good documentation regarding the employee’s job performance, annual reviews, performance problems, managerial counseling and probation warnings and periods.

Another area of public policy that brings the possibility of a wrongful-termination finding is the Family Medical Leave Act of 1993, which requires employers to provide job protection and unpaid leave for qualified medical and family reasons. These include personal or family illness, pregnancy, adoption or foster care placement of a child. Also included in this act is family military leave, a situation that has become very prevalent in the last 10 years with so many of our reservists and National Guard forces being called back into active duty to serve in our nation’s recent conflicts.

Also, a person cannot be fired who has been injured on the job and is currently under a workers’ compensation program. To be clear, they can be fired for cause, but not solely because they filed a workers’ compensation claim.

Even in cases where an employer has a good employee handbook and where an employee has followed the law and taken all the steps necessary to avoid a wrongful termination, you can still be accused and have a suit filed against you. In fact, the one thing I noticed while I was doing my research for this article was that whenever I searched the internet for information about wrongful termination the first items that appeared were lists of attorneys and law firms that handle wrongful termination cases.

You as an employer can obtain some protection in the form of an EPL (Employment Practices Liability) policy. These policies can be obtained on a standalone basis or as part of an Executive Management or Directors & Officers liability package policy. Contact a Telcom account executive that services your area to learn more about these valuable products and to find out how to put this protection in place. And, if you already have a policy in place and receive a notice from the EEOC, it’s time to put your carrier on notice of a potential claim.

Underwriting Matters

February 12th, 2020 by admin

Myth: Only those who are in a special flood hazard area can buy flood insurance.
Fact: Flood insurance can be purchased by anyone who lives in a participating community, which must enforce floodplain ordinances and building requirements that meet or exceed FEMA guidelines.

Myth: It doesn’t make sense to pay for flood insurance if you are in a low-risk flood zone.
Fact: People outside of high-risk flood zones file more than 20% of all NFIP claims and receive one-third of the federal disaster assistance for flooding.

Myth: I live in the desert, away from water. I don’t need to worry about flooding.
Fact: Deserts can experience flooding, because the hard soil cannot absorb rainwater, leading to flash floods, the most common form of flooding.

Myth: I don’t need flood insurance if I can get disaster assistance from FEMA.
Fact: A flooding incident must be declared a federal disaster by the president before FEMA assistance becomes available. Federal disaster declarations are issued in less than 50% of all flooding events. Even then, it would be a low interest loan that would need to be repaid. Any grants that may be provided are not enough to cover all losses, and you would be in line with everyone else. In reality, I wouldn’t count on FEMA assistance.

Fact: A flood or flash flood can happen in all 50 states in the U.S. and can happen at any time of the year. We all live in a flood zone.

Fact: It only takes 6 inches of moving floodwater to knock a person down and only 2 feet of moving water to carry your car away.

Fact: Flash floods can have walls of water 10 to 15 feet high.

Fact: The most common natural disaster in the U.S. is flooding.

Fact: Flood water may carry sewage, harmful microorganisms, sharp objects and other debris that are a danger to your health. You should never walk or swim in flood water.

Fact: Flooding is a “Top 5” cause of U.S. weather-related deaths. According to NOAA, in the 30- year span from 1994-2013, floods resulted in higher average fatalities than tornados, lightning and even hurricanes.

Although it may currently be the season for swooshing and sashaying down the winter slopes, it won’t be long before the snowpack melts, spring rains and summer storms are upon us, and flooding begins. Let’s take a few minutes to talk about flooding — what it really is and what if anything we can do about it.

As a noun, flood is an overflowing of a large amount of water beyond its normal confines, especially over what is normally dry land, and as a verb, it is to cover or submerge with water. In either case, flood is no fun.

Some floods occur suddenly and recede quickly. Others take days or even months to build and discharge. In any event, flooding is extremely dangerous and has the potential to wipe away an entire city, coastline or area and cause extensive damage to life and property. It can actually carry away objects like cars, houses, bridges, animals and even people. It can wipe out entire farms and forests. Floods can occur in varying sizes, duration and by different causes.

One of the most common is called a flash flood. This kind of flood occurs within a very short time (2-6 hours or, sometimes, within minutes) and is usually the result of heavy rain, a dam break or fast melting of snow. Intense rainfall from a slow-moving thunderstorm is a common cause of a flash flood. Flash floods are the most destructive and usually the most fatal type floods, as people are usually taken by surprise with little or no warning and no time for preparation. The impact is usually swift and devastating.

Rapid onset floods are similar to flash floods, but they usually take a bit longer to develop and will last up to a day or two instead of hours. This type of flood is also very destructive, but it does give a little time for preparation, allowing people to quickly stow or grab some property and escape to higher ground before the flooding gets really bad.

Slow onset floods are the result of rivers, lakes or other bodies of water overflowing their banks. This type of flood tends to develop slowly, giving people ample warning and time to make suitable arrangements. But when the flood finally occurs it could last for days or even weeks, causing widespread damage and the potential for other problems like mold and disease.

Any way you look at a flood, it will cause damage and difficult times ahead. Flood losses in the United States have averaged over $2.4 billion per year for the last 10 years and have only recently been overtaken as the No. 1 natural disaster in the United States by the wildfires in the western part of the country.

So, what can you do to help deter or prevent the effects of flooding on property and ourselves? If you live near a body of water you can build walls or levees, and you can plant vegetation to help with soil erosion. There are also things a community can do, such as better planning for water runoff, better building management and education of residents in any areas that may be susceptible to flooding. All of these steps will cost money, and some in reality may be unattainable. You as a company or individual can purchase flood insurance to help you reset from the damage, so to speak, when it occurs.

Flood insurance can be purchased in a couple of ways — through the private insurance market, which will be costly and possibly hard to find, or through the federal government’s National Flood Insurance Program, NFIP for short.

NFIP is an insurance program through the federal government devised to help provide financial assistance to those people suffering flood-related losses. Established as a result of the National Flood Insurance Act of 1968, NFIP began as a voluntary flood program in which local communities formally agreed to adopt and enforce floodplain management ordinances to reduce flood risk. In return for this, the federal government makes flood insurance coverage available for eligible buildings and their contents.

In the early years of the program, community participation was light. Then in 1973 — after a series of disastrous floods, most prevalent being those resulting from Hurricane Agnes — Congress passed the Flood Disaster Protection Act. This changed the program from voluntary to a mandatory program for structures located in special flood hazard areas (SFHA). In order for a community to obtain any federal regulated financing, participation and purchase of flood insurance became a requirement.

In 1983 the government initiated the Write Your Own program. WYO allowed the purchase of the federally backed flood insurance from property and casualty insurance companies. The companies were and still are responsible for the marketing, policy processing, claims administration and statistical reporting to the government. In return, the companies receive expense allowance for policies written and claims processed. This allowed for quicker and greater ability to purchase the insurance coverage, thereby strengthening the overall program.

In 1994, in order to strengthen the program further and to also to increase the policy base, Congress enacted the National Flood Insurance Reform Act. The purpose of this act was to improve compliance with the mandatory purchase requirements of NFIP by lenders, servicers and secondary market purchasers. It also increased the maximum coverage limits and added a 30-day policy waiting period, among other changes. The national Flood Insurance Program is now administered by the Federal Emergency Management Agency (FEMA) and is still evolving on an ongoing basis to continue to strengthen the protection to its policy holder and prospects.

A policy can still be purchased through a property and casualty agency and Telcom Insurance Group is one of those agencies. A purchased policy is rated based on several factors: the community in which the property is located; the particular flood zone the property is in; and the age, basic construction and structure configuration of the property.

For more information regarding the purchase of a policy though the national Flood Insurance Program, please contact your account representative at Telcom Insurance Group or contact our office directly at (800) 222-4664.

Don’t leave yourself without protection.