All posts by Will Rice

Claims Management, Cyber Liability Insurance, Line of Insurance, Loss Control, Risk Management

Social Engineering: Meaning and Impact

Definition

Social Engineering is the means of deception to extract sensitive, personal information that can then be used for further purposes, such as bank fraud, account takeovers, or identity theft. Cyber hackers primarily use social engineering when attempting to steal information of online users unaware of a hack currently happening. The main type will include phishing which fraudulently fishing for people’s information online through malicious contact.

Importance of Social Engineering

So why is cyber engineering important? Well, it can impact any of us at any time. Think about this. Currently, hackers have software applications designed to override firewalls and cybersecurity worth millions of dollars. However, hackers know technology is strict; a firewall will not listen give up information easily, but humans will. However, in a world of technology and hacking, hackers use human emotion and volatility as its main weapon. Hackers can sue the main target or those who directly know them to get any sliver of personal information that can help them in their quest. This is why every cyber user (which is most to all of us) needs to be aware of social engineering and its extreme dangers.

/p>

Impact of Social Engineering

Every day, cyber-attacks occur on users without them ever having the proper protection against the attack. Then, they lose precious financial or personal information to hackers. Social engineering will continue to happen and impact us as long as certain things remain constant. If users are still inputting too much personal info into websites that can be hacked at any time. If people remain unaware of releasing personal info of themselves or others to a hacker. Or if their cyber liability coverage does not protect themselves or their company against social engineering.

An Example

The scariest part of social engineering is sometimes the hackers never need to come in contact with the targeted account’s user. Once you give your personal information to a website like Facebook or Twitter, the social media company and all its employees with high-level access can access your data and sell it for profit.

In late July 2020, there was an aggressive twitter hack, According to a WSJ article, a user named “Kirk” on a hacking forum claimed he was a twitter employee who had gained access to many twitter accounts and was selling them from $500-$10,000 an account, including Joe Biden, Elon Musk, and others.

The problem with these social media companies is due to the employees’ level of cyber knowledge they will give everyday employees who make normal amounts of money way too much access to the internal networks of its website. These employees can take this information used for large-scheme hacks like that seen a week ago. Or, they can give bits and information to hackers of different user’s accounts, without the user ever knowing.

Social Engineering is a component of cyber liability coverage that is often overlooked by businesses in any ndustry. However, it should be a crucial component of any written policy regarding cyber liability protection, individually or company-wide. For more information, click here.

Claims Management, Cyber Liability Insurance, Line of Insurance, Loss Control, Risk Management

Why Passphrases are the Future of Logins

Every so often, whether it be for a company software program like MOZ, a school database like blackboard, or even a personal social media account on twitter, you get one of the two ominous messages.

The Unwanted Messages

You get the “time to reset your password” right after you slowly got used to your new password. Now you have to create a new password that’s memorable but is also hard to crack. Yes, it is a measure of security and caution from the website that is admirable. It is a pain at best for the user.

Then there’s the other message: “oops, you forgot your password too many times. Let’s reset it!” This one is arguably worse because of two things. One, you have to create a whole new password just like the mandatory reset times. But, you have to make it easier to remember than your last one, since you just forgot it. That makes hacking for these passwords so easy.

Where we are with Passwords

While there are some awesome dual-factor authentication apps and tricks as well as new biometric security measures, hacking password details could not be easier right now. Soon, we’ll be strictly using biometric passwords like eye scanning and finger pad touch. Or just using dual-factor using an app like duomobile. But for now, passwords are becoming ever so easy to hack for cyber criminals. They have more advanced technology that can run dictionary hacks and algorithm checks at 1,000,000,000 searches a second. And the only thing standing between your account with credit card info and their supercomputer is the password “qwerty12345.” All jokes aside, that password is extremely common, and there’s simpler derivatives of that password that make the 25 most common passwords of 2020.

Passphrases

While waiting for that futuristic physical password technology, allow me to introduce you to a better password type: pass-phrases. Pass-phrases are exactly what it sounds like. It’s not a word with numbers and symbols, it is a whole phrase that may include further numbers and symbols. While some say it is only a small step of improvement over passwords, let me tell you why they are much more protected.

Benefits of Passphrases

First, the guideline check is simple. They’re just as protected against password guidelines on the vast majority of sites. They are also supported by many sites as well, meaning you will be able to use these wherever you can use your normal pass-word.

They’re more secure. It’s that simple. The more characters and difference in the change of characters, the better. As in, if your password is football10!, that is a password a hacker can crack manually, it’s so straightforward. Now imagine it being “Mile High Miracle 512!” That’s 21 characters compared to 11, which makes the computers check for 10 factorial more possibilities. Simply, that means “football10!” Is a mid-sized fish in a river, “Mile High Miracle 512!” Is a krill in the Pacific.

Example of good Passphrases

Also, football is too simple, and there’s no change after football. Being as specific as possible is best. Take Mile High Miracle 512! Mile High Miracle is a nickname for a specific famous game that my favorite team, the Baltimore Ravens won (it’s a reference to them beating the Denver Broncos in Denver). Next, the 512 part. The game is mostly famous because of one play. The Baltimore quarterback, number 5, threw a last-gasp touchdown to Baltimore wide receiver number 12, to tie the game. 512 is incredibly more random than 10, yet feels more memorable. See how easy that was?

Concluding Thoughts

My point is that passphrases are easier to remember than those one word and 2 number passwords. Especially if they’re close to your heart and mean something. That could mean a song lyric/title/album, or a movie phrase, or a famous sports moment. So if you are a big music fan, next time you are resetting your Chase account, take a minute before you rush to put “RockFan12345.” Think about passphrases, and try something more along the lines of “St41rway 2 Heav3n” instead. Trust me, the time it’ll take to remember which e becomes a 3 is the difference between a bank account compromise and having your financial records safe.

Still confused? Want to learn more about passphrase protection? Or just about cyber security in general? Contact a risk advisor today at 914-357-8444 or visit our website here.

Employers Practice Liability Insurance, General Liability Insurance, Human Services Practice Group Content, Line of Insurance, Loss Control, Transportation Practice Group Content

Adult Day Care Considerations for Your Business

Running an adult daycare seems to be one of the harder gigs. Between keeping employees in check and fully trained and clients safe, it is a hard organization to manage. Our adult daycare inspection considerations list should help you keep insurance claims and deductions down. One less thing to worry about!

Insurance Considerations when Choosing which Adult Daycare Services to Provide

 

When running an adult daycare, you must understand that there are multiple types of insurance to cover you, your employees, your property, and your business. Some that you should consider when deciding on setting up your daycare center are:

  • Professional Liability – Covers your business from the negligence of employees and other defense/legal costs
  • General Liability – Liability for any incident that occurs within your business (slip & fall hazards or a loose handrail)
  • Auto Liability – For your workers who may transport clients/services to and from other locations
  • Abuse and Molestation Coverage – If the worker physically, sexually, mentally, or emotionally abuses a client

 

Adult Daycare: Safety Inspection Checklist 

Adult Daycares are meant to help adults who cannot supervise themselves during the day & may need help with basic care functions. This naturally means that these workers are constantly focusing on keeping patients/clients safe. Worker’s may overlook small issues, like a cracked sidewalk or an unsteady handrailing as their main focus is on the client, not their surroundings. A Supervisor should focus on making sure safety is a priority for employees & that the surrounding areas also well maintained & safe.

Here are just a few things you might want to keep constantly asking/monitoring:

  • Is the loading/unloading area clearly marked?
  • Are there any potholes in the parking lot?
  • Are there cracks in the pavement that needs to be repaired?
  • Do you have wheelchair-accessible ramps & handrails leading up to the main entrance clearly marked?
  • Are these ramps and handrails in good condition?
  • Are the emergency exits clearly marked and free of obstructions?

Safety Tips for Your Adult Daycare Center

 

While having a safety inspection checklist is definitely important, having certain safety parameters in play is just as necessary. This includes, but is not limited to:

  • Rigorous, continuous safety training – your employees are dealing with real-life adults that can be unable to perform simple functions without supervision. This means your employees need training to the max. Rigorous training with in-depth expert advice is important. What is also important is that this training never stops and is not just a 3-day course. It is a continuous learning process.
  • Safety Guideline/Handbook – Having a written word on the safety parameters and rules already gives the employees a better idea of how to handle their clients.
  • Mechanical Lifts & Safe Patient Handling
  • Handrails on stairways
  • Handicapped Bathrooms
  • Proper Lighting
  • Large, spacious areas
  • Medical supplies ready for immediate use

 

Adult Day Care Transportation Considerations 

When running an adult daycare, you need to think about how the adults in need of assistance will come to the daycare facility. If their caretakers at home do not have the time or resources to drive them there and back or make trips to various other locations to aid the adult, this is where your daycare service can flex its muscles. Having a transportation wing of your facility will make your daycare more profitable immediately. Offering the transportation of clients from home to daycare and back is the most important, but you can also offer trips to the grocery store, hospital, and sources of entertainment.

 

Before setting any of this up, you might want to think about the potential risks of implementing this transportation system. Who will be driving? Will they be using their own vehicle or a vehicle provided by your organization? Are they a good and safe driver? Do they need a specific type of license to drive an organization owned fleet vehicle? Will their actions cost me thousands of dollars? We suggest following these tips to make sure you have the necessary guidelines set to open up your transportation service.

 

Have a Motor Vehicle Record open for every single driver. Essentially, a MVR is a small summary of the driver’s previous record and any information pertaining to tickets they may have received. This report includes driver’s license info, date of birth, previous driving history, violations, etc.

 

Obtain comprehensive automobile insurance with medical, property, and liability damage included. That means if you/your driver is liable for an accident, you are protected and covered. If your car receives damages or is stolen (your property), you are covered. And if there is a medical injury due to a crash, you are also covered.

 

Contracting a professional driving company may be worthwhile for your company’s success. If you are unsure of your workers serving as part or full-time drivers, hiring professionals is worth it. They are experienced and bring less risk into the equation. Spending more on their services may cost you less in the long-run.

 

Conclusion

To conclude, running a daycare for adults is not easy. There are a lot of risks and potential costs to consider. But taking our adult daycare inspections tips into consideration will help your organization to succeed.

 

Still, need help? Still, have questions? Contact a risk advisor today at 914-357-8444. Or, visit our website here.

 

Other

Telehealth Growth During COVID-19

While many markets have plummeted due to covid-19, one has seen immense growth: the telehealth market. Telehealth has come to be a great alternative for people trying to get medical advice on physical, behavioral, or mental questions. Whether it be a therapist for depression, a physician for a knee discomfort, or concerns and questions about covid, telehealth succeeds in helping all those hypothetical patients. Here are a few ways employers can help employees through telehealth during the pandemic. 

Allowing More Access to Telehealth:

While most employers offer their workers telehealth services, it is only to an extent. Allowing employees 24/7 access to medicals experts will increase morale and decrease employee injuries/mental wellness. While these experts can’t do things like diagnose covid or help with physical relief like in-person treatment, these experts can give crucial advice and medical insight into how to deal with these issues/symptoms.

 

More Communication about COVID:

The more your employees know about the covid disease and the current updates on it, the better. That is why a new study says at least 63% of workers would like their superiors to update them on covid-related info daily. Things such as news on daily stats, local news of covid, and about how medical experts are progressing on prevention.

Financial Incentives for Telehealth:

Just like employees, employers want their company to stay away from physical medical help as much as possible. They have as much incentive to keep their workers healthy and away from high-risk locations. That is why financial incentives such as discounts and small gift-cards benefit everyone. Employees get small financial incentives for going with telehealth. Employers, meanwhile, keep their employees safe.

 

Still want more information? Still have questions? Visit either of the two linked websites above. Contact a risk advisor today at 914-357-8444. Or, visit our website here.

Claims Management, Human Services Practice Group Content, Other, Workers Compensation Insurance

COVID-19 on NYS Workers Compensation

The COVID-19 outbreak has spread all throughout America, but most notably in New York. Considering America’s largest metropolitan hub is New York City, when the disease hit it was bound to be catastrophic. Due to the heavy outbreak in New York, Governor Cuomo ordered a stay-at-home rule for nearly three months. This resulted in higher unemployment and less in-person work happening.

Increase in COVID-19-Related Workers Comp Claims

What exactly does this mean for Workers Compensation claims? It depends on what types of workers comp claims. Considering health care workers and essential first responders are eligible for workers comp, the workers comp claims due to the contraction of coronavirus have been large in quantity and amounts paid out. Coronavirus claims have been costly for insurance carriers per claim for two reasons.

First, the medical bills related to treatment of the virus are hefty: 6 days of hospitalization can cost $40,000. Second, insurance carriers set a high standard for respiratory Workers Comp claims after the 9/11 attacks. Respiratory diseases lime coronavirus can have permanent or long-term impacts, meaning more money out of insurance carriers. And because the coronavirus is a temporary pandemic and is no fault of the employer, premiums can not necessarily increase, meaning greater losses for carriers due to the costly COVID-19 workers comp claims.

Decrease in Non-COVID-19 Related Workers Comp Claims

However, the COVID-19 impact on NYS workers comp does not end there. Because of the lock down, the number of non-COVID-19 workers comp claims has significantly shrunk these past 3 months. So, financially, while the COVID-19 claims are more expensive than regular workers comp claims, the number of COVID-19 claims is still not as large as the average amount of workers comp claims, meaning that both of these effects of the outbreak have offset each other financially.

The question is now whether insureds will protest that due to there being less workers on payroll and claims being filed, WC premiums should decrease, meaning insurance carriers charge less on premiums to pay out almost the same amount of money. It is important to know the outbreak is not over and these figures may change when the pandemic finishes. Keeping up to date with the official NYCIRB and NY officials is the best way to keep track of insurance on workers comp effects from the pandemic.

Still confused? Still have questions? Call a risk advisor today at 914-357-8444 or visit us here at our website.

Note

*All of these statistics and findings were found in a June 2020 report on COVID-19 and Workers Comp claims written by the NYCIRB. The link is mentioned in the article, and can be found here.

Other

What is the I-9 Form: Explanation and Advice

The I-9 Form is also known as the Employment Eligibility Verification. In the simplest terms, it is used to check the validity and identity of workers attempting to be hired for employment in the United States. It is to make sure workers are using their correct identity when applying for a job, citizen or not. Workers and employers alike have to fill it out on the employees expense to make sure each adds up. Part of the I-9 Form asks to prove identity by showing identity documents. These can include things such as birth certificate, license, ID card, passport, or SSN card.

Here are a few tips on what to and not to do with the I-9 Form:

  • DO Use the most recent version of the form
  • DON’T Complete an I-9 for independent contractors
  • DO Complete Section 1 by the end of the employee’s first day
  • DON’T Mandate Voluntary Data Elements
  • DO Complete Section 2 within 3 business days
  • DON’T Specify Documents to present
  • DO Review the documents with the employee present
  • DON’T Accept copied or expired documents
  • DO Stay consistent with photocopies
  • DON’T Complete Spanish version (unless in Puerto Rico)
  • DO Keep the form on file for the minimum period
  • DON’T Forget the I-9 is mandatory
  • DO Re-verify when necessary
  • DO Maintain a separate I-9 file

 

Still have questions? You can contact a risk advisor today at 914-357-8444. Or, you can visit our website here.

Claims Management, OSHA, Risk Management, Workers Compensation Insurance

Work Injuries – Main Types and Causes

Work injuries are all too common in the workplace. Just this year alone, workplace injuries will cost businesses over $59 billion, and that number continues to increase every year. Among the list of top workplace injuries, the “usual suspects” always rank near the top. These being accidents caused by falling, mishandling of objects, and auto incidents always rank near the top. Improper machine use, slip and trip, and awkward posture also cause thousands of injuries a year. The other injury type that has come on of late is overexertion. Overexertion injuries cost $1 billion every week in treatment alone, and ergonomics, the study of how to improve workplace efficiency, is dedicated to stopping these injuries.

Many define work injuries as specific physical damage to a worker while on-site or completing a task at work. This is an important definition as it can be very unclear whether a worker deserves workers comp. or not based on his injury.

While we list the top-10 types of work injuries, there is a root cause for all work accidents. The number one reason for work injuries is negligence from a worker or employer. Many injuries can be avoidable if the worker pays more attention to certain surroundings in the work environment. Or, if employers paid attention to their worksites and their worker’s health and safety. Another way injuries can be avoided is more employee training. With more safety training and knowledge on how to use machinery/handle objects, employees’ jobs are a whole lot safer. Employers should invest the money into this training. While it may not be a profitable payment, they save hundreds of thousands on fewer workers comp claims and lower insurance premiums. Additionally, employees have more job training and can work more efficiently with greater output. This is an obvious win-win.

View our Work Injury Infographic

Loading…

For more information, contact a Risk Advisor at 914-357-8444.

Claims Management, Cyber Liability Insurance, Loss Control, Risk Management

Cognizant Gets $400 Million Payout After Cyber Attacks

Technology consultant firm Cognizant fell victim to cyber-attacks caused by a ransomware attack last April. The hack disrupted thousands of employees from accessing networks from their home during quarantine. Clients also disallowed Cognizant to use their networks in case of further breach, causing major revenue and clientele loss.

Cognizant losses total $50-$70 million in lost sales, higher premiums, and defense/legal costs. Without cyber insurance however, the losses would be catastrophic.

Cognizant had out extensive money into cyber insurance premiums with multiple carriers. Insurance insider reports this investment turned out to be a good decision as they earned $400 million in cash reserves from their carriers, another huge loss for carriers in the cyber market. Carriers have been hard with higher loss ratios and claims frequency in the cyber market recently.

What is the overarching message? Right now, allocating resources towards cyber protection is no longer recommended but required. Cyber insurance of some form is necessary to protect against ransomware attacks and saving your company millions. However, insurance is not the only resource that needs investment. There is no way to fully protect yourself against cyber attacks with just insurance. We recommend proper employee training, duel-factor password authentication, and data encryption software.

Stay ahead of the curve and protect your company’s invaluable data. Invest properly and do not be afraid to spend a little extra for full protection. The premiums upfront may prove cheaper in the long run.

Still have questions? Contact a risk advisor today at 914-357-8444 or visit our website here.

Claims Management, Construction Practice Group Content, Risk Management, Workers Compensation Insurance

National Safety Stand-Down Week Announced ( With INFOGRAPHIC)

OSHA recently announced that the National Safety Stand-Down Week will take place September 14-18, 2020. This week is to recognize fall dangers, and, in general, work-site safety. Fall-related injuries continue to be the number one leader in deaths and injuries in the construction industry. Over ⅓ of workplace deaths in construction were due to falls in 2018. Here are a few ways to “celebrate” the tradition.

If you’d still like more information on job site safety or need help with risk management, contact one of our Risk Advisors today or call 914-357-8444.