Category Archives: Other

General Liability Insurance, Other

Conducting An Organization Wide Phishing Test

Remote operation of your business means that protections your office building had, your employees’ homes may not. Cybercriminals are taking advantage of this situation by phishing out your employees’ data. Take the time to educate your employees on cyber safety. This safety training needs to expand beyond just email safety but also include cyber safety within the office. 

How To Conduct An Organization-Wide Phishing Test: 

Notify and train your employees on what phishing is:

If you don’t notify your employees how are they going to know what is going on? Let your employees know that you will be conducting an organization-wide phishing test. Teach your employees about the risks of phishing and how they can be better at recognizing the signs and stuff. 

Employees need to know that phishing is more than a link asking for login credentials. Phishing scams can an email sent company-wide from an unknown sender containing an attachment that is actually malware. 94% of malware was delivered via email in 2018. 

During this initial training session, define your organization’s cybersecurity expectations. Your employees can’t read your mind. Communication from management and the IT staff can help with educating your employees on cybersecurity best practices. 

 

READ MORE: Phishing Attacks Can Jeopardize A Business Of Any Size

 

Engage all relevant departments and managers on why phishing is a threat to your organization

Work closely among staff members such as managers, HR, and IT to develop and engage an organization-wide cybersecurity plan. If customer service is leaving the door open at the end of the day, your engineering department might be at risk for a cyber attack. 

Create an alias email account for your employees to report potential phishing scams.

An alias email allows for your organization to streamline your phishing reporting. The alias email address can be as simple as “Phishing@yourcompanysite.com”. This email address can redirect to the IT department or whoever is in charge of the network. 

This email address will allow your employees to forward the scam email right to an internal IT log specific for Phishing instead of going to the IT team and getting lost among other technical issues like website problems or a lost password. 

READ MORE: What You Can Do To Protect Your Business From Cyber Security Threats

 

Plan your phishing test

Plan to test your entire organization to see if there are any weak links in your cybersecurity. This means including senior management in your phishing test. To plan your phishing test, you can hire a 3rd party contractor to run the test and then measure things like link clicks,  which employees leaked information, the number of employees who reported a phishing email. 

 

 

 

Analyze important key metrics  

After running a phishing test, work with IT staff members and team managers to analyze key metrics. 

Key Metrics to keep track: 

  • The number of employees who click the link in the testing email
  • Number of employees who download a file from the unknown email address
  • The number of employees who report a phishing email to your IT staff or their manager. 

Take Action With Employees Who Failed The Test

Is there a portion of your staff who have continuously failed cybersecurity tests? Sit down with HR and IT to see what measures you can take to further educate and protect your business.  Work with HR to develop a plan for employee failure on every level. A breach in security is not a joke, but a high-level employee releasing admin information is a more serious offense than a low-level employee who only has access to email. 

Provide Your Entire Organization With Additional Information on Cybersecurity 

All of your employees can benefit from additional information on cybersecurity. Educate your employees on best practices to keep both business information and private information safe from hackers. This can include resources on different types of anti-viral software, best practices for end of day 

 

READ MORE: Ransomware is Evolving: Has Your Business Interruption Coverage? 


Retest Your Organization 

Test, test, and then test again to make that your organization understands what is at risk with their unsafe digital activity. Every 6-months to 1 year, a random phishing test should be sent out throughout your organization. This consistent retesting keeps employees on their toes and helps employers determine which employees may be at risk of falling prey to an outside phishing attempt. 

 

 

Still want more info on how your organization can better protect itself from cybercriminals? Contact one of our risk advisors at 914-357-8444. 

Resources

2019 Data Breach Investigation Report by Verizon

 

HR Challenges, Other, Risk Management

Keeping Employee Morale Up During Covid-19

employee morale 

The remote workforce has boomed over the past week and a half with thousands of organizations moving from office buildings to laptops at home. While ¼ of the U.S. workforce was part-time remote employees before the viral outbreak, many organizations have been faced with the harsh reality of shutting their office doors and becoming remote organizations. 

employee morale 

We previously outlined ways for your employees to easily transition to remote office work, and now we’re here to talk to you about managing and helping your employees remain engaged during this time. 

 

Some of your employees may feel challenged in new ways as they shift to remote operations. Otherwise, high-performing employees may have a difficult time transitioning to this new position and employers may see a decline in performance and engagement. 

Challenges Your Employees May Face 

Lack of face to face supervision

Managers and employees both feel the challenges associated with the lack of face-to-face interaction. Managers worry that their employees will not work as hard or as efficiently as they would in the office. Employees can feel that remote work managers aren’t as communicative and don’t support their own needs. 

In some cases, it has been found that remote work employees work harder at their jobs when they’re remote due to the lack of office distractions. The one employee that always seems to be chatting with their co-workers maybe your new top-performing employee due to the lack of social distractions. 

 

Lack of Access to Information:

In this case, the information doesn’t relate only to common knowledge things like answering a difficult question. Remote employees also lack the emotional awareness that they would normally have in an office setting. While in an office employees would be aware if one of their coworkers was having a bad day, but while working remotely, employees won’t know the situation for their coworkers. 

 

Social Isolation:

Normally employees will be in an office building and have other people to have conversations with, then your employees might continue their day after work with different types of social interactions. Now your employees are isolated by themselves in their homes. Loneliness is one of the most common complaints about remote work. Isolation can cause your employees to feel less involved in their organizations’ culture and can drive employee intentions to leave up. 

 

At Home Distractions:

Working in an office has its own set of distractions, but distractions at home vary from procrastination cleaning to family members. With the sudden onset of being a remote worker, a number of these employees may not have had time to create an adequate plan to have an office or find childcare. Managers should expect a greater number of these distractions due to the unplanned work from home circumstances. 

 

Poor Time Management: 

Without an in-person manager to keep employees on task, it can mean employees’ time management starts to slip. Many people convince themselves that they are effective at time management because they’ve got a schedule built out on their calendar. These employees might rush from appointment to appointment when they’re in the office but may find that their ability to keep time slips when there is no one to hold them accountable. Poor time management is usually caused by a failure to evaluate the work that needs to be completed.  

Employers can help employees who lack time management skills, by giving these employees hard deadlines for certain tasks. These employees may also lack the awareness to set priorities. One way employers can help employees is through a straight forward time management table. This is one way for your employers to help employees reevaluate their priorities. 

 

Urgent Not Urgent
Important  Urgent & Important Not Urgent & Important 
Not Important Urgent & Not Important Not Urgent and Not Important 

 

 

Misunderstanding Technology:

 

Employees who normally log right into their desktop at the office may be confused with how the new remote work and communication systems work. Some of these employees can be used to just logging into their desk computer and having everything they need right in front of them. With the move from an office to remote, employees can struggle with how they are required to access their information. 

 

How to support your remote employees

 

Provide several different communication options

If at first, you don’t succeed, try and try again. If GoToMeeting doesn’t work for one employee, try Slack, Skype, Zoom, Google Hangout, or a traditional conference call on your cell phone. Limiting your newly remote employees’ ways of communication can be frustrating to you and the employee. This can be especially true if your employees aren’t used to using remote communication tools. 

 

Establish daily check-ins:

Every phone call to your employees doesn’t have to be work-related. Start your daily meetings going around the group and seeing how everyone is doing, how they’re holding up and if there is any good news they would like to share with the group. These daily check-ins will allow your employees to communicate and socialize with their team members they’re used to seeing every day.

 

Provide opportunities for remote social interaction

This is uncharted territory for everyone. Humans aren’t used to staying at home and only interacting with their peers via computer screens. Try hosting a remote Happy Hour, where all of your staff hosts a non-business-related meeting. This can include sending care packages to all of your employees with party favors to be used during this meeting or sending them pizzas. Or just a nice after work chat among your coworkers to show solidarity during these times of social isolation. 

 

Provide encouragement and Emotional Support:

There has been a lot of conversation surrounding the mental wellbeing of your employees.  Supporting your employees emotionally can go a long way. A 5-minute wellness phone call can go a long way. Encourage your employees to speak up if they are struggling with anything work-related or personally during this time of isolation. People who struggle with addictions are more likely to relapse during times of isolation like these. 

As a manager, it is your duty to provide a fearless attitude and lead your employees in the right direction. Much like productivity, emotions also have a trickle-down effect, if you’re feeling helpless and lost in a situation and portray that to your team, then your team may start to feel helpless and misguided.  

 

Be Responsive and Available 

As you expect your employees to be responsive to any emails you send, return the favor. Communication is key for organizations to remain calm and functional while transitioning to remote work. This doesn’t mean that you have to respond to emails that your team sends out after work hours. Your employees look to you for guidance, while your availability should be based around work hours, you should be open to talking to your employees about nonwork-related topics as well. 

 

Metropolitan Risk is here to answer any questions you may have about transitioning your employees to remote work and boosting your employees’ morale. If you are a current Metropolitan Risk customer, you have access to ThinkHR one of the largest digital HR platforms.

Return To Work Checklist provided by ThinkHR

2020 Coronavirus Outbreak: Resources To Help Your Business Remain Operational

Coverage Impact Relating To Business Income Within Your Commercial Insurance Policy

COVID-19 Resource Guide For Employers

Other

Applying For A Small Business Administration Loan?

I don’t know any business in the tristate metropolitan region that has not been impacted by COVID-19. For those looking to shore up their balance sheets here’s a quick primer on applying for a small business administration loan courtesy of our accountants Citrin/Cooperman. 

Currently, the Small Business Administration is working with states to provide targeted, low-interest Economic Injury Disaster Loans to businesses and not-for-profits that have been impacted by the COVID-19 virus to help overcome the temporary loss of revenue. Small businesses can receive up to $2 million in disaster assistance loans in certain eligible areas.

The following is a summary of the loan eligibility and the process for a Small Business Administration Disaster Business Loan:

 

  • The business must be located in a Current Disaster Declaration Area to qualify. Click here for the latest update.
  • You must qualify as a small business. For the business to qualify, it must meet the requirements for maximum number of employees or maximum revenue. Click here for the requirements for your specific industries.
  • The SBA loan process is a three-step process. The first step in the process is to apply online, in-person, or by mail. The following forms will be needed:
    • For all applications, excluding not-for-profit organizations, the following items must be submitted:
      • This application (SBA Form 5), completed and signed.
      • Tax Information Authorization (IRS Form 4506T), completed and signed by each applicant, each principal owning 20 percent or more of the applicant business, each general partner or managing member; and, for any owner who has greater than 50 percent ownership in an affiliate business. Affiliates include, but are not limited to, business parents, subsidiaries, and/or other businesses with common ownership or management.
      • Complete copies, including all schedules, of the most recent federal income tax returns for the applicant business; an explanation if not available.
      • Personal Financial Statement (SBA Form 413) completed, signed, and dated by the applicant, each principal owning 20 percent or more of the applicant business, and each general partner or managing member.
      • Schedule of Liabilities listing all fixed debts (SBA Form 2202 may be used).
    • Additional information may be necessary to process your application. If requested, please provide within 7 days of the information request:
      • Complete copy, including all schedules, of the most recent federal income tax return for each principal owning 20 percent or more, each general partner or managing member, and each affiliate when any owner has more than 50 percent ownership in the affiliate business. Affiliates include, but are not limited to, business parents, subsidiaries, and/or other businesses with common ownership or management.
      • If the most recent federal income tax return has not been filed, a year-end profit-and-loss statement and balance sheet for that tax year.
      • A current year-to-date profit-and-loss statement.
      • Additional Filing Requirements (SBA Form 1368) providing monthly sales figures for will generally be required when requesting an increase in the amount of economic injury.
    • Step two of the process is the property verification, loan processing, and Decision by the SBA.
    • The final step is the loan close and funds disbursed.

 

RESOURCES:

Disaster Loan Assistance

Apply For A Disaster Loan (Complete your disaster loan application online.)

Disaster Loan Application Paper Forms

Coronavirus (COVID-19): Small Business Guidance & Loan Resources

Current Disaster Declarations (Locate disaster areas by state and territory. You must be in an SBA declared disaster area to be eligible for SBA disaster assistance.)

 

Disaster Loan Assistance – Login

Small business Size Standards Used To Define Small Business Concerns by industry NAICS codes

SBA Loan Three Step Process

 

Other

Coverage Impact From Coronavirus Relating To Business Income Within Your Commercial Insurance Policy

With the number of people infected by the Coronavirus growing every day, customers are voicing their concerns about how their insurance coverage will protect them from potential closers and lost revenue. 

 

We’ve had a number of clients ask what coverages will protect them from losses resulting from the COVID19 virus. Organizations that rely on physical locations for their business like manufacturing plants, schools, nursing homes, daycare facilities, and bus companies, aren’t sure what protection they have from business interruption. 

Unfortunately, it appears that the ISO Business Income and Extra Expense Coverage Form, CP ​00 30 10 12, coupled with the Causes of Loss – Special Form, CP 10 30 09 17, will not cover these losses for three reasons:

  • ​Coverage applies only if there is “direct physical loss of or damage to property.” The virus is wreaking havoc on people but not property.
  • The “Causes of Loss” form excludes coverage “for loss or damage caused by or resulting from any virus, bacterium or other microorganisms that induce or is capable of inducing physical distress, illness or disease.​”  The Coronavirus fits this description.
  • The form also excludes losses resulting from “delay, loss of use or loss of market.” There is no coverage for losses resulting If a homecare operation has to stop sending aids or clients start to cancel because the virus has caused people to stop traveling. (Big I Insurance)

Your organization has a number of decisions to make if unable to shift operations from a physical location to a remote opportunity. Some organizations can continue operations remotely, while others may be forced to close due to the Coronavirus. We recently published this article on how to keep your business operational during the outbreak. 

The Insurance Services Office (ISO) announced on Feb. 7, 2020, that they’ve published two advisory endorsements to the Business Income & Extra Expense Coverage Form for insurers to adopt and file if they wish According to the blog post on Verisk’s website: 

The first endorsement provides limited coverage in the event that a business suspends operations due to closure or quarantine ordered by a civil authority. This endorsement also provides coverage with respect to dependent property that is named in the policy and for vehicles and mobile equipment, where applicable.

 

The second endorsement also provides coverage when a business is forced to suspend operations due to the closure (or restricted use) of the public bus, rail, or ferry lines by civil authorities.​ (Verisk)

 

Workers’ Compensation is another coverage that can be affected by the COVID19 virus if a hypothetical worker can prove that they were exposed to the virus at their place of employment.

Lorraine Lee Explains The Business Impact Of The CoronaVirus
 

Commercial General Liability coverages can be applied in cases where an employer has allegedly neglected to remove an infected employee from the workplace, thus facilitating the further spread of the virus. Be aware, ISO offers an endorsement, CG 21 32 05 09, Communicable Disease Exclusion. This endorsement excludes coverage for bodily injury, property damage, and personal and advertising injury arising out of the actual or alleged transmission of a communicable disease. It also applies to alleged negligence in:

  • Supervising, hiring, employing, training or monitoring of others that may be infected with and spread a communicable disease;
  • Testing for a communicable disease;
  • Failure to prevent the spread of the disease; or
  • Failure to report the disease to authorities.

For more information on whether your organization is prepared for the potential losses coming from the Coronavirus outbreak contact a Risk Advisor or Call 914-357-8444. 

 

https://www.insurancejournal.com/news/national/2020/02/26/559383.htm

https://www.biginy.org/newsfeed/Lists/Posts/Post.aspx?ID=778

Other

2020 Coronavirus Outbreak: Resources To Help Your Business Remain Operational

Coronavirus Outbreak

CDC offers resources for health care providers and businesses.

The coronavirus has reported ties to a large seafood and animal market in Wuhan, China, according to the Centers for Disease Control. Symptoms of this illness include fever, cough, and shortness of breath.

As of February 26, 2020, 14 people in the United States have contracted the virus.

Update March 9, 202o 10:45 AM: There are currently 566 cases of the COVID-19 Virus in the United States and 105 confirmed cases in New York State.

CDC engaged in outreach efforts with hospitals and clinics to ensure organizations have preparations in place to control the virus and prevent infection. As of February 22, the agency had published more than 23 guidance documents on infection control, facility preparedness assessments, personal protective equipment supply planning, and clinical evaluation and management.

Agency guidance for schools includes planning and response protocol for possible outbreaks. On Feb. 25, CDC tweeted that although “there is currently no reported community spread of #COVID19” nationwide, “everyday measures” such as staying home when sick and washing hands with soap and water can help prevent additional cases from surfacing.

Strategies for employers to help prevent workplace exposure:

  • Encourage employees with symptoms of acute respiratory illness to stay home. Waive the health care provider’s note requirement, as medical facilities may be extremely busy and not able to provide such documentation in a timely way.
  • Make sure sick leave policies are flexible and correspond with public health guidance. Ensure employees are aware of the policies.
  • Maintain flexible policies that allow employees to stay home to tend to ill family members.
  • Promote proper hand hygiene, as well as cough and sneeze etiquette. Instruct employees to frequently wash their hands with soap and water for at least 20 seconds, or use a sanitizer containing at least 60% alcohol.
  • Routinely clean frequently touched surfaces such as workstations, countertops, and doorknobs.

Strategies for employers to execute business continuity:

 



It is critical employers give some thought to how they would run their business if whole communities are put on lockdown, or if employees specifically request to work from home for fear of exposure.
  • Be sure you have all employees’ cell phone numbers.
  • If you have a VOIP telephone system, be sure that you and your employees understand how you can forward a call to the employees’ cell phones.
  • If you don’t have a VOIP phone system, hire an answering service like RUBY or ANSWER CALL. Have all of your incoming calls forwarded to this answering service. Ruby can act as a receptionist and forward each incoming call to the specific employee. Further, they can email calls and/or you can log into their system to monitor all incoming calls and routing. This is a great workaround if you have an old system that’s not flexible.
  • Does your organization have a VPN (Virtual private network)? If you don’t have a VPN set up so your employees can drill into your network and your servers, then create an account with LogMeIn which can essentially allow you to execute the same without all the setup. It’s critical that employees have remote access to the office and your infrastructure.
  • Purchase ZOOM Meeting so you can coordinate video conferencing with your team and your customer base.
    Forward the mail to another location and scan it in so it’s part of the remote workflow.
  • What about backups? Maybe create a Master account for DropBox? If not make sure all the work is getting backed up somewhere now that the workforce is desperately located.
  • Lastly, be sure to communicate with your customer base. Let them know if you are operational and that all systems are a go.

 

Additional Help

 

If you need any further information, contact a risk advisor or call (914) 357-8444.

 

You can also click the link below to read more about CDC’s infection control articles.

Cyber Liability Insurance, General Liability Insurance, HR Challenges, Risk Management, Vlogs

Our SIM-Hacking Prevention Guide

We recently wrote a piece about what SIM-Hacking or SIM-Swapping is. Click this link here to read it. We’re following up on that article with a quick guide to preventing SIM-hacking. We’re not here to re-explain what SIM-hacking is, we’re here to talk about how to protect yourself from risk.


If you agree with us that SIM-Swapping is a potential problem & you want to protect yourself from cybercriminals, then this guide can help you protect your accounts from cybercriminals.

 

1. Make a list of the important stuff that would pain you if you were hacked.

Here are a few accounts to start with.  Your list of accounts to protect may grow longer but these accounts would be the most problematic.

  • Work Email/ Work Google Account
  • Bank Account for Work or Personal
  • Organizational/Workplace Databases
  • Social Media Accounts (Facebook, Linkedin & Vimeo)

2. Understand how each account lets you recover/reset your password.

In this case, each one uses 2-step verification. The first factor is typically the primary email address you used to set up the account. The second factor is your mobile phone number (text messaging). I suggest testing each account above to have them bring you through the steps of a password reset. The ones that send a text message to your mobile phone are the ones that are most vulnerable to SIM-HACKING as that is the purpose.

These are the accounts we are going to lock down in the next few steps.

 


How To Protect Yourself From SIM-Hackers

At Metropolitan Risk, we purchased a YUBIKEY, which is a small piece of hardware that replaces the text message/cellphone as a second level authenticator. Google offers a similar product known as the Titan Security KeyWe opted to use a security key because you must have the key in your physical possession and you must confirm to the hardware that you are a human being. These security keys require human touch to confirm and cycle the key on. If you don’t like the idea of a separate piece of software, there are some apps on your cellphone called Authenticators that can do similar things.

We opted for a separate piece of hardware to the cellphone as a 2nd step in the 2-Step Verification. We do use an authenticator as a 3rd level authentication process in the event we lost the YUBIKEY hardware. 

 

1. If you’ve purchased a YUBIKEY, your next task is to log into the accounts you are concerned about & research the multi-step authentication process for password recovery.

    • This is the most time-consuming part of the process as each account can have different methods & steps to execute this piece.
      For Example,  you are telling Google not to send a text message to your cellular phone. Instead, you are telling Google to look for your YUBIKEY as the primary authentication.

NOTE: that if your organization manages your email account, that you speak with your admin. As our google account administrator, I’ve turned on 2-step verification to allow my staff to use yubikey. My staff would not have been able to set this up without admin approval. CLICK HERE for a quick guide for Google as an example on how to execute 2 step authentication as an example.

2. Once you follow the instructions for linking your account with the YubiKey you can select “trust this device”. This way you won’t need to use the YubiKey every time you log into an account because the software recognizes your device AND it has been properly authenticated.

What Happens if I lose my YubiKey?

 In all the accounts you set up with the Yubikey make sure there is a 3rd way to authenticate in case the YubiKey isn’t available for some reason. This gives you an additional way to access your account and prevents you from getting locked out of say your google account. In our case, we use Google Authenticator as the 3rd option in case the Yubikey is damaged or otherwise unavailable. 

Call me paranoid, or maybe just a Risk Advisor… same thing. I purchased a TILE which is essentially a very small chip that allows me to always locate whatever the chip is attached to. I have one for my wallet, one for my keys and one for my backpack. You download an app onto your cell phone. The cell phone app communicates with the tile which is attached to your keychain/YubiKey and voilà, keys found. It can also reverse and help you find your cellphone by making it ring if you press a button, even when the sound is on mute for the phone.

Help and More

At this point, I’m feeling better about my personal situation.

The 2-step verification ensures that the person accessing your account on a new device is you. Remember, once a hacker obtains your user name and password, they try to access your account from devices that are not recognized by the site or software. The software is trying to figure out if it is really you on a completely different account or a hacker. If the hacker has some way to authenticate their device to trick your software that it is you behind the device, they aren’t getting in.

Last point, just like in the physical world. If they really want to steal your car…gone. By locking down your digital life and making it a bit more difficult, the hackers usually move on to easier prey. Then, there is no shortage of easy prey out there. 

We hope you found this helpful. There are a ton of resources online to execute this tactic to lock down your accounts and your life. Our goal was simply to make you aware of the SIM-Hacking. At least get you to start the process of locking down your very vulnerable digital life. 

Still have questions? Still want more info? Contact a risk advisor today OR visit our website here.

Other

Losing Your Identity Through Your Phone Number: How SIM-Swapping Attacks Can Leave You Vulnerable

SIM-swapping is the latest way cybercriminals & hackers are performing attacks on your cell phone.  Could you be next?

Picture this: It’s Friday and you just got paid. You go to the ATM to withdraw $100 for the weekend. The message on the screen says your account is overdrawn and no funds are available. You march into the bank to discuss what must be an obvious error. This is only to find out that all your money has disappeared from your account. How did this happen? Your cell phone was hacked, cell account stolen & your bank account passwords reset which was how they swept your bank account. SIM Swapping is very real and very effective. Here’s how it goes down. 

What is SIM-swapping?

The term SIM swap refers to the tiny “chip” that your cell phone uses to store your number and account information. This may include pictures, texts, emails, contacts, apps, etc, usually located on the inside of your phone.

SIM-Swapping is a relatively new attack where criminals steal a victim’s telephone number. They have figured out that your most important accounts, like bank accounts, are using two-factor identification when resetting your passwords. From identifying your cell-phone number they are able to find out any personal information about you. SIM swappers use the “Forgot my password” tool for online services with the intent to take over your online accounts. Within minutes of access into your accounts, these hackers are able to look through old email messages looking for access to financial accounts. These include not only financial accounts but cryptocurrency accounts, social media, bank accounts, and even IRAs. Investigators have also seen SIM swapping used to compile photos for money and blackmail, resulting in an awful violation of privacy.

 

“You want to protect your accounts from being able to reset simply because somebody has your phone number.” -Mr. Selby, NYPD

 

Once inside your accounts, these criminals change your passwords to your most important accounts & lock you out. They switch your security settings so that your accounts can’t be reset when you’re finally able to recover your phone number. These criminals use an app called “Authenticator” designed by Google. You can still get locked out of your accounts through this app, even if you’ve recovered your phone number. 

The law-enforcement task force, Investigators with the Regional Enforcement Allied Computer Team, stated they know more than 3,000 victims, accounting for $70 million in losses nationwide. Worse is the rate at which this technique is growing because it’s so powerfully effective in stealing your identity. 

 

“ If the richest man in the world had his cell phone hacked, where does that leave the rest of us?” Charlie Warzel – NY TIMES

 

WAYS TO PROTECT YOURSELF

FROM SIM CARDS HACKS : 

    1. Do not post online that you are leaving for vacation, to avoid calling attention to an empty house filled with valuables. Social media not only presents an opportunity for criminals; it provides them with more personal details about you, which allows them to create the mosaic they can use to impersonate you.
    2. Call your cell phone carrier and ask to add a passcode on your phone account. Make sure to remember your passcode! 
    3. Try the “Forgot my password” option on your most important accounts and see what the process is for that.
    4. Get a password manager to store all of your passwords. CLICK HERE for Best Password Managers from CNET.  If you want extra security protection, use applications such as Yubikey or Google Titan, which allow for one-time passwords and two-factor authentication.
    5. Turn off SMS authentication. For Android Phones CLICK HERE. For Apple Phones CLICK HERE. Make sure to remember your passwords if you do this, as sometimes you may not be able to recover your accounts
    6. People hired to help you, like accountants and lawyers, can innocently provide a way into your financial life, especially if THEY are hacked. The best that people can do is verify everything through basic human interaction that will slow and eventually stop hackers.

 

 If you’re interested in reading the whole article on SIM-swapping, click this link here.

 

For more information contact a Metropolitan Risk Risk Advisor or call 914-357-8444.  

 

Other

New York Employment Laws Will Affect 2020 Employees

2019 was a big year for New York employment laws and these changes will affect your employees moving forward in 2020. 

 

Here is a breakdown of the new legal changes:

 

Increases to Employers’ Exposure to Discrimination Claims: Effective February 8, 2020 employers of all sizes may be sued for discrimination or harassment. This law previously was limited to employers with 4 or more employees. This law made it easier for employees to bring forward claims of harassment. Specifically, this law provides (1) that the main affirmative defense to a harassment claim (i.e. that an employer has a policy with a complaint procedure that the employee unreasonably failed to use) does not bar harassment claims under New York law, and (2) that an employee does not have to show that the harassment was at least severe or pervasive in order to bring a claim. 

 

Additional Classes Are Now Protected From Discrimination: New York Updated which characteristics are protected from discrimination, including gender identity or expression, sexual reproductive health choices and an employees’ choice to wear natural hairstyles or religious clothing, attire or facial hair.  

 

Pay Equality Laws: Two key takeaways were introduced taking aim at pay inequity. The first restricts employers’ ability to seek or rely on an applicant’s salary history to make a job offer or set a salary. The second prohibits employers from paying employees differently for equal work or “substantially similar work” performed under “Similar working conditions” based on any characteristics protected under New York Law.

 

Restrictions on Pre-Employment Inquiries: New York State Law prohibits pre-employment testing for marijuana in most circumstances and pre-employment requests for salary information. Westchester has banned pre-employment criminal background checks. 

 

Paid Voting Leave: As of April 2019, New York employers were required to give employees up to three hours of paid leave to vote in any election.

 

Accommodations Obligations Expanded: New York also codified employers’ responsibility to accommodate (or better accommodate) employees who are lactating, seeking reasonable accommodations for disability or other protected reasons, or who are the victims of domestic violence. Many employers will need to revise their policies and practices as a result.

 

Restrictions on Confidentiality Agreements: As of 2020, employers in New York cannot require employees to sign agreements that restrict their ability to discuss facts regarding discrimination or harassment. This impacts many commonly used contracts, such as settlement agreements, intellectual property agreements, and non-disclosure agreements.

 

Expansion of Required Paid Sick Time: Westchester County now requires an employer whose employees work in that county to provide those employees up to 40 hours a year of paid sick time. Previously, only employees working in New York City were required to be provided paid sick leave.

These are just a few of the important changes that are ongoing in terms of New York employment laws. This is not a comprehensive guide to all of the employment law changes affecting New York Employers. Please contact us if you have any questions about how these changes will affect your organization please contact a risk advisor at 914.357.8444 

Other

Most Common FMLA Questions

[av_textblock size=” font_color=” color=” av-medium-font-size=” av-small-font-size=” av-mini-font-size=” av_uid=’av-k6mecpal’ id=” custom_class=” admin_preview_bg=”]
The Federal Family and Medical Leave Act (FMLA) and state workers’ compensation laws may both cover an employee who suffers a serious health condition while on the job. The Department of Labor (DOL) has issued revised regulations that implement the Federal Family and Medical Leave Act. Though the interplay between the FMLA and workers’ compensation leaves was addressed within those regulations, a number of DOL letter rulings have also clarified the interaction of these laws.

Metropolitan Risk Advisory Risk Insights will answer any common questions regarding employee leave that qualify for protection under FMLA and workers’ compensation laws.

[/av_textblock]

[av_iconlist position=’left’ iconlist_styling=” animation=” custom_title_size=” custom_content_size=” font_color=” custom_title=” custom_content=” color=” custom_bg=” custom_font=” custom_border=” av-medium-font-size-title=” av-small-font-size-title=” av-mini-font-size-title=” av-medium-font-size=” av-small-font-size=” av-mini-font-size=” av_uid=’av-k6me3wb2′ alb_description=” id=” custom_class=” admin_preview_bg=”]
[av_iconlist_item title=’1: Does FMLA leave run concurrently with a workers’ compensation absence?’ heading_tag=” heading_class=” link=” linktarget=” linkelement=” icon=’ue871′ font=’entypo-fontello’]
The employee’s FMLA leave entitlement may run concurrently with a workers’ compensation absence when the injury is one that meets the criteria for a “serious health condition.” Thus, an employee could receive workers’ compensation benefits to replace lost wages. At the same time having health benefits maintained under the Family and Medical Leave Act. If appropriate, the employer must be sure to designate this leave as FMLA-qualifying leave and give notice to the employee. If the employer fails to designate this leave as FMLA leave, the employee may still be entitled to FMLA leave. This applies once the workers’ compensation absence has ended.
[/av_iconlist_item]
[av_iconlist_item title=’2: Can an employer require an employee to substitute accrued paid leave if the employee is on workers’ compensation and Family and Medical Leave Act leave?List Title 2′ heading_tag=” heading_class=” link=” linktarget=” linkelement=” icon=’ue871′ font=’entypo-fontello’]
Since the workers’ compensation absence is already considered paid leave, the provision for substitution of the employee’s accrued paid leave for unpaid FML leave does not apply. If the employee has elected to receive workers’ compensation benefits, the employer cannot require the employee to substitute any accrued paid leave for any part of the absence that is covered by the payments under a workers’ compensation plan. An employee is also precluded from relying upon the FMLA’s substitution provision to insist upon receiving both workers’ compensation and accrued paid leave benefits during such an absence. Employers and employees may agree, where state law permits, to have paid leave supplement the disability plan/workers’ compensation benefits. This is in the case where a plan only provides replacement income for two-thirds of an employee’s salary.
[/av_iconlist_item]
[av_iconlist_item title=’3: What benefit is an employee entitled to while on concurrent workers’ compensation and FMLA leave?List Title 3′ heading_tag=” heading_class=” link=” linktarget=” linkelement=” icon=’ue871′ font=’entypo-fontello’]
If the employer designates the workers’ compensation absence as Family and Medical Leave Act leave, then the employee is entitled to all employment benefits accrued prior to the date on which the leave commenced. The FMLA does not entitle the employee to the accrual of any seniority or employment benefits during any period of FMLA leave, nor to any right, benefit or position of employment other than that to which he or she would have been entitled had the employee not taken the leave. Thus, an employee on FMLA leave does not accrue seniority or employment benefits during the absence by operation of the FMLA. Nevertheless, in addition to the group health benefits guaranteed under the FMLA, an employee on FMLA leave, whether paid or unpaid, may be entitled to additional benefits while absent, depending on the employer’s established policy for providing such benefits when employees are absent on other forms of leave.

[/av_iconlist_item]
[av_iconlist_item title=’4: How may an employee on concurrent workers’ compensation and FMLA leave pay for group health coverage? For other non-health benefit premiums?’ heading_tag=” heading_class=” link=” linktarget=” linkelement=” icon=’ue871′ font=’entypo-fontello’]
An employee who is receiving payment as a result of a workers’ compensation injury must make arrangements with the employer for payment of group health plan benefits when simultaneously taking unpaid FMLA leave. It is important that the employer make such arrangements with the employee in advance of the leave or shortly after the leave begins since the FMLA provision for recovery of the employer’s share of health insurance premiums does not apply. That is, the FMLA statute only authorizes the recovery of the employer’s share of insurance premiums that are paid to maintain coverage for the employee under a group health plan during any period of unpaid leave. Leave taken pursuant to a workers’ compensation plan is not unpaid leave within the meaning of the FMLA.

Likewise, an employer will also want to make prior arrangements for employee payment of other non-health benefit premiums when an employee is receiving payment as a result of a workers’ compensation injury and is simultaneously taking unpaid FMLA leave. Again, neither the FMLA statute nor its regulations provide for the employer’s recovery of any such premiums paid during a paid leave as opposed to during an unpaid leave.
[/av_iconlist_item]
[av_iconlist_item title=’5: What may an employer do if it questions the adequacy of a medical certification?’ heading_tag=” heading_class=” link=” linktarget=” linkelement=” icon=’ue871′ font=’entypo-fontello’]
If an employee is on FMLA leave running concurrently with a workers’ compensation absence, and the provisions of the workers’ compensation statute permit the employer or the employer’s representative to have direct contact with the employee’s workers’ compensation health care provider, the employer may follow the workers’ compensation provisions. That is, the employer may have direct contact with the employee’s health care provider in the manner in which the workers’ compensation statute provides. Further, the revised Federal Family and Medical Leave Act regulations also provide that an employer can contact an employee’s health care provider to authenticate or obtain clarification of the medical certification, so long as the employer has first given the employee a chance to cure any deficiencies.
[/av_iconlist_item]
[av_iconlist_item title=’6: Is an employee required to return to a “light duty” job when it is not the same job or is not equivalent to the job the employee left?’ heading_tag=” heading_class=” link=” linktarget=” linkelement=” icon=’ue871′ font=’entypo-fontello’]
If the health care provider treating the employee for the workers’ compensation injury certifies the employee is able to return to a light-duty job, the employee may decline the employer’s offer of a light-duty job if it is not the same or is not an equivalent job to the job the employee left. However, as a result of turning down such a light-duty job, the employee may lose workers’ compensation payments but is entitled to remain on unpaid FMLA leave until the Family and Medical Leave Act entitlement is exhausted. Additionally, when the workers’ compensation benefits cease, the employee may elect or the employer may require the use of accrued paid leave.

If the employee accepts the light-duty position in lieu of Family and Medical Leave Act leave or returns to work before the FMLA leave entitlement ends, the employee retains the right to the original or to an equivalent position. However, the period of time employed in a light-duty assignment cannot count against the Family and Medical Leave Act leave entitlement. The right to restoration is held in abeyance during the period of time the employee performs a light-duty assignment. That right is not unlimited and ceases at the end of the applicable 12-month FMLA leave year. Restoration is dependent on the employee’s ability to perform the essential functions of the same or equivalent position at the end of FMLA leave.

[/av_iconlist_item]
[av_iconlist_item title=’7: What happens to an employee on concurrent workers’ compensation and FMLA leave once the Family and Medical Leave Act leave entitlement has run out?’ heading_tag=” heading_class=” link=” linktarget=” linkelement=” icon=’ue871′ font=’entypo-fontello’]
If the employee is unable to return to work or is still in a light-duty job after the Family and Medical Leave Act leave entitlement has run out, the employee no longer has the protections of the FMLA and must look to the workers’ compensation statute or to the federal Americans with Disabilities Act (if the employee is a “qualified individual with a disability”) for any further relief or protections.
[/av_iconlist_item]
[/av_iconlist]

[av_textblock size=” font_color=” color=” av-medium-font-size=” av-small-font-size=” av-mini-font-size=” av_uid=’av-k6mee76b’ id=” custom_class=” admin_preview_bg=”]
Please contact Metropolitan Risk Advisory with any questions.
[/av_textblock]