Category Archives: HR Challenges

General Liability Insurance, HR Challenges, Workers Compensation Insurance

Should We Require Our Employees To Be Vaccinated For Covid 19

Should my company mandate vaccinations?  Like everything Covid related, the answer is complicated. According to employment law attorney  Rich Landau of Jackson Lewis, their tentative position is that requiring employees to be vaccinated for COVID 19 is very difficult to mandate. This is primarily due to EAU (Emergency Use Status) of the vaccine, legal risks including discrimination, and employee relations challenges as you try and navigate this HR terrain.

 

For those clients less risk-averse we have a sample draft policy courtesy of Jackson Lewis. For Metropolitan Risk clients you can obtain the sample Covid vaccine policy by contacting your Account Executive. They are instructed to give you our draft sample. If you are not a Metropolitan Risk client, feel free to reach out to one of our Risk Advisors for a brief discussion.

According to our THINK HR partner and our partners at Jackson Lewis, there is an expectation that the EEOC ( Equal Employment Opportunity Commission ) will issue additional guidance with respect to ADA & Title VII issues with respect to employers mandating whether employees MUST be vaccinated.

 

Our partners in our discussions point to the influenza policies for guidance on how to proceed with the Covid vaccinations. Most employers ENCOURAGE rather than mandate which can be a safe haven should legal challenges arise. According to Rich Landau of Jackson Lewis, “even if the EEOC allows employers to mandate COVID vaccinations this will not elevate the risk of other non-discrimination, state laws, or workers compensation claims if employees suffer a serious reaction while the vaccine is in EAU status.”

There are numerous complications and challenges that may arise if you mandate the vaccine.

Potential Employer-Related Challenges With Requiring/Encouraging The Covid-19 Vaccine

  • Is getting the vaccine Mandated or voluntary – – who is mandated?  
    • The priority of recipients (Which staff members or clients should be vaccinated first?)
  • Incentives to receive it- Does your current organization offer incentives for the Flu shot? 
    • Covid-19 vaccine only or influenza as well
  • Who pays for the actual vaccine, the time needed to get the vaccine
  • Process for inoculation
  • Tracking status
  • Handling poor reactions – – paid time off
    • How are you managing employees or clients that have adverse reactions to the vaccine?
  • Ensuring confidentiality
    •   What if you run out of the vaccine
  • Covid-19 protocols while in midst of process/after the process is completed
    • What protocols will stay and what protocols will change? How will you as the employer manage these new expectations?
  • Addressing exceptions – – medical, religious, generalized fear
  • Handling non-compliance – – remote work, leaves of absence, discipline

The last point to consider beyond your Employee stakeholders maybe your customer base. As an example for those companies providing services to senior care organizations, like Home Health Care Agencies, Nursing Homes, and Assisted Living Facilities it may be suggested that you disclose to your customer base that your organization suggests, not mandates vaccinations. This disclosure should be made at either point of sale /contract, or communication piece sent out to your customer base. This may protect your organization from liability should your customer base look for damages at some future point. This can be a very sensitive topic as each business needs to arrive at its own business decisions with respect to disclosures. There is no silver bullet here, your goal as with all risk-related decisions is to manage the exposures relative to potential downside losses in BOTH columns of the decision tree.

As you can see invoking a set vaccine policy to benefit all stakeholders is vexing, to say the least.

We will continue to provide updates to this new landscape as we receive them. We encourage you to speak with a Risk Advisors for further guidance on the matter BEFORE invoking a set policy. Please mindful that this is a very dynamic and fluid landscape, changing almost weekly. Contact a Risk Advisor at 914-357-8444. Thank you

Construction Practice Group Content, Food & Beverage Practice Group Content, HR Challenges, Human Services Practice Group Content, New York, Risk Management, State Law, Transportation Practice Group Content, Workers Compensation Insurance, Workers Compensation Premium Audits

New York State’s Updated Sick Leave Law

New York State’s Paid Sick Leave policies were introduced on April 3, 2020, and went into effect on Sept. 30, 2020.

On January 1, 2021, employees may start using their accrued leave. 

The number of sick leave hours required is based on the number of employees that work within your organization:

0-4 Employees:

If your net income is $1 Million or less, employers must up to 40 hours of unpaid sick leave. If net income is greater than $1 Million, employers must provide up to 40 hours of paid sick leave 

5-99 Employees: 

Employers must provide 40 hours of paid sick leave per calendar year.

100+ Employees:

Employers must provide up to 56 hours of paid sick leave in a calendar year. 

How sick leave is accrued 

Employees begin accruing leave on September 30, 2020. Leave must be accrued at the rate not less than one hour of leave accrued for every thirty hours worked. 

An alternative to the accrual of sick leave by hours, employers may choose to provide the full amount of sick leave at the beginning of each calendar year (ex. An employer with 50 employees may choose to provide 40 hours of sick leave starting Jan.1 of yea year or at the beginning of a 12-month period determined by the employer. NOTE: Upfront sick leave cannot be subject to later revocation or reduction if the employee works fewer hours than anticipated by the employer.). 

Who is eligible

All private-sector employees in New York State are covered, regardless of industry, occupation, part-time status, and overtime-exempt status. Federal, state, local, and government employees are NOT covered, but employees of charter schools, private schools, and not-for-profit corporates are covered.

Permitted Usage of Sick Leave 

After Jan 1, 2021 employees may use accrued leave following a verbal or written request to their employers for the following reasons impacting the employee or a member of their family for whom they are providing care or assistance with care. 

Sick Leave: 

  • For Mental or physical illness, injury or health conditions, regardless of whether it has been diagnosed or requires medical care at the time of request for leave
  • For the diagnosis, care, or treatment of a mental or physical illness, injury or health condition, or need for medical diagnosis or preventative care.

 

Safe Leave:

  • For an absence from work when the employee or employee’s family member has been the victim of domestic violence as defined by the State Human Rights Law, a family offense, sexual offense, stalking, or human trafficking due to any of the following as it relates to the domestic violence, family offense, sexual offense, stalking, or human trafficking: 
    • to obtain services from a domestic violence shelter, rape crisis center, or other services program; 
    • to participate in safety planning, temporarily or permanently relocate, or take other actions to increase the safety of the employee or employee’s family members; 
    • to meet with an attorney or other social services provider to obtain information and advice on, and prepare for or participate in any criminal or civil proceeding; 
    • to file a complaint or domestic incident report with law enforcement; 
    • to meet with a district attorney’s office; 
    • to enroll children in a new school; or 
    • to take any other actions necessary to ensure the health or safety of the employee or the employee’s family member or to protect those who associate or work with the employee. 

Leave Increments 

Employers are permitted to require that leave be used in increments (e.g., 15 minutes, 1 hour, etc.) but may not set the minimum increment at more than 4 hours.

Employers must notify employees of these leave increment policies in writing or by posting a notice in the worksite prior to leave being acured, any restrictions in their leave policy affecting the employees’ use of leave, including any limitations on leave increments 

Rate Of Pay

Employees must be paid their normal rate of pay for any paid leave time under this law, or the applicable minimum wage rate, whichever is greater. No allowances or credits may be claimed for paid leave hours, and employers are prohibited from reducing an employee’s rate of pay for sick leave hours only. 

An employer cannot retaliate against an employee in any way for exercising their rights to use sick leave. Furthermore, employees must be restored to their position of employment as it had been prior to any sick leave taken. Employees who believe they have been retaliated against for exercising their sick leave rights should contact the department of labor’s anti-retaliation unit.

Record Keeping

Employers are required to keep payroll records for 6 years, which must include the amount of sick leave accrued and used by each employee on a weekly basis.

Employers are required to provide within three business days a summary of the amount of sick leave accrued and used by the employee in a current calendar year or any previous calendar year, at the request of the employee.

 

Employees who believe that they have been retaliated against for exercising their sick leave rights should contact the Department of Labor’s Anti-Retaliation Unit at 888-52-LABOR or LSAsk@labor.ny.gov

 

If you still have questions, contact a Risk Advisor at 914-357-8444. If they cannot help you they’ll direct you to an employment lawyer that can. 

Cyber Liability Insurance, HR Challenges, Risk Management

Cybercriminals Are Targeting HR Depts. With This Resume Scheme

Trojan malware attacks are resurfacing since businesses are starting to return to work embracing a new normal in a post-COVID-19 world. Organizations have started to resume their hiring practices by posting job opportunities on their website, across job boards, and on LinkedIn to reach as many potential candidates as possible.

Some of these businesses are streamlining their hiring process by requesting that resumes are directly emailed to their HR department. Streamlining this process is creating new exposures in cybersecurity due to a cybercriminal’s ability to socially engineer the situation. 

 

 

Cybercriminals are sending emails with attachments posing as resumes to HR departments. The premise of these attacks is a modern-day Trojan Horse.  A threat posing as a harmless gift. Trojan malware is not a new cyberattack, but it is one of the most unsuspecting. 

If your HR Department fields dozens of resumes a day, there is a significant chance that one of the resumes they open could contain malware. If the file does contain malware, your organization could be allowing keylogging software or ransomware onto your server to attack unencrypted files. 

Without the HR department’s knowledge, a cybercriminal can attach a malicious file to an email that mirrors any other job seekers’ resume. The cyberattack can download ransomware or keylogging software onto the HR department’s computer or infect the entire network. 

 

Ways to Avoid A Potential Trojan Malware In Your inbox.

 

  1. Avoid Resumes sent as Word documents. Have job candidates submit their resumes as plain text within an email or as a PDF. Word Documents are the 2nd most likely file type to contain malware. ZIP and program files are the most likely. 
  2. Do not click social media links embedded into the email. If an applicant shares a link to their social media accounts, don’t click the link. Type out the full URL to ensure the social media account exists. Or search the social media website for the user name your applicant has given you.
  3. Use a recruiter. Working with a trusted recruiter is one way to reduce the number of random emails with attachments that end up in your HR department’s inbox. A trusted recruiter will share only the resumes that are the best fit for your organization.
  4. Have resumes submitted as plain text files instead of as an attachment. If you’re using a web form, have applicants upload their resume as plain text right into a response box instead of having applicants attach a document to an email or upload a document.
  5. Have applicants fax or mail their resumes. Paper wins against malware every time. Submitting a resume through Fax or the regular mail, this ensures there is no way that the submitted resume can contain malware.

These are a few ways to negate the risk of Trojan malware attacking your organization. For more information on how to protect your organization from cyber risks Contact a Risk Advisor at 914-357-8444.

Source Article: Hackers  Targeting Employers- Forbes

 

 

Cyber Liability Insurance, HR Challenges

The SHIELD Act : How It Affects Your Business In New York

Due to the increasing concern about the security of personal information, many states feel the need to implement data and cybersecurity laws to protect private information utilized by these malicious hackers. On July 26th, the governor of New York signed the SHIELD Act to protect the state’s resident’s data and broaden New York’s security breach notification requirements. The SHIELD ACT or Stop Hacks and Improve Electronic Data Security Act requires in the state of New York that any person, business owner’s computerized data which includes the private information of a resident of New York (“Covered Business”) to not only implement but maintain reasonable safeguards to protect the confidentiality, security, and integrity of the private information but to have proper breach notification requirements.

Every NY business owner must comply with the SHIELD Act because “private information” includes a lot of sensitive data. It is imperative to understand what the definition of private information means as it includes, but is not limited to a username or email address in combination with a password, a name, phone number, driver’s license number, CC number, etc. This does NOT include publicly available information that is lawfully available. This act also expands the definition of Breach, as Breach now includes unauthorized access, rather than solely unauthorized acquisition.

To be compliant with the SHIELD Act’s data security requirements, a business must implement a data/cybersecurity program that has reasonable administration safeguards, reasonable technical safeguards, and reasonable physical safeguards. These reasonable safeguards must be appropriate and align with the size/complexity of a business. This act highlights the importance of HR professionals and in-house employment involvement in their organization’s information security. This act adds an important aspect that requires there to be breach notification requirements. 

For example, if an HR Professional accidentally emails private information to the wrong employee containing “private information” the employer must document this as inadvertent disclosure which won’t result in misuse and maintain this documentation for 5 years. If the information contained more than 500 New York residents the employer would have to submit documentation to the attorney general within 10 days. If you fail to comply and notify the attorney general, there are $20 fines per notification with a maximum penalty of $250,000 (Effective Oct. 23,2019.)

This is extremely important for employers to understand in order to comply with the law. The responsibility employers, HR professionals, and employees have regarding properly handling data can impact a business tremendously. The fines associated with mishandling data can lead to millions of $$$ in losses. Make sure you understand the laws, make sure you protect your data, and make sure if your company experiences a data breach you have proper risk management strategies in place to pay for the losses.

Download our SHIELD Act Guide Here

For More Information on the Shield Act and how your organization can be compliant, contact a Risk Advisor or call 914-357-8444

HR Challenges, Risk Management, Workers Compensation Insurance

Workplace Stress: Recognition and Management

According to the American Institute of Stress, 65% of workers said that workplace stress had affected their lives in one way or another. This number is not a surprise to many, but it should be. When comparing the stress level of work environments around the world, the U.S. takes the cake. U.S. workers have spent more hours on the job than the labor force of any other industrial nation. A 2001 survey concluded nearly 40% of workers described their office environment as “a real-life survivor program”(American Institute of Stress). As the workforce grows increasingly more competitive, and the job market tightens, many believe workplace stress to be on the rise.

Now, let’s compare the average American workweek to that of other industrialized countries. The average American works approximately 44 hours per week. Whereas in Japan and Italy, the largest number of hours an employee allowed to work in a week is 40 hours. And in the UK, Canada, Germany, and France, average work weeks are less than 4o hours.

Why is this information relevant? Because between 60% to 80% of workplace injuries are workplace stress-related. There are a multitude of factors that may contribute to workplace stress. These include understaffed departments, and poor management techniques. Regardless of what causes stress, all these contributors lead to decreased productivity. Whether you run a small business or a Fortune 500 company, decreases in productivity can be detrimental. Especially in the case of small businesses, which typically don’t have the cash reserves necessary to make up for the lost time.

Having management aware of the problem can go a long way in managing workplace stress, but it isn’t enough. Workplace stress affects everyone in the office, decreasing employee morale, and overall productivity. This lack of productivity can diminish the profits of the business, feeding into the flame of a stressful work environment.

 

 

Some Tips on Reducing the Stress Levels in Your Workplace:

1) Engage your frontline supervisors. They should be on the lookout for stressed out, anxiety-ridden employees. You don’t need to be Freud to recognize a stressed employee.

2) Have that front line supervisor engage in a one on one discussion. Oftentimes knowing that the employer recognizes a problem relieves stress. It may even motivate an employee to work through a tough time.

3) Check with HR or your Workers Comp Insurance Carrier, they may have counseling provisions within their policy. Their policy could allow several visits to a therapist to help relieve stress. Even if it’s personal and not work-related, check to see what your Workers Comp policy offers.

4) Rotate staffing, giving days off for completing “x” amount of days without an injury. Try to motivate focus and productivity. By giving your employees achievable goals, they can feel a sense of accomplishment.

Running an efficient and profitable small business is hard enough as it is. As a business owner, you must allocate resources to workplace stress. These dollars spent on increasing the coverage of your Workers Comp Insurance Carrier are far cheaper than if the worker hurts themselves or others because they are not focused on the work at hand.

If your business is suffering from production losses, take some of the steps above. Seek professional help if that still doesn’t work and if you have any further questions, contact Metropolitan Risk Advisory today!

Contact a Risk Advisor or call 914-357-8444 if you have further questions!

Claims Management, Employers Practice Liability Insurance, HR Challenges, Risk Management, Workers Compensation Insurance

Heat Injury and Illness in the Workplace

An Under looked problem

Heat injury and illness is a serious work-related danger that affects millions of American workers each year. Not only do heat injuries directly cause injuries/illness, but at times they are the underlying reason for mishandling of equipment, and lack of focus that leads to other work-related injuries. While federal agencies such as OSHA publish articles on measures to prevent heat-related injuries/illness, at times these cautions do little. It is on the management to provide resources, knowledge, and safety measures for workers in constant risk of heat injuries and illness. Here are some ways to prevent heat injuries and illness.

How to Avoid Heat Injury and Illness

Provide Rest Breaks:

Management should provide several work breaks other than lunch every day. These breaks should include free water and a shaded location. This well help workers stay out of the heat, cool down body temperature, and replenish fluids.

Provide Information:

Your workers need to understand the dangers of working in constant heat. Manual labor in heat will cause a slower release of body heat and less sweat. This traps more heat in the body, raising the body temperature. This is a dangerous result, as 2 degrees fahrenheit higher than normal body temperature can cause dizziness, lack of focus, and dehydration. Once you hit 5 degrees past normal body temperature you are flirting with possible fatal illnesses. The more your workers know, the safer your workers will work under intense heat.

Training:

Training workers on how to avoid what prevention is nearly impossibly. However, training project supervisors on proper safety plans and measures is beneficial to all. Having set heat prevention measures in place for your supervisors to execute can save you money in claims and injuries.

Sometimes, these precautions still are not enough. Workers may still suffer from the effects of high heat and humidity. Here are a few steps to deal with a worker with a heat injury or illness.

How to Treat Heat Injury and Illness

Immediately Bring the Worker to Shade:

Give the worker tons of water to hydrate them. Ice packs to cool down their body temperature is also recommended. The best spot to cool down a worker is the back of the neck, as it helps control your entire body’s temperature.

Bring the Worker Medical Assistance:

If their symptoms continue to worsen or remain stagnant, calling an ambulance is the best option. Make sure to call the ambulance within the hour the worker first felt symptoms.

Loosen Clothing:

Loosening the worker’s clothing can help free entrapped heat between the skin and clothing. This will help cool the workers’ internal body temperature. It will also help with quicker blood flow, which will help the worker recover quicker.

Heat injuries and illnesses are not small cast-offs when talking about workers’ injuries and workers comp. These are critical parts of worker safety and health, especially in construction and work done primarily outside. Hopefully, this article will help bring important information to project supervisors and management about proper steps and safety precautions regarding heat injuries and illnesses.

Still confused and want advice? Call a risk advisor today at 914-357-8444 or visit our website here for more information.

Cyber Liability Insurance, HR Challenges, Risk Management

Password Security for Cyber Protection

Implementing Proper Password Security For Better Cyber Protection

Picture this: it’s the end of the month, and you sit down at your computer to check your bank account balance, there’s only one thing, you forgot your password. What is it again? qwertyuiop1? No, qwertyuiop15? Eh, I’m not sure; I’ll just reset it.

Almost 40% of people deal with issues related to forgotten passwords on a monthly basis (Entrepreneur). This doesn’t only include bank accounts, but with social media and email passwords.

I’m not the only person who struggles to remember all his passwords, and I know I can’t be the only one changing my password every week because I can’t remember if I capitalized the first letter or not. Needless to say, my passwords are lacking in complexity in part because I never realized how risky using a common password can be. Cyber criminals have endless ways to use your private information. Opening fraudulent bank accounts, shopping online, applying for loans, and identity theft are only some of the most common uses of your data. The worst part is, I feel secure after changing my password from Football3! to Football4!. This change is almost completely insignificant to a hacker and most definitely isn’t going to prevent a hacker from getting into one of my accounts.

As a result of my new cyber security paranoia, here are some tips for better password management:

  • Make sure your password is at least 12 characters; it’s better to be safe than sorry. When it comes down to it, adding four characters to your password can be the difference between security and losing your account to cyber criminals.
    • An almost random combo of letters, numbers, and symbols is your best bet for creating a password that hackers will struggle to crack. The longer your password is, the better.
  • Stay away from obvious dictionary words and combinations of dictionary words. Any word on its own is bad. Any combination of a few words, especially if they’re obvious, is also bad. For example, “house” is a terrible password. “Red House” is also very bad.
    • In other words, stay away from any passwords you think someone else may be using. Think of something original, and don’t use the passwords “123456” or “password.”
  • Another easy way to keep your passwords secure is to keep them private, as in not sharing them with your coworkers, friends, or relatives.
    • Almost 50% of Americans have shared their passwords with another person. A significant part of these shared passwords occurs on streaming sites like Netflix and Hulu. Why is that important you ask? According to the Ponemon Institute, the average person uses the same password for approximately five accounts. Make sure to remember when you’re giving your boy or girlfriend your Netflix password, you may also be giving him or her access to much more.
  • Change your passwords every month if you want to be safe from cyber-attacks. This effort may sound hard to the average person who changes passwords once a year or not at all. But putting the extra time aside to change your passwords is a great way to ensure your cyber security.
  • Multi-factor authentication is a safety method that grants access to an account after presenting two pieces of evidence to an authentication mechanism. By using two-factor authentication, you can protect yourself against almost all cyber attacks; two-factor authentication is one of the most effective ways to combat cyber criminals.
  • Keep your passwords safe and organized by using a password management application; there are plenty of apps that offer free password help. If you’re old fashioned, write passwords in a notebook and keep them in a secure location. Write dates next to your passwords to help you keep track of when to change them.

Final Thoughts

People as a whole have too many passwords: and what comes of all of them? Serious fatigue, to the point where resetting our passwords, is easier than remembering them. But you have to be careful in resetting your password, though it may make you feel safer to change your password every month or two, this still allows hackers a long period of time to get into your account if they’ve already targeted your account. The most important step to having proper password security is making the password long, with almost random strings of letters, numbers, and symbols.

As a result, people like me do dumb things, creating a few password variations to help an untenable situation. Or we do even dumber things, like use passwords such as “password” or “123456.” Or we create a “base” password and add a variation for each site. We know it’s stupid, but we’re driven to these solutions because we are lazy/our memories can’t remember all those passwords. So do yourself a favor and follow those tips to increase your password security.

 

If you have any further questions, contact a Risk Advisor or call 914-357-8444 today!

HR Challenges, Risk Management

Returning To The Office During COVID-19

Returning to the office has proven to be challenging for employers. Organizations of all sizes are struggling to determine which employee health screenings they can execute without infringing on their employees’ rights. From scheduled questionnaires to employee temperature checks, employers are working hard to adapt to this new normal.

Employee health screenings need to be voluntary. Hourly employees should be considered on the clock if they are waiting in line for testing and while the test is being administered. If an employee is sent home because they are ill they should be paid for the time out of work, if possible. If the employee refuses to take the test or respond to the survey, it is within your rights as an employer to send them home without pay. 


Temperature Checks

Before COVID-19, temperature checks were considered to be a part of a medical exam. Employers need to follow the following rules to ensure that employee health screenings are minimally invasive and confidential. 

Health screenings are voluntary but a necessary way for employers to best protect the entire workforce. Reassure your employees that these screenings are completely private and confidential.  If your business does not have an on-site nurse, determine which employee will be responsible for taking the other employees’ temperatures. 

Employees should be considered on the clock while waiting in line for and while the test is being administered. If an employee is sent home ill they should be paid for the time out of work if possible. If the employee refuses to take the test, it is within your rights as an employer to send them home without pay. 

Additional Safety Measures 

Cloth-Face Masks 

Cloth Face masks are not appropriate substitutes for workers who must wear N94 respiratory masks or medical/surgical face masks. A cloth face mask should cover the nose and mouth to contain the wearer’s potentially infectious respiratory droplets. Cloth face masks will not protect the wearer from airborne transmissible infectious agents due to their lack of seal or inadequate filtration.  (Click here to view the CDC Recommendations for Masks and Cloth Face Coverings

Provide employees with guidelines of when they can and cannot take off their masks. For example, some office employees may not be required to wear their mask at their desks, but do need to wear them in common areas while food service employees  may be required to wear their masks their entire shifts. Make sure to express these guidelines and requirements to your employees. Address any concerns they may have regarding the new policy. Post these new guidelines and rules throughout the business in places where employees can see them. 

 

Keeping a minimum 6-ft distance between workers

Employees should keep a minimum of 6 ft away (two arms lengths away) from each other. Workspaces should allow employees to sit a comfortable distance away from other employees. If needed, consider rearranging the workspace and adding additional protective barriers for employees. Businesses considering to reopen should consult the “Reopening the workplace during a pandemic” decision chart released by the CDC. 

 

Keep Common Areas and Surfaces Clean 

While returning to your office space, be aware of how often you’re cleaning. You might be questioning if you’re cleaning enough. Wiping down shared areas multiple times a day with the proper cleaning products is one way to help prevent the spread of the coronavirus. 

  • Clean AND disinfect frequently touched surfaces daily. This includes common areas, tables, doorknobs, light switches, countertops, handles, desks, phones, keyboards, toilets, faucets, and sinks.
  • If these surfaces appear to be dirty, wash them with soap and water before using chemical disinfectants. The EPA released this list of common household disinfectants that will help prevent the spread of COVID-19 

 

Still want more info on how to carefully reopen your business in a Post-COVID19 world? Contact A Risk Advisor at 914-357-8444.

General Liability Insurance, HR Challenges, Line of Insurance, Practice Groups, Risk Management

Cybersecurity Program Checklist Help

Cyber liability insurance is a trailer to a strong cybersecurity program. The insurance portion helps your organization recover costs associated with the negative effects of a successful cyber attack. Cyber liability insurance cannot prevent you from experiencing loss. A strong cybersecurity program can help mitigate some of the potential losses by making your organization a difficult cyber target.

Cybercriminals are looking for targets with minimum cybersecurity on their systems. If your organization trains your employees to recognize potential foul cyber activity and focuses on an organization-wide goal of cybersafety, you are on the right path to a strong cybersecurity program.

Managing Devices

Device management can seem like such a small part of a strong cybersecurity program, but according to NetStandard 1 in every 3 employees do not lock their work computers when they go to lunch or leave for work (1). This leaves the computers open for every device that accesses your organization’s files. Documents can also be an access point for cybercriminals. An effective device management program encourages your employees to lock down their devices with passwords and to use better when working in public workspaces.

Password Authentication Protection

We’ve previously highlighted the importance of using multi-factor password authentication. Password authenticators vary between digital & physical authenticators, as well as options that are a combination of both. All accounts at your organization should be outfitted with a multifactor authentication process. This added layer of cybersecurity can save your organization

Email, Webpages & Social Media

Cybersecurity is more than protecting your passwords and devices. A strong cybersecurity program includes using smart practices while reading emails, entering data into unfamiliar websites, and safe social media practices. Phishing scams are one of the most common ways cybercriminals gain access to company information. These criminals pose as a safe and familiar entity and request the victim to allow them access to the account they are trying to take over.

If you have any additional concerns regarding your cybersecurity program and cyber liability coverage contact a Risk Advisor at 914-357-8444