Tag Archives: risk management

Risk management refers to dealing with a businesses risks. How they transfer or efficiently self-manage each area of risk is how a company succeeds or fails financially.

Captive, General Liability Insurance, Line of Insurance, Risk Financing, Risk Management, Risk Transfer, Workers Compensation Insurance

Why Current Economic Conditions Are Perfect To Restructure Your Insurance Program

In our opinion, there is no better time to consider alternative risk transfer as a strategy to get more cost-efficient with respect to your current commercial property insurance, commercial liability insurance, workers compensation insurance, & commercial auto insurance.

As I write this the country and the world are about to exit the covid pandemic. If we frame the current conditions in terms of where we are in the property insurance, liability insurance & workers compensation insurance buying cycle; conditions couldn’t be more favorable to give your company a significant competitive advantage.

Taxes :

Since all 3 branches of government have changes hands in the last several years there are strong tailwinds pushing for significant tax increases which will erode corporate resources. We suggest utilizing a Captive Insurance strategy can give you significant tax efficiencies allowing you to keep the dollars inside your company to help reduce your variable cost structure. DOWNLOAD our Guide to Utilizing Captives by CLICKING  HERE.

Coverage Availability & Rates :

Currently, we are in the through of a “HARD MARKET”; where conditions favor the insurance carriers as they restrict coverage and increase rates. Insurance buyers are frustrated because they have limited options. Further, they feel squeezed, and rightly so. The carriers are pointing to the “Social Inflation” of liability and commercial auto claims due to the insane jury awards. Buyers are pointing to “profits” earned and surplus growth to counter that claim. We think the buyers have a legit gripe.

Risk As Strategy :

Smart forwarding thinking CFO’s and C-Suite Executives understand that if they can leverage their balance sheets by increasing their retentions EFFICIENTLY, they can gain significant cost advantages that they can bake into their COGS (Cost of Goods & Services). If done properly they can reduce their insurance program costs by 35% which allows them to grow profits, market share, or both. Remember every dollar you save in your insurance program falls directly to the bottom line.

To understand if your company could benefit from a partial or full-on program restructuring CLICK HERE to schedule a 15-minute call. In 5 questions we can figure out if the strategy has legs for your org.

Captive, Line of Insurance, Practice Groups, Risk Financing, Risk Management, Risk Transfer

Reduce Costs At Scale By Restructuring Your Commercial Insurance Program

Have you ever wondered how utilizing captives, a high deductible insurance program, alternative risk transfer, self-insured retentions, or retrospective rating plans could further reduce your commercial insurance costs off your already low commercial insurance rates?

Too often business owners are chasing the wrong rabbit. They think that by purchasing their commercial insurance for less than they spent the year before is they accomplished their goal. We get it, it’s an easy benchmark to measure. If you succeed it’s a win; all be it a hollow win unless you really understand what you gave up to get that cheaper price.

Their real goal should be to lower their “Costs”, not the price of their insurance program. Nothing is more expensive to your balance sheet than cheap insurance.

The second huge mistake we see is that although their company has grown, sometimes significantly over the years, they are in essence the same insurance program they were when they were 20 employees; now they are 250, a thousand employees, and yet the commercial insurance is structured in the same way as when they first started.

This is a huge mistake because they are not leveraging their size and scale to reduce their insurance costs. I’m not talking about getting a lower rate because your sales are now at 100 million versus 10 million. That’s actually the illusion the commercial insurance market is selling. They are letting you feel like your reducing costs because of your scale; except they are holding back the best stuff only if you are smart enough to ask. We did a whole piece on the WHY they hold this information back in our “MISALIGNED GOALS” segment. Go there if you want to understand why.

For our purposes focus on the “HOW. First off we are assuming you have strong financials and a solid balance sheet. If you compare your balance sheet today with what it was 20 years ago, it’s probably night and day. Assuming you have solid free cash flow, credit lines, and cash reserves the question becomes, why are we buying so much insurance in the first place? To be clear I’m not talking about insurance limits. That stays the same due to your contractual obligations to your customers and lenders.

Leverage Your Balance Sheet To Reduce Costs At Scale

By leveraging your balance sheet you could restructure your present insurance program to incorporate some “risk-sharing” through higher retentions than by purchasing a “first-dollar plan. In a “first-dollar plan” the insurance carrier funds the loss from the “first dollar”. Any smart CFO worth their salt knows that any insurance coverage accessed for claims is essentially a credit line in reverse, except the interest rate on that credit line is crazy-expensive.

By increasing your retentions you score a lot of runs with one swing of the bat, pardon the baseball analogy. It’s called a grand slam. As your retentions increase the insurance marketplace looks at you entirely different than simply a purchaser of insurance products. You become a “Risk Partner” with them. This is important because the smart insurance carriers know that when you the end-user has “skin in the game” you generate significantly more underwriting profits than those that simply purchase first-dollar insurance plans. For this risk partner relationship, they give you significant discounts off the total premium for your risk sharing. A first dollar or low deductible insurance plan can never discount their rates low enough to get to the risk-sharing discounts.

Retaining Your Risk

Secondly, you purchase less coverage; the same limits,  because you’re retaining some of the risks through deductibles or retentions.   How you structure that retention matters. That’s another article. You can check out our quick piece on The Difference Between a High Deductible v.s. Self Insured Retention Since you are purchasing less your costs drop far more than just fighting for a lower rate. By taking higher retentions you can lower your costs by magnitude over just getting a lower rate.

Lastly, you can get access to a whole other section of the commercial insurance marketplace that caters to “Alternative Risk Financing” than you would otherwise have access to. You would never see a quote from this marketplace at the lower retention limits because that is not their appetite. They want larger, middle-market companies that want to be risk-sharing partners and not just insurance product providers.

Once you get a taste of what this looks like and how it can benefit you, then you will be tugging at our shirttails for a CAPTIVE STRATEGY.

So if you have been swimming at the same watering hole for years, with the same broker, and the same insurance carriers quoting you every 3 years we suggest you seek a whole new oasis. Call a Risk Advisor today, with 5 simple questions we can test whether this is an option for you.

 

Captive, Line of Insurance, Practice Groups, Risk Financing, Risk Management, Risk Transfer

What Is The Cost To Run A Captive Insurance Program?

How much does it cost to start and run a captive insurance company? It’s the most frequent upfront question we get from organizations that are looking at starting their own captive insurance company for their organization. The short answer is zero, but when we tell business this they’re left in shock.  After we walk them through the process of how we got zero as the price, it makes perfect sense.

Let’s start at the end and work back; reverse engineer this. First off it’s an investment that yields an ROI, not an expense like your current insurance program. A well-run captive generates has gross savings of at least 30% off your current insurance program on average; irrespective of what structure you’re coming from; unless of course, it’s another captive. That’s because the captive shares in the underwriting profits would typically go 100% to your insurance carrier. Curious about Captives? If you want a better understanding of what a Captive is, and how it could fit in your organization CLICK HERE to download our free ebook.  

Further, the risk-sharing mechanism is designed to reduced your upfront premium outlay. Your betting on yourself that your losses will be less than your premium & admin costs. In a well-designed, well-run Captive the results are undeniable. You can only generate & retain these profits, with tax efficiency, in a captive structure. Thus if you back out the cost to run and administer the captive from the profits you generate the cost is ZERO! Someone smart told me years ago that you have to spend money to make money.

In order to consider a captive structure you need these three (3) attributes :

  • Size & Scale: You need to be spending in excess of $500k in your property & casualty insurance program. You can include employee benefits here too if you wish. Many captives are set up to fund employee health expenses to save on their health & benefits insurance premium. The closer you get to $1 mill in total insurance spend, the better this solution looks. As the numbers you expense in your insurance program increase there is a direct correlation by % to your end benefit.
  • Free Cash Flow: In finance terms, you need to have strong financials and good free cash flow. The captive will plug into this “resource” and amp it exponentially for your company by keeping that free cash flow tax free instead of it having the direct profits spill down into the partners’ individual tax return.
  • Underwriting Profits: Too often when we interview companies and CFO’s about a Captive Alternative their main driver is looking for a cheaper insurance quote. They think that by forming a captive they can out run their claims problems and high insurance premiums. This is a fools’ errand. The last thing you want to do is switch places with the insurance carriers if THEY aren’t making money on your account.

Our demarcation line is a minimum of 35% undeveloped loss pic; which is a ratio between incurred claims & premiums paid. If your loss pic is just over that 35% threshold we should have a discussion. If your over 50%, you need to solve your claims problems first before you can consider a captive solution as a potential option.

Breaking Down the Cost of a Captive

You can’t simply compare the “cost” of a captive to the “cost of your current insurance program”, especially in a 1-year snapshot. The correct way to evaluate whether a captive solution is right for your organization purely from a numbers standpoint is a (5) year window. The data set is larger and more representative of your management team. It’s less “noisy” from a numbers standpoint, enabling you to see the big picture.

Further to simply look at this purely in terms of financial implications we suggest is short-sighted as well. This a long-term strategic play. Captives have major strategic advantages as you compete for business on the street than simply buying and expensing insurance year over year.

In our view, Captives are an investment that yields a consistent, measurable ROI, not a cost or expense. It’s an investment in YOU, for YOU! If you want to be at the vanguard and stay 3 steps ahead of your competition we suggest you open up a dialogue of what this solution could look like for you. CLICK HERE to have a 10-minute discussion with one of our Risk Advisors.

Claims Management, Commercial Auto, Construction Practice Group Content, Food & Beverage Practice Group Content, General Liability Insurance, Human Services Practice Group Content, Interview, Other, Risk Management, Transportation Practice Group Content, Workers Compensation Insurance, Workers Compensation Premium Audits

A Fireside Chat with A Claims Adjuster

Our Claims Advocacy Team got to sit down with a workers’ compensation claims professional who specializes in high exposure claims. They discussed a high exposure claim that wasn’t reported timely to the carrier after the incident occurred.  

 

Please Note: This article has been edited for clarification and to protect the identities of those involved in the interview.

 

We’ve decided to call this interview a “Fireside Chat with a Claims Professional”, please tell me, are you actually in front of a lit fire or a fireplace or at least a match? 

Yeah, I have a nice scented candle lit, some nice ambiance for the room. 

What is your current role in the claims process? 

I oversee about 500 files, not directly managing the day to day activities and tasks to move a claim forward, but looking at it from a strategic standpoint, whether it be return-to-work, a settlement, or the resolution of some litigated matters.  I also assist clients in resolving their existing claims files.

Can you describe what a heavy litigated file/high exposure claim is?

Yeah, high exposure is really like your catastrophic claims. For example, someone who might be a paraplegic, quadriplegic, someone that suffers from a traumatic brain injury, or spinal cord injury. Those are leaning towards your high exposure. 

Heavy litigated are files that are going to essentially set a precedent in future case law and how it can impact lawyers and insurers in the future. 

Is the insured involved in the process at all? Or by the time that the issue reaches your hands is it completely out of the insured hands? 

I feel like most of the time the employers (named insured) are aware that I’m working on their files as a resource. Oftentimes I can be involved in the claims review process to help bridge some of the gaps that may be present, with the knowledge to move that file forward. 

 

However, It depends on the account and the type of policy that’s written because they (the insured) may be hands-off. They may have paid their deductible and then the claim is no longer the named insured’s problem. So they leave the claim up to the carrier going forward. 

 

You mentioned once their deductible is paid they often have a hand-off approach because it is no longer ‘their money’. Does the claim, the amount paid on the claim, and the amount paid from the deductible have an effect on their insurance? 

 

It has an impact on their rating. It affects their E-Mod (Experience Modification factor rating). What this means is when the insured goes out into the market place the following year when they are up for renewal,  that claim may show up. the incurred (paid + reserve) impacts their ability to be written for new insurance and essentially tells them what premium they’ll be paying.

 

From what you just told me, it doesn’t make sense for the insured to take a hands-off approach? Does that sound fair? 

 

I certainly think that they (the insured) should be involved because this directly affects and impacts their future with Mod ratings and what they’re going to pay for in the future. But many people still take the backseat approach. 

 

Though this often depends on the level of comfort they have with their carrier. So while I say it’s a backseat approach. It may seem a little hands-off because they feel confident in their carriers’ ability and what we put forth.  They know that we’re going to mitigate their losses as much as possible to bring it to a resolution. 

 

That’s a great point. I imagine this is true with a long-standing client, a company who’s been insured with you for a long time, they know the team and have the same players handling their claims, and they can kind of step back because they know that your team has their best interest at heart.

 

Seasonal/Winter Claims

 

So you’ve seen it all, as you’ve climbed the ranks in insurance and the claims world. Is there one type of claim you encounter where you just roll your eyes when it comes because it is the most common type of claim? This could be a winter claim, an industry-specific claim. 

 

I call them your classic injuries. The two most common ones that are seasonally driven are your slip and falls. They are the most common denominator in terms of what you see for December, January, February March claim volumes that come in. Slip and Fall will rank really high for what we see. 

 

Aside from that, lifting injuries are common as well. 

 

Are these injuries specific to a particular industry?  Do you only oversee construction, real estate, healthcare or are these claims kind of general and not industry-specific? 

 

I think claims like these are industry-specific. Your transportation carriers/delivery services, you typically see slip and falls from the parking lots or while they’re making a delivery to someones’ home. The same goes for lifting injury, that’s primarily where you see those.

 

 Construction is a fall from heights, that’s typically the most common one.  

 

Then the healthcare we see lifting injuries because your home health aides, they’re typically assisting with a client/patient, having to maybe get them up out of bed. Some of those patients are unable to help themselves get up, and typically these employees have to just lift 150 pounds to 200 pounds by themselves with no assistive device to help them do that. We see a lot of lifting and back injuries & neck injuries from that.

 

It sounds like our essential workforce, especially during COVID times are the ones getting injured the most.

Yes. I can agree with that. 

Most Expensive Claim That You Personally Have Seen 

 

What is the most expensive claim you’ve seen? For clarification when I say the most expensive claim it can be a specific body part that is a high dollar amount.

It depends on how high you’re looking to go. I’ve seen some claims that are multi-million dollars.

 

What was that? A multimillion-dollar claim? What was that Injury? 

 

Without disclosing too much detail, one employee rode in the back of a pickup truck of another employee, as they departed the employer’s location and a severe injury was sustained. It’s a multimillion-dollar claim because this employee needs 24/7 care and will need to live in a facility probably for the rest of their life. 

 

That’s tragic and I don’t think many insureds think about claims on that level. Maybe large corporations, like the transportation organizations we discussed earlier (UPS, FedEx, DHL.) Those companies have a large workforce at a national level, so maybe they’re more familiar with those. But smaller commercial clients, don’t see or even think that this could even happen, and now they’re looking at a multimillion-dollar loss that they didn’t budget for when running their business. 

 

Absolutely, and when we start to look at what happened and gather the facts around the event we start to ask questions like “What is your policy about having employees on site after work?” and if there is any surveillance footage of the location and what was actually happening. 

Having that information and the punch cards to show when they came in and when exactly they left.  in a lot of states, there are a number of “coming and going” rules that would either support the acceptance of or denial of that accident/injury, being considered within the course and scope of employment.

 

This ties into my next question, from your side of things I’m sure it’s frustrating when these claims, and you see that more could have been done from the insured standpoint. How can the client help in the claims process so it doesn’t get to your level? At least so they do everything they possibly can to help your team out, to help the adjuster out before it gets to you and it becomes a multimillion-dollar claim.

 

What we see very often, and in the example, we just talked about this claim wasn’t reported to us until several months after the accident happened.

 

Wow. 

 

It is so important to get it to us, even if they are not sure if it would be covered under Workers’ Comp. Oftentimes they (the insured) might think it’s covered under liability or if it’s a motor vehicle accident they strictly put it in as an auto claim. 

 

My advice would be to file that incident report, that first report of injury as soon as the incident happens. Let the carrier investigate it and be sure to really partner with the carrier to ensure that you’re getting them the information that they’re requesting. Preserving any evidence is crucial as well. 

 

So if you have surveillance footage be sure to take that and send it over right away. Witness statements are critical.  When you speak to someone right after an event happens the event is going to be right fresh in their head.  As opposed to trying to track someone down a few months from now, or even a week from now, their recollection of the event might vary. These witnesses might have also spoken to other employees about things being said around the workplace and you risk getting a skewed version of what actually occurred. 

 

Even include the profile for the employee: what’s going on? Oftentimes you’ll see they’ve run out of vacation time and now they’ve filed this claim. Then, we learn from other employees that this person was just taking a vacation. So all that information about what’s going on in this employee’s life and other things they’re aware of like disability claims that were previously filed for this employee in conjunction with just responding to the investigation as soon as it happens is pivotal.

 

I gather that a lot of times in an instance where this doesn’t happen, the insured is afraid of the repercussions and the carrier is going to penalize them. However, you don’t get penalized for doing the right thing, which is if you know something happened, report it. This way the carrier can work with you and guide you and do the investigation early on instead of 4 months out. 

 

So circling back to the example you gave us. What happened in the time it took for that event to hit your desk? 

 

In this situation, it was a case of “Everything that can go wrong, did go wrong.” The insured originally never put it through to workers’ comp. Why? 1. They were trying to pay for anything out of pocket to avoid having the claim show up on their claim history. Secondly, they heard this employee had passed away. The employer didn’t realize that the employee had survived the accident. 

 

Once we finally did receive the claim, the employees that participated in the internal investigation before it reached the carrier were no longer available for comment. 

 

This sounds interesting.

 

I’m not sure if that answered your question, but I’m not sure if this approach helped anybody because the state where this incident occurred is a state that requires you to get prior authorizations, and the employee already incurred several million dollars worth of care before this claim even reached us. There was no direction and we couldn’t negotiate the rates with the home healthcare. At this point, we’re trying to go backwards to try to project what could occur in the future. 

 

What a mess. 

 

This approach doesn’t work well from the financial standpoint either because it doesn’t help the injured worker and then the carrier is trying to quickly piece together to make a decision before the state’s deadline for when you have to file a decision. There is a lot of scrambling. 

 

This sounds so stressful. The insured may be able to self-pay but those accidents need to be very minor. Even if the insured does self-pay there are still forms that need to be filled out and the insured is required to keep them on hand but it sounds like in this instance it was a major accident, to begin with. 

 

Thank you so much for sharing. This touches on what a lot of clients are asking and are worried about. At the end of the day, they all want the best insurance rates and the best insurance coverage, but the only way to achieve that is cooperation and reporting things timely when an employee is injured. 

 

It sounds like in this instance the insured didn’t try to reach out to the injured employee because they didn’t know if he was still alive.

 

There was no contact made. In fact, it was asked for us to not contact the family until we (the carrier) had the full scope of what was going on because at that point we didn’t want to contact the family and give them unrealistic expectations of what would be covered.  The insured definitely learned a lesson on what not to do next time. 

 

Something as simple as reaching out to the employee who was injured, or reaching out to the family if you can’t get the employee,  and they’re not showing up to work is a big step and a huge help to the claims team and to the employer as well. They should know where their employees are. 

 

I find it very important for the employer to be engaged in this process. Whether they are a short-term or a long-term employee. Following up and showing that area of concern, asking them when they might return to work. It makes that employee feel valued. It could also result in a quicker return to work.

 

A great point you’ve touched on. 

 

The employer/employee relationship  

 

I ran into an issue where I was trying to encourage one of my clients to reach out to an employee that had gone MIA for a little bit. Their response was they didn’t want to because they were afraid that the employee would consider it harassment and the employer’s view was “this employee is out on workers’ comp. We have no right to speak to them.”

 

I think a lot of insureds feel this way:  once the employee is out on workers’ comp they’re not allowed to speak to the employee. But, what you’re telling me is this is not truly the case. 

 

To my knowledge, there is no employment law that prevents the employer from checking in on their employees. Disability does that to check in with their employees to check-in and see how they’re progressing and how they’re healing. The employer may not be able to ask directly “When are you returning to work” but they can ask how they’re progressing. 

 

Depending upon the relationship between the employer and the employee, the employee may be forthcoming with more information. 

 

A lot of times these folks are just home and don’t have many other people to talk with. A lot of them are isolated, working-class individuals. So their family, friends, and everyone else is at work, so they’re longing for social interaction. The employer reaching out shows the employee that they’re concerned about their wellbeing and the employee can be eager to come back.

 

It sounds like this is just the kind thing to do. 

I don’t know of any law that stops someone from doing that so we encourage reaching out to the employee. 

I wasn’t meaning this from any legal standpoint. I just meant a lot of employers are like “Well they’re out on workers’ comp. We’re not talking to them”. They’re still your employees.

Especially when some of these employees have been with the company for 15+ years. How do you let this accident happen and not show empathy or concern for how the employee is doing? I think from the carrier side of this we’re in situations where we can’t have direct contact with the employee because they’re attorney represented. Therefore the employer is our outlet to keep us updated.

 

Oftentimes they (injured workers) go to a doctor’s appointment and they give their employer a call with an update: “I just went to my  Dr.’s appointment and I’m going to be out for another 4 weeks. I need to go to physical therapy and then go back to the Dr.’s.” 

 

As a carrier, it takes us a longer route to get this information because we have to call the provider to get information, and sometimes it takes two weeks plus to get the office notes, depending on how long it takes the physician’s office to have their notes dictated. 

 

It’s often helpful to the carrier if the employer maintains that relationship with the employee. It can help get that person back to work sooner, which benefits the claim. 

 

You’re detailing a really important dynamic which we try to communicate to our clients, and it’s nice to hear the same from you, another claims expert. It’s a group effort and the insured is a key player in how these claims can end up. It starts with keeping in contact. Once the adjuster loses contact with the claimant due to attorney representation it sounds like the employer is the key person to maintain that contact and relay important information to you guys. 

 

I think that this is something a lot of people often overlook because it’s not common knowledge.

 

Exactly what I was saying. 

 

This has given us a lot to think about, to share with our clients. Is there anything else that I didn’t touch on that you were hoping to talk about? Any inside scoops.

 

You know, I gave an example of a catastrophic claim and there are other claims out there. What I think is always a challenge for employers is the accident description itself. Sometimes that’s where they start scratching their head. The employer starts asking themselves “Do I report this? Do I not report this? Should I be taking a hands-on approach? Do I let the claims team just handle it?”

 

The employer may not want to reach out during the investigation period, because the employee may start asking questions that they don’t have the answers to. 

 

Right. 

 

I’ve seen all sorts of things, and the issue is that there are various grey areas in claims that can affect whether or not the claim will be accepted by the carrier. 

 

You mentioned some of the more common areas of claims and can some of those be prevented? 100% Yes, but some will inevitably happen. The other side of this is the quicker we can get these resolved, and the greater involvement we can have earlier on, the more likely we will help the injured employee return to work sooner. The more we can do to prevent these accidents from occurring, the safer the staff is and the better things can be. 

 

Risk Management 101. Preach! Thank you so much for your time. Our fireside, Vanity Fair-esque interview. This was a lot of fun! I may be reaching back out to you for a summer edition of this!  

 

Claims management is an integral part of your insurance purchasing process. If you have any questions or need help with claims management within your organization contact one of our Metropolitan Risk Risk Advisors for information on our available programs. 

Claims Management, Construction Practice Group Content, Line of Insurance, Risk Management, Workers Compensation Insurance

Protecting Your Workforce From Winter Related Illness

Winter weather creates new challenges for employers trying to protect their employees from work-related accidents. Snow and Ice. How are you protecting your employees from potential slip and fall incidents related to snow and ice? According to OSHA, 20% of all workplace injuries are due to trips, slips, and falls. 

Types Of Cold Related Illness

Every year, around 1,330 people die of exposure to the cold. These deaths are preventable with the proper clothing. The four types of Cold related illnesses are hypothermia, frostbite, chilblains, and trench foot.

Hypothermia

When your body is exposed to cold temperatures, the body begins to lose heat faster than it can be produced. Prolonged exposure will eventually use up the body’s stored energy.

Signs of Hypothermia:

Early Symptoms

  • Shivering
  • Fatigue
  • Loss of coordination
  • Confusion and disorientation

Late Symptoms

  • No shivering
  • Blue skin
  • Dilated pupils
  • Slowed pulse and breathing
  • Loss of consciousness

First Aid for Hypothermia

  1. Move employee to a warm room or shelter
  2. Remove their wet clothing
  3. Warm the center of their body first-chest, neck, head, and groin-using an electric blanket, if available; or use skin-to-skin contact under loose, dry layers of blankets, clothing, towels, or sheets.
  4. Warm beverages may help, but do not give alcoholic beverages. Do not try to give beverages to an unconscious person
  5. After their body temperature has increased, keep victim dry and wrapped in a blanket
  6. If the victim is unresponsive begin CPR

 

Frost Bite 

Frostbite is caused by freezing. It causes loss of feeling and color in the affected areas. Frostbite most commonly affects the nose, ears, cheeks, chin, fingers, and toes. It can cause permanent damages to body tissue and severe cases can lead to amputation. 

 

Symptoms:

  • Reduced blood flow to hands and feet (fingers or toes can freeze)
  • Numbness
  • Tingling or stinging
  • Aching
  • Bluish or pale, waxy skin

First Aid

  • Get into a warm room as soon as possible.
  • Unless absolutely necessary, do not walk on frostbitten feet or toes-this increases the damage.
  • Immerse the affected area in warm-not hot-water (the temperature should be comfortable to the touch for unaffected parts of the body).
  • Warm the affected area using body heat; for example, the heat of an armpit can be used to warm frostbitten fingers.
  • Do not rub or massage the frostbitten area; doing so may cause more damage.
  • Do not use a heating pad, heat lamp, or the heat of a stove, fireplace, or radiator for warming. Affected areas are numb and can be easily burned.

Chilblains

 Chilblains are the inflammation of blood vessels in the skin in response to repeated exposure to cold but not freezing air. 

Symptoms

  • Small, itchy red areas on your skin, often on your feet or hands
  • Possible blistering or skin ulcers
  • Swelling of your skin
  • Burning sensation on your skin
  • Changes in skin color from red to dark blue, accompanied by pain

First Aid

  • Keep hands and feet warm and dry
  • Wear gloves & socks
  • Change damp gloves and socks when needed
  • Move affected person inside

Cold related illnesses aren’t the only hazard that an organization faces with winter. Slip and fall injuries are more prevalent in the winter as well.

Cyber Liability Insurance, Risk Management

Data Privacy Day

What is Data Privacy Day and why it’s important to your organization?

Data Privacy Day is January 28th. First, It honored the signing of convention 108 in 1981, next, it was the first permanent international treaty that is in control of the users’ personal data, then, Data privacy day occurs every year after the signing; the National Cyber Security Alliance (NCSA) pushes individuals and businesses to take part.

The National Cyber Security Alliance encourages individuals to take action and  “Own Your Privacy” by learning how to protect their important data online. Businesses are also encouraged to respect an individual’s privacy and also holding organizations responsible for keeping an individual’s information safe & ensuring fair data processing.

Businesses encouraged to “Respect Privacy”

Individual Data Privacy

Individuals are starting to feel like they are no longer in control of their own personal data.  They can learn about what kind of data they create online. For instance, how the data is being collected, shared, used and stored on the web.

Your personal data is valuable. Do you know what information you’re sharing with businesses? Sale history, IP address, your location; hence, these are a tremendous value to businesses. Make smart choices when sharing data with businesses that ask for personal data.

Keep track of what Apps are asking for access to your information. Apps ask for access when it comes to location, contact lists, photo album or connect to other apps. In other words, Be thoughtful on which apps ask for permission to personal data, when it is not required for some to do so with the services they offer. Many Apps, will ask for permission to data they don’t need for you to use their services

Manage Your Privacy Settings Across All Platforms. Check the privacy & security settings on the web and all apps. Afterward, set the privacy settings to your comfort level on how much you want to share & what.

Business Data Privacy

Businesses have to respect consumers’ privacy because it is a smart tactic for gaining trust and enhancing reputation/growth in the business. Here are some tips on respecting privacy as a business.

Protect the data you collect. An intentional/unintentional release of confidential information to an untrustworthy source leads to financial loss, a decrease in customer trust, and a loss in reputation. Make sure the private data that is being collected, is processed in a fair manner and is only to be collected for appropriate purposes.

Conduct a Cyber Risk assessment. Understand which privacy rules apply to your business and educate your employees to protect your personal information. At Metropolitan Risk we offer a comprehensive cyber risk assessment to help your organization create a strong cybersecurity plan

Maintain Data Transparency. Be open & honest on how you collect, share, and use private information from consumers’.  For instance, make sure to let your audience know that you take the proper steps in accomplishing & maintaining privacy.

Sustain oversight of what data your partners & vendors are using and how they manage it. If another partner provides services on behalf of your organization, you are also responsible for how these vendors/partners collect & use your customers’ personal data.

If you would like more information on how to keep your personal data safe and secure, contact one of our Risk Advisors today or call 914-357-8444.

 

Cyber Liability Insurance

Risk of a Common Password and Ways to Avoid it (Infographic Inside)

Using a common password leaves your organization at risk for cybercriminals to attack your account. Let’s add password protection as a major component in your organization’s cybersecurity plan.  The risk of a common password is tremendous, and you should avoid having one at all costs.


Did you know:

  • 4.7% of users have the password password;
  • 8.5% use as their password : password or 123456;
  • 9.8% use as their password : password, 123456 or 12345678;
  • 14% have a password from the top 10 passwords used.
  • 40% have a password from the top 100 passwords used.
  • 79% have a password from the top 500 passwords used.
  • 91% have a password from the top 1000 passwords used.

 

What does this tell you? Think twice before you make “abcdef” your next password. According to a study from SecurityCoverage Inc., if a password contains just six lowercase letters, especially if it’s a common word or combination, a cyber-thief can figure it out in 10 minutes!

However making a six-character password that has numbers AND symbols boosts complexity enough that a skilled hacker would need 16 days to break it, the study found. A task that is most likely not worth doing for that hacker.

Some sites now require a password with at least 1 uppercase letter, one number. and maybe a symbol as well. This is a step in the right direction even if it makes remembering your password just a little tougher. A simple and easy to remember example of this would be “Money17$.”

The real security of course comes from those dreaded passwords that are generated for you. They contain a longer password, of at least 8 characters, with a random order of letters, numbers, and symbols. These are nearly impossible to remember. However, an eight-character password with random letters, numbers, and symbols will take 463 years to break according to the same study. Nine random characters will take a whopping 44,530 years.

“People are careless because they don’t understand the threat said Ed Barrett, VP of marketing for SecurityCoverage.” LinkedIn was compromised in June and had 6.5 million passwords leaked. Yahoo had 6 million passwords stolen as well.

Another important consideration, don’t use the “show typing function” as you type your passwords. Many hackers don’t bother hacking at all but rather infect your employees’ computers with a virus that shows their keystrokes, thus the passwords.

The fact is you can either use strong complex passwords and have trouble remembering them or use simple, weak passwords and suffer from the risk of being hacked. We are not recommending a password of “nif$g*u3ng64dsf7” like a security expert would love as we understand the frustrations and hassle of remembering 20 passwords. We are advising that the next time you make a new password, especially for an important account, that you add some complexity to it. Go back to your most important accounts, like your bank account, and add a few numbers. It will greatly help in reducing your risk.

For a FREE comprehensive Cybersecurity evaluation, CLICK HERE.

Cyber Liability Insurance, Loss Control, Risk Management

Capital One Data Breach: Assessment and Prevention

 Last year, after the Capital One Data breach, Capital One agreed to terms with US regulators to pay $80 million dollars in fines because of a data breach. The hacker accessed approximately 100 million credit card applications. Maintaining online security for a small or midsized business can be a hassle. There is a lot that goes into maintaining good security practices, and the truth is, it’s hard to keep up with all the new rules and regulations. The last thing you need while trying to grow your business is for someone to somehow steal your information. In the case of someone hacking into your business, YOU are responsible for the lost data.
The fines are to address the lack of security that allows a breach of this scale to happen. Also to address the issue of the bank not solving the problem on time. This gives the opportunity to steal and distribute credit card information, social security numbers, and the potential for large scale identity theft. Capital One claims to have tightened up its online security system. According to the OCC, the bank will take additional steps to show its computer system has bettered its security.

So what do I do as a business owner to protect myself from a data breach?

Purchase cyber liability insurance. If there is one thing that I have learned from my time working at a risk management firm, it’s that it’s better to be safe than sorry. US regulators have the ability to fine your business into the dirt after a single breach. It is a huge money saver in the long run to buy cyber liability insurance. One of the primary costs of data breaches is notifying affected users of a hacked online resource. The cost of maintaining a data breach notification system can be very high. It has only increased and only will increase since the escalation of hacking in recent years. Without cyber liability insurance, a company is liable for all of the costs associated with creating and maintaining a breach alert system.

 
Hacking is only becoming more prevalent in our society. Soon, cyber liability insurance will become a necessity, and most likely more expensive. Before we know it, all businesses carrying different varieties of data will be required to purchase cyber liability insurance. Don’t end up like Capital One, paying millions of dollars in fines because you skimped on your security system to “save money.” In the long run, the best way to protect your business and save money is to do right by your customers.
If you still have questions, you can contact a risk advisor today at 914-357-8444. Or, you can visit our website here.

 

Cyber Liability Insurance, Line of Insurance

12 Requirements For PCI-DSS Compliance

Online transactions have become commonplace for many companies across all lines of industry. With the rapid growth in acceptance of online payments, many companies underestimate or are not even aware of requirements to maintain Payment Card Information (PCI) Data Security Standard (DSS) compliance.

 

What is PCI-DSS?

 
Payment Card Information (PCI) Data Security Standard (DSS) is a security standard developed and maintained by the PCI Council. The PCI Security Standards Council (PCI SSC) is a global forum. Payment industry stakeholders develop and drive the adoption of data security standards and resources for safe payments worldwide. The primary purpose of PCI-DSS is the assist in securing the payment card network.

 
Photo courtesy of pcisecuritystandards.org
 
Having one’s own data stored is a necessity, but risky. Having third party data stored brings on a whole new aspect of risk which requires its own assessment and treatment. Data breaches are a regular occurrence to which we have become desensitized. Recognizing this, the need for PCI compliance has never been more paramount.

What are the 12 requirements of PCI DSS?

 
We know, hearing there are 12 requirements sounds daunting. First, dive into the list and you will find the company is complying with some of these without knowing it. Additionally, the tips below can serve as a starting point for a self-assessment.
 
 
  • Install and maintain a firewall configuration to protect cardholder data
 
  • Configure unique passwords and settings. Do not use vendor-supplied defaults for system passwords and other security parameters
 
  • Protect stored cardholder data
 
  • Encrypt transmission of cardholder data across open, public networks 
 
  • Use of anti-virus software or programs
 
  • Develop and maintain secure systems and applications
 
  • Restrict access to cardholder data by business need to know
 
  • Assign a unique ID to each person with computer access
 
  • Restrict physical access to cardholder data
 
  • Track all access to network resources and cardholder data
 
  • Test security systems and processes. Conduct vulnerability scans and penetration tests
 
  • Maintain a policy that addresses information security for all personnel. Constant documentation and risk assessment are a must!
 

What if Our Organization is Non-Compliant?

 
If your organization is in non-compliance with the PCI-DSS standards, you could be looking for trouble. Non-Compliance will be directed by your Payment Card Agreement (PCA) in force with the credit card company. Additionally, non-Compliance can result in penalties. Fines are imposed ranging from $5,000 to $100,000 per month by the Credit Card companies.
Next Steps
 
Meeting these requirements ensures your compliance. And also protects the company and its client base. Separate yourself from the competition. Give your clients peace of mind with the ability to stand behind PCI Compliant Practices. Contact one of our Risk Advisors to begin taking steps towards PCI DSS compliance and peace of mind.