GT Insurance Blog

Insurance problems and cures

Archive for the ‘Risk Management’ Category

Business Continuity – Disaster vs. Recovery

leave a comment »

25% of businesses do not reopen after a major loss.

48% of businesses do not even pretend to have a business continuity plan.*

But 95% think they are prepared.*

Is your plan only keeping your insurance policy somewhere safe?  (Which is not the worst start in the world, but it’s grossly inadequate.)

Do you have tasks for each employee after a disaster?  (Did they actually agree to them?)

What would actually be a disaster for your company?  (Flood, hurricane, fire, data breach, lawsuit, death of an owner?)

Yes, sometimes  it seems like the Four Horsemen of the Apocalypse, but these things really do happen.

There are many small businesses which would suffer less from a flood than from a cyber breach;  doctors, lawyers, insurance agents, consultants, architects come to mind.

There are many small businesses which would suffer less from a hurricane than they would from the death of an owner without a succession plan, or adequate life insurance.

Spend a few hours once a year to prepare a continuity plan; surviving a disaster will be much more pleasant if you do.  Then talk to your insurance advisor so you know if you have money to help you recover.

*Travelers Insurance survey result

GBW Insurance/AssuredPartners 855-467-2877, extension 677

Some Simple Steps to Increase Cyber Security

leave a comment »

Cyber liability and data breach are becoming bigger issues for all business owners.  You see the headlines for large business, but small and mid-size businesses are hit all the time.  Here are a few simple improvements you can make quickly to improve your defenses.

1) One of the first key and easy things to do is to make sure your passwords are all long, use several kinds of characters (there are around 95 characters on a keyboard, not just 26) and don’t have company or employee names in a password.

(26 possible characters in a 4 character password is less than half a million possibilities and can be cracked faster than you can type it.  If you only count 50 possible characters for each place in a 10 character password, you have about 97,650,000,000,000,000 possibilities and should slow the bad guys down.  That leaves you with malware and employee caused data breaches to worry about, but it’s a start.)

Don’t let employees tape their passwords to their monitors.  We see this all the time in client’s offices.  And some owners keep their passwords written and “hidden” in the uppermost left-hand drawer of their desk.

How many passwords does it take to get to your data?  One of our clients has a start-up password on each computer.  Then they have a cloud service for their operating systems, so each employee needs a second password to open that.  And there is a third password to open client data at the cloud center.

Note that sensitive data is not stored on the computers in that Computer_Drill_10-14client’s office.  They’re still vulnerable to some kinds of malware, such as those that capture keystrokes.  But a good firewall, up to date protective software, and restrictions on what employees can do with the company’s computer help.

2) Don’t let employees use the office computers for anything other than work.  And warn them not to click on offers, package tracking, offers from foreign nobles who need help getting their hands on money, or all the other fishing (phishing) attempts that cross their desks.  You’d think nice, honest, dedicated, intelligent employees would know better; remind them anyway.

3) Keep track of who has any access to key information.

4) Have an up to date firewall, an up to date router, and malware prevention software.  The first three practices won’t cost you any money.  These will but they’re worth it.  Lost client info will cost you a lot more than an annual contract with a good IT services provider.  Some will conduct a free network audit to give you an idea of your problems.  http://www.it-radix.com/it-support/ leads you to a company working in Northern New Jersey.  We like their work; we don’t get anything for recommending them.

If you’d like to talk with us about your exposure if you were to have a data breach, please call us at 800-548-2329.  There are cyber liability insurance products available and multiple markets.

Cyber Liability – Is your website infected?

leave a comment »

As though there weren’t enough problems, websites can be compromised, becoming sources of computer virus infection for your clients. Talk with us about #CyberLiability and #DataBreach insurance. 1-800-548-2329.

Google’s survey says there are many more compromised legitimate sites than there are sites designed to spread malware.  Click here for a commentary from our client IT Radix and access to the Google Malware Dashboard.

Once a legitimate site is compromised, all the unpleasant things you’ve heard of start happening: malware recording your entries or your clients’ entries, spreading viruses, and so on.  Your site is likely to be black listed by search engines.  It takes a long time and a lot of work to come back from that.

As soon as IT Radix scared us with this topic, we ran out to their suggested screening site  http://sitecheck.sucuri.net/scanner/ and checked our sites.  Everything was fine, today.  Our site providers keep track of this, but with the damage that we could face, it’s important to keep checking, and to keep our insurance in place.

Limitations on CGL coverage for Pollution

leave a comment »

In a harder market, insurance carriers raise prices. That’s pretty obvious. They also restrict classes of business they write, and tighten underwriting for new and existing clients.

Less obviously, carriers may change coverage. They can do that by changing forms for entire classes. In Personal Insurance that usually requires regulatory approval and a process to notify clients. In Commercial Insurance, failure to properly notify clients will guarantee litigation against the carrier.

But action on a single client can slip by the attention of the client and their broker.  We expect underwriters to try to put in coverage restrictions for clients who have had a number of losses, or a serious loss.  But some underwriters have introduced coverage restrictions in anticipation of losses, after a period in which the coverage has been provided.  If the underwriter does not signal the change, and the broker and client do not catch it, trouble can start for all three.

A note from the International Risk Management Institute (IRMI) made us think about some recent examples of restrictions on pollution liability.

One of our recycling clients was hit with a much more restrictive form for their main location.  The carrier is a solid national company but our client had suffered a number of small property losses (non-pollution) and the the carrier wanted to tighten up its exposure.  After a lot of discussion, we went to another carrier to regain most of the lost coverage, at a slightly higher price.  Not a great outcome, but better than the original renewal offer.

In another case, an individual underwriter at a carrier put on a very restrictive form, without reducing the renewal price, and didn’t tell us or the client.  That we caught because we have been getting more paranoid about coverage.  After some “forthright” discussions, we got the coverage back, though at a higher price.

IRMI uses the example of a large insured where an underwriter introduced an absolute pollution exclusion to the CGL without telling the client or broker.  The insurer removed the exclusion when requested.

Poor execution in imposing coverage restrictions can harm insureds, carriers, and producers.  As in almost any risk management case, restrictions in coverage are a problem; an unexamined risk can be fatal.

If you’d like to talk about coverage restriction problems, give us a call at 1-800-548-2329.

If you’d like to sign up for IRMI’s free newsletter, use the link below.

http://www.irmi.com/newsletters/irmi-update.aspx

Who owns your company’s data? How do you make sure?

leave a comment »

You own your data, but you have to take steps to make sure you can control it, both legally and in the cyber world.

Do your employees use only devices your company owns?
Have they acknowledged that their information on those devices is not private?

If they use their own devices to access your information, have they agreed to let you review any and all information on those devices?
Have they agreed to let you wipe their devices if you find your information on them?

All of this should involve help from your own lawyer.

Even if you get a signed acknowledgement that you can look at their information and look at information on devices they own, you’d better be talking to your own lawyer if you run into a communication between your employee and his or her own attorney.

On the IT front, a good IT provider can help erect barriers to penetration by outsiders, and to theft of data by insiders.

But multiple platforms are complicating IT.  Mobile malware is exploding.  And many small businesses don’t keep current with firewalls and monitoring of data use.

If you’d like to discuss IT issues in more depth, try this link to IT Radix.  And we thank them for putting on the seminar that provoked many of these questions today.

The legal questions in the seminar today were posed by Colin Page, Esq.  Try this link to make contact with his law firm if you have questions on data ownership and employment issues.

Insurance and Employment Law – Outsourcing

leave a comment »

What happens when you outsource jobs?  There are benefits to outsourcing in the right circumstances.  But what problems can come up and what should you do to protect your business?

  1. If the workers are not your employees, they can escape the Workers Compensation system and pursue law suits against you.   If you don’t set it up correctly, you may violate State and Federal labor laws.  See the link below for Colin Page’s blog page laying out a real case of a problem blowing up in the employer’s face.
  2. If you create a 1099 relationship, making someone an “independent contractor”, you have to be very careful to make sure the relationship truly qualifies as an independent.  If you want detailed advice on those rules to observe, on how to stay out of trouble with your State Board of Workers Compensation and Department of Labor, and lawsuits, click on the link below to William Barrett for legal advice.
  3. Employees are generally entitled to Workers Compensation benefits if injured; in New Jersey there are very few exceptions.  Non-employees can sue outside the controlled environment of Workers Compensation.  Make sure you have someone else’s insurance in front of yours; if you have a contract with someone who doesn’t have Workers Compensation, you are probably going to be providing it.
  4. You should follow basic risk management procedures.  If you contract jobs out to another company, get their certificates of insurance for Workers Compensation and General Liability.  Have them name you as an “additional insured” on their policies.  Make sure you have your own Workers Compensation, General Liability, and Employment Practices Liability insurance policies.

For more detail or to kick ideas around, we’ve given you links below to some intelligent lawyers and to our own contact information.

Here’s a link to the Chair of Corporate Law at a large NJ law firm.  Bright lawyer, William Barrett, who has been very solid for us.

Here’s a link to a Colin M. Page & Associates blog with comments on problems with outsourcing work.

Here’s a link to information on Employment Practices Liability Insurance.  GBW Insurance, 3 Gold Mine Road, Flanders, NJ  07836.  1-800-548-2329

Flood Insurance – Hurricane Season Coming Soon

leave a comment »

The National Flood Insurance Program (NFIP) sent us this warning/outlook for flood insurance 2013.   In summary, another tough hurricane season forecast, which means more  flooding.  And flood insurance takes 30 days to get in place.  (Click here for our flood insurance page and quick quote page.)

Hurricane Season Outlook 2013
Experts are calling for an active Atlantic hurricane season, which means it could also be an active flood season. In their annual spring forecast, Colorado State University Meteorologists Philip Klotzbach and William Gray predicted 18 named storms, 9 hurricanes, and 4 additional major hurricanes. They suggest there is a 96 percent chance a storm will hit the United States.
Hurricane season is the optimal time to speak to new and existing customers about flood insurance. The prospect of potentially damaging storms provides context for the flood talk, as it reminds consumers that flood risk is real. Homeowners still remember Hurricane Irene’s impact in 2011 and the destruction from Sandy last October. While flood risk is top of mind, you have an opportunity to target existing customers without a flood insurance policy and teach them how flood insurance can help them recover from a flood. For clients in a Non-Special Flood Hazard Area (NSFHA) who are within the “one mile buffer zone,” explain that floods don’t stop at a line on a map.
Show clients and prospects who don’t have flood insurance how they might be affected by hurricane season. Use the Flood Risk Scenarios tool to illustrate how tropical storms and heavy rains can cause flooding. Remind them that if it can rain, it can flood. It’s also important to let your clients know that most homeowners insurance policies do not cover floods; instead, only flood insurance provides the financial protection property owners need.
Help your clients protect their assets by encouraging them to obtain flood insurance today. There’s a 30-day waiting period before a flood policy takes effect, so don’t delay in communicating this important message.