Tag Archives: Technology risk

Oct 19 2013
2 Comments
Personal Risk Management

Communication & Technology Preparedness

According to The American Red Cross, the Internet—including online news sites and social media platforms—is the third-most popular way for Americans to gather emergency information and let their loved ones know they are safe. Through the use of everyday technology, individuals, families, responders and organizations can successfully prepare for, adapt to and recover from disruptions brought on by emergencies and/or disasters. With effective planning, it is possible to take advantage of technology before, during and after a crisis to communicate with loved ones and manage your financial affairs.

Stay Connected

Keep your contacts updated across all of your channels, including phone, email and social media. This will make it easy to reach out to the right people quickly to get information and supply updates. Consider creating a group list of your top contacts.

  • Learn how to send updates via text and Internet from your mobile phone to your contacts and social channels in case voice communications are not available. Text messages and the Internet often work during a phone service disruption.
  • Keep extra batteries for your phone in a safe place, or purchase a solar-powered or hand crank charger. These chargers are good emergency tools to keep your laptop and other small electronics working in the event of a power outage. If you own a car, purchase a car phone charger so you can charge your phone if you lose power at your home.
  • In your cellphone, program some of your contacts as emergency contacts so that if you are unable to use your phone, emergency personnel can contact those people for you. Let your emergency contacts know that they are programmed into your phone, and inform them of any medical issues or other special needs you may have.
  • If you have a traditional landline (non-broadband or Voice over Internet Protocol) phone, keep at least one non-cordless receiver in your home because it will work even if you lose power.
  • If you are evacuated and have call forwarding on your home phone, forward your home phone number to your cellphone number.
  • If you do not have a cellphone, keep a prepaid phone card to use if needed during or after a disaster.
  • Prepare a family contact sheet. This should include at least one out-of-town contact who may be better able to reach family members in an emergency.
  • Have a battery-powered or hand-cranked radio or television available (with spare batteries).

The following are additional tips for making phone calls and using your smartphone during or after a disaster:

  • Keep all phone calls brief. If you need to use a phone, try to convey only vital information to emergency personnel and/or family.
  • If you are unsuccessful in completing a call using your cellphone, wait ten seconds before redialing to help reduce network congestion.
  • Conserve your cellphone battery by reducing the brightness of your screen, placing your phone in airplane mode and closing apps you are not using that draw power, unless you need to use the phone.
  • If you lose power, you can charge your cellphone in your car. Just be sure your car is in a well-ventilated place (that is, remove it from the garage) and do not go to your car until any danger has passed. You can also listen to your car radio for important news alerts.
  • If you do not have a hands-free device in your car, stop driving or pull over to the side of the road before making a call. Do not text on a cellphone, talk or “tweet” without a hands-free device while driving.
  • Immediately following a disaster, resist using your mobile device to stream videos, download music or videos or play video games, all of which can add to network congestion. Limiting use of these services can help potentially life-saving emergency calls get through to 911.
  • For non-emergency communications, use text messaging, email or social media instead of making voice calls on your cellphone to avoid tying up voice networks. Data-based services like texts and emails are less likely to experience network congestion. You can also use social media to post your status to let family and friends know you are okay. In addition to Facebook and Twitter, you can use resources such as the American Red Cross’s Safe and Well program.

Get Organized

Store your important documents such as personal and financial records in a password-protected area in the Cloud or on a secure flash or jump drive that you can keep readily available. This flash drive can be kept on a key ring so it can be accessed from any computer, anytime, anywhere. Remember important documents, such as:

  • Personal and property insurance
  • Identification such as driver’s license or passport (for family members, as well)
  • Banking information

Don’t forget your pets!

  • Store your pet’s veterinary medical records documents online.
  • Consider an information digital implant.
  • Keep a current photo of your pet in your online kit to aid in identification if you are separated.

Your family may not be together when disaster strikes, so it is important to plan in advance. Create an Emergency Information document or Family Communications plan to record how you will contact one another, how you will get back together and what you will do in different situations.

  • Make sure to share this document with family members, friends and co-workers who will also need to access it in an emergency or crisis.
  • When handling personal and sensitive information, always keep your data private and share it only with those who will need access in case of emergency.

Sign up for direct deposit and electronic banking through your financial institution so you can access your payroll funds and make electronic payments regardless of location.

Emergency Resources

Include these sites in your Emergency Information document to ensure that you can quickly access them from any computer or smartphone.

  • Download the FEMA App to access disaster preparedness tips, build your personal emergency kit and look for open Disaster Recovery Centers along with open shelters (if you’re a disaster survivor). Also, stay informed with the FEMA blog.
  • Local emergency management officials often have notification systems. Opt in to a distribution for your community. To find out if your community offers such services, contact your local office of Emergency Management.
  • Signup to receive a monthly preparedness tip from FEMA’s text messages program.
  • Bookmark important mobile sites:
  • Centers for Disease Control and Prevention: http://m.cdc.gov
  • American Red Cross: www.redcross.org/mobile
  • FEMA/Ready: http://m.fema.gov
  • National Hurricane Center: www.nhc.noaa.gov/mobile

In addition to insuring your home, we are committed to helping you and your loved ones stay safe when disaster strikes. If you would like more information on developing a family emergency plan or building a disaster supply kit, please contact Texas Associates Insurors at 512-328-7676 or http://www.txassoc.com today.

Tagged , , , , , , , , , , , , , , , , , , , , , , , , , ,
Sep 26 2013
1 Comment
Risk Management

Risk Management: Predicting the Unpredictable

Michelle Symonds of TechRepublic UK recently argued that risk management fails to effectively address ‘real’ project risks, which she calls ‘the unknown unknowns.’ In her article, Michelle questions the value of Strategic Risk Management within the business, asking whether risk planning and management really serves a practical purpose, or “is it simply designed to provide a get-out when problems start to occur, or an explanation of why the budget is over-running?”Risk management flow chart on paper

While Michelle makes some compelling points about the attitude of Businesses when it comes to managing Risks – such as her argument that many Businesses often fail to differentiate between some risk factors, instead implementing plans that are ‘little more than a standard template that lists the same risk factors for every project,’ one of the biggest mistakes a company can make in Strategic Risk Management – her argument that Risk Management does not serve a purpose is very much up for debate, particularly in an ever-developing Industrial world that has seen the role of Risk Management within the Business do nothing but grow.

She may be correct in outlining the failure of Standard Risk Management to fully account for unpredictable risks however, if implemented properly a successful Risk Management Strategy will help mitigate the possibility of a loss when the unexpected comes around.

Risk Management: A Definition

Douglas Hubbard, author of the book: “The Failure of Risk Management: Why it’s broke and how to fix it,” defines risk management as “the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events.” When it comes to unpredictable risks, Hubbard’s indication that ‘control’ is one of the key aspects of Risk Management gives us a clear projection of how the ‘unknown unknowns’ should be treated. After all, Risk Management is about managing Risks, not necessarily preventing them. Taking this into consideration, it is inherently possible to control the unknown unknowns as they come, and here are some suggestions on how you can amend your policy to do so.

Stress-tests

Stress-testing is becoming an increasingly popular trend in large Businesses across the US. This involves deliberately setting up a situation that tests employees’ ability to handle the pressure of a risk occurrence, which in this case could be an unpredictable risk like a weather-related risk event. By carrying out stress-testing, you will be able to evaluate your employee response to situations that may occur but cannot be predicted. This will help you address vulnerabilities and ratify your policy accordingly.

Eliminate fear

Fear is one of the most important factors to consider when it comes to assessing risk. While fear can help you keep on your toes, it is important not to let it hinder performance and the overall business process. Fear of the unpredictable will automatically cause a focus on potential negativity, but if you are to shift this focus to a more positive outlook, you can account for the ‘unknown unknowns’ in a manner which lends itself to success.

Unpredicted risk events will occur, often on a daily basis, in different forms and on different scales. However, with continuity in your Risk Management Strategy,  you account for these risks as they come and ultimately protect the long term future of your business.

Risk Management can be a difficult topic to understand. If you need anything cleared up, then speak to one of our experts for free.

Tagged , , , , , , , , , , , , , , , , , , , , , ,
Jul 01 2013
1 Comment
Bond Management, Business Insurance, Employee Benefits, Health Insurance, Risk Management

How Does Risk Management Create Value?

Risk management isn’t just a defensive tactic designed merely to keep something bad from happening. Effective risk management can also be constructive and encourage the creation of something positive. This positivity is a culture of value and self-awareness.

How to create value with risk management

Risk management doesn’t have to be a secondary addition to your business strategy, it can be incorporated into your overall business plan to give you direction and help you make the best decisions.

Balancing risk avoidance activities and responsibilities throughout the company makes it so that everyone is aware of what the risks are and how they are to approach them. Rather than a strategy dictated from up above, risk management becomes more of an open discussion that includes input from multiple areas. Not only is a fully comprehensive view of risk management at work in a company, it’s all-inclusive for management and employees alike.

Risk management allows for risks to become opportunities

Executives and board members are likely to have a much longer list of worries than their average employee would. Especially in the digital information age and with the popularity of social media for example, reputational risk is of real concern to many companies

Managing these types of risks, risks that have many variables, as part of your business strategy allows for large scale projects such as social media monitoring to be broken down into smaller manageable tasks and spread throughout the company. Employees can become more involved in the company’s risk management. It also potentially makes for more effective risk management if employees are encouraged to make suggestions for improvement or development.

Risk management best practice

To best understand how your risk management can bring value to your business, you need to understand how these risks can affect you. Generally they fall into four areas – strategic, operational, financial and compliance. How would your business plan get thrown off? What would loosing the use of a key piece of machinery mean to business? Often times the answers will come from those who would be directly affected by these risks, frontline staff.

Proactively managing these risks not only gives management, but all members of staff piece of mind that risks have been comprehensively assessed.

The value risk management creates can be viewed in many ways. It’s including employees of every level in the protection and management of the company. It’s tying business strategy with risks avoidance and management for efficient planning and strategizing. It’s creating opportunities for everyone to get involved and strengthening the company’s defenses against risk.

If you have risk management questions, click here to ask an expert

Tagged , , , , , , , , , , , , , , , , , , , , ,
Jun 28 2013
1 Comment
Business Insurance, Liability, Risk Management

Protecting Against Online Fraud

While computers have improved the speed and efficiency of how we work, they have also allowed thieves and con artists an easier avenue by which to steal from people and businesses. One of the ways these cyber criminals use computers to steal is through online fraud, one of the fastest-growing crimes today.

Types of Online Fraud

Your company’s intangible assets could be at risk if you or your employees are not mindful of online fraud attempts. Understanding and identifying different types of online fraud could save your company thousands, or even millions of dollars in lost sales, damaged reputation, legal costs, etc.

  • Social engineering is the act of taking advantage of human behavior to commit a crime. Social engineers can gain access to buildings, computer systems and data simply by exploiting the weakest link in a security system—humans. For example, social engineers could steal sensitive documents or place key loggers on employees’ computers at a bank—all while posing as an IT consultant from a well-known company. Social engineers can be tough to spot because they are masters at blending in.
  • Phishing is attempting to acquire information such as usernames, passwords, credit card numbers and other sensitive information by pretending to be a trusted entity in an electronic communication, such as email. One of the more common phishing scams is receiving an email that asks the user to verify his or her account information. A quick check of your email’s Spam folder would likely result in a few examples of phishing.
    • Pagejacking and pharming occurs when a computer user clicks on a link that brings them to an unexpected website. This can happen when a hacker steals part of a real website and uses it in the fake site, causing it to appear on search engines. As a result, users could unknowingly enter personal information or credit card numbers into the fake site, making it easy for a hacker to commit online fraud. Pharming is the name for a hacker’s attack intended to redirect a website’s traffic to a fake site.
    • Vishing is similar to phishing and pharming, except victims of vishing attacks are solicited via telephone or another form of telecommunications. The hacker can easily pose as a representative of a bank or other institution and collect personal information that way.

 

Corporate Identity Theft

It doesn’t matter if you are a Fortune 500 company or a small “ma and pa” shop, cyber thieves are always looking for their next score. It is often assumed that smaller businesses are too small to attract attention from cyber crooks, but according to Verizon Communication’s 2012 Data Breach Investigations Report, 72 percent of the 855 data breaches analyzed were at companies with 100 or fewer employees. No company of any size is completely safe from cyber thieves.

There are many ways a cyber thief can steal a company’s identity in addition to the various types of online fraud listed above:

  • Stealing credit history – A cyber thief could steal and use a company’s credit history for his or her own financial gain, and then use it to set up a dummy corporation, racking up huge debt for the real company.
  • Dumpster diving – All too often, papers with sensitive information are recklessly tossed in the garbage instead of being properly shredded and discarded.
  • Hacking – Having proper security measures in place for your computer system is essential to keep intangible assets safe. Make sure you are using firewalls, routers and other security devices to protect your assets.

 

Prevent Online Fraud

Understanding and being able to identify potential online fraud techniques is the key to keeping your company safe. Use the following tips to protect your intangible assets and ensure protection against a data breach:

  • Never give sensitive information like social security numbers or credit card numbers out over the phone unless you know the person on the other line.
  • Shred all credit reports and other sensitive data before disposal.
  • Educate employees about phishing and pharming scams. Remind them to not click on anything that looks suspicious or seems too good to be true.
  • If your company doesn’t have an IT department, hire an outside company to set up the proper security measures for your computer network.
  • Always monitor credit reports and other financial data for the company. If you see things that don’t belong, investigate.
  • Do not allow employees to write down passwords in the office.
  • Always encrypt sensitive data.

 

If You are a Victim

It is common to have an “it will never happen to us” philosophy when it comes to fraud. Unfortunately, that thinking can lead to lax security measures and carelessness when it comes to protecting intangible assets. If you become a victim of online fraud:

  • Act quickly. Report the fraud immediately to local law enforcement. Notify important suppliers, vendors and partners.
  • Alert your customers. If there is a data breach involving customers’ personal information, activate your plan to alert them. This information could be incredibly harmful to your customers, so alert them as soon as possible.
  • Do an investigation. If you do not have the resources to do an internal investigation, consult a third party. The quicker the breach can be dealt with, the fewer negative effects your company will endure.
  • Take measures to lessen the chance of a future breach. Fortunately, cases of online fraud can be good learning tools for your company. Analyze why the breach happened and take steps to make sure it doesn’t happen again. 

Count on Our Risk Expertise

A data breach as the result of online fraud could cripple your company, costing you thousands or millions of dollars in lost sales and/or damages. Contact Texas Associates Insurors today to learn more about our resources and ensure you have the proper cyber liability coverage to protect against losses from fraud.

Tagged , , , , , , , , , , , , ,
Apr 26 2013
Leave a comment
Business Insurance, Liability

Responding to a Data Breach

No company, big or small, is immune to a data breach. Many small employers falsely believe they can elude the attention of a hacker, yet studies have shown the opposite is true. According to Verizon Communication’s 2012 Data Breach Investigations Report, 72 percent of the 855 data breaches analyzed were at companies with 100 or fewer employees.

Data breach response policies are essential for organizations of any size.  A response policy should outline how your company will respond in the event of a data breach, and lay out an action plan that will be used to investigate potential breaches to mitigate damage should a breach occur.

Defining a Data Breach

A data breach is an incident where Personal Identifying Information (PII) is accessed and/or stolen by an unauthorized individual. Examples of PII include:

  • Social Security numbers
  • Credit card information (credit card numbers – whole or part; credit card expiration dates; cardholder names; cardholder addresses)
  • Tax identification information numbers (Social Security numbers; business identification numbers; employer identification numbers)
    • Biometric records (fingerprints; DNA; or retinal patterns and other measurements of physical characteristics for use in verifying the identity of individuals)
  • Payroll information (paychecks; paystubs)
  • Medical information for any employee or customer (doctor names and claims; insurance claims; prescriptions; any related personal medical information)
  • Other personal information of a customer, employee or contractor (dates of birth; addresses; phone numbers; maiden names; names; customer numbers)

Data breaches can be costly. According to the Ponemon Institute’s Cost of a Data Breach Survey, the average per record cost of a data breach was $194 in 2011; the average organizational cost of a data breach was $5.5 million.

Internal Responsibilities upon Learning of a Breach

A breach or a suspected breach of PII must be immediately investigated. Since all PII is of a highly confidential nature, only personnel necessary for the data breach investigation should be informed of the breach. The following information must be reported to appropriate management personnel:

  • When (date and time) did the breach happen?
  • How did the breach happen?
  • What types of PII were possibly compromised? (Detailed as possible: name; name and social security; name, account and password; etc.)
  • How many customers may be affected?

Once basic information about the breach has been established, management should make a record of events and people involved, as well as any discoveries made over the course of the investigation to determine whether or not a breach has occurred.

Once a breach has been verified and contained, perform a risk assessment that rates the:

  • Sensitivity of the PII lost (customer contact information alone may present much less of a threat than financial information)
  • Amount of PII lost and number of individuals affected
  • Likelihood PII is usable or may cause harm
  • Likelihood the PII was intentionally targeted (increases chance for fraudulent use)
  • Strength and effectiveness of security technologies protecting PII (e.g. encrypted PII on a stolen laptop, which is technically stolen PII, will be much more difficult for a criminal to access.)
  • Ability of your company to mitigate the risk of harm

Government Regulation

There aren’t many federal regulations regarding cybersecurity, and the few that exist largely cover specific industries. The 1996 Health Insurance Portability and Accountability Act (HIPAA), the 1999 Gramm-Leach-Bliley (GLB) Act and the 2002 Homeland Security Act, which includes the Federal Information Security Management Act (FISMA) mandate that health care organizations, financial institutions and federal agencies, respectively, protect their computer systems and information. The language is generally vague,  so individual states have attempted to create more targeted laws regarding cybersecurity.

California led the way in 2003 by mandating that any company that suffers a data breach must notify its customers of the details of the breach. Today, 46 states and the District of Columbia have data breach notification laws in place. Only Alabama, Kentucky, New Mexico and South Dakota have yet to enact such a law.

While notification laws vary from state to state, all include four basic provisions:

  1. All notification laws put a number on how long companies have to notify customers of a data breach and by what medium the notice will be given (written, email, press release, etc.).
  2. Laws set forth a penalty system (that differs from state-to-state) for failure to notify customers in a timely manner.
  3. Depending on the specifics of the breach, customers can sue the company for its part in the data breach.
  4. All notification laws have exceptions in a range of situations.

Your Notification Responsibilities

Responsibility to notify is based both on the number of individuals affected and the nature of the PII that was accessed. Any information found in the initial risk assessment should be turned over to the legal counsel of your company who will review the situation to determine if, and to what extent, notification is required.  Notification should occur in a manner that ensures the affected individuals will receive actual notice of the incident. Notification should be made in a timely manner, but make sure the facts of the breach are well established before proceeding

In the case that notification must be made:

  • Only those that are legally required to be notified should be informed of the breach. Notifying a broad base when it is not required could cause raise unnecessary concern in those who have not been affected.
  • A physical copy should always be mailed to the affected parties no matter what other notification methods are used (e.g. phone or email).
  • A help line should be established as a resource for those who have additional questions about how the breach will affect them.

The notification letter should include:

  • A brief description of the incident, the nature of the breach and the approximate date it occurred.
  • A description of the type(s) of PII that were involved in the breach (the general types of PII, not an individual’s specific information).
  • Explanation of what your company is doing to investigate the breach, mitigate its negative effects and prevent future incidences.
  • Steps the individual can take to mitigate any potential side effects from the breach.
  • Contact information for a representative from your company who can answer additional questions.

We Can Help You Recover from a Data Breach

At Texas Associates Insurors, we understand the negative effects a data breach can have at your company. Contact us today so we can show you how to recover from a breach and get your company back on its feet.

Tagged , , , , , , , , , , , , , , , , ,
Apr 12 2013
Leave a comment
Business Insurance, Risk Management

Smartphones and Distracted Driving

Integrated smartphone technology will soon become “all but standard” on new car and truck models, with nearly 100 million vehicles featuring the smartphone technology by 2016, according to a report by Juniper Research. The technology will integrate a driver’s smartphone with a vehicle’s computer and navigational systems, enabling the vehicle to send and receive data via the Internet.

That data could prove invaluable to employers, who could use the information to increase fleet efficiency, comply with regulations and monitor driver behavior.

The technology does not come without risks, however. Some analysts worry that the integrated smartphone technology could increase distracted driving, which is already a major safety concern for employers.

Motor vehicle crashes are the leading cause of worker fatalities, and distracted driving dramatically increases the risk of such crashes. It is important to address the issue of distracted driving with employees who drive as a part of their job.

April is National Distracted Month. Check with your insurance advisor for more information you can use to help your drivers be safe on the roads, focusing more on the task at hand rather than the technology IN their hands.

Newfirst Insurors can help with drafting a safe driving policy and developing training for your company that includes guidelines on distractions and cell phone use.

Tagged , , , , , , , , , , , , , , , , , , ,
Jan 17 2011
Leave a comment
Risk Management

Technology makes doing business easier, but what are the risks?

It is hard to believe how anything in business got done without today’s technological advances.  In the past we had to rely on the US Mail, phones and more recently, the fax machine to get information from one person to another.  Now in the age of instant communication, we have email, text messages and the ever important Facebook post to get our messages across.

With all the advances in technology, we are able to get more done in less time, and in many cases, with fewer people, than ever before.  While our technology changes and improves, have you kept up with the new risks your business faces?  

A phrase that comes up with increasing frequency is “Cyber Liability”, but what exactly is that and should you as a business leader be concerned?  Cyber Liability is essentially the exposures faced by companies from their online activities.  Once thought to be only needed by the “dot coms” of business, any company that routinely uses the internet as a business tool has new risks for loss such as:

  • A hacker breaking into your network and stealing sensitive customer information
  • A virus on your computer network shuts down your operations, leading to a loss of revenue
  • An employee posts negative comments about your biggest competitor on Facebook and you are sued for defamation of character

Evaluating exposures to loss and developing a plan to mitigate the risk is a critical service that Texas Associates Insurors provides for our clients.  Insurance policies may be a big part of your overall risk management plan, but if those policies haven’t kept up with the changing times, you may be more exposed than you know.

Tagged ,