Free Proposals on
Insurance Protection

Updates via Email

Risk Management

Don’t Bite the Bait: Protect Organizations From Phishing Attacks

One the One Friday afternoon, the treasurer of Platte County, Mo., received an email from the presiding commissioner, requesting the immediate transfer of funds to an out-of-state consultant. The treasurer tried to verify the request, but the commissioner was away on vacation and not easily reachable. Driven by the urgency of the email, the treasurer arranged the transfer without waiting for an appropriate response, overriding county procedures designed to prevent illegitimate movement of funds. Then he got a call from the commissioner, who was totally unaware of the request. And just like that, the county lost $48,000 to a cyber criminal in a single afternoon. The “Kansas City Star” reported this incident just days after the loss.

Deception fraud or social engineering fraud is the 21st century version of an ancient con game, only now it’s played out much faster using electronic communications,” said Mike Kosednar, assistant vice president and product manager for management and professional liability insurance, The Hartford. “Email inherently carries an element of urgency, and the fraudsters prey on our desire to respond quickly, especially to emails from the boss.” Losses from social engineering, specifically phishing scams, have skyrocketed as cyber thieves grow adept at mimicking internal emails.

According to statistics gathered by the FBI, law enforcement agencies across the globe received reports from 17,642 victims from October 2013 through February 2016, resulting in more than $2.3 billion in losses. Since January 2015, the FBI has seen a 270 percent increase in identified victims and exposed loss, according to the FBI’s Cleveland division. And the phishers aren’t just targeting organizations with deep pockets. Social engineering fraud can hit companies of all sizes. “While a large public company may have a loss exceeding eight figures, for a smaller business, getting tricked into sending $6,000 or $7,000 can be significant,” Kosednar said. It’s relatively easy for cyber thieves to identify the CEO or CFO at their target company and then emulate their email style, mimicking their tone and signature, and making it appear as though the message is coming from the company’s server.

While there are several technology solutions that companies can implement to enhance their system security, such as continually updated firewalls; the use of closed, private Wi-Fi networks; requiring a two-factor authentication for log-in; or third-party testing of firewalls, these safeguards are expected — any business operating in today’s digitized world knows it needs to pay attention to its IT security. Human error is often a bigger risk. “In social engineering fraud, the weakest link in the security chain is the employee who accepts a scenario at face value and doesn’t check its legitimacy,” said Kosednar, “A willingness to please can undermine common sense.” The best defense against these insidious attacks, therefore, is employee education and training. According to Kosednar, training requires — at a minimum — a three pronged approach:

  1. Establish a process. Companies can identify fraudulent requests by developing a formal procedure around the transfer of funds that limits transfer ability to a small number of employees and requires a next-level supervisor to sign off on the request. It should also involve independent verification of the email’s sender. “Verification needs to be made to predetermined email addresses and phone numbers and not by hitting ‘reply’ or calling a phone number provided as part of the request.”
  2. Regular reinforcement. Constant reminders emphasize the importance of following proper procedures in every situation. Some companies choose to do this by randomly testing their employees with bogus emails. The company might send a message that appears to be from a senior manager, imploring staff to click on a suspicious looking link, for example. “Seeing the percentage of employees that failed helps determine additional training needs,” Kosednar said. “This should include a heart-to-heart conversation with the employees who failed, which should be constructive and encourage them to speak up and ask questions when they suspect they’ve received a fraudulent email.”
  3. Change your culture. Since social engineering fraud is often most successful at companies where questioning one’s superiors is frowned upon, companies can create an environment where it is acceptable and even encouraged for employees to double-check a wire transfer request from anyone regardless of their rank.

Information courtesy of The Hartford

Uber Trouble By Giving a Lyft

UberDon’t get yourself in Uber trouble by giving a Lyft for pay.  Ridesharing companies are an emerging opportunity for folks with a drivers license and a car to make a few extra dollars but carefully review the potential risks and rewards before signing yourself up as a driver or even a passenger for a ridesharing firm like Uber, Sidecar or Lyft.  Transportation network companies like these use smartphone communications technology to connect individuals who want a ride with drivers who are willing to give a lift for a fee. In addition to violating livery (taxi) licensing laws in many jurisdictions these drivers generally use their personal vehicles and intend to rely on their personal auto policies which invariably have livery and/or business exclusions written into the policy language.

Essentially this means that most Uber, Sidecar and Lyft drivers are operating without insurance protections and are gambling all their assets and all their future wages on whether or not they are involved in an accident.  Remember that an auto policy is intended to protect you not only from accidents that are your fault, but also from accidents that are the other guy’s fault when she/he is unknown (hit & run) or  unable (due to no or low insurance liability limits and limited assets to sieze) to pay for the injuries and property damage consequences.  The financial losses from auto accidents can easily exceed $100,000 or even $1,000,000 for serious accidents.

Our recommendation is to stay out of Uber trouble by avoiding these Lyft companies as a passenger and a driver unless you/your driver has secured adequate commercial livery insurance to cover such risks.

Consider Earthquake Loss Control Measures

Earthquake Loss Control Measures:  States in which hydraulic fracking is occurring have seen a dramatic rise in earthquake incidents, raising concerns that this drilling method could be to blame. For example, there is a tremendous amount of fracking activity in Oklahoma. The Sooner State has experienced almost 250 small-to-medium earthquakes so far this year, according to the US Geological Survey.

For people in earthquake-prone areas, earthquake insurance is a smart option. But another area of focus should be in loss control. Here are some risk control tips (authored by the City of Los Angeles Department of Building and Safety) for you to pass on to your clients facing this loss exposure.

  • The foundation, a common area of structural weakness, needs to be thoroughly examined for weaknesses. When concrete foundations are crumbly or porous, they lack the strength to resist earthquakes. Unreinforced brick or stone masonry may need to be strengthened or replaced. An engineer is required by most communities to design these types of repairs. Signs of insect damage and dry rot in the wood need to be checked. Hiring a structural pest control expert and repairing water leaks may be necessary.
  • Older homes in earthquake-prone areas may not be bolted to their foundations. Anchor bolts can be installed by capable home owners relatively inexpensively with the proper knowledge and tools. Otherwise, a foundation contractor should perform this task.
  • Bracing materials within the foundation should also be inspected. Weak bracing materials (e.g., cement plaster or wood siding) may have been used in the construction process. Stronger bracing materials such as plywood are necessary to support the cripple wall. (The cripple wall is the short wall that connects the foundation to the first floor of the house and encloses the crawl space.)
  • For homes built on a slope or even a slight grade, extra strengthening may be necessary.

Experts indicate that retrofitting most single-family homes costs between $3,500 and $7,000. Home owners who perform some of this work themselves pay less.

Studies show that properly strengthened homes are safer to live in and easier to sell. A study of the aftermath of the Northridge earthquake of 1994, which caused between $13 billion and $20 billion in property damage, indicated that strengthened homes stayed on their foundations in the same neighborhoods where unstrengthened homes failed to do so.

Get more personal lines insurance and risk management tips and ideas from IRMI.

Copyright 2014 International Risk Management Institute, Inc.

Farm Vehicle Safety

by State Auto Farm and Ranch Underwriter Jeanna Lemaster

Due to the change in farming over the years, farm vehicles have changed too. A farm fleet of vehicles can encompass a large variety of vehicles, trucks, and trailers. More and more farmers are increasing the auto fleet to maximize harvest transportation and keep labor costs down. There are many hazards associated with using these types of vehicles, especially by an inexperienced or perhaps inattentive driver. Drivers and vehicle owners should be trained in the specifics of maintenance and inspections of the vehicles so they can quickly identify and correct any problems. Drivers should be trained to recognize hazardous conditions.

Farm TruckMaintenance of the farm vehicles should include:

  • Checking tire condition and tire pressure before every single use.
  • Inspection and repair of the suspension systems.
  • Make sure the fire extinguisher is charged and operable, and that there are adequate flares or reflective devices on hand.
  • Checking headlights, body lights, signals and outside reflectors.
  • Service rakes, including the trailer brake connections, and parking brake.
  • Inspect nd repair hydraulic lift cylinders regularly, as well as suspension systems.

Safety in regard to the farm vehicle should include:

  • Training ad practice. New drivers of these types of vehicles need practice and raining PRIOR to harvest so they are able to drive safely.
  • Use afe distances. Trucks take more time to stop, steer, and switch lanes.
  • Load properly. Overloaded trucks are much more dangerous. Both the driving of he vehicle and the dumping of the load is more dangerous if the load is      too large for the Gross Vehicle Weight (GVW). Most vehicles have the GVW inside the driver side door.
  • Ensure stability when dumping. Raised truck or trailer beds are unstable and can ause tipping incidents. Ensure ground is level and firm, avoid dumping on indy days, do not jack knife the trailer, and ensure the load is not off enter.
  • Ensure the trailer is properly hitched to the pulling vehicle.
  • Make sure to avoid any overhead power lines while operating a dump trailer/truck. Contact with the truck and power line can result in electrocution of the driver.

It is very important for every owner and driver to have a maintenance and safety program in place. Insurance losses for poor safety or maintenance of a farm fleet of vehicles could not only be very costly in time, commodity, or liability losses, but also very dangerous causing serious injury or worse. The USDA has good resources that can be used to make or modify both maintenance and safety programs.

Remain Vigilant with Credit Cards

Credit CardsMega retailer Target revealed last month the unauthorized access of its customers’ credit card data to hackers. It admitted that approximately 40 million credit and debit card accounts may have been adversely impacted by this breach. This is not the first time hackers have illegally accessed credit card information, and it won’t be the last. So what type of advice can you give your clients to reduce the chances that they become victims of identity theft, particularly when it comes to the wrongful access of their credit card information? Here are some tips to pass on them.

  • Periodically check your credit card statement online to verify that the charges are correct. If you believe a hacker has gained unauthorized access to your credit card, or if you are unsure about a charge, contact your credit card company immediately.
  • Federal law stipulates that a consumer can order a free copy of his or her credit report every 12 months from each of the three nationwide credit-reporting agencies (Equifax, Experian, and TransUnion). If you discover information on your credit report arising from a fraudulent transaction, you should request that the credit-reporting agency immediately delete that information from your credit report file.
  • You can add a fraud alert to your credit report from any of the three credit reporting agencies to help protect your credit information. A fraud alert can make it more difficult for a criminal to get credit in your name since it instructs creditors to follow certain protocols to protect you. Note that you need to contact only one of the three agencies. As soon as that agency processes your fraud alert, it will notify the other two agencies, which will then place the same alert into your file.
  • To take it a step further, you can also contact one of the credit reporting agencies about placing a security freeze on your credit report to prevent a credit-reporting agency from releasing credit information without your explicit authorization.
  • Creditors should be contacted if various bills do not arrive in time. A missing credit card bill could mean an identity thief has taken over the credit card account and changed the billing address to cover his or her tracks.
  • All old financial documents, including bank statements and credit card bills, should be shredded to reduce the exposure to what is called “dumpster diving.”

Copyright 2014 International Risk Management Institute, Inc.

Craig Says:  We have a number of Identity Theft endorsements available to add on to personal auto, home and even some commercial policies but these protections are passive and assist you after a loss.  A much better alternative is an active identity theft deterrent like Lifelock.

 

purchase valacyclovir online