CYBER LIABILITY: IS YOUR BUSINESS PREPARED?

In today's world, every business needs to keep its digital information secure, available, and organized. We've seen an explosive growth in high-profile cyber incidents, such as computer viruses, data theft, identity theft and other cyber-crimes -- and most if these incidents aren't even reported!

What happens when you suffer a loss or breach of data? More specifically, what are the implications from an insurance standpoint?

(...continued)

(...continued from previous page)

Consider these scenarios:

• One of your employees accidently opens an e-mail that has a computer virus. The virus crashes the company's network, but not before spreading itself to everyone in its contact list, including your customers. As a result, one of your customers gets the same virus, which wipes out his network -- and leads him to sue you for damages.
• A disgruntled former employee logs into your network and blocks access to the company Web site, so that customers can't access their accounts or do business. After two weeks, you're still not operating normally -- and you're losing customers by the hour. What's more, some of them are suing you.
• A virus hacks into your Web site, corrupts all of the content, and then e-mails a virus link to your customers. You rush to take the site down, but not before suffering extensive damage -- not to mention the cost of rebuilding the computer network and site. Meanwhile, a number of disgruntled major customers have taken their business elsewhere.

What do these three scenarios have in common? Most Business Insurance policies wouldn't cover the losses! The standard Building and Personal Property Form covers loss of data only up to $2,500 a year. Commercial General Liability (CGL) policies exclude both damage to data and that caused by loss of data.

According to the Cincinnati Insurance Board, most small businesses are woefully unaware of the implications of cyber threats. "Cyber losses are increasing, and the cost to recover from a data breach can be staggering," says the Board's EVP Ron Eveleigh. "At this time, coverage is limited for these cyber losses, but the coverage is evolving. Although some policies will provide limited coverage for broad data and privacy breaches, most CGL policies still need a specific endorsement for cyber losses.

Our risk management professionals would be happy to help craft coverage to protect your business against losses from cyber crimes.

TEN WAYS TO FIGHT PHONE FRAUD

Industry analysts estimate that telephone fraud costs American businesses and residences as much as $4 billion per year. Whether you're installing a new phone system or just want to take full advantage of your present system, you need to protect your business against this threat.

Although hackers might break into telephone systems for thrills, other criminals make a living at it. These lawbreakers often sell their services to "retailers," who offer stolen phone-access numbers to drug traffickers or illegal immigrants. This scam can translate into expensive calls to distant destinations in a brief time. The major long-distance carriers all offer protection packages that provide users with 24-hour toll fraud monitoring, training, and liability limits.

Experts recommend these basic proactive measures to protect your business against phone fraud:

1. Adopt a prevention program. Use the security measures your system provides; change passwords and/or access codes frequently.
2. Because most thieves are interested in making international calls, block calls to countries where you don't do business. This means that no one -- from the president on down to the cleaning crew -- can make the calls. Taking this precaution means that, although hackers might call in, they won't receive authorization to call Peru, for instance.
3. Eliminate direct inward system access (DISA) or remote access, which allows outside producers to access an outbound line with an 800 number. Issue phone credit cards instead.
4. Review call-accounting reports to identify fraudulent usage. Check for repeated failed password attempts. Look for long calls, calls after certain hours, and other suspicious activities.
5. Secure your voice mailbox and auto-answer attendant system to prevent an inbound caller from getting an outside line through these automated devices. Change passwords to access mailboxes every month or so.
6. Discuss security measures with your long-distance phone company for ways to decrease your vulnerability. The company might have informational materials for your staff.
7. Educate employees, starting with your switchboard operator, not to transfer incoming calls to an outside operator. Outside producers should make sure that no one is listening or watching when they read or key in their calling-card number. Phone companies will never call a customer for verification of a personal identification number (PIN) -- which means that employees shouldn't give it out to any caller.
8. If you have a PBX system, conduct a monthly security audit on the system, and check authorization codes.
9. Consider buying a PBX protection package, which can help you monitor potentially fraudulent activity, such as repeated searches for a dial tone, and can limit your liability for unauthorized calls. If you have this package, you might be eligible for a discount on toll-fraud insurance.
10. Consider insurance coverage for toll fraud.

DON'T LET DOMESTIC VIOLENCE COME TO WORK!

Thousands of workers suffer abuse at home -- and, all too often, this abuse spills over into the workplace. According to the American Bar Association Commission on Domestic Violence, there are 30,000 to 40,000 incidents of on-the-job violence a year in which the victims knew their attackers intimately. More than seven in ten human resources and security personnel (71%) surveyed have seen an incident of domestic violence on company property.

A violent episode at work can easily endanger co-workers, as well as the victim. What's more, female workers who are abused at home have higher rates of absenteeism, drug abuse, and depression that increase Health insurance costs and lower productivity -- costing businesses more than $4.5 billion a year.

Federal and state law requires employers to provide a safe workplace for all employees. Failure to act on the knowledge that an incident of domestic violence could threaten workers on the job places a huge potential liability on your company.

In deciding whether an employee might be a victim of domestic violence, beware if the worker:

• Has unexplained bruises that don't seem to fit their injuries.
• Wears inappropriate clothing that might be covering up injuries.
• Seems distracted at work.
• Has a high rate of absenteeism.
• Appears anxious, upset, or depressed.
• Receives repeated, upsetting telephone calls during the work shift.

If you notice any of these signs, talk to your employee privately, telling them what signs you noticed and expressing concern about possible abuse. Be supportive and keep this information confidential, except for individuals who need to know, such as security personnel. Offer company and community support and be flexible with the employee's working arrangements.

According to the Family Violence Prevention Fund, supervisors are usually the first people to become aware of an employee who might be a domestic violence victim. The fund recommends that supervisors refer potential victims to your company's Employee Assistance Program (EAP) or a community domestic violence program. The National Domestic Violence Hotline number is (800) 799-SAFE (7233).