How to Reduce the Likelihood of Hackers Cracking Employee Passwords

Cybersecurity has been making headlines due to a number of significant data breaches. Yahoo, Target, and Equifax are just some of the biggest successful hacks to gain attention. Most data breaches are the result of human or process errors. The top five causes are:

  1. Lost or stolen paperwork
  2. Posting or sending data to the wrong individual
  3. Emailing data to the wrong individual
  4. Insecure website (i.e. hacking)
  5. Lost or stolen unencrypted device

How Hackers Obtain Passwords

By now, most businesses know their employees need to use strong passwords including a mix of uppercase letters, lowercase letters, numbers, and symbols. Some even go so far as to implement a rule requiring employees to change their password every few months. However, even the strongest of passwords are vulnerable in traditional practices.

Adding a layer of difficulty to password strength is an employee’s propensity to reuse it. An employee may believe he or she has a strong password and thus reuses it with simple alterations. This is a problem if a hacker learns the basic password. The cybercriminal can brute force their way into several applications by adding 1s, !s, and other common password variations. To help employees manage their passwords, some companies are utilizing password storage software that encrypts the passwords while giving access to the employee.

Two factor or multi-factor authentication (2FA/MFA) can help cut down on hacker success since they rely on two or more separate methods of confirming an individual’s identity. The most common methods are inputting a password in combination with a code texted or emailed to a separate account. Some companies go so far as to implement biometrics (i.e. fingerprint logins) or single sign on (SSO) systems. SSO systems allow a user to login to several applications with a single login. This makes tracking unusual activity simple and allows companies to monitor accounts better.

Employee education is the best first line of defense against data breaches. Many employees are unaware that their password is weak or that their login is vulnerable. After bringing employees up to speed on modern cybersecurity, businesses need to invest in quality cybersecurity personnel and insurance. The specialists can help keep the hackers out while the insurance can help manage the aftermath should a breach occur. To learn more about protecting your business from cyber risk, contact the experts at The Reilly Company.

5 Summer Safety Risks Construction Workers Need to Know

Summertime is a great time for construction, but the summer heat creates significant risks for work crews. Once temperatures start to rise above 90 degrees, heat stress becomes a significant concern. Excess heat can cause fatigue, distraction, and loss of attention to detail. All of these factors can lead to workplace accidents, injuries, or even fatalities. The following recommendations can help construction workers stay as safe as possible during the summer months.

  1. Stay hydrated. Water is the best source of hydration for construction crews, but it’s not the most interesting for taste. While many crews opt for Gatorade or other electrolyte-heavy beverages, even adding a few slices of lemon to the water cooler can help boost water consumption to keep crews hydrated. This suggestion includes limiting caffeinated or sugary beverages, as they don’t aid hydration and caffeine acts as a diuretic.
  2. Bring on the shade. It’s not always possible to work in the shade so construction companies should consider bringing the shade to their workers. Bringing canopies or umbrellas to offer a cooler place for crews to assemble parts or take breaks can make the difference when it comes to crew safety.
  3. Eat healthier lunches. Junk food is faster to pack and easier to come by on construction sites than healthy alternatives, but they come with their own set of problems. Junk food is high in fat and calories, which requires more for the digestive system to process. In extreme heat, this can put excessive stress on the body.
  4. Make smart uniform choices. Designing a company logo doesn’t seem like a safety concern, but it can be. Construction companies should opt for lighter color schemes so workers clothes can reflect the light. When choosing uniform materials, opting for cotton can help clothing breathe better as well. Some companies even specialize in sweat-wicking fabrics to help keep workers cool and dry.
  5. Stay alert. Construction supervisors should ensure their crew knows the signs of heat exhaustion. Keeping an eye on one and other can help workers keep each other safe. If a worker notices someone dropping tools, slurring their speech, stumbling, or appearing disoriented, that individual should report it right away.

Keeping workers safe from the effects of extreme temperatures is vital for the welfare of employees and the success of the company. To learn more about construction safety, contact the experts at The Reilly Company.

How to Avoid the 3 Most Common EPLI Risks

Employment Practices Liability Insurance (EPLI) protects employers against claims alleging wrongful employment practices. The three most common reasons employees file EPL suits are due to sexual harassment, discrimination, and wrongful termination. However, like all insurance policies, there are exclusions and limitations for EPLI coverage.

How Does EPLI Coverage Work?

Insurers draft EPLI policies on a claims-made basis. This imposes two significant limitations.

  1. The policy only covers the insured for wrongful employment practices that occur after the policy start date and before the policy expires/renews.
  2. The insured must report the claim to their insurer during the policy period.

These two restrictions can present a major time trap for businesses. For example, many insurance companies consider a right-to-sue notice as the opening of a claim. However, many businesses don’t recognize it as such because the employer doesn’t have to respond to it. It can be well over a year before an employee files a suit after the employer receives a right-to-sue notice. By then, there is a high chance that the employer’s policy renewed and the insurer will deny coverage for failing to report the claim during the policy period. In addition, EPLI policies only cover financial damages. They don’t offer coverage for bodily injury, property damage, etc.

Understanding the 3 Major EPLI Risks

As mentioned above, the three most common sources of EPLI claims are sexual harassment, discrimination, and wrongful termination.

Sexual Harassment

Employers have seen a significant increase in sexual harassment claims in recent years. With the birth of the #MeToo movement, employers need to take more care than ever to prevent sexual harassment in the workplace. This includes maintaining and enforcing a sexual harassment policy. Failure to do so is tantamount to inviting sexual harassment lawsuits. Sexual harassment can take many forms including physical behaviors, verbal comments or jokes, asking for sexual favors in return for promotions, and much more.

Discrimination

Much like sexual harassment, discrimination can occur in a variety of ways. Discrimination lawsuits happen when an employer treats an employee or group of employees differently due to race, religion, color, gender, national origin, age, or other factors. Several laws protect employees from discrimination including:

  • The Equal Pay Act of 1963
  • The Civil Rights Act of 1964
  • The Age Discrimination in Employment Act of 1967
  • The Americans with Disabilities Act of 1990

Employers should familiarize themselves with all of these laws to avoid discrimination lawsuits.

Wrongful Termination

There are several legitimate reasons to dismiss an employee; however, failing to document can lead to wrongful termination lawsuits. Hiring methods can also affect this type of lawsuit. For example, businesses operating in employment-at-will jurisdictions don’t have to provide a reason for terminating an employee. However, termination-for-cause jurisdictions must have a justifiable reason. This can create problems for an employer if he or she failed to document an employee’s conduct.

For example, if an employee filed a complaint, and then the employer fired that employee, it looks very bad on paper. However, if the employer documented the employee’s poor performance, investigated the complaint and determined it was unfounded, and then fired the employee due to insufficient job performance, they will have a much better defense.

Implementing comprehensive policies and procedures are the best methods for avoiding employment practices lawsuits. However, relying on rules and guidelines is not enough protection for businesses. EPLI policies provide peace of mind for when best-laid plans fall through. Contact the experts at The Reilly Group to learn how we can help protect your business.

Are You Prepared for Climate Risks?

2017 was a record year for natural disasters. Hurricanes, fires, and flooding plagued much of the nation, and the total cost blew previous records out of the water. 2005 represented the previous record, with Hurricane Katrina and Rita racking up $214.8 billion in damages. In 2017, natural disasters totaled more than $300 billion in damages. As a result, many insurers are taking a harder look at how they incorporate climate-related risks into their long-term and sustainability planning.

Insurers Reigning In Coverage

Many insurers are now relying on high-tech modeling to get a better idea of risk areas and what counts as a risk factor. As a result, insurers may limit where they offer for coverage, such as restricting offerings for areas at high risk for tornadoes or wildfires. Homeowners need not panic quite yet, though. Insurers are not permitted to cancel policies during the contracted term and many must renew for the following year beyond the term’s expiration. After that, however, they do not have to renew the policy. They also do not have to renew policies in non-disaster areas, so those less at risk may find themselves without coverage.

Insurers Preparing Clients

Even though some insurers are reducing coverage options in high-risk areas, they are not leaving their clients high and dry. Many insurers are taking steps to educate homeowners in riskier areas of the natural disasters that can affect their home. This includes how to prepare for climate-related weather to reduce damage and protect personal property.

The Reilly Group can help homeowners determine if they live in areas at risk to natural disasters. Common examples in the Midwest include tornadoes and hail storms, though flooding and other climate damage is also a potential source of risk. If you’re at risk, we can help you determine what kind of coverage you need as well as steps to take to mitigate the likelihood of climate-related damage. Contact us today to learn more.

How to Shut the Door on Cyber Liability Risk

When a cyber security breach occurs at a company, it is almost always the result of negligent behavior. However, this behavior is not always malicious or even on purpose. Often times, employees lack the necessary training and understanding of cyber security best practices. Below are several methods businesses can use to reduce their cyber liability risk.

Training and Retraining

Employees are prone to human error, but this does not mean businesses have no means to temper it. By holding onboard training and regular training for the tenure of their employment, businesses can improve their employees’ cyber security expertise. Many businesses believe onboard cyber security training is enough, but the evidence proves otherwise. Skills become rusty without use so it behooves businesses to ensure their employees retrain to retain their cyber security knowledge. This does not mean holding one annual training. It means conducting cyber drills and training on a regular basis—at least quarterly—to keep employees on the top of their cyber security game.

Establish a Baseline and Improve

Businesses often promote employees because they are good at their current job—not because they will do well in the next tier of responsibility. This results in promoting individuals to the point of incompetence, which is known as the Peter Principle. When this happens in departments dealing with cyber security or sensitive data, the potential for a cyber catastrophe skyrockets. Combating this problem can present uncomfortable challenges, but it is a crucial step to reducing cyber liability.

This does not necessarily mean demoting or replacing certain staff. Instead, businesses can schedule immediate training and certification courses to get their employees up to speed. While staff may balk at the notion, it is important to note no individual will place their trust in an unqualified professional. Just as individuals will not hire lawyers without a valid license to practice, they will not want to work with a business that employs uncertified cyber security specialists. Even if employees do not work in cyber security, it benefits a business to ensure they have all certifications relevant to their position.

Cybersecurity Insurance

Reducing the human error factor goes a long way toward eliminating cyber risks. However, with ever-increasing security technology comes bigger cyber threats and attacks. It is not always possible to prevent a breach from happening despite a business’ best efforts. That is why investing in cyber liability insurance is crucial. In the event that proactive cyber security measures fail, insurance can pick up the slack and save a business from financial ruin. The Reilly Group is committed to helping businesses assess their cyber risk and determine which policy best suits their needs. To discuss your cyber risk and coverage options, contact us today.

Reducing Risk Exposure to Employment Practices Liability Suits

Employers can invest in employment practices liability insurance (EPLI) to ensure they have adequate coverage in the event of a claim relating to discrimination, wrongful termination, failure to promote, harassment, and more. Most large businesses have adequate EPLI coverage, but small businesses and startups may be vulnerable to discrimination claims. Thankfully, there are several ways businesses can reduce their employment practices liability risk.

Top 5 Tips to Address Employment Practices Liability Risk

  1. When posting job opportunities, include clear descriptions defining duties and expectations. Be sure applications do not include any potential discrimination triggers such as asking what year the applicant graduated from college. This can result in age-related discrimination lawsuits.
  2. Conduct background checks and screen applicants to weed out unsuitable candidates before interviewing them in person. EPLI risk starts from the moment an employer interviews a job candidate. If a business opts not to hire someone they interviewed, that individual can claim discrimination.
  3. Write an employee handbook providing clear policies and procedures for attendance, discipline, and termination. The handbook should also include an equal employment opportunity statement.
  4. Perform in depth performance evaluations for all employees and keep detailed records of the results. This can provide protection if an employee alleges wrongful termination.
  5. Discuss your risk and EPLI coverage needs with an insurance agent.

A number of factors affect how much EPLI coverage a business needs: how many individuals the business employs, any previous discrimination lawsuits, employee turnover rates, and more. The Reilly Company can help your business determine your risk level and how much EPLI coverage you need. To learn more, contact us today.

Equifax’s Cyber Insurance Not Enough to Contend with the Breach

As news broke of one of the biggest information hacks in history, Equifax became the new face of insufficient cyber security. The breach now serves as a cautionary tale for businesses everywhere. Most cyber attacks focus on small businesses, as they are often easier to hack into due to deficient cyber security. Larger businesses are harder to penetrate as they can afford to invest in the best cyber security available.

However, as Equifax is learning the hard way, investing in cyber security does not mean businesses do not need cyber liability insurance. Equifax has several insurance policies covering cyber security, general liability, crime, and much more. However, untangling which policy will payout for the hack will take time, and the coverage is likely not going to be enough to account for the expense.

Cyber liability insurance is not the only policy plaguing Equifax. Their property and business interruption insurance is likely inadequate to compensate for the losses they are encountering and will experience in the coming weeks. They are also contending with investigations at the state and federal level as well as a potential multi billion-dollar class action lawsuit.

Understanding the Breach

Hackers were able to achieve such a massive breach by taking advantage of a U.S. website application weakness. Equifax discovered the breach in late July and immediately engaged a cyber security firm to halt the attack. However, the breach began several months prior and accessed up to 143 million individuals’ private information. Equifax also commissioned the firm to discover what data the hackers compromised and how to prevent such an attack in the future. In the meantime, Equifax created a website to allow individuals to determine if the breach included their personal information. Equifax is also offering free credit monitoring for a year.

Risk Retention

In the aftermath of the breach, many are wondering why Equifax’s cyber liability coverage is insufficient. It comes down to risk retention. It is a risk management technique where a company plans to accept certain losses. Some examples include high deductibles or not investing in insurance on purpose. However, Equifax’s situation is more complicated. What insurance policies and how much coverage they choose varies depending on availability, cost, and perceived threats. The attackers struck during a period of insufficient coverage as part of Equifax’s risk retention strategy.

Assessing and Addressing Cybersecurity Risks

Business owners need to evaluate their cyber security situation and manage any gaps in their coverage. Even if a business owner believes their coverage is sufficient, they need to reevaluate their policy from time to time. For example, many business owners believe their business liability insurance protects them in the event of a cyber attack, but this is often not the case. In addition, business owners need to adjust insurance policies as technology changes and businesses grow to ensure they have sufficient coverage.

Understanding Cyber Threats

The latest buzzword related to cybersecurity is breach, but that is not the only type of cyber threat businesses face. Below are some of the most common cyber threats business owners may encounter.

  • Data breach. Data breaches, such as the one Equifax is dealing with, happen after a security measure fails. Hackers access private data such as credit card numbers or social security numbers and use them without permission. Businesses that lose their customers’ data face high penalties, investigations, and more.
  • Hackers use this type of attack to target smaller businesses. They install malware onto a company’s devices and demand payment to remove it.
  • Third party data. This scenario applies whether your business handles a third party’s information or if your business engages a vendor to handle sensitive data. For example, if your business hires another company to safeguard sensitive data, cyber policies will still payout if hackers compromise the company.

The best way for businesses to protect themselves from cyber risks is to discuss their insurance options with an expert. The Reilly Company can help businesses assess and mitigate cyber risks as well as secure the best coverage pricing for policies. No business is impervious to cyber attacks; to learn more about protecting your company from cyber threats, contact us today.

Three Types of Insurance Business Owners May Not Know They Need

Starting a new business is an exciting prospect, but it also requires a lot of hard work. Entrepreneurs have to focus on several elements all at once such as their products, their customers, their insurance, and their bottom line. However, failing to invest in the right kind of business insurance can lead to financial ruin. While most entrepreneurs are familiar with the major forms of business insurance (i.e. general liability, property, etc.), not all businesses conform to traditional coverage needs. Below are examples of three types of business insurance coverage small business owners may not realize is vital to their continued success.

Home Business Insurance

Many individuals operating their business out of their home may assume their homeowner’s insurance covers them in the event of theft or damage related to their home business. Unfortunately, this is not the case. Some homeowner’s policies allow add-on coverage to protect some elements of a home business, but the best solution is to invest in home business insurance coverage. This type of policy covers liability, theft, loss of business equipment, and more.

Business Life Insurance

Many businesses cannot withstand the loss of their leader. This is especially true for small businesses since one individual may perform several major jobs. For example, the COO may also be the primary hiring administrator as well as head of marketing. A company would find it difficult to replace such an individual. Moreover, the time spent finding and training new employees to fill those jobs puts a financial strain on the company. If such an individual were to die without warning, the business itself could collapse. In the event of such an unfortunate incident, business life insurance helps companies stay afloat while they replace the individual.

Cyber Insurance

Almost every company does some business via the internet. While having a presence on the web is often good for business, it also represents a liability. If a business collects credit card information or personal data about its customers, it needs cyber liability insurance. Cyber liability insurance also provides coverage in the event of cyber attacks designed to disable internal networks. On average, cyber attacks cost small businesses $9000 per incident. As a result, companies who fail to invest in cyber insurance can experience financial instability or even bankruptcy.

Neglecting to invest in insurance specific to your business is an unnecessary risk. The Reilly Company can help your business identify risks unique to your industry and suggest preemptive methods to protect against them. Contact us to learn more.