How to Recover from a Cyber Attack

Recovering from a cybersecurity incident can be a daunting undertaking, especially if you’ve lost information that’s critical to running your business. But you can limit the damage to your company and your reputation by developing a solid recovery plan in advance.

Conduct a full, encrypted backup of your data on each computer and mobile device at least once a month, shortly after a complete malware scan. Store these backups at a protected, off-site location. Save your encryption password or key in a secure location separate from where your backups are stored. Many software applications will allow you to encrypt your backups.  With your backups in place, if a computer breaks, an employee makes a mistake, or a malicious program infects your system, you’ll be able to restore your data. Without backups, you’ll have to manually recreate your business information from paper records and employee memory.

It’s essential to back up data such as:

  • Word processing documents and electronic spreadsheets
  • Databases, especially customer relationship management (CRM), financial, human resource (HR), and accounts receivable (AR)/payable (AP) files
  • Product design and manufacturing data
  • Other operational technology (OT) data such as machine and process condition monitoring and analysis
  • System logs and other information technology (IT) information

Don’t worry about the software applications; just focus on the data. Store your backups on an external USB hard drive, other removable media, or a separate server. Use caution when selecting a partner if you decide to store your data online and encrypt all data prior to storing it in the cloud.

Hard-drive backups should be large enough to hold all your monthly backups for one year. Create separate folders for each computer so you can copy your data into the appropriate folder on the external drive. After your backups are complete, test them immediately to ensure your efforts were successful.

Like flood or fire insurance, you can purchase cyber insurance for your facility. These services can help you recover from an information security incident more quickly and effectively and may cover the cost of:

  • Cybersecurity expertise to assist in identifying the extent of damage caused
  • Consultation to help investigate the incident and report it to the appropriate authorities
  • Loss of revenue due to downtime
  • Legal fees, fines, and penalties incurred

The Reschini Group can help you navigate the ever changing world of cybersecurity. Contact us today to discuss your situation.


Copyright 2020 The Reschini Group

The Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

Excerpted from: https://www.nist.gov/blogs/manufacturing-innovation-blog/how-recover-cyber-attack

You’re Liable: Trends in EPLI Claims for 2020

Available either on its own or as part of a package policy, employment practices liability insurance (EPLI) protects against employee lawsuits alleging inappropriate or unfair acts – any one of which can bring a business to its financial knees.

Any employee – whether former, current or potential – can file suit if he or she asserts that the employer has violated any of an assortment of legal rights.  Examples include:

  • Sexual harassment. Those accused can be senior managers, supervisors, co-workers or even non-employees.
  • Discrimination. Defined as unfair treatment based on religion, age, ethnicity, gender, disability, skin color, sexual orientation or race.
  • Wrongful termination. According to the Equal Employment Opportunity Commission (EEOC), this is the most common claim brought against employers.

Most EPLI policies will reimburse a company for the costs of defending a lawsuit in court, as well as for judgments and settlements. The policy usually covers legal fees, regardless of the suit’s outcome.  With respect to Wage and Hour coverage, most coverage endorsements provide “Defense only” at a sublimit between $100,000 and $500,000.  Damages usually consist of back wages, overtime pay etc., which fall to the employer to pay, not the insurance company.

Some of the most prevalent EPLI-related claims seen in 2020 include:

Retaliation Claims on the Rise – More than half of EEOC claims filed in recent years have involved claims of employer retaliation against an employee.

The #MeToo Movement Leads to Increases in Sexual Harassment Claims – These types of cases represent roughly one-third of all EEOC claims files, including a steady rise in LGBT-based charges.

The Gig Economy Leads to More Wage and Hour Litigation – Fair Labor Standards Act lawsuits have risen dramatically, mostly involving worker classification disputes.

The Gender Pay Gap Remains – The U.S. Bureau of Labor Statistics states that women working at full-time salaried jobs earn 81% of what men earn.

Marijuana Legalization Having an Increased Impact – At least 11 states permit recreational marijuana, with more allowing medical marijuana, as of January 2020.

It’s vital to know that EPLI policies are not all-encompassing. The costs of an employee lawsuit can be emotionally and financially devastating, with the average cost to defend and settle a case averaging $160,000.

Understand your EPLI coverage.  Get advice on steps to avoid some of the trends identified here.  The professionals at The Reschini Group can help.  Contact them today.


Copyright 2020 The Reschini Group

The Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

Source: https://amtrustfinancial.com/blog/insurance-products/top-trends-employment-practices-liability-claims

Benefits Blog: Technology-Based Enrollment

Open Enrollment generates enormous work for companies and some confusion and stress for workers hoping that their benefits choices for the coming year are the best ones for them and their families.

Technology-based enrollment, however, can alleviate a sizeable portion of those issues, saving employers time and money, while making the process more efficient and user-friendly for HR departments and employees.  Here’s how:

  • Every step of the benefits management process is automated, eliminating the need for paper-based processes and improving efficiency and accuracy.
  • Online enrollment lowers the overall cost of providing services to employees by eliminating the costs of distributing and collecting paper enrollment packets. It also shortens the enrollment cycle.
  • Online enrollment enables employees to self-enroll in benefit programs, review their benefit data and report life-event changes.
  • Employees can choose plans based on eligibility criteria and can compare costs and coverage of previous elections against new offerings.
  • Elections can be automatically applied to employee records.
  • Employees receive written confirmations detailing their elections, and can easily view and update their records and plans.
  • Human Resources can check the status of enrollment in real time and may be able to generate detailed reports regarding the cost of employee benefits.

At the same time, some employees may be intimidated by an online option, preferring more one-to-one assistance.  Also, some employees may not make informed benefit decisions if they are only advised via the computer and are not provided personalized recommendations.

To encourage as much online enrollment as possible:

  • Introduce new software and train employees before Open Enrollment begins.
  • Use existing resources (company’s intranet, bulletin board postings or newsletter) to promote technology-based enrollment.
  • Encourage management to promote the use of technology-based enrollment to increase employee buy-in.
  • Establish online communities or blogs where employees can discuss successes and problems they are having while enrolling.

Technology is a tool that can offer impressive advantages, but people must feel comfortable and safe for an employer to make the most of the opportunity.  Talk with the Benefits Team at The Reschini Group for help in fashioning an Open Enrollment program for your particular situation.


Copyright 2020 The Reschini Group

The Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

Benefits Blog: Tips for a Successful Open Enrollment

Once a year, the floodgates fly open and a benefits bonanza begins.  It’s Open Enrollment, a slice of time when employers make benefits packages available to employees, who must then sift through options on the way to selecting the best protections for them and their families.

Open Enrollment can be overwhelming. Employees can re-evaluate their current benefits and make 
changes for the coming year, while employers must choose a 
benefits package that balances cost and value and facilitate 
the enrollment process.

Benefit
 offerings change as new demands on employees 
and employers arise. To make the
 process as smooth as possible, employers must educate and communicate with their employees 
effectively.

As employer-sponsored benefits transition to more voluntary, employee-paid or employee-subsidized offerings, employees must assume more control in making smart decisions. Benefit information should be conveyed in an easy-to-understand format providing essential information, along with any additional helpful resources.

The typical Open Enrollment process looks like this:

Notification: Employers send out an organization-wide announcement alerting employees that open enrollment will begin shortly.

Receipt: Employers distribute information about benefit plans, selection information and the appropriate forms to their employees, as well as information from selections made the previous year. 
Employers may offer employees additional information as appropriate to assist in decision-making.

Deliberation: Employees research available options and discuss with family to determine which benefits they will select for the coming year.

Decision: Employees select their benefits.

The Open Enrollment process can be improved by:

— Establishing solid communication between the HR department and employees.

— Surveying the employee population to determine their priorities.

— Customizing benefits and information resources to the life stages of your employees.

There’s a lot riding on the process and the decisions made during Open Enrollment, but by taking some strategic steps, all parties can emerge from the experience feeling good about the choices made and the benefits to be provided over the coming year.

Contact the Benefits Team at The Reschini Group for more help with your Open Enrollment questions.


Copyright 2020 The Reschini Group

The Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

Back to Basics: Top Five Ways to Avoid a Cyber Attack

Hackers and digital saboteurs are here to stay.  But that doesn’t mean surrendering to their threats and actions.  Sometimes the best ways are the tried and true ones, and that is generally true when it comes to cybersecurity, as well.

According to Cybersecurity Insiders*, here are the top five ways to protect your company from a cyber attack:

Hardware: Have secure and sophisticated hardware, which is password protected and backed up by two-way authentication. Also, it is better if you don’t overlook the effectiveness of protecting your data storage drivers. Because if neglected, then it gives an opportunity to anyone and everyone to walk away with your firm’s sensitive data.

Physical Security: Most data breaches occur when stolen equipment reaches the hands of hackers. For instance, if an employee loses his/her laptop, then sensitive data can easily reach the bad guys.  So, outline physical security strategies storing the data on the cloud, which is protected by multiple security layers, and imposing responsible security policies among all employees.

Encrypting Data:  Encrypted data becomes useless to a hacker, most of whom could not break into the encryption in the first place.

Backing Up Data: Having a backup copy of the latest data protects you even if a hacker accesses your system.  The backup needs to be done in an effective manner and must be in an immediately retrievable form.

Cybersecurity Insurance: Should an attack occur, most cybersecurity policies today not only cover the financial loss caused from data theft but also help in co-paying the costs involved in recovering data, including paying data recovery experts and buying new hardware and software.

Don’t let your guard down.  Protect what’s yours.  The professionals at The Reschini Group are available to help determine some appropriate options for your specific circumstances.

* https://www.cybersecurity-insiders.com/ways-to-prevent-cyber-attacks-on-your-company/


Copyright 2020 The Reschini Group

The Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

Filling Gaps: Errors & Omissions for Contractors

At first blush, the very term “general liability” might strike you as a big enough blanket to cover just about any ordinary event from a insurance standpoint.  After all, “general” is right there in the name, right?

Well, not so fast, friend.

A general liability policy does offer coverage of a fair scope of routine exposures, but not all.  For those who make their living as contractors to outside clients, additional coverage in the form of an errors and omissions (E&O) insurance policy many times makes financial sense.

An E&O policy for contractors covers the policyholder for negligent acts and omissions that may harm his or her clients. An E&O policy is also known as a professional liability insurance (PLI) policy, and is often deemed an essential coverage for professionals who provide a service for a fee.

For example, say a contractor did a substandard job installing equipment for a business client.  Under general liability coverage, it would be up to that contractor to replace the work at cost.  But with E&O coverage, the contractor’s insurance provider would be able to pay the claim, thereby saving the contractor those out-of-pocket costs.

E&O coverage fills a potentially significant financial gap for contractors.  A word of warning, however – it can be difficult to acquire this additional coverage if the contractor has been subject to similar issues with clients in the past.

It’s always a good idea to see where any possible gaps in your liability coverage may exist.  Talk with the professionals at The Reschini Group to learn more.


Copyright 2020 The Reschini Group

The Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

Unabated: Current Cybersecurity Trends

It’s such an obvious question, but one that bears repeating: Does your business have adequate contingency plans in the case of a cyberattack?

From malware and loss of data to reputational damage, the fallout from an attack could harm your business significantly, and from a number of different and distinct directions – not the least of which is business interruption and the major loss of income it could represent.

Here are a few of the most common cyberattacks seen in 2019 and continuing so far this year, according to FounderShield*:

Malware Attack – When a cybercriminal installs malicious software in your system without your consent, wreaking havoc on your daily business operations.

Phishing Attack – When a cybercriminal sends fraudulent communications via email that may seem legitimate—typically appearing from a trusted source—but instead is meant to install malware or trick people into handing out personal and sensitive information.

Man-in-the-Middle Attack – When a cyberattacker stealthily slips into your system between a two-party transaction, such as public Wi-Fi, interrupting your traffic by installing malware, giving the cybercriminal plenty of time and space to steal your information.

Denial-of-Service Attack – When used by competitors, Denial-of-Service (DoS) attacks overtake your networks to drain your resources and bandwidth by stopping your system from fulfilling authorized requests—from clients or customers, for example.

SQL Injection Attack – When a cyberattacker uses malicious code to force your Structured Query Language (SQL) servers into divulging sensitive information, potentially modifying your data, administrative operations, or operating system.

Mitigating such data breaches requires substantial costs in notifying customers, providing credit-monitoring services, restoring files and computer systems, dealing with lawsuits, and paying regulatory fines, all of which create additional financial losses following the cyberattack.  A cyberattack could also put your reputation at risk. While plenty of trustworthy companies experience breaches, such an episode erodes a brand’s image of security and trust.

The threat from cyberattacks continues unabated, so make sure you’re adequately protected with cybersecurity insurance.  Talk with the professionals at The Reschini Group to learn more.

* https://foundershield.com/cyber-insurance-trends-2020/


Copyright 2020 The Reschini Group

The Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

Who’s Who: Subsidiaries Covered Under Policies

When in the course of building, expanding, and simply conducting business through the years, changes occur in staffing, locations, even terms of ownership as partners join, percentages of proceeds shift, and other variables ebb and flow.

That’s completely natural and justified. But what happens when an insurance claim enters the picture? Are the lines of demarcation as clear to an outside agent as they might be to those inside the enterprise?

Every insurance policy states “Who is insured.” The importance of knowing who that pertains to specifically swiftly moves into high relief, however, when terms of that policy need to be carefully examined on the way to determining payment of damages.

Subtle differences may exist, so be sure to understand the specifics in your unique structure. A good organizational chart, kept up to date and checked for complete accuracy, must be there for a third-party agent to use. If that chart is out of date or in any way inaccurate, it can be a significant challenge to say it should not be used.

When your coverage comes into play for any reason, make sure all of your documentation paints the most current and accurate picture of how your business is structured, including ownership percentages, how those owners are invested and compensated, and any other pertinent terms. Also, make sure all affected parties inside the organization have reviewed and agree to what those documents show.

It’s critical to know who’s who when it comes to how a business is owned and operated. Contact the professionals at The Reschini Group to learn more.


Copyright 2020 The Reschini Group

The Reschini Group provides these updates for information only, and does not provide legal advice. To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

Report Card: Filing the Form 5500 Annual Return

Data drives decisions.  Data reveals trends.  Data is the lifeblood of business and government.  And data provides the underpinning of one of an employer’s most important documents each year – the Form 5500 Annual Return/Report of Employee Benefits Plan.

This annual report filed by employee benefit plan administrators is used by the U.S. Department of Labor (DOL), Internal Revenue Service (IRS) and the Pension Benefit Guaranty Corporation (PBGC) to consolidate the main annual reporting requirements for employee benefit plans.  The Form 5500 series is intended to protect the rights and benefits of plan participants and beneficiaries by assuring that:

  • Employee benefit plans are operated and managed in accordance with certain prescribed standards
  • Employee benefit plan participants and beneficiaries are provided with or have access to sufficient plan information

In addition, the Form 5500 series is an important compliance, research and disclosure tool for the DOL. It is also a source of information and data for use by other federal agencies, Congress and the private sector in assessing employee benefit, tax and economic trends and policies.

Small welfare benefit plans that are unfunded or fully insured (or a combination of unfunded and insured) are exempt from the Form 5500 filing requirement. A small welfare benefit plan is one that has fewer than 100 participants at the beginning of the plan year.

A welfare benefit plan is unfunded if benefits are paid as needed directly from the general assets of the employer. Plans that use a trust or separately maintained fund to pay benefits are not considered unfunded. A plan is insured if benefits are paid through insurance policies. If premiums are paid by employees, the employer must forward the employee contributions no later than three months after receipt.

The Form 5500 series must be administered completely and carefully.  Contact the Benefits team at The Reschini Group to learn more and to set up a meeting.


Copyright 2020 The Reschini Group

The Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

Not Quite Enough: General Liability Insufficient for Cyber Coverage

Take a look at your business’ general liability insurance policy, and you’ll probably see a reference to property damage.  To the uninitiated, that sounds like it covers a multitude of potential events – even an online hack or attack, right?

Wrong.  Seriously wrong.

Cyber liability insurance is not automatically included in a general liability policy.  Cyber liability insurance, priced and purchased as its own policy, can pay for expenses if a small business suffers a data breach or malicious software attack, including customer notification, credit monitoring, legal fees, and fines.

According to Insureon.com, when criminals infiltrate a network, steal data, or hold data hostage, the business they steal from could be held liable. A data breach at a small business can end up costing thousands of dollars in customer notification expenses, legal fees, and fines or settlements.  In fact, the average cost of a small business data breach is $86,500, according to the Internet security firm Kaspersky Labs. The coverage included in cyber liability insurance pays these costs, allowing your company to survive a breach.

And don’t assume that hackers won’t come after small businesses.  A recent report by Verizon found that 61% of all cyberattacks hit small businesses, and that those attacks often succeed because small businesses are less likely to have a strong defense.

Cyber liability insurance is key for companies that handle sensitive information, work in the cloud, operate in cybersecurity, or typically handle:.

  • Credit card or bank account information
  • Medical information
  • Social Security or driver license numbers
  • Customer names, email addresses, phone numbers, and addresses
  • Cybersecurity for other businesses

Contact the professionals at The Reschini Group to learn more about fashioning an appropriate cyber liability insurance package for your business.  Your existing general liability policy may not be quite enough.


Copyright 2020 The Reschini Group

The Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.