Best Practices for Avoiding (Most) Data Security Breaches

Did you know that 93% of data breaches could have been avoided? Everyone should be interested in this somewhat shocking statistic because cyber threats and data security remain primary concerns among virtually every organization, regardless of size, industry or purpose. It’s true that some cyber threats simply cannot be avoided, which is why businesses should do everything in their power to avoid those that can.

The first step is recognizing and addressing some of the more common avoidable causes of security breaches and data loss. According to the Online Trust Alliance, these include:

  • Employee errors (lost data, files, drives or devices and improper disposal);
  • Accidental disclosures (via email and public postings);
  • Business Email Compromises (socially engineered exploits like phishing and whaling);
  • Unencrypted data and disclosed keys;
  • Improperly configured systems, networks and devices;
  • Failing to update or patch systems against known vulnerabilities; and
  • Using end of life devices, operating systems and applications.

The next step is implementing security processes and procedures. When it comes to defending against cyber threats and ensuring data security, business-specific circumstances and operations typically determine which essential preventative measures are most likely to be effective. Nevertheless, there are various baseline security best practices recommended by the Online Trust Alliance that most businesses can easily implement and manage, such as:

  • Encrypting data at rest, in storage and in transit. Without the corresponding cryptographic keys, encryption renders data useless to hackers. It may also exempt businesses from having to comply with various state data breach notification laws.
  • Managing passwords. Use password managers to generate and store passwords. Multi-factor authentication (smartcards and PINs in addition to passwords) can also be required to access sensitive information or accounts.
  • Adopting the least-privilege user account (LUA) strategy. User accounts should be given the least amount of privilege (access) required to perform their necessary functions.
  • Auditing security measures. Periodically conduct penetration tests and vulnerability scans to identify and mitigate vulnerabilities.
  • Monitoring emails. Require email authentication of all inbound and outbound mail servers to detect malicious and spoofed emails.
  • Managing mobile devices. Require authentication to unlock devices, lock out devices after numerous failed login attempts, encrypt communications and storage, and enable remote wiping of mobile devices that are lost or stolen.
  • Managing wireless networks. Only authorized wireless devices should be given network access. “Guest” network access should be kept on separate servers.
  • Implementing a data breach response plan. Conduct a post-mortem after every incident and make necessary adjustments. Practice by regularly testing response plans and personnel.

Since it’s impossible to protect against every cyber threat or prevent every data breach, the final step is obtaining Cyber Liability Insurance. According to PricewaterhouseCoopers’ 2016 Global State of Information Security Survey, 59% of businesses surveyed purchased cyber security insurance to mitigate the financial impact of data breaches and cyber incidents when they do occur. Businesses are increasingly realizing that what can’t be protected or prevented must be insured.

Unlike traditional business insurance policies, Cyber Liability and Security Breach (Cyber Perils)Insurance policies protect against privacy injuries, such as identity theft, and cover the cost of complying with data breach notice laws. Given the complexity of the risk and the absence of one-size-fits-all coverage, an experienced insurance agent should be consulted to ensure that adequate coverage is obtained.

Please contact us if you would like more information about insurance specifically designed to protect against cyber threats.

Additional information is also available in our weekly Risk Management Newsletters.

Psst. Do You Know The Most Common Workplace Accidents and Injuries?

Did you know that maintaining a safe workplace can lower the cost of workers’ compensation insurance? It’s true. Employers with fewer workplace injury claims may enjoy valuable premium credits. Alternatively, employers with more injury claims may suffer higher insurance premiums. The resulting premium difference can be significant, particularly for employers, like those in Florida, who may be facing substantial premium increases.

Employers wanting to take advantage of the correlation between workplace injuries and insurance premiums need to implement safety programs that effectively reduce, if not eliminate, workplace injuries. The first step to developing an effective safety program is to identify the most common workplace accidents and the most common employee injuries.

Travelers recently analyzed more than 1.5 million workers’ compensation claims submitted from 2010 though 2014 to learn more about the most common and costliest workplace accidents and injuries. According to Travelers Injury Impact Report, the top five causes of workplace accidents were:

  • Material handling (32%)
  • Slips, trips and falls (16%)
  • Being struck by or colliding with an object (10%)
  • Tools (7%)
  • Cumulative trauma injury caused by overuse or strain over time (4%)

 

Material handling was actually the most common cause of accidents for all businesses and across all industries analyzed in the report. The most frequent material handling injuries were strains/sprains, cuts/punctures, contusions, inflammation and fractures. These injuries typically occur when employees are lifting, lowering, filling, emptying or carrying items.

The top five workers’ compensation injuries were:

  • Strains and sprains (30%)
  • Cuts or punctures (19%)
  • Contusions (12%)
  • Inflammation (5%)
  • Fractures (5%)

Except for small businesses, strains and sprains topped all lists for the most common type of injury. For small businesses, cuts or punctures were the most common injury—strains and sprains were second.

The average number of days away from work for the top 5 workplace injuries was:

  • Strains and sprains (57 days)
  • Cuts or punctures (24 days)
  • Contusions (27 days)
  • Inflammation (91 days)
  • Fractures (78 days)

It’s interesting, and perhaps fortunate, that the costliest injuries did not turn out to be the most common injuries. According to the report, the injuries with the highest average cost per claim were:

  • Amputation ($102,500)
  • Dislocation ($97,100)
  • Electric shock ($55,200)
  • Crushing ($54,600)
  • Multiple trauma ($42,400)

 

The average cost per claim involving the five most common injuries was:

  • Strains and sprains ($17,000)
  • Cuts or punctures ($8,200)
  • Contusions ($8,000)
  • Inflammation ($24,500)
  • Fractures ($42,400)

Employers have the ability to affect their workers’ compensation insurance premiums , for better or worse. Knowing how and why workplace injuries occur puts employers in a better position to develop and implement their own safety and training programs. When done effectively, employers may have fewer workplace injuries and may end up paying less for workers’ compensation insurance.

Please contact us if you would like more information about controlling workers’ compensation insurance costs.

Additional information is also available in our weekly Risk Management Newsletters.

Office Holiday Parties: Revel without Regret

Many employers consider a company-wide holiday celebration an excellent opportunity for employees to mingle socially and get to know one another better. It’s also a chance for senior management to interact with employees they rarely see throughout the year. Though holiday parties can create a positive work environment, increase employee morale and promote teamwork, they can also expose employers to a number of potentially significant risks.

Perhaps the most significant risks involve alcohol. What happens if an employee becomes intoxicated and causes damage to something or someone? Though liability is determined on a case-by-case basis, employers may face a greater chance of being held responsible if:

  • Attendance is, or is perceived to be, mandatory (e.g., everybody knows that being seen by the Vice President will enhance one’s chances of a promotion);
  • The employer pays for or provides the alcohol; or
  • The employer conducts business during the holiday party.

Employers can take steps to reduce their potential liability, such as:

  • Collect car keys from all who drink. Toward the close of the party, assign designated drivers or call taxis for anyone who is too impaired to drive. If the party is in a hotel, reserve a block of rooms for the inebriated to spend the night.
  • Appoint someone in a position of authority to monitor alcohol consumption; including making certain that no alcohol is served to minors.
  • Serve a limited amount of alcohol, controlled through “drink coupons.” (i.e., two drinks per person). Close the bar once dinner begins.
  • Send a memo to all employees prior to the party stating clearly that a) employees who arrive inebriated will not be allowed in; b) employees cannot bring their own alcohol; c) excessive drinking will not be tolerated; and d) intoxication and inappropriate behavior at the party will be grounds for discipline.
  • Do not permit supervisors or managers to buy alcoholic beverages for employees.
  • Hold the party at an off-site location and use professional bartenders to serve and monitor alcohol consumption.

There are other risks employers should consider when planning and holding the annual office holiday party, such as:

Discrimination and Harassment: Lines are often blurred during an office party, so they are often crossed. Conduct that is inappropriate at work may be considered appropriate at a party, such as engaging in intimate conversations or acts, giving a racy gift or telling an off-color joke. Employers may be held liable for unlawful harassment or discrimination that takes place during a holiday party, even if it’s off-premises and off-the-clock. Consider redistribution of the sexual harassment policy, and remind employees that a holiday party is no excuse for inappropriate behavior, which will not be tolerated.

Premises Liability: Employees are often allowed to bring spouses and significant others to the office holiday party. Every ‘plus one’ accompanied by an employee is a potential slip-and-fall victim. Employers must make sure the workplace is safe before the party and keep it safe during the party.

Workers’ Compensation: Employees are typically covered by workers’ compensation if they are injured in the course and scope of their employment. Though getting hurt at a holiday party wouldn’t seem to be work-related, an employee may be covered by workers’ compensation if attendance at the party is explicitly or implicitly required (or ‘encouraged’). Tell employees the holiday party is purely a voluntary social event, and mean it.

Employers should review their insurance policies before the party to make sure they are covered in the event something happens during the holiday party. General liability, employment practices liability and workers’ compensation insurance may cover some of the risks created by the office holiday party. However, other risks may require additional insurance coverage, such as a policy that covers one-time events, including alcohol-related liability, which may be available for a small additional premium.

If you would like more information about how Setnor Byer Insurance & Risk can help protect your business during the holidays and year round, please contact us.

How Can Safety Reduce Workers’ Compensation Insurance Premiums?

Workers’ compensation insurance provides indemnity and medical benefits to employees injured on the job. Many states, including Florida, set the premiums for workers’ compensation insurance, so shopping around isn’t the way to save money. However, employers can reduce their workers’ compensation insurance premiums by maintaining a safe workplace

Insurance companies prefer safe workplaces because there are presumably fewer claims to pay. They encourage employers to maintain a safe workplace by using experience modification ratings to adjust premiums. Employers with fewer claims are rewarded with premium credits, and employers with more claims may face increased premiums.

The experience modification rating, or experience mod, is designed to tailor the final premium to an employer’s actual claims experience. An employer’s actual workers’ compensation claims experience, typically over a three year period, is compared to other employers operating in the same type of business with a similar number of employees.

If an employer’s claims experience is consistent with the industry average, the experience mod is 1.0, which when multiplied by the base premium, will not increase or decrease the premium. If the claims experience is 25% better than the industry average, the experience mod will be .75, which when multiplied by the base premium, will decrease the premium by 25%. Alternatively, if the claims experience is 25% worse, the experience mod will be 1.25, which will increase the premium by 25%.

The experience mod gives more weight to accident frequency than to accident severity. In other words, an employer with one loss totaling $100,000 will have a better experience mod than an employer with 10 losses totaling $100,000. Since any single injury could have astronomical costs, an employer with a higher frequency of small claims is considered a greater risk than an employer with a single, expensive claim.

Medical-only claims do impact the experience modification as much as indemnity claims, so employers are not necessarily penalized when they occur. However, the existence of open or unresolved claims can negatively impact the experience mod, so employers benefit from getting claims resolved and closed.

Insurers may offer dividend payments to employers with few or no claims. Dividends, which are generally reserved for the most attractive risks, are usually based on a sliding scale wherein the amount of the dividend decreases as the number of claims increases. Rather than focus on the most generous dividend percentage, employers should compare dividend percentages that comport with their specific claims history.

Employers can reduce their workers’ compensation insurance premiums by taking advantage of the experience modification rating system. Though it requires a commitment to workplace safety and loss control, the savings could be significant. Given the complexity, employers should work with an insurance agent who knows about the experience modification rating system and available dividend plans, and who can ensure claims are treated appropriately and resolved quickly.

If you would like more information about workers’ compensation insurance or how Setnor Byer Insurance & Risk can help control your workers’ compensation insurance costs, please contact us.

Florida’s New Data Breach Notice Law

Florida has a new law to combat the recent surge of data security breaches involving sensitive personal information. On July 1, 2014, Florida’s current data breach notification statute will be replaced by the Florida Information Protection Act of 2014 (Act). Though similar to Florida’s current statute, the Act makes some significant changes that businesses must incorporate into their data security practices and procedures.

Under the Act, sole proprietors, partnerships, corporations, trusts, estates, cooperatives, associations and other commercial entities that acquire, maintain, store or use personal information (Covered Entities) are required to take reasonable measures to protect and secure such personal information. The Act broadens the definition of Personal Information to include:

  • An individual’s first name or first initial and last name in combination with that individual’s social security number, driver license or identification card number, passport number, military identification number, or other similar number issued on a government document used to verify identity. (Broader)
  • Financial account, credit and debit card numbers, in combination with any security code, access code or password.
  • Information regarding an individual’s medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional. (New)
  • An individual’s health insurance policy number or subscriber identification number and any unique identifier used by a health insurer to identify the individual. (New)
  • A user name or e-mail address, in combination with a password or security question and answer that would permit access to an online account. (New)

Like the current statute, Personal Information does not include information that is encrypted, secured or modified by any other method or technology that removes personally identifying elements or that otherwise renders the information unusable.

In the event of a breach, Covered Entities must follow one or more of the Act’s various notice requirements. The Act generally defines a breach as unauthorized access of electronic data containing personal information. Covered Entities must notify each individual in Florida whose Personal Information was, or is reasonably believed to have been, breached no later than 30 days after the Covered Entity determines that a breach occurred or has reason to believe a breach occurred. Under the current statute, Covered Entities had 45 days to provide notice.

This notice, which may be sent by mail or e-mail, must include:

  • The date, estimated date or estimated date range of the breach
  • A description of the Personal Information that was or may have been accessed during the breach
  • Contact information that individuals can use to inquire about the breach

If a Covered Entity is required to notify more than 1,000 individuals at a single time, the Covered Entity must also provide notice to all national consumer reporting agencies. If a breach affects 500 or more individuals in Florida, the Department of Legal Affairs must be notified no later than 30 days after the Covered Entity determines that a breach occurred or had reason to believe a breach occurred. This is a new notice requirement.

If a Covered Entity uses a third-party vendor to maintain, store or process Personal Information, then that third-party agent must notify the Covered Entity no later than 10 days after the third-party agent determines that a breach occurred or had reason to believe a breach occurred. Though a third-party agent may provide the required notices, the Covered Entity is ultimately responsible for compliance with the Act.

The Act also requires Covered Entities and their third-party agents to take all reasonable measures to dispose, or arrange for the disposal, of customer records containing Personal Information within its custody or control when they are no longer retained. Disposal shall involve shredding, erasing, or otherwise modifying the records to make Personal Information unreadable or undecipherable through any means.

Unlike the general descriptions provided in this article, the Act is highly technical and very specific. Though the Act does not create a private cause of action, civil penalties of up to $500,000 should be enough motivation for Covered Entities to learn more about Florida’s new law and ways to limit the new risks with insurance.

If you would like to learn more about insuring against data security breaches, contact us.

If you would like to learn more about preventing data security breaches, take our online course Information Risk Management: Strategies for Preventing and Mitigating Information Security Breaches.

If you would like to subscribe to our newsletters please click here.

Are You Ready for the 2014 Hurricane Season?

For those living or working in the Atlantic hurricane region, June 1st rarely passes unnoticed. At Setnor Byer Insurance & Risk, we understand that preparing for hurricane season is rarely easy and often stressful. We also understand that a lack of awareness and preparation can lead to disaster, and that the best way to limit the risks posed by hurricanes is to take preventative steps.

The National Oceanic and Atmospheric Administration’s 2014 Atlantic Hurricane Outlook predicts a 50% chance of a below-normal season, a 40% chance of a near-normal season and only a 10% chance of an above-normal season. According to NOAA, the 2014 hurricane season will bring:

  • 8 – 13 Named Storms (winds of 39 mph or higher)
  • 3 – 6 Hurricanes (winds of 74 mph or higher)
  • 1 – 2 Major Hurricanes (winds of 111 mph or higher)

These numbers are near or below the 1981 to 2010 seasonal averages of 12 named storms, six hurricanes and three major hurricanes. “Though we expect El Niño to suppress the number of storms this season,” NOAA administrator, Dr. Kathryn Sullivan, reminds us that, “it’s important to remember it takes only one land falling storm to cause a disaster.”

The 2014 hurricane season will also see changes in the information provided by the National Hurricane Center, including:

  • A smaller tropical cyclone forecast cone
  • The addition of a Potential Storm Surge Flooding Map, which will highlight areas where storm surge inundation could occur and the height above ground level that the water could reach
  • The elimination of the Intensity Probability Table due to misleading estimates of landfall intensity and excessive reliance on these estimates by the public

Though different situations call for different measures, here are some tips that can help you weather a storm.

Before the Storm

  • Monitor the news to allow time to prepare.
  • Identify all tools and equipment that will be needed to secure property before a storm and limit the damage after the storm (flashlights, batteries, caulking, tarpaulins, sandbags, cutting and fastening equipment, etc.).
  • Clear drains and downspouts to minimize the risk of flooding.
  • Move items inside.
  • Unplug electrical equipment and move property away from windows.
  • Check and secure all documents and records.
  • Take or update photographs of real and personal property.
  • Gather insurance policies and agent/insurer contact information.

After the Storm

  • Only after it has been declared safe to do so, take reasonably necessary steps to protect against any further property damage.
  • Report fallen power lines to power company immediately—stay away from them!
  • Check exterior walls and roof for damage from wind, rain, flying objects and rising waters (flood insurance).
  • Check all interior perimeter walls, floors and roof for leaks and water damage.
  • Document all damage with photographs and video.
  • Prepare detailed damage reports.
  • Call your insurer or agent as soon as possible to report damage.

While preparing for Hurricane Season is never easy, our team of experienced and responsive professionals can work with you to make sure that your personal and business property are protected in the event of a hurricane. With over 30 years of experience dealing with tropical storms and hurricanes, Setnor Byer Insurance & Risk has a long history of helping our clients prepare before the storm and, more importantly, providing support through the process of rebuilding after the storm.

If you would like more information about protecting your personal and business property during the 2014 Hurricane Season, please contact us.

If you’d like to subscribe to our weekly newsletters please click here.

Is a Resident Manager Ideal for Your Self Storage Facility?

Resident managers are not as common as they used to be in the self storage industry. For some self storage facilities, however, a manager living on the premises may be the key to running a successful operation. Though cost is an important factor when deciding whether a self storage facility could benefit from a resident manager, other factors should be considered as well, such as:

Service: Automated facilities may not be enough to create an advantage over the competition. Depending on a self storage facility’s location or specialty, clients may want more than just an access code after signing a contract. Facilities with a resident manager can service clients in ways that others cannot. This is why the existence of a resident manager is often mentioned in promotional and marketing materials.

Security: Even with surveillance cameras and 24-hour monitoring services, it is difficult to deny that resident managers can make a self storage facility even more secure. Their presence alone will likely deter most criminals, and their response time will be quicker than even the fastest police departments.

Operations: Things can and often do go wrong after business hours. Leaking pipes and short-circuits are just two things that can cause significant damage if they are not discovered and fixed quickly. A resident manager can find and fix those problems that cannot wait.

Qualified Candidates: It’s not always easy to find and retain the right people. Providing prospective managers with a place to live may be just the perk required to hire and keep quality talent.

After evaluating all the pros and cons in the context of each facility’s own particular situation, an informed decision can be made about whether a resident manager could improve operations. However, before making a final decision, it is important to understand the ramifications of hiring a resident manager, particularly how doing so may create an unexpected relationship.

In addition to creating an employer-employee relationship, hiring a resident manager can also create a landlord-tenant relationship. While employers can often terminate employees at-will and without advance notice, the same cannot usually be done with tenants. Depending on applicable law, a self storage facility will generally be required to provide advance written notice to terminate the landlord-tenant relationship. As a result, a resident manager may be legally entitled to continue renting the property for a period of time after his or her employment has been terminated.

There are steps that can be taken to minimize the scope and impact of the landlord-tenant aspects of a resident manager’s employment relationship. For example, a self storage facility can address landlord-tenant issues in a written employment agreement or in a separate lease agreement. However, since specific legal requirements must be met, it is advisable to seek the advice of a locally licensed attorney.

As is often the case, it is necessary to understand the risks in order to control them. Since self storage facilities face unique risks, it helps to have an insurance program that is specifically designed for the self storage industry. If you would like more information about Setnor Byer Insurance & Risk’s Self Storage Insurance Program, please contact us.

If you would like to subscribe to our newsletters please click here.

Developing a Cybersecurity Framework

In February 2013, President Obama issued Executive Order 13636 on Improving Critical Infrastructure Cybersecurity. This Order calls for the development of a framework of industry standards and best practices to help organizations manage increasing cybersecurity risks. On February 12, 2014, the National Institute of Standards and Technology (NIST) responded to the President’s order with its Cybersecurity Framework.

The Cybersecurity Framework, which was created in collaboration with the private sector, focuses on using business drivers to guide cybersecurity activities. It is a risk-based approach that uses common language to address and manage cybersecurity risks in a business-specific, cost effective way. This voluntary framework is made up of three parts, each of which reinforces the connection between business drivers and cybersecurity activities.

The Framework Core provides a set of activities designed to achieve specific cybersecurity outcomes. The core is made up of five broad functions that help organizations express their management of cybersecurity risks.

  • Identify: Develop organizational understanding to manage cybersecurity risks to systems, assets, data and capabilities.
  • Protect: Develop and implement appropriate safeguards to ensure delivery of critical infrastructure services.
  • Detect: Develop and implement appropriate activities to identify the occurrence of a cybersecurity event.
  • Respond: Develop and implement appropriate activities to respond to a cybersecurity event.
  • Recover: Develop and implement appropriate activities to maintain operations and restore capabilities or services impaired by a cybersecurity event.

Framework Implementation Tiers provide context on how organizations view cybersecurity risks and the processes in place to manage that risk. Tiers are used to describe an organization’s commitment and sophistication in managing cybersecurity risks. They also describe the extent to which cybersecurity risk management is informed by business needs and integrated into an organization’s overall risk management practices.

The four tiers reflect a progression from informal, reactive responses to cybersecurity risks to approaches that are agile and risk-informed.

  • Tier 1 (Partial)
  • Tier 2 (Risk Informed)
  • Tier 3 (Repeatable)
  • Tier 4 (Adaptive)

Determining which tier applies to an organization depends on current risk management practices, threat environment, regulatory requirements, business objectives and organizational constraints. However, the NIST notes that tiers do not represent maturity levels, so progression to higher tiers is encouraged when it would reduce cybersecurity risks in a cost effective manner.

The Framework Profile is the alignment of an organization’s cybersecurity framework with its business requirements, risk tolerance and resources. Profiles enable organizations to establish a roadmap for reducing cybersecurity risk that meets organizational goals, implements best practices, considers regulatory requirements and reflects priorities.

Profiles can be used to describe an organization’s current state or target state of cybersecurity activities. Comparing current and target profiles can be used to identify gaps in an organization’s cybersecurity risk management practices. Given the need for flexibility, the NIST did not impose or require a specific form or format that must be followed when creating and implementing a profile.

It is important to remember that the Cybersecurity Framework is voluntary and that, according to the NIST, it will not place additional regulatory requirements on businesses. Nevertheless, it should serve as a reminder that data security breaches can happen to any organization.

As we have seen, preventative measures are not foolproof, so organizations should also consider protecting against data security breaches with insurance. Given the complexity of the risk, an experienced insurance agent should be consulted to ensure that adequate coverage is obtained.

If you would like to learn more about insuring against data security breaches, contact us.

If you would like to learn more about preventing data security breaches, take our online course Information Risk Management: Strategies for Preventing and Mitigating Information Security Breaches

If you would like to subscribe to our newsletters please click here.

Preventing Data Security Breaches

Every business must be able to identify the likeliest source of a data security breach so that they can also identify how to prevent it. Is it an executive’s laptop computer, the copy machine or the office’s wireless network? Could it be something else? Since the first step to preventing a data security breach is understanding the risk, it’s time to learn more about your business’s sensitive data.

Effective data security starts by assessing the kind of information a business has and identifying who has access to it. Evaluating data security vulnerabilities requires an understanding of how sensitive data moves into, through, and out of a business, and who has or could have access to it. Here are some tips from the Federal Trade Commission.

Take Inventory

Take an inventory of all devices and equipment capable of storing sensitive data, such as laptop computers, mobile devices, flash drives, off-site servers, disks and digital copiers. Do employees work from home? If so, add their home computers to the list.

The type and location of sensitive data should also be inventoried. Don’t stop with the office’s filing cabinets and computer systems. Sensitive data may also be received from other sources, such as websites, contractors or call centers. Every possible source and destination for sensitive data must be considered.

Track Sensitive Data

It is important to know how the business obtains, stores, shares and disposes of sensitive data. Every department should be consulted, including sales, information technology, human resources and accounting. Don’t forget about contractors and other third-party service providers.

This process should provide a business with a thorough understanding of:

  • Who provides sen­sitive data? Does it come from customers, credit card companies, banks or other financial institutions, credit bureaus, job applicants, contractors, third-party service providers?
  • How is sensitive data received? Does it come via phone, fax, mail or email? Is there a website designed to request and receive sensitive data? Are there any other possible entry points?
  • What kind of sensitive data is collected? Do business operations require or permit collecting financial information (credit cards, bank accounts, credit reports), personally identifying information (drivers’ licenses, social security numbers) or medical information?
  • Where is sensitive data stored? Is it kept on disks, tapes, laptops, smartphones, tablets or other mobile devices? Employees’ personal computers or mobile devices? Where are data backups and copies stored?
  • Who can access sensitive data? Is access to sensitive data limited to only those who need it? Are there security measures in place? Is sensitive data protected against unauthorized access by contractors or other third-party service providers?

Throughout this process, pay particular attention to certain kinds of sensitive data. Identity thieves typically look for social security numbers, credit card and other financial information.

Organizations should also consider protecting against data security breaches with insurance.Various cyber liability products are available to protect against privacy injuries, such as identity theft, and to cover the cost of complying with various data breach notice laws. Given the complexity of the risk, an experienced insurance agent should be consulted to ensure that adequate coverage is obtained. If you would like to learn more about insuring against data security breaches, contact us.

If you would like to subscribe to our newsletters please click here.

Are You Ready for the 2013 Hurricane Season?

For those living or working in areas at risk of experiencing a tropical storm or hurricane, June 1st rarely passes unnoticed. At Setnor Byer Insurance & Risk, we understand that preparing for Hurricane Season is rarely easy and often stressful. We also understand that a lack of awareness and preparation can make a bad situation worse, and that the best way to limit the risk is to take preventative steps now.

The National Oceanic and Atmospheric Administration (NOAA) estimates a 70 percent probability that the 2013 Hurricane Season will bring:

  • 12 – 18 Named Storms (winds of 39 mph or higher)
  • 6 – 10 Hurricanes (winds of 74 mph or higher)
  • 3 – 6 Major Hurricanes (winds of 111 mph or higher)

These estimates indicate that activity will exceed the seasonal average of 11 named storms, six hurricanes and two major hurricanes.

According to NOAA administrator Jane Lubchenco, Ph.D., “the United States was fortunate last year. Winds steered most of the season’s tropical storms and all hurricanes away from our coastlines…However we can’t count on luck to get us through this season. We need to be prepared, especially with this above-normal outlook.”

Though different situations call for different measures, the following tips can assist you in developing your own plan for dealing with the 2013 Hurricane Season.

Before the Storm

  • Monitor the news to allow time to prepare.
  • Identify all tools and equipment that will be needed to secure property before a storm and limit the damage after the storm (flashlights, batteries, caulking, tarpaulins, sandbags, cutting and fastening equipment, etc.).
  • Clear drains and downspouts to minimize the risk of flooding.
  • Move items inside.
  • Unplug electrical equipment and move property away from windows.
  • Check and secure all documents and records.
  • Take or update photographs of real and personal property.
  • Gather insurance policies and agent/insurer contact information.

After the Storm

  • Only after it has been declared safe to do so, look for any property damage and take reasonably necessary steps to protect against any further damage.
  • Report fallen power lines to power company immediately–stay away from them!
  • Check exterior walls and roof for damage from wind, rain, flying objects and rising waters (flood insurance).
  • Check all interior perimeter walls, floors, and roof for leaks and water damage.
  • Document all damage with photographs and video.
  • Prepare detailed damage reports.
  • Call your insurer or agent as soon as possible to report damage.

While preparing for Hurricane Season is never easy, our team of experienced and responsive professionals can work with you to make sure that your home, cars and property are protected.

For over 30 years, Setnor Byer Insurance & Risk has been helping our clients prepare before the storm and rebuild after. Our clients benefit from a Hurricane Insurance Program that includes an emergency and after hours claims service hotline in addition to guidance for disaster planning.

If you would like more information about how Setnor Byer Insurance & Risk can help you prepare for the 2013 Hurricane Season, contact us.

If you would like to subscribe to our newsletters please click here.