Nikki Johnson No Comments

Business Beat: Common Loss Exposures for a Restaurant

Last month’s column looked at issues faced in the retail community. This month, I’m turning to another popular part of the local commercial community — the food and beverage industry.

People who run restaurants are often some of the most passionate business owners, investing time and money to deliver a high-quality experience to their customers. However, the hospitality industry can be unforgiving, and it’s a constant challenge for owners to deliver exceptional food and service while maintaining profitability.

These challenges are magnified when you consider that risks related to property damage, equipment breakdowns or crime and liquor liability must also be addressed.

Property exposures in restaurants are substantial and can come from many sources, including equipment failures, food spoilage, natural disasters, customers, employees and other third parties.

When discussing property exposures, fire and water damage are of particular concern, and restaurants face an elevated level of risk due to things like open flames, the wide use of combustible items (e.g., tables, chairs and linens), complex HVAC systems, sewer backups and appliances connected to water lines (e.g., dishwashers).Restaurants depend on functioning equipment to service their customers effectively. In the face of an equipment breakdown (e.g., refrigeration unit leaks and cooking appliance malfunctions), restaurants can experience business interruptions or even prolonged closures.

What’s more, equipment breakdowns can even lead to major property damage should an appliance leak or start a fire.Crime can be a challenge for restaurant owners, especially because their operations often have a steady amount of cash flowing in and out. To make matters worse, thieves can strike at any time, leaving owners to recoup any lost funds or equipment. In this day and age, thieves (including your employees) do not need direct access to cash to steal from you. Merchandise, supplies and securities are all fair game. What’s more, the location of a restaurant as well as its hours of operation can have a significant impact on its level of crime risk.As a restaurant owner, you are responsible for property that may not be covered by traditional insurance. Inland marine coverage can fill these gaps in commercial property protection.

Without an inland marine policy, property that’s unique or valuable, in transit, in your temporary care, stored at fixed (but movable) locations or used to transfer information represent major exposures. Specifically for restaurateurs, inland marine insurance can provide much needed protection for accounts receivable, computer equipment, data and records, food transported to various locations and food trucks.

Premises liability exposures at restaurants can directly affect patron safety and, when injuries occur at your business, you could be held responsible. Accidents related to slips, trips and falls; burns and scalds; and cuts are common and a major source of concern. Something as simple as a hot plate, a spilled drink or an uneven surface can lead to costly insurance claims following an accident.Food safety is an important consideration for restaurant owners and a primary source of food and product liability. The potential for food poisoning, contamination, spoilage and allergic reactions is ever present. In the event that one of your customers becomes ill due to your food or accidentally ingests a foreign object found in one of your menu items, your restaurant could face legal ramifications and suffer irreversible reputational damage.Lawsuits related to liquor liability are filed each day, and it’s increasingly common for victims and their families to file suits against restaurants for their role in serving a customer who is then involved in an alcohol-related accident.

Making matters worse, all it takes is a single liquor liability claim to put your entire business at risk. Liquor liability exposures for restaurant owners can stem from selling liquor to underage individuals, over-serving patrons and non-compliance with applicable legislation.

Continuity is critical in business, and there are few things more important than continuous revenue and cash flow, particularly for small to medium-sized organizations. In fact, just one brief business interruption can be incredibly costly for an organization, often leading to serious reputational damages or long-term closures. Common interruptions for restaurants can include natural disasters, fires, food recalls, cyber events, staff shortages and supplier issues. Restaurants are a common target for cyber criminals, as these businesses often process a high volume of credit and debit card information. In addition, employees who are improperly trained on computer and data safety could put your organization at risk to ransomware, viruses, phishing scams and malware. Compounding your exposures, many restaurants offer guest Wi-Fi that, if improperly secured, can put you and your guests at risk of an attack. Depending on the services your restaurant offers, employees may be required to operate a vehicle on behalf of your business, creating automobile exposures in the process. While important for daily operations, the improper use of a vehicle can lead to potential accidents and major insurance claims. What’s more, if you allow employees to use their own vehicles for work, standard auto policies are often not enough.

Additionally, providing valet parking can also create unforeseen challenges should a customer’s vehicle get damaged.While the proper risk management practices can reduce certain exposures, no system is 100 per cent effective in ensuring an accident-free workplace. As a result, it’s all the more crucial to work with a qualified insurance broker to not only assess you exposures, but secure the appropriate coverage as well.

Talk to your broker soon. For a second opinion or to learn more, please feel welcome to contact me or any of our staff at Reith & Associates Insurance and Financial Services Limited.

By Dan Reith

Nikki Johnson No Comments

Cyber Risks & Liabilities

By:  Dan Reith  BA(Hons) CAIB
President/Principal

3 Ways to Protect Yourself From Credential Stuffing

Credential stuffing attacks occur when a malicious party takes a stolen username and password, and tries them on a variety of different websites. For example, a hacker may have purchased a Google username and password from the dark web. Assuming that you use the same password for multiple accounts, the hacker would test these credentials on other platforms (e.g., banking or social media websites) using botnets (groups of computers tasked with various commands).

Essentially, by using information from one account, criminals can potentially access data from a variety of platforms, draining bank accounts or gathering information they can sell to other malicious parties.

Credential stuffing can affect anyone, from individual users to the biggest companies. Thankfully, because credential stuffing relies on victims having the same password for multiple accounts, there are some simple ways to protect yourself:

  1. Avoid using the same password for multiple accounts—Credential stuffing only works because many people use the same password for multiple accounts. Change your passwords often and use a unique password for each account.
  2. Use two-factor authentication—Complex passwords can deter cyber criminals, they can still be cracked. To prevent access to your accounts, two-factor authentication is key. Through this method, users must confirm their identity by providing extra information (e.g., a phone number or unique security code) when attempting to access corporate or personal applications, networks and servers. This additional login hurdle means that would-be cyber criminals won’t easily unlock an account.
  3. Create strong password policies—For employers, ongoing password management can help prevent attackers from compromising your organization’s password-protected information. Create a password policy that requires employees to change their password on a regular basis, avoid using the same password for multiple accounts and use special characters. Long passphrases are becoming increasingly popular.

Even the most robust and expensive data protection solutions can be compromised should an employee click a malicious link or download fraudulent software. As such, it’s critical for organizations to thoroughly train personnel on common cyber threats and how to respond.

Mobile Device Security

Gone are the days when the most sensitive information on an employee’s phone was the names and phone numbers of their contacts. Now, a smartphone or tablet can be used to gain access to anything, including emails, stored passwords and even proprietary company data. Depending on how your organization uses such devices, unauthorized access to the information on a smartphone or tablet could be just as damaging as a data breach involving a traditional computer system.

In order to protect your organization, there are a number of mobile device security measures to consider:

  • Establish a mobile device policy—Before issuing mobile phones or tablets to your employees, establish a device usage policy. Provide clear rules about what constitutes acceptable use as well as what actions will be taken if employees violate the policy. It is important that employees understand the security risks inherent to mobile device use and how they can mitigate those risks. Well-informed, responsible users are your first line of defence against cyber attacks.
  • Establish a bring your own device (BYOD) policy—If you allow employees to use their personal devices for company business, make sure you have a formal BYOD policy in place. Your BYOD security plan should also include the following practices:
    • Installing remote wiping software on any personal device used to store or access company data.
    • Educating and training employees on how to safeguard company data when they access it from their own devices.
    • Informing employees about the exact protocol they must follow if their device is lost or stolen.
  • Keep the devices updated with the most current software and anti-virus program—Software updates to mobile devices often include patches for various security holes, so it’s best practice to install the updates as soon as they’re available. There are many options to choose from when it comes to anti-virus software for mobile devices, so it comes down to preference. Some are free to use, while others charge a monthly or annual fee and often come with better support.
  • Back up device content regularly—Just like your computer data should be backed up regularly, so should the data on your company’s mobile devices. If a device is lost or stolen, you’ll have peace of mind knowing your valuable data is safe.

Because of their convenience, smartphones and tablet devices have become a universal presence in the modern business world. As usage soars, it becomes increasingly important to take steps to protect your company from mobile threats, both new and old.

Cyber Incidents Cost More Than You Might Think

As technology advances, companies are collecting, storing and transferring more personal information about their customers and employees than ever before. This not only opens organizations up to a cyber attack, but it also means that just one breach can affect thousands or even millions of individuals. Unfortunately, for organizations, cyber incidents cost more than just data:

  • Data breaches are becoming increasingly expensive. While cyber liability insurance can help offset the costs of a data breach and subsequent litigation, just one breach can be financially devastating. According to a survey conducted by the Ponemon Institute, the average cost of a data breach was $5.78 million, or $255 per lost or stolen record.
  • Regulatory costs can be significant. With the advent of Canada’s Digital Privacy Act (DPA), which amends the Personal Information Protection and Electronic Documents Act (PIPEDA), failing to handle a data breach properly can result in major fines. As part of PIPEDA, companies must comply with mandatory data breach notification and reporting requirements. Failing to do so can result in fines of $100,000 per violation.
  • Cyber incidents can lead to serious reputational damage, significantly impacting directors and officers. Reputational damages can easily reach six figures. According to Kaspersky Lab, a global cyber security company, a single cyber incident recently caused brand damage of $8,000 for small and medium-sized businesses and $200,000 for larger organizations. When wide-scale breaches occur, a company’s reputation can be tarnished, sometimes permanently. In addition, the public holds organizations accountable for major losses of personal data, and directors and officers are often the ones who take the blame.

For me assistance in reducing your exposure to cyber crime, contact our office, our development team is the only local insurance provider able to assist with strategies, workplace policies and training program.

admin No Comments

Family Enterprise Xchange SWO Family Enterprise of the Year Winners: Reith & Associates

FAMILY ENTERPRISE OF THE YEAR AWARD 2018 Reith & Associates | 4th Generation Family Business | St. Thomas, Ontario Reith & Associates Insurance and Financial Services Limited is an independent insurance and financial services brokerage located in St. Thomas, ON.

In December 2000, brothers Dan and Darren Reith became the fourth generation to lead this family enterprise. In 2014, the company was honoured to celebrate its 100th anniversary. The Family Enterprise of Year Award serves to honour the vital role business families play in our community. We recognize that all our regional businesses have the challenge of maintaining and enhancing their competitive positions, but our family businesses go further, concerning themselves with issues of stewardship, continuity, and community involvement.

admin No Comments

Looking After Your Privacy | Cyber Risk & Liability – Privacy and Cyber Security

With the enormous amount of sensitive information stored digitally, companies need to take appropriate measures to ensure this data is not compromised. It is the responsibility of business owners to protect their clients’ data. This can be done by buying appropriate insurance cover or assume responsibility on the own by understanding the risks involved with data security and investing in the appropriate technology, staff training and operating policy enforcement to prevent a privacy breach. 

Know the Risks

The first step in protecting your business is to recognize the types of risk:

  • Hackers, attackers and intruders.  People who seek to exploit weaknesses in software and computer systems for their personal gain. Their intentions are usually malicious and their actions are typically in violation of the intended use of the systems that they are exploiting. The results of this cyber risk can range from minimal mischief (creating a virus with no negative impact) to damaging activity (stealing or altering a client’s information). 
  • Malicious code. This is the term used to describe code in any part of a software system or script that is intended to cause undesired effects, security breaches or damage to a system. 
    • Viruses: This type of code requires that you actually do something before it infects your system, such as open an email attachment or go to a particular Web page.
    • Worms: This type of code propagates systems without user interventions. They typically start by exploiting a software flaw. Then, once the victim’s computer is infected, the worm will attempt to find and infect other computers.
    • Trojan horses: Trojans hide in otherwise harmless programs on a computer, and much like the Greek story, release themselves to cause damage. A popular type of Trojan is a program that claims to speed up your computer system but actually sends confidential information to a remote intruder.

IT Risk Management Practices

To reduce your cyber risks, it is wise to develop an IT Risk Management Plan at your organization. Risk management solutions use industry standards and best practices to assess hazards from unauthorized access, use, disclosure, disruption, modification or destruction of your organization’s information systems. Consider the following when implementing risk management strategies at your organization:

  • Create a formal, documented risk management plan that addresses the scope, roles, responsibilities, compliance criteria and methodology for performing cyber risk assessments. This plan should include a characterization of all systems used at the organization based on their function, their importance to the organization, and the data stored and processed.
  • Review the cyber risk plan on an annual basis and update it whenever there are significant changes to your information systems or the facilities where systems are stored, or other conditions occur that may affect the impact of risk to the organization.

Due Diligence When Selecting an ISP

Your organization should take precautionary measures when selecting an Internet service provider (ISP) to use for company business. An ISP provides its customers with Internet access and other Web services. In addition,

the company usually maintains Web servers, and most ISPs offer Web hosting capabilities. With this luxury, many companies perform backups of emails and files, and may implement firewalls to block some incoming traffic.

To select an ISP that will reduce your cyber risks, consider the following:

  • Security – Is the ISP concerned with security? Does it use encryption and SSL to protect any information that you submit?
  • Privacy – Does the ISP have a published privacy policy? Are you comfortable with who has access to your information, and how it is handled and used?
  • Services – Does your ISP offer the services that you want and do they meet your organization’s needs? Is there adequate support for the services provided?
  • Cost – Are the ISP’s costs affordable and are they reasonable for the number of services that you receive? Are you sacrificing quality and security to get a lower price?
  • Reliability – Are the services provided by the ISP reliable, or are they frequently unavailable due to maintenance, security problems and a high volume of users? If the ISP knows that its services will be unavailable, does it adequately communicate that information to its customers?
  • User supports – Are there any published methods for contacting customer service? Do you receive prompt and friendly service? Do their hours of availability accommodate your company’s needs?
  • Speed – How fast is your ISP’s connection, and is it sufficient for accessing your email or navigating the Web?
  • Recommendations – What have you heard from industry peers about the ISP? Were they trusted sources? Does the ISP serve your geographic area?

Protection is our Business

Your clients expect you to take care of their sensitive information. We can help you plan for a potential issue. Contact Reith & Associates Insurance and Financial Services Limited today; we have the tools necessary to ensure you have the proper coverage to protect your company against a data breach.

With the enormous amount of sensitive information stored digitally, companies need to take appropriate measures to ensure this data is not compromised. It is the responsibility of business owners to protect their clients’ data. This can be done by buying appropriate insurance cover or assume responsibility on the own by understanding the risks involved with data security and investing in the appropriate technology, staff training and operating policy enforcement to prevent a privacy breach.

Know the Risks

The first step in protecting your business is to recognize the types of risk:

  • Hackers, attackers and intruders.  People who seek to exploit weaknesses in software and computer systems for their personal gain. Their intentions are usually malicious and their actions are typically in violation of the intended use of the systems that they are exploiting. The results of this cyber risk can range from minimal mischief (creating a virus with no negative impact) to damaging activity (stealing or altering a client’s information). 
  • Malicious code. This is the term used to describe code in any part of a software system or script that is intended to cause undesired effects, security breaches or damage to a system. 
    • Viruses: This type of code requires that you actually do something before it infects your system, such as open an email attachment or go to a particular Web page.
    • Worms: This type of code propagates systems without user interventions. They typically start by exploiting a software flaw. Then, once the victim’s computer is infected, the worm will attempt to find and infect other computers.
    • Trojan horses: Trojans hide in otherwise harmless programs on a computer, and much like the Greek story, release themselves to cause damage. A popular type of Trojan is a program that claims to speed up your computer system but actually sends confidential information to a remote intruder.

IT Risk Management Practices

To reduce your cyber risks, it is wise to develop an IT Risk Management Plan at your organization. Risk management solutions use industry standards and best practices to assess hazards from unauthorized access, use, disclosure, disruption, modification or destruction of your organization’s information systems. Consider the following when implementing risk management strategies at your organization:

  • Create a formal, documented risk management plan that addresses the scope, roles, responsibilities, compliance criteria and methodology for performing cyber risk assessments. This plan should include a characterization of all systems used at the organization based on their function, their importance to the organization, and the data stored and processed.
  • Review the cyber risk plan on an annual basis and update it whenever there are significant changes to your information systems or the facilities where systems are stored, or other conditions occur that may affect the impact of risk to the organization.

Due Diligence When Selecting an ISP

Your organization should take precautionary measures when selecting an Internet service provider (ISP) to use for company business. An ISP provides its customers with Internet access and other Web services. In addition,

the company usually maintains Web servers, and most ISPs offer Web hosting capabilities. With this luxury, many companies perform backups of emails and files, and may implement firewalls to block some incoming traffic.

To select an ISP that will reduce your cyber risks, consider the following:

  • Security – Is the ISP concerned with security? Does it use encryption and SSL to protect any information that you submit?
  • Privacy – Does the ISP have a published privacy policy? Are you comfortable with who has access to your information, and how it is handled and used?
  • Services – Does your ISP offer the services that you want and do they meet your organization’s needs? Is there adequate support for the services provided?
  • Cost – Are the ISP’s costs affordable and are they reasonable for the number of services that you receive? Are you sacrificing quality and security to get a lower price?
  • Reliability – Are the services provided by the ISP reliable, or are they frequently unavailable due to maintenance, security problems and a high volume of users? If the ISP knows that its services will be unavailable, does it adequately communicate that information to its customers?
  • User supports – Are there any published methods for contacting customer service? Do you receive prompt and friendly service? Do their hours of availability accommodate your company’s needs?
  • Speed – How fast is your ISP’s connection, and is it sufficient for accessing your email or navigating the Web?
  • Recommendations – What have you heard from industry peers about the ISP? Were they trusted sources? Does the ISP serve your geographic area?

Protection is our Business

Your clients expect you to take care of their sensitive information. We can help you plan for a potential issue. Contact Reith & Associates Insurance and Financial Services Limited today; we have the tools necessary to ensure you have the proper coverage to protect your company against a data breach.