Nikki Johnson No Comments

Social Media Security

By:  Dan Reith  BA(Hons) CAIB

        Principal Broker

        Reith & Associates Insurance and Financial Services Limited

While social media can help organizations engage with customers and expand their reach, using it comes with potential risks. These risks can range from minor damages to your brand image to major cyber attacks that target sensitive information, resulting in costly recovery and lawsuits. The following are some of the biggest risks associated with using social media as well as tips to avoid them.

EMPLOYEES

One of the biggest risks to any organization’s social media security is its employees themselves. User error, a lack of education and carelessness can all become incredibly costly when dealing with social media.

As such, it’s important to invest time in developing a social media policy that clearly outlines the purpose, procedures and expectations of appropriate social media use. Additionally, employees need to be educated on the importance of this policy, as well as the threats that social media poses and how to identify them. Regulate the number of people with access to official social media accounts to only those who are educated, trusted and absolutely necessary for daily operations.

SCAMS AND PHISHING ATTACKS

Like with any other form of internet use, scams and phishing attacks are a constant risk when dealing with social media. Malicious links disguised as news reports, videos or familiar social media accounts could be used to trick users into sharing secure information.

Be wary of any links that appear suspicious, and never disseminate secure information in a way other than it is intended to be shared by policy. Knowing how to identify suspicious links or web pages can be the difference between an incredibly costly mistake and a near miss. For example, shortened URLs found on Twitter may link to webpages built to look identical to familiar websites, and third-party applications may be designed to reveal the user’s private information to a third party.

UNSECURED MOBILE DEVICES

Most social network access is through mobile devices, and, while some organizations may issue company-owned devices for this purpose, the organization’s social media accounts are most often accessed by the employees’ devices themselves. The fact that these devices travel everywhere with the employees makes them especially vulnerable to potentially unwanted or inappropriate access.

All mobile devices with social media access should be locked with a password when not in use. Doing so can protect private information from falling into the wrong hands in the event that an employee with social media access loses their device.

INATTENTIVE USE

Not paying attention to an organization’s social media accounts may seem harmless at first, or even preferable compared to engaging in use that might seem risky. However, being inattentive to social media can bring its own risks. For example, a social media account that becomes hacked could start spreading harmful fraudulent messages or viruses, causing much more harm if it is not caught immediately.

Keep a close eye on all social media accounts—even if you only created them to reserve your brand’s handle and don’t intend to use them in the near future—and be ready to act if one of them becomes compromised.

MALWARE ATTACKS AND HACKING

Even when exercising proper social media security tactics, there is always the possibility that your accounts will become compromised through sophisticated malware attacks and hacking. After all, unlike your organization and employees, hackers are not limited to the five-day workweek to carry out their plans and could strike at any time.

Invest in security technology to watch your social media accounts 24 hours a day, and have a person in charge who will be able to receive alerts and respond to them as soon as a problem is detected.

Contact Reith & Associates Insurance and Financial Services Limited today at 519-631-3862 to learn more about social media security.

Nikki Johnson No Comments

Cyber Risks & Liabilities

By:  Dan Reith  BA(Hons) CAIB
       Principal Broker
       Reith & Associates Insurance and Financial Services Limited

Do You Have Adequate Cyber Insurance?

Given the number of variables, picking a cyber insurance policy can be a difficult task. Furthermore, while an organization may think it is protected by its current policy, new developments in cyber security and ventures by the organization itself may make those policies inadequate. Worst still, most, over 80% of Canadian small-medium enterprises fail to carry cyber insurance. Consider the following when creating or reviewing your existing cyber insurance plan.

Assess Your Unique Cyber Risks

Such as with any other liability policy, it’s important to understand the specifics of your cyber risks before picking a cyber liability policy. There is no one-size-fits-all, so asses your business needs to understand the best cyber insurance for you.

The following factors are some examples of what defines your organization’s distinct cyber risks:

  • The type of data your organization stores
  • How and what type of data is shared with business partners
  • Types of communication systems used and their level of security

Know What Policies Are Available and What They Cover

Cyber insurance policies may vary significantly due to the absence of market standardization. While most policies provide first-party and third-party coverage, the details of what is covered can vary across policies. First-party coverage typically includes data breach response costs and business interruption costs that result from network failures, data breaches or ransomware attacks. Third-party coverage typically includes coverage for the costs associated with responding to regulatory investigations and indemnification for regulatory fines or penalties. Take a close look at the terms and coverage offered in each policy for what most closely aligns with your unique cyber risks.

Know Your Responsibilities

Closely examine your selected plan to know your responsibilities, such as who to notify if there has been a breach. For example, a data breach that has been recently discovered might have, in fact, been compromised for years, requiring a retroactive cyber insurance plan. Understanding these requirements and what needs to be reported can be the difference between being covered and not being covered at all. Work these requirements into your organization’s incident response plan to ensure they are followed.

The Atypical Devices That May Be Vulnerable to Cyber Attacks

Increasingly more non-computing devices, such as equipment sensors, industrial control systems and teleconferencing equipment are being connected to global computer networks. Unfortunately, many of these devices are typically not held up to the same cyber security standards, therefore adding an additional vulnerability through which cyber criminals may be able to gain access to your organization’s valuable data or manipulate critical systems.

The Internet of Things

The internet of things (IoT) refers to the connection of web-enabled devices that are connected to each other in a network to exchange information. While this provides many benefits, such as reducing the need to input the same data into multiple systems and gathering data from different sources to be analyzed and used in a centralized location, there are risks associated with it.

For example, if a single device is compromised in a cyber attack, the data from all connected devices and even the devices themselves could be compromised. As such, all it takes for an outsider to gain access to sensitive information is to identify the device with the weakest cyber security that also has access to the network.

Securing IoT Devices

When looking to purchase and connect new devices to the IoT, ensure that there are plans and policies in place to minimize the chances of a cyber threat against those devices. Conduct a sweep of your organization to identify electronic devices and determine if each one is connected to a network that could be exposed to a cyber event, as well as what kind of data those devices are sending and receiving. Keep in mind that even seemingly mundane systems or devices such as heating, ventilation and air conditioning units could be running basic computer operating systems with the potential to connect to the internet. Track these devices by creating an asset map that lists the connected devices.

From here, you can start planning how to secure the devices that pose the largest threat of cyber exposure. Segment the network so that not every device provides access to the entire system, check for security updates or patches where possible and reach out to the device’s manufacturer for information if necessary. Restrict personal IoT devices to a separate network (like a guest Wi-Fi), update all default passwords on connected devices, use two-factor authentication and ensure that data generated by IoT devices is encrypted.

When looing for a provider of cyber insurance, don’t settle for just any provider.  Interview them, and ensure their knowledge of the product and of your unique exposure is sufficient to ensure you the protection your business requires.

Nikki Johnson No Comments

Crime Prevention Tips During COVID-19 Shutdown – Making your business less of a target

If it isn’t bad enough, that the Covid-19 pandemic has caused many small businesses to close their doors, our local police services report of a significant spike in calls for break and enters, property theft and vandalism to business properties. 
If your business has been forced to close, here are some key crime prevention steps you can take to be less of a target:

  • Remove all valuables from storefront displays to reduce smash-and-grab thefts
  • Remove all valuables such as cash from the till and leave it open. Place the empty cash tray in plain view on the counter to signal there’s no money in the till
  • Remove signage from front windows so police can see the inside unobstructed during patrols
  • Remove any items of value away from window displays, place in the back of the store so they are not visible 
  • Consider installing an alarm monitoring system. If you already have one, ensure the contact list is up-to-date, responders are aware of their duties and process should they get a call, and it is activated when the building is not occupied
  • Consider installing a surveillance camera system that can be monitored online by owner/management
  • Clearly post signage on the door/window to indicate that the premises are monitored by an alarm company; that no money is kept on the premises and contact information for police and the business owner in case a member of the public sees damage to the property or suspicious activity
  • If the premises are closed for an extended period of time clean all glass surfaces and create a tracking log of when cleaning was completed. This may help investigators with suspect fingerprints in the event of a break-in
  • Consider applying a laminate on all windows and glass doors to prevent the glass from being broken from blunt force thereby preventing entry during attempted break-in
  • Install latch guards on doors to protect against prying including on secondary doors such as employee and loading entrances
  • Keep some lighting on inside for surveillance opportunities during the evening
  • Ensure all doors are properly secured and regularly check all exterior lighting is functioning
  • Remove material around the exterior of the property that may be used to gain entry
  • Check on your business daily, both in and out, at different times each day and report any suspicious activity to your local police as soon as possible 
  • Prevent and reduce the opportunity for crime to occur.  Be a good business neighbour, when checking on your property, check on neighbours’ property too
  • For more info http://www.stps.on.ca/crime-prevention-tips-for-business-owners/

Taking these steps will make your business less of a target and will ensure you meet the requirements of your insurance policy.  Our team is available to assist with any questions or concerns you may have about your coverage during a shut-down. We welcome your call or email inquiry. Stay safe, stay healthy.

Nikki Johnson No Comments

Your Insurance and the Covid-19 Pandemic

By:  Dan Reith BA(Hons) CAIB
President/Principal Broker
Reith & Associates Insurance and Financial Services Limited

We are in the midst of an unprecedented situation in Canada and around the world.  COVID-19 is impacting all segments of our economy creating challenges never, before experienced.  Let us help you better understand the reality of your insurance and the Covid-19 pandemic.

Personal Insurance

There is no coverage under any personal insurance, home, auto or critical illness, that provides protection or indemnification against any financial loss as a result of a viral pandemic–Covid-19. 

Business Insurance

There is no coverage, under the standard commercial property policy, for any loss or cessation of business income as a result of a temporary business shutdown and/or closure caused by a viral pandemic. Simply because a viral pandemic is not an insured peril.  A property and liability policy insures the physical premises and therefore the insured peril must damage the premise preventing the business from operating. Pandemics do not negatively impact the premise.  It is important to understand that:

  1. Not all standard commercial insurance policies carry business interruption or income replacement.
  2. Policies that do carry business interruption, have a standard language in the contract that requires a “trigger” being an insured peril to cause damage to the premises of the business and/or a contributing or recipient property, in order to render the premises unusable and therefore the business unable to generate revenue.  This causes the policy to respond and the quantifiable loss is insured and replaced in accordance with the settlement option of the policy.  In the case of a viral pandemic, Covid-19, there is no damage to the business premise, by an insured peril, therefore, there is no physical reason for the business to cease operations or stop generating revenue and therefore, the coverage is not triggered.
  3. Where a policy contains business interruption, it typically carries an extension that provides for cases where a business is shut down by what is termed “civil authority”—an order, by a government body, not to access a property.  Again, however, the trigger is a physical loss to the premise and/or adjoining or neighbouring premise by an insured peril. In the case of Covid-19, the government order to close one’s business is effectively an arbitrary decision based on public health policy, not the cause of a real physical loss or damage to the business premises making it unsafe to access or occupy. Thus, the civil authority extension does not apply.

There are certain exceptions, to the norm, where certain industries can purchase secondary pandemic coverage; but this is restricted to niche industry classes such as healthcare and food processing because in these limited classes the loss can be isolated and quantified.  In the broad sense, as we are encountering today, such business interruption losses are not isolated, limited or controllable with reasonable certainty; therefore, not quantifiable.

Here are some common Q & A’s we have been fielding:

I pay my premiums monthly, what happens if I don’t have the money to pay my premium.

If your income, business and/or personal, is compromised in any way, and there is a likelihood you will not be able to make your premium payment call us immediately!  Generally speaking; most insurers are waiving NSF charges and not cancelling policies for non-payment in the first month.  Beyond that, insurers are willing to review and negotiate on a case by case basis.  Be proactive we are here to a find a solution that works best for you. Note, that while your insurer may be waiving NSF fees, that does not mean your bank is.  That is a conversation you need to have with your bank. 

What happens to my coverage if my business is shut down?

There is no change in coverage during the government mandated shut down.  That said, you must continue to maintain any warranty’s and or requirements your policy may have, i.e. alarms activated when building not occupied, heating on during heating season, building attended at least once every 72 hours.  Contact us so we can review your specific requirements to ensure compliance, we don’t want any surprises should you have a claim during this period of uncertainty.

Can I reduce coverage during shutdown?

Ultimately, you can make a change to coverage at any time.  In practical terms, any changes made need reflect the actual circumstances of your operational changes during the pandemic.  It is best to speak directly with your insurance provider to review operations to best determine what is right for you.

I/we are not working, currently laid off, what can we do to reduce our insurance costs?

That depends on your personal circumstances, needs and expectations in the event of a loss.  Call us, we will review your current coverage and find a solution to bring down your premium as best we can without placing you in jeopardy.  Note, changing insurance companies for a lower premium will STILL cause an early policy cancellation penalty if we make the change before renewal.  Insurance companies, at present, are not waiving early cancellation penalties, rather working with policyholders to make premium payment manageable.    

 I am laid off, I can get a job doing food delivery, am I insured?

No, if your current policy provides coverage for you to drive to and from work you are NOT insured to be a delivery service.  If you do this, call our office, to learn what the additional premium cost will be, it may not make sense.  If you do not, and you are in an accident while in the course of delivering food and/or other goods your insurer can deny the claim, both the repair/replacement of your car and/or liability if you are sued for injury to a third party.*

*some statutory coverage may apply speak to your broker for full details.   

To assist our customers and to keep our business going, we are now offering delivery service.  Are we insured?

Offering delivery is a great way to respond to customer demand; for some a great business decision, however, if you are using vehicles NOT insured as delivery vehicles, then there may not be coverage if a claim is filed as a result of a loss from delivering goods to a customer.  If your employees are using their personal vehicles to deliver to customers there is NO coverage for them unless their vehicle is rated, and a premium is paid for delivery purpose.  Speak to us before you make this operational change and/or offer a new delivery service to your customers; and do not require your employees to use their personal vehicles.  Reduce your liability exposure, partner with a professional delivery service instead.          

Will insurance companies honour claims during this period?

All insurers claim departments remain ready to respond.  Their claims representatives will be working in accordance with current protocols for personal and community safety and that may mean a delay in the settlement process, but it is business at usual at the present time.

We trust this information will assist to help you work through the current pandemic.  If you have any questions, or concerns about coverage during this uncertain period, we are here for you, we want to provide the right solutions for where you are today.  Let’s work through this together.  That is what we are here for. 

We look forward to hearing from you.

Nikki Johnson No Comments

Railway City Live!

We welcome you to join us at what promises to be an amazing series of original local talent. If you enjoy original performances by rising new talent this is the place to be!

The next scheduled evening is Friday June 5th, performances start at 7:00 pm at Streamliners Expresso Bar, 767 Talbot Street, St. Thomas.

Reith and Associates is proud to be producing, in collaboration with Rogers TV, and sponsoring  Railway City Live hosted by Streamliners Espresso Bar, St. Thomas, throughout 2020.  These evenings, led by local music talent, Jeff Butler, will be recorded and aired on Rogers TV 13 and streamed through the Rogers TV web site.

Railway City Live is an evening intended to provide local music and art talents a platform to perform their original songs, music, poetry and artistic talent to the public.  Performance registration is open to anyone.  The first session is fully subscribed but there are performance slots available in the future dates:  June 5, September 5 and December 4.

Consider joining us at this fun event filled with live original performances and don’t forget to tell your friends about it!

Nikki Johnson No Comments

Business Risk Advisory for 2020

By:  Dan Reith  BA(Hons) CAIB
President/Principal

Biggest Risks to Watch in 2020

The most relevant risks to Canadian businesses are constantly in flux. Only by observing trends and planning appropriately is it possible to reduce these risks and prevent being caught unprepared. According to experts, the following are the biggest risks for Canadian businesses to watch out for in 2020. 

Data Protection

The number of reported cyber threats targeting data, such as ransomware, continues to rise, indicating an increased need for data protection and privacy. This risk is further underscored by the growing amount of data being collected and number of devices being connected to each other, each representing a new potential avenue to exploit.

Third-party Liability

Risks increase as organizations become more interconnected, sharing data, systems and technology. Organizations need to not only worry about their own security and risk management, but also about every other organization that they share resources with, as each one represents a new potential vulnerability for cyber attacks. In fact, 24 per cent of ransomware incidents reported in the third quarter of 2019 were caused by a vendor or managed service provider.

Reputation

Employees, business partners, stakeholders, consumers and the public are increasingly holding organizations accountable for unacceptable behaviour or conduct. High-profile cyber breaches and social movements such as #MeToo have shown that damaging news travels faster than ever through major media and social network channels. Organizations must closely examine and refine their approach to dealing with risks, and emphasize crisis and contingency planning.

Benefits of Mental Health Days

Mental health is an increasingly popular subject these days, with many studies and organizations drawing attention to the fact that mental health issues are more prevalent and harmful than was previously believed. In many ways, mental health is just as important as physical health in that it has a significant effect on one’s ability to perform to the best of their abilities while at the workplace.

As such, it’s important for organizations to recognize the importance of mental health in the workplace, and adjust policies and expectations accordingly. This can be done through offering greater flexibility in the workplace, such as by offering flexible hours, the ability to work from home and greater autonomy. Additionally, it’s also important to encourage employees to take mental health days if they are feeling mentally burdened.

While there is no need to create a separate form of time off specifically for mental health days, being candid with employees about the importance of their mental health and highlighting the ability to take time off or adjust hours worked to focus on mental health can go a long way toward improving morale, employee satisfaction and productivity.

To help encourage the use of time off for mental health at your organization, consider adopting the following practices:

  • Encourage conversations about mental health—Speak candidly to your employees about the topic, underscoring the fact that you understand and support decisions made in the interest of maintaining or improving mental health. Provide resources and education about mental health to increase awareness and communicate any related policy changes to employees.
  • Adopt a policy of confidentiality—Employees may not feel comfortable disclosing the use or purpose of a mental health day, whether it’s a full day off to rest or a few hours off to see a therapist. Make it known that requests for mental health days will not need a stated reason for approval.
  • Follow up after time off—While respecting their privacy, check in with employees after they have taken time off to find out if they are doing alright and if they require any additional support on your end, such as a temporarily lighter workload.

Your group benefits provider can provide a number of tools to assist in tracking these sorts of issues to ensure you a healthy and productive workplace.