Nikki Johnson No Comments

Social Engineering Scams and Remote Workers

By:  Dan Reith  BA(Hons) CAIB

Principal Broker

Reith & Associates Insurance and Financial Services Limited

When the global covid-19 pandemic sent our country into lock-down many workers were sent to work remotely from home.  For many the notion of cyber threats may not have been a concern, given the locked down and office displacement was only originally intended to be a short-term need.  Many months later, while most of our province is in Phase 3 of re-opening, despite the threat of a second waive and a possible return to lockdowns, many are still working remotely and here is where the problem lies.

According to the Canadian Centre for Cyber Security (CCCS), cybercriminals have increased their attempts to identify and exploit individuals working from home since the COVID-19 pandemic began. Cybercriminals view remote workers as ripe for exploit due to the fact that many individuals are relatively inexperienced with remote working. What’s more, home networks are generally less secure than those at the workplace.

Many cybercriminals are using social engineering strategies to exploit vulnerabilities in remote workers. Social engineering is the act of accessing information, physical places, systems, data, property or money by using psychological methods, rather than technical methods or brute force. Social engineering scams rely on exploiting psychological weaknesses and blind spots in order to convince victims to give social engineers what they want. These scams are common and are especially dangerous as remote work becomes more widespread.

Common Social Engineering Scams

There are many different types of social engineering scams, each utilizing different strategies to prey on people’s curiosity and trust. Some of the most common social engineering scams include:

  • Phishing is when a cybercriminal attempts to obtain valuable information by tricking people into visiting a fake website or clicking a link that installs malware. This is typically done via email or text message. While phishing may be used to target specific individuals, such as a person of authority at an organization, it is often a mass untargeted attack.
  • Baiting is the offer of a reward (e.g., a monetary prize or discount) for taking a course of action, such as clicking on a link. Baiting can also be a physical attack. For instance, a malicious party might leave a USB marked “confidential” in public, hoping someone will find it and plug it into their computer. Once plugged in, the USB could install malware or other malicious software.
  • Quid pro quo involves a seemingly legitimate exchange wherein the targeted person believes they are receiving a good deal. For example, a malicious party may identify themselves as an IT consultant offering a technical service in exchange for login details.
  • Pretexting is when someone impersonates a known co-worker or authority figure in an attempt to gain access to secure information.

How to Reduce the Risk of Social Engineering Scams

Fortunately, many social engineering scams can be prevented through these simple cybersecurity practices:

  • Training—Train your employees to watch out for messages with odd text formatting from unknown or unusual sources. Something that seems legitimate at a glance often fails to hold up under scrutiny.
  • Reinforce security—Stress the importance of never giving out logins or other valuable company information to an unidentified third party. Employees should never click links or visit web pages that they are unfamiliar with.
  • Update software—Keep all software updated with the latest security features.
  • Encourage teamwork—Encourage employees to contact the IT department if they receive a message that they believe might be a scam.
  • Review insurance—Review your cyber insurance policy to ensure that your organization is covered in the event of a cyberattack.  A sad reality is the majority of Canadian SME’s do not carry sufficient cyber insurance and rely merely on the basic limited extensions available under their general property and liability policy.  Like any form of cover, cyber can restrictive or robust.  No 2 policies provide identical coverage and price does reflect quality and depth of coverage.  It is a fools errand to think you got “the same coverage” for less money.  Have a knowledgeable cyber insurance professional review and help you select the right cover for your business.

To assess your exposure to cyber crime, check out our Cyber Risk Exposure Score card, available on through our website–www.ReithAndAssociates.com and from the Why Choose Us drop down menu, click on “REITH TOOLS” and download our Cyber Risk Exposure Score card.  It is an ideal tool when completed to review with your IT provider and your cyber insurance provider to determine where holes can be filled with existing technology and them insurance.    

Contact Reith & Associates Insurance and Financial Services Limited today at 519-631-3862 to learn more about how you can protect yourself from cyber threats and to discuss your current coverage.

Nikki Johnson No Comments

Navigating the “Hard” Market

  • By:  Dan Reith  BA(Hons) CAIB
  • Principal Broker
  • Reith & Associates Insurance and Financial Services Limited

The insurance industry is in a phase commonly referred to as a “hard” market. As industry experts closely monitor the market, the state of the insurance industry continues to fluctuate. This can be confusing for business owners trying to forecast future insurance costs while experts try to project whether insurance premiums will rise and by how much.

What is clear is that risk management, loss control and safety continue to be crucial to the success of any business insurance package, regardless of market conditions. Now is a good time to evaluate your business’s risk management plan as a whole to ensure your business can attain favorable pricing regardless of market conditions.

What a Hardening Market Means for Your Business

During times of a soft market, like the past few years, business owners see cost reductions in their organization’s insurance premiums, even without a reduction in their risk. As a result, business owners are often unwilling to spend time and resources on loss control and risk management because they already see their insurance premiums dropping. This reduction in pricing is deceptive, setting businesses up for a shock when the market takes a turn.

It’s important to take advantage of the opportunity to get ahead of the game by proactively addressing losses and risks now. When insurance prices begin to climb, those organizations that have taken the initiative to address losses and mitigate risk will see modest increases in premiums, whereas those that simply rode the market without working to reduce risk will have a harder time placing coverage and won’t be offered as competitive of rates. As a business owner, a 15 per cent increase in cost will still be unpleasant, but a 40 per cent increase in addition to a reduction in coverage could end up affecting your company’s well-being in the short and long term.

Even in the hard market, a business with effective loss control and risk management initiatives will always pay less.

Risk management, loss control and safety continue to be crucial to the success of any business insurance package, regardless of market conditions.

Take Charge of Loss Control

The best approach to control losses is to prevent injury and illness, manage claims effectively and implement cost containment strategies. If you work to reduce risk and prevent loss now, the increase in your premiums later will be minimized. Reith & Associates Insurance and Financial Services Limited’s consultative approach can:

  • Pinpoint your exposures and cost drivers
  • Identify the best loss control solutions to address your unique risks
  • Create a solid business contingency plan to account for disasters and other unpredictable risks
  • Build a company culture focused on safety
  • Manage claims efficiently to keep costs down

Using all the resources available to you from Reith & Associates Insurance and Financial Services Limited, we can help you control costs and ensure your business is protected.

Nikki Johnson No Comments

Contractors – Another Liability Exposure

By:  Dan Reith  BA(Hons) CAIB

        Principal Broker

        Reith & Associates Insurance and Financial Services Limited

As a contractor, you work hard to create a quality product and satisfy customer expectations while building a profitable business. However, no matter how careful you and your employees are during the course of business, mistakes can happen it’s a fact.  In today’s business environment, small disputes with customers over projects can quickly escalate into costly legal disputes.

Almost every contractor carries some form of general liability coverage. While these policies provide much-needed protection for bodily injury and property damage claims that occur as the result of a contractor’s work, they typically don’t account for all forms of negligence.

That’s where errors and omissions (E&O) insurance designed for contractors comes into play. Below, we provide a brief overview of E&O insurance and why it is a critical component to a contractor’s overall risk management program.

Why E&O?

Simply put, general liability policies are not adequate to protect against E&O claims, necessitating additional coverage. In fact, most general liability policies exclude claims related your work, your products and impaired property, creating significant insurance gaps.

Making E&O insurance even more crucial, contractors are particularly vulnerable to claims of negligence following unintentional damage to an insured party, impairment of property, damage to products or similar incidents that can occur without warning during a project. Even simple complaints have the potential to escalate into costly legal disputes.

What’s more, courts often rule against contractors in claims related to errors and omissions and, without the proper protection, general contractors would have to cover the damages out of pocket.

E&O policies can help contractors close gaps in their insurance coverages, providing coverage for claims related to the following:

  • Failing to complete projects according to specifications
  • Negligence in providing professional services
  • Poor, incorrect or incomplete work
  • Errors and oversights

Strong E&O policies can protect you and your business following a claim, helping you cover expenses related to court costs, lawyer fees and settlements. It should be noted that E&O insurance may not extend to your subcontractors, and you should encourage them to secure their own policies.

Sample Claim

To further understand the benefits of E&O insurance consider the following example. A window and doors contractor was hired by a developer to install all of the windows on a new apartment complex. While most of the work was completed to specification, the contractor incorrectly measured some of the windows. Accordingly, the windows in many of the units did not lock properly. The windows in these units had to be removed and reinstalled.

With E&O coverage, the contractor would not have to pay for those expenses out of pocket. What’s more, had the client sued the contractor over this work, the contractor’s E&O insurance would have covered awarded damages and defense costs within the limit of the policy.

Securing the Policy That’s Right for You

As a contractor, there are a variety of insurance products to consider. To ensure you are accounting for all of your unique risks—and to secure a policy that is tailored to meet your specific business needs—it’s important to work with a qualified insurance broker.

Contact Reith & Associates Insurance and Financial Services Limited today to learn more.

Nikki Johnson No Comments

Contractors & Pollution Liability – The Risk Is Real

By:  Dan Reith  BA(Hons) CAIB

        Principal Broker

        Reith & Associates Insurance and Financial Services Limited

Contractors, no matter what industry they work in, face environmental risks stemming from operations on a daily basis. For most contractors, a single pollution incident or loss can seriously damage their operations, balance sheet and even reputation. Making matters worse, pollution incidents can be sudden or occur gradually over time. The reality, however, is most contractors do not appreciate the reality of the risk and chose not to protect themselves or their customers.

While many contractors assume that environmental claims will be covered under their commercial general liability (CGL) policy, the unfortunate reality is the most CGLs contain pollution exclusions that leave contractors uninsured in the event of a pollution incident.

The solution: contractors pollution liability (CPL) insurance to ensure they have the right coverage in place to remain secure and profitable.

CPL Coverage Basics

CPL policies provide contractor-based insurance for third-party coverage for bodily injury, property damage, defence, and cleanup as a result of sudden and gradual pollution incidents arising from contracting operations performed by or on behalf of the contractor. CPL insurance is intended to provide coverage to all types of contracting operations, including contractors who are involved in building construction and environmental firms that remediate polluted sites.

CPL policies are offered on either a claims-made or occurrence basis. What’s more, CPL policies are non-standard, meaning each policy is different and can be modified to cover the various needs of the contractor purchasing the policy. Policies can be offered on a project or blanket program basis.

In some instances, CPL policies can also be used to cover losses from civil fines, penalties and punitive damages.

Covered Pollution Incidents

Contractors should keep in mind that CPL insurance policies differ in regard to the types of pollution incidents that are covered. Two important considerations when evaluating CPL insurance policies are:

  • Whether or not the policy will respond to gradual releases of pollutants, as opposed to sudden and accidental releases; and
  • The types of substances that are considered “pollutants” under the terms of the policy.

Generally, policies that cover both gradual and sudden releases of pollutants provide contractors with a broader scope of coverage. In addition, policies that provide a broad definition of pollutants are considered superior to those that contain a narrow definition. Accordingly, it is important that contractors work with their broker to find a CPL policy that is tailored to their needs.

CGL Pollution Exclusions

A primary reason why contractors obtain a CPL policy is due to the various pollution exclusions contained in most CGL policies. The pollution exclusions found in most CGL policies take one of two forms, either “absolute” or “total.”

CGL policies with an absolute pollution exclusion remove coverage for most pollution events that would occur in the course of an insured’s business operations. However, despite its name, an absolute pollution exclusion may preserve coverage for certain incidental pollution damages, products and completed operations liability, and certain off-premises work.

However, more commonly, CGL policies include a more restrictive “total pollution exclusion.” This type of exclusion effectively removes coverage for any event the insurer characterizes as a pollution incident.

Contractual Requirements

Contractual requirements serve as another motivating factor that lead many contractors to obtain a CPL policy. In many instances, project owners and general contractors will require contractors to obtain pollution insurance that meets certain, predetermined standards. From this perspective, having a CPL insurance policy in place can serve as an upfront sales tool during the bidding process that enables contractors to qualify for opportunities when such coverage is required.

Finding the Right Policy

Regardless of specialty, all contractors should be mindful of the pollution risks associated with their work. A CPL insurance policy can provide much-needed security in the event of a pollution incident, even in the most unlikely of circumstances.

CPL insurance is not only good for business, but it also provides peace of mind in industries that are full of surprises and risks. Reith & Associates is available to work with your organization to find the CPL coverage that is right for you.

Nikki Johnson No Comments

Social Media Security

By:  Dan Reith  BA(Hons) CAIB

        Principal Broker

        Reith & Associates Insurance and Financial Services Limited

While social media can help organizations engage with customers and expand their reach, using it comes with potential risks. These risks can range from minor damages to your brand image to major cyber attacks that target sensitive information, resulting in costly recovery and lawsuits. The following are some of the biggest risks associated with using social media as well as tips to avoid them.

EMPLOYEES

One of the biggest risks to any organization’s social media security is its employees themselves. User error, a lack of education and carelessness can all become incredibly costly when dealing with social media.

As such, it’s important to invest time in developing a social media policy that clearly outlines the purpose, procedures and expectations of appropriate social media use. Additionally, employees need to be educated on the importance of this policy, as well as the threats that social media poses and how to identify them. Regulate the number of people with access to official social media accounts to only those who are educated, trusted and absolutely necessary for daily operations.

SCAMS AND PHISHING ATTACKS

Like with any other form of internet use, scams and phishing attacks are a constant risk when dealing with social media. Malicious links disguised as news reports, videos or familiar social media accounts could be used to trick users into sharing secure information.

Be wary of any links that appear suspicious, and never disseminate secure information in a way other than it is intended to be shared by policy. Knowing how to identify suspicious links or web pages can be the difference between an incredibly costly mistake and a near miss. For example, shortened URLs found on Twitter may link to webpages built to look identical to familiar websites, and third-party applications may be designed to reveal the user’s private information to a third party.

UNSECURED MOBILE DEVICES

Most social network access is through mobile devices, and, while some organizations may issue company-owned devices for this purpose, the organization’s social media accounts are most often accessed by the employees’ devices themselves. The fact that these devices travel everywhere with the employees makes them especially vulnerable to potentially unwanted or inappropriate access.

All mobile devices with social media access should be locked with a password when not in use. Doing so can protect private information from falling into the wrong hands in the event that an employee with social media access loses their device.

INATTENTIVE USE

Not paying attention to an organization’s social media accounts may seem harmless at first, or even preferable compared to engaging in use that might seem risky. However, being inattentive to social media can bring its own risks. For example, a social media account that becomes hacked could start spreading harmful fraudulent messages or viruses, causing much more harm if it is not caught immediately.

Keep a close eye on all social media accounts—even if you only created them to reserve your brand’s handle and don’t intend to use them in the near future—and be ready to act if one of them becomes compromised.

MALWARE ATTACKS AND HACKING

Even when exercising proper social media security tactics, there is always the possibility that your accounts will become compromised through sophisticated malware attacks and hacking. After all, unlike your organization and employees, hackers are not limited to the five-day workweek to carry out their plans and could strike at any time.

Invest in security technology to watch your social media accounts 24 hours a day, and have a person in charge who will be able to receive alerts and respond to them as soon as a problem is detected.

Contact Reith & Associates Insurance and Financial Services Limited today at 519-631-3862 to learn more about social media security.

Nikki Johnson No Comments

Cyber Risks & Liabilities

By:  Dan Reith  BA(Hons) CAIB
       Principal Broker
       Reith & Associates Insurance and Financial Services Limited

Do You Have Adequate Cyber Insurance?

Given the number of variables, picking a cyber insurance policy can be a difficult task. Furthermore, while an organization may think it is protected by its current policy, new developments in cyber security and ventures by the organization itself may make those policies inadequate. Worst still, most, over 80% of Canadian small-medium enterprises fail to carry cyber insurance. Consider the following when creating or reviewing your existing cyber insurance plan.

Assess Your Unique Cyber Risks

Such as with any other liability policy, it’s important to understand the specifics of your cyber risks before picking a cyber liability policy. There is no one-size-fits-all, so asses your business needs to understand the best cyber insurance for you.

The following factors are some examples of what defines your organization’s distinct cyber risks:

  • The type of data your organization stores
  • How and what type of data is shared with business partners
  • Types of communication systems used and their level of security

Know What Policies Are Available and What They Cover

Cyber insurance policies may vary significantly due to the absence of market standardization. While most policies provide first-party and third-party coverage, the details of what is covered can vary across policies. First-party coverage typically includes data breach response costs and business interruption costs that result from network failures, data breaches or ransomware attacks. Third-party coverage typically includes coverage for the costs associated with responding to regulatory investigations and indemnification for regulatory fines or penalties. Take a close look at the terms and coverage offered in each policy for what most closely aligns with your unique cyber risks.

Know Your Responsibilities

Closely examine your selected plan to know your responsibilities, such as who to notify if there has been a breach. For example, a data breach that has been recently discovered might have, in fact, been compromised for years, requiring a retroactive cyber insurance plan. Understanding these requirements and what needs to be reported can be the difference between being covered and not being covered at all. Work these requirements into your organization’s incident response plan to ensure they are followed.

The Atypical Devices That May Be Vulnerable to Cyber Attacks

Increasingly more non-computing devices, such as equipment sensors, industrial control systems and teleconferencing equipment are being connected to global computer networks. Unfortunately, many of these devices are typically not held up to the same cyber security standards, therefore adding an additional vulnerability through which cyber criminals may be able to gain access to your organization’s valuable data or manipulate critical systems.

The Internet of Things

The internet of things (IoT) refers to the connection of web-enabled devices that are connected to each other in a network to exchange information. While this provides many benefits, such as reducing the need to input the same data into multiple systems and gathering data from different sources to be analyzed and used in a centralized location, there are risks associated with it.

For example, if a single device is compromised in a cyber attack, the data from all connected devices and even the devices themselves could be compromised. As such, all it takes for an outsider to gain access to sensitive information is to identify the device with the weakest cyber security that also has access to the network.

Securing IoT Devices

When looking to purchase and connect new devices to the IoT, ensure that there are plans and policies in place to minimize the chances of a cyber threat against those devices. Conduct a sweep of your organization to identify electronic devices and determine if each one is connected to a network that could be exposed to a cyber event, as well as what kind of data those devices are sending and receiving. Keep in mind that even seemingly mundane systems or devices such as heating, ventilation and air conditioning units could be running basic computer operating systems with the potential to connect to the internet. Track these devices by creating an asset map that lists the connected devices.

From here, you can start planning how to secure the devices that pose the largest threat of cyber exposure. Segment the network so that not every device provides access to the entire system, check for security updates or patches where possible and reach out to the device’s manufacturer for information if necessary. Restrict personal IoT devices to a separate network (like a guest Wi-Fi), update all default passwords on connected devices, use two-factor authentication and ensure that data generated by IoT devices is encrypted.

When looing for a provider of cyber insurance, don’t settle for just any provider.  Interview them, and ensure their knowledge of the product and of your unique exposure is sufficient to ensure you the protection your business requires.