12 months ago ·
by Erin Carlson ·
The right auto policy can be invaluable following a vehicle theft. If you have comprehensive coverage on your policy, your insurer can help pay to replace your lost car. Most policies can even provide rental car coverage until your stolen vehicle is recovered or considered lost. For more information on car insurance, contact Scurich Insurance today.
If you suspect your vehicle has been stolen, do the following:
Call the police. The sooner you notify the proper authorities, the more likely you are to recover your vehicle. You will want to share everything about your car that you can, including its make, model, licence plate number and VIN number.
Report the stolen car to your insurer. Once you’ve completed a police report, you should contact your car insurance company. You can often file a report using your insurer’s claims hotline. You should also consider contacting your local motor vehicle department, as they typically maintain a database of stolen vehicles.
Report the theft to your finance or leasing company. If you still owe money to a financing or leasing company, you will want to inform them that your vehicle has been stolen. Often, these companies work directly with insurers following vehicle thefts.
While there’s a chance authorities may recover your stolen vehicle, it’s best to try to prevent thefts altogether. Make sure you always lock your car and take your keys with you. Never keep a spare set of keys hidden in your car or leave the vehicle running unattended. Parking in well-lit areas and hiding valuables that might attract thieves can also be useful.
12 months ago ·
by Erin Carlson ·
Cyber security researchers recently announced the discovery of two major security flaws that could allow hackers to bypass regular security measures and obtain normally inaccessible data. The flaws, referred to as Meltdown and Spectre, are both caused by design flaws found in nearly all modern processors. These vulnerabilities can be exploited to access all of the data found in personal computers, servers, cloud computing services and mobile devices.
Because Meltdown and Spectre are both caused by design flaws, experts believe that they will be harder to fix than traditional security exploits. Additionally, software patches that have already been released to help address the vulnerabilities can cause computer systems to slow down significantly, which may impact their ability to perform regular tasks.
Researchers believe that Meltdown and Spectre may be limited to processors manufactured by different companies, but also warn that the design flaws that contribute to Meltdown and Spectre have been present for years. Here are some key details about each flaw:
- Meltdown: This flaw can be used to break down the security barriers between a device’s applications and operating system in order to access all of the device’s data. Meltdown can be used to access desktop, laptop, server and cloud computer systems, and can even be used to steal data from multiple users who share one device. Although researchers have only been able to verify that Meltdown affects processors made by Intel, other processors may also be affected. Many software developers have already released updates that prevent hackers from exploiting Meltdown.
- Spectre: This flaw can be used to break down the security barriers between a device’s different applications and access sensitive data like passwords, photos and documents, even if those applications adhere to regular security checks. Spectre affects almost every type of computer system, including computers, servers and smartphones. Additionally, researchers have confirmed that the design flaw that enables Spectre is present in Intel, AMD and ARM processors that are used by nearly every computer and mobile device. Software developers are currently working on a patch to prevent the exploitation of Spectre, but some experts believe that future processors may have to be redesigned in order to fix the vulnerability.
When Meltdown and Spectre were originally discovered in 2017, researchers immediately
reported them to major hardware and software companies so work on security fixes could begin without alerting hackers. As a result, services and applications offered by companies like Microsoft, Google, Apple and Amazon have already been updated to help defend against the flaws. However, you shouldn’t rely solely on a software patch to protect against these vulnerabilities. Here are some steps you can take to protect your computer systems and devices from Meltdown and Spectre:
- Update all of your devices immediately, and check for new updates regularly. You should also encourage your friends, family members and co-workers to do the same.
- Contact any cloud service providers and third-party vendors you use to ensure that they are protected against Meltdown and Spectre. Cloud services and computer servers are especially vulnerable to the exploits, as they often host multiple customers on a single device.
- Install anti-virus and firewall systems to protect against regular malware. Researchers believe that hackers need to gain access to a device in order to exploit Meltdown or Spectre, so keeping your devices free of malware can help prevent data theft.
For additional risk management updates, contact Scurich Insurance today.
The Occupational Safety and Health Administration (OSHA) recently unveiled its top 10 most frequently cited violations. The agency reports the leading causes of workplace injuries during its fiscal year (October through the following September).
The 2017 top 10 list of most frequently cited standards did not change significantly from 2016, with fall protection violations remaining at the top of the list. In fact, the top five most cited violations remained the same.
- Fall Protection (29 CFR 1926.501): 6,072 citations
Falls from ladders and roofs still account for the majority of injuries at work. Identifying fall hazards and deciding how to best protect workers is the first step in eliminating or reducing fall hazards. This includes, but is not limited to, guardrail systems, safety net systems and personal fall protection systems in conjunction with safe work practices and training.
- Hazard Communication (29 CFR 1910.1200): 4,176 citations
In order to ensure chemical safety in the workplace, information must be available about the identities and hazards of all chemicals in use. OSHA standard 1910.1200 governs hazard communication to workers about chemicals that are both produced or imported into the workplace. Both the failure to develop and maintain a proper written training program for employees, as well as the failure to provide a Safety Data Sheet for every hazardous chemical, top the citation list.
- Scaffolding (29 CFR 1926.451): 3,288 citations
According to the Bureau of Labor Statistics, the vast majority of scaffold accidents can be attributed to the planking or support of the scaffold giving way, or to employees slipping or being struck by falling objects. The dangers associated with scaffold use can be controlled if employers strictly enforce OSHA standards.
- Respiratory Protection (29 CFR 1910.134): 3,097 citations
Standard 1910.134 provides employers with guidance in establishing and maintaining a respiratory inspection program for program administration, worksite-specific procedures and respirator use. Respirators protect workers from oxygen-deficient environments, harmful dusts, fogs, smokes, mists, gases, vapors and sprays. These hazards could cause cancer, lung impairment, and other diseases or death.
- Lockout/Tagout (29 CFR 1910.147): 2,877 citations
Lockout/tagout (LOTO) refers to specific practices and procedures that safeguard employees from the unexpected startup of machinery and equipment, or the release of hazardous energy during service and maintenance activities. Workers who service mechanical and electrical equipment face the greatest risk of injury if LOTO is not properly implemented. Workers injured on the job from exposure to hazardous energy lose an average of 24 workdays for recuperation.
- Ladders (29 CFR 1926.1053): 2,241 citations
These types of violations typically occur when ladders are used for purposes other than those designated by the manufacturer, such as when the top step of a stepladder is used as a step, when ladders are not used on stable and level surfaces, or when defective ladders are not withdrawn from service. Most employee injuries can be attributed to inadequate training and a disregard for safe operating procedures.
- Powered Industrial Trucks (29 CFR 1910.178): 2,162 citations
Each year, tens of thousands of injuries related to powered industrial trucks (particularly forklifts) occur. Many employees are injured when lift trucks are driven off of loading docks or when they fall between docks and unsecured trailers. Other common injuries involve employees being struck by lift trucks or falling from elevated pallets and tines. Most incidents also involve property damage, including damage to overhead sprinklers, racking, pipes, walls and machinery.
- Machine Guarding (29 CFR 1910.212): 1,933 citations
When left exposed, moving machine parts have the potential to cause serious workplace injuries, such as amputations, burns, blindness, and crushed fingers or hands. The risk of employee injury is substantially reduced by installing and maintaining the proper machine guarding.
- Fall Protection Training Requirements (29 CFR 1926.503): 1,523 citations
Because falls represent such a serious risk, employers must train employees to identify potential fall hazards and follow procedures in order to minimize the chance of a fall. According to OSHA, employees should be trained to use fall protection methods, such as guardrails, safety nets and personal fall arrest systems, and employers should verify that employees have been trained by preparing written certification records.
- Electrical—Wiring Methods (29 CFR 1910.305): 1,405 citations
Electricity has long been recognized as a serious workplace hazard. OSHA’s electrical standards are designed to protect employees exposed to dangers, such as electric shock, electrocution, fires and explosions. Electrical wiring violations that top the electrical citation list include the failure to install and use electrical equipment according to the manufacturer’s instructions, failure to guard electrical equipment, failure to identify disconnecting means or circuits, and not keeping workspaces clear.
It costs nearly 20 percent of an employee’s annual salary to replace a current employee. If you are experiencing high turnover, chances are you are experiencing high losses as well. The costs of reviewing applications, processing candidates, conducting interviews, training and purchasing equipment for new hires aren’t only monetary – they also cost time and lost productivity.
Given the high cost of losing an employee, retention should be a top priority for every organization. If you do not already have a retention strategy, now is the time to make one. The first step in curbing turnover is figuring out why employees are leaving.
Why Employees Leave
Employees leave organizations for a variety of reasons, depending on their unique circumstances. However, there are some common reasons that may help determine the best retention strategy for your organization. Below are some of the most common reasons employees leave:
- Stagnation – Employees are often looking for career and personal growth. If they have no upward mobility at your company, they may look for it elsewhere.
- Pay – Compensation needs to be competitive to attract the best talent. Likewise, good pay is needed to retain top talent.
- Workplace culture – Expectedly, co-workers matter to employees. If they feel ostracized or marginalized by co-workers (or management), they will want to leave that environment.
- Better opportunities – Like with stagnation, employees leave when they believe they have better prospects elsewhere. This could be due to a higher-paying position or simply a job more aligned with their interests.
How to Retain Employees
Retention strategies are not universal. It is possible that techniques and strategies that work for some organizations will not work for yours. This means you need to analyze why your employees are leaving and strategize how to combat those reasons.
Exit interviews are a great way to analyze why employees are leaving. During exit interviews, managers ask questions to employees who are on their way out of the company. Questions should be related to the employees’ time with the company, such as what they enjoyed, what they disliked and what prompted their resignation. Exit interviews will only be useful with employees who resign or leave voluntarily, not those who have been terminated.
Depending on the responses from the exit interviews, you can begin crafting a retention strategy. For instance, if a main catalyst for employee turnover is a lack of upward mobility, think about how to change that. It could mean creating new roles or, if roles already exist, making a clear guide for career pathing at the organization.
Creating a retention strategy does not need to be solely reactive. Consider creating a survey to gauge employee satisfaction with the company. Include questions about what people like and what they do not like about their job.
Retaining employees is critical for any business an falling short on retention can be devesating to your bottom line. It costs nearly 20 percent of an annual salary to replace an employee, so implementing proactive retention straties is key to mainitning your workforce.
Answer the questions below to determine if your orginzation has a high turnover risk.
|INSTRUCTIONS: Begin by answering the questions below. Each response will be given a numerical value depending on the answer. After completeing the questions, total your score using the scale at the bottom of the page.
|YES: 0 points
||NO: 2 points
||UNSURE: 2 points
|Have you reviewed pay scales within the last three years?
|Do you survey employees career groth desires each year?
|Have you compared your health insurance against similar companies in your industry?
|Do you routinely survey employees to ensure they feel comfortable and included in the workplace environment?
|Do you track top employee performers?
|Do you monitor the market to ensure top performers are appropriately compensated?
|Have you surveyed employees in the past to guage their workplace satisfaction?
|Do you have a retention strategy in place for when a top performer comes to you with another offer?
|Do you offer incentives beyone health benefits to employees?
|Have you implemented employee engagement strategies to curb turnover proactively?
|0 – 6
||7 – 13
||14 – 20
There is no hard and fast rule for successful employee retention. Creating a retention strategy for your organization requires you to analyze both your company and its industry. Contact Scurich Insurance for more information on retention and for materials to help you craft your strategy.
On Jan. 2, 2018, the Department of Labor (DOL) issued a final rule that increases the civil penalty amounts that may be imposed on employers under various federal laws. The final rule increases the civil penalty amounts associated with:
- Failing to file an annual Form 5500 under the Employee Retirement Income Security Act (ERISA);
- Repeated or willful violations of minimum wage or overtime requirements under the Fair Labor Standards Act (FLSA);
- Willful violations of the poster requirement under the Family and Medical Leave Act (FMLA); and
- Violations of the poster requirement under the Occupational Safety and Health Act (OSH Act).
The increased amounts apply to civil penalties that are assessed after Jan. 2, 2018.
Employers should become familiar with the new penalty amounts and review their pay practices, benefit plan administration and safety protocols to ensure compliance with federal requirements.
The 2015 Inflation Adjustment Act (Act) includes provisions to strengthen civil monetary penalties under various federal laws in order to maintain their deterrent effect. The Act required federal agencies, including the DOL, to adjust the civil monetary penalties with an initial “catch-up” adjustment. The DOL made this initial adjustment in July 2016. Federal agencies are also required to make subsequent annual adjustments for inflation, no later than Jan. 15 of each year.
The DOL’s final rule implements the 2018 annual adjustments for civil penalties assessed or enforced by the DOL, including penalties under the FLSA, FMLA, OSH Act and ERISA. The increased penalty amounts became effective on Jan. 2, 2018, and may apply for any violations occurring after Nov. 2, 2015.
The updated maximum penalty amounts are shown in the table below.
|Wage and Hour
|Repeated or willful violations of minimum wage or overtime requirements (FLSA)
||Up to $1,925 for each violation
||Up to $1,964 for each violation
|Violations of child labor laws
||Up to $12,278 for each employee subject to the violation
||Up to $12,529 for each employee subject to the violation
|Violations of child labor laws that cause death or serious injury to an employee under age 18
||Up to $55,808 for each violation (doubled to $111,616 if the violation is repeated or willful)
||Up to $56,947 for each violation (doubled to $113,894 if the violation is repeated or willful)
|Willful failure to post FMLA general notice
||Up to $166 for each separate offense
||Up to $169 for each separate offense
|Violations of the Employee Polygraph Protection Act (EPPA)
||Up to $20,111 for each violation
||Up to $20,521 for each violation
|Failure to file an annual report (Form 5500) with the DOL (unless a filing exemption applies)
||Up to $2,097 per day
||Up to $2,140 per day
|Failure of a multiple employer welfare arrangement (MEWA) to file an annual report (Form M-1) with the DOL
||Up to $1,527 per day
||Up to $1,558 per day
|Failure to furnish plan-related information requested by the DOL
*Under ERISA, administrators of employee benefit plans must furnish to the DOL, upon request, any documents relating to the employee benefit plan.
|Up to $149 per day, but not to exceed $1,496 per request
||Up to $152 per day, but not to exceed $1,527 per request
|Failing to provide the annual notice regarding CHIP coverage opportunities
*This notice applies to employers with group health plans that cover residents of states that provide a premium assistance subsidy under a Medicaid or CHIP program.
|Up to $112 per day for each failure (each employee is a separate violation)
||Up to $114 per day for each failure (each employee is a separate violation)
|For 401(k) plans, failure to provide blackout notice or notice of right to divest employer securities
||Up to $133 per day
||Up to $136 per day
|Failure to provide Summary of Benefits and Coverage (SBC)
||Up to $1,105 per failure
||Up to $1,128 per failure
|Employee Safety – OSH Act
|Violation of posting requirement
||Up to $12,675 for each violation
||Up to $12,934 for each violation
||Up to $12,675 per violation
||Up to $12,934 for each violation
||Up to $12,675 for each violation
||Up to $12,934 for each violation
||Between $9,054 and $126,749 per violation
||Between $9,239 and $129,336 per violation
||Up to $12,675 per day until the violation is corrected
||Up to $12,934 per day until the violation is corrected
According to the Identity Theft Resource Center, data breaches increased 40 percent in 2016, with a total of 1,093 reported breaches. This trend continued in 2017, with over 1,120 cases reported by October. Businesses, both large and small, are increasingly reliant on the internet for daily operations, creating attractive and potentially lucrative targets for cyber criminals.
With such heavy use of and reliance on computers and the internet by both large and small organizations, protecting these resources has become increasingly important. Learning about cyber attacks and how to prevent them can help you protect your company from security breaches.
Cyber Attacks Compromise Your Company
Cyber attacks include many types of attempted or successful breaches of computer security. These threats come in different forms, including phishing, viruses, Trojans, key logging, spyware and spam. Once hackers have gained access to the computer system, they can accomplish any of several malicious goals, typically stealing information or financial assets, corrupting data or causing operational disruption or shutdown.
Both third parties and insiders can use a variety of techniques to carry out cyber attacks. These techniques range from highly sophisticated efforts to electronically circumvent network security or overwhelm websites to more traditional intelligence gathering and social engineering aimed at gaining network access.
Cyber attacks can result directly from deliberate actions of hackers, or attacks can be unintentionally facilitated by employees—for example, if they click on a malicious link. According to historical claim data analyzed by Willis Towers Watson, 90 percent of all cyber claims stemmed from some type of employee error or behavior. The high-profile Equifax, Snapchat and Chipotle data breaches were all caused by employee error or behavior.
A breach in cyber security can lead to unauthorized usage through tactics such as the following:
- Installing spyware that allows the hacker to track Internet activity and steal information and passwords
- Deceiving recipients of phishing emails into disclosing personal information
- Tricking recipients of spam email into giving hackers access to the computer system
- Installing viruses that allow hackers to steal, corrupt or delete information or even crash the entire system
- Hijacking the company website and rerouting visitors to a fraudulent look-alike site and subsequently stealing personal information from clients or consumers
Cyber attacks may also be carried out in a manner that does not require gaining unauthorized access, such as denial-of-service (DoS) attacks on websites in which the site is overloaded by the attacker and legitimate users are then denied access.
The Vulnerable Become the Victims
The majority of cyber criminals are indiscriminate when choosing their victims. The Department of Homeland Security (DHS) asserts that cyber criminals will target vulnerable computer systems regardless of whether the systems belong to a Fortune 500 company, a small business or a home user.
Cyber criminals look for weak spots and attack there, no matter how large or small the organization. Small businesses, for instance, are becoming a more attractive target as many larger companies tighten their cyber security. According to the industry experts, the cost of the average cyber attack on a small business is increasing exponentially and shows no signs of slowing down. Nearly 60 percent of the small businesses victimized by a cyber attack close permanently within six months of the attack. Many of these businesses put off making necessary improvements to their cyber security protocols until it is too late because they fear the costs would be prohibitive.
Simple Steps to Stay Secure
With cyber attacks posing such a prominent threat to your business, it is essential to create a plan to deal with this problem. Implementing and adhering to basic preventive and safety procedures will help protect your company from cyber threats.
Following are suggestions from a Federal Communications Commission (FCC) roundtable and the DHS’s Stop.Think.Connect. program for easily implemented security procedures to help ward off cyber criminals. These suggestions include guidelines for the company as well as possible rules and procedures that can be shared with employees.
Security Tips for Your Company
Cyber security should be a company-wide effort. Consider implementing the following suggestions at your organization:
- Install, use and regularly update anti-virus and anti-spyware software on all computers.
- Download and install software updates for your operating systems and applications as they become available.
- Change the manufacturer’s default passwords on all software.
- Use a firewall for your internet connection.
- Regularly make backup copies of important business data.
- Control who can physically access your computers and other network components.
- Secure any Wi-Fi networks.
- Require individual user accounts for each employee.
- Limit employee access to data and information, and limit authority for software installation.
- Monitor, log and analyze all attempted and successful attacks on systems and networks.
- Establish a mobile device policy and keep them updated with the most current software and anti-virus programs.
Security Tips for Employees
- Use strong passwords (a combination of uppercase and lowercase letters, numbers and special characters), change them regularly and never share them with anyone. Never repeat a password across accounts.
- Protect private information by not disclosing it unless necessary, and always verify the source if asked to input sensitive data for a website or email.
- Don’t open suspicious links and emails; an indication that the site is safe is if the URL begins with https://.
- Scan all external devices, such as USB flash drives, for viruses and malicious software (malware) before using the device.
Securing Your Company’s Mobile Devices
Gone are the days when contact names and phone numbers were the most sensitive pieces of information on an employee’s phone. Now a smartphone or tablet can be used to gain access to anything from emails to stored passwords to proprietary company data. Depending on how your organization uses such devices, unauthorized access to the information on a smartphone or tablet could be just as damaging as a data breach involving a more traditional computer system.
The need for proper mobile device security is no different from the need for a well-protected computer network. Untrusted app stores will continue to be a major source of mobile malware which drives traffic to these stores. This type of “malvertising” continues to grow quickly on mobile platforms.
Most importantly, stay informed about cyber security and continue to discuss internet safety with employees.
Don’t Let it Happen to Your Company
According to the DHS, 96 percent of cyber security breaches could have been avoided with simple or intermediate controls. Strengthening passwords, installing anti-virus software and not opening suspicious emails and links are the first steps toward cyber security. In addition to the listed tips, the FCC provides a tool for small businesses that can create and save a custom cyber security plan for your company, choosing from a menu of expert advice to address your specific business needs and concerns.
A data breach could cripple your small business, costing you thousands or millions of dollars in lost revenue, sales, damages and reputation. Contact Scurich Insurance today. We have the tools necessary to ensure you have the proper coverage to protect your company against losses from cyber attacks.