Business Insurance

How To Prevent And Mitigate The Risk Of Email Related Cyberattacks

Date: April 9, 2025 Author: Rinehart Insurance
Email Related Cyberattacks

Since organizations rely heavily on email to communicate and conduct business operations, cybercriminals commonly target email as an entry point to access networks and breach valuable business data. In fact, 94% of malware is delivered by email, according to Verizon’s Data Breach Investigations Report.

Following a cybersecurity breach, organizations may suffer financial, reputational and intellectual property loss. Therefore, it is important for businesses to invest in email security and follow best practices to ensure their data and operations are protected from cybersecurity threats.

The following are some email security best practices to prevent and mitigate the risk of email related cyberattacks:

  • Implement employee training. Investing in a security awareness training program can help employees navigate email security risks by educating them on potential threats and avoiding situations that could put data and networks at risk.
  • Improve password management. Many people recycle passwords, making it easier for cybercriminals to compromise data across multiple accounts. Employees should use a unique password that contains a combination of upper- and lowercase letters, symbols and numbers, and change their passwords regularly.
  • Enable multifactor authentication. Multifactor authentication strengthens email security by adding an extra layer of protection. When users log in to their email account, they must complete an additional step, such as entering a unique code sent by text to their smartphone, to gain access.
  • Be aware of phishing emails. Cybercriminals often impersonate legitimate senders to steal sensitive information, gain access to operational systems or initiate fraudulent payments. Phishing emails often use language that suggests a sense of urgency and pressure users to complete an action quickly.
  • Encrypt emails, communications and attachments. Encryption can ensure that emails and their attachments are only read and received by the intended person. It can also help prevent malware attacks through email by ensuring that cybercriminals don’t intercept sensitive email data.
  • Avoid public Wi-Fi. One of the best ways to keep email information safe is to avoid connecting to public Wi-Fi. In addition, investing in a virtual private network, better known as a VPN, can secure an encrypted connection between devices and the internet.
  • Access email only on company-approved devices. Devices that don’t have the proper email security tools and measures may be vulnerable to cybercriminals. Utilizing company-approved devices for all work-related communications can help ensure emails remain secure.
  • Utilize endpoint protection solutions. Endpoint protection solutions look for critical information included in emails that appears out of the ordinary, such as an abnormal address, misspelling of words or suspicious links, and then filters them out before they can be received and opened.
  • Log out of email accounts. Leaving email open on any device accessible to others can lead to security issues.
  • Back up data regularly. Although the implementation of sound email security practices reduces the potential for loss, vulnerabilities still exist. Therefore, one of the most important security measures to minimize the potential damage and devastation of a ransomware attack is backing up critical files regularly. Copies should be kept in multiple locations, including on physical hardware and in the cloud.

Implementing a robust email security system and utilizing best practices by employees can help stop email-borne threats, prevent cybersecurity risks and reduce strain on organizations’ security teams. For more information on email related cyberattacks or risk management guidance, contact us today. 

5 Spring Storm Safety Tips for Businesses

Date: March 19, 2025 Author: Rinehart Insurance
Spring Storm Safety

Spring Storm SafetySpring can bring about some of the year’s most dangerous weather and wreak havoc on many aspects of a company’s operations. This article discusses the weather threats to watch out for during spring and spring storm safety tips businesses can take to minimize damage.

Dangerous Spring Weather

Unexpected severe weather increases the risk of property damage, injury and even death. Here are some common types of spring weather events:

  • Tornadoes—According to AccuWeather, tornadoes are by far the most extreme event in the spring. Winds from tornadoes can exceed 200 miles per hour, sending debris flying.
  • Thunderstorms—Severe thunderstorms can produce strong winds, large hail and lightning. If lightning strikes in a dry area, fires can occur.
  • Flooding—Snowmelt, ice jams and heavy rain can produce large amounts of water runoff in a short period of time, resulting in floods.
  • Blizzards—Snowstorms that occur in the spring may cause power outages or property damage. They can also force businesses to shut down.
  • Excessive heat—The second half of spring typically brings higher temperatures, leading to heat-related disorders or illnesses if employees work in outdoor environments.

Minimizing Risks

While springtime weather may be unpredictable, businesses can minimize risks to both people and property by preparing for all situations. Business leaders should consider the following spring storm safety tips:

1) Develop a plan. If employees have to travel to work, severe spring weather could put them in danger on the road. In addition, shelter-in-place orders or power outages could also pose threats to onsite employees, clients and customers. Having a plan in place can help everyone remain safe during an emergency. Outline what employees should do in different circumstances—such as a power loss—and have a communication protocol. Conduct drills until the plan becomes second nature.

2) Keep an emergency kit on hand. This kit should contain emergency supplies, including flashlights, water, a first-aid kit, blankets, extra batteries, a toolset and current contact information for state and local entities.

3) Secure the property and outdoor assets. Dead trees, weak structures and unsecured materials can become airborne hazards during windstorms, damaging buildings or external systems. If severe weather is in the forecast, complete preventive maintenance, close windows securely, bring outdoor furniture inside and clear out storm drains.

4) Back up data. Severe weather can cause power outages and may physically damage equipment. Back up critical data often to help smoothly rebuild systems.

5) Obtain proper insurance coverage. An experienced insurance broker can help business leaders understand and plan for the impacts of catastrophic weather. Complete a coverage review to ensure there are no gaps in coverage that will result in an uncovered loss.

By minimizing the opportunity for property damage, preparing employees to act and working with an experienced broker to ensure the appropriate insurance coverage is in place, businesses can better mitigate risks during the springtime. For more information, contact us today.

Do You Know How to Address Employee Burnout?

Date: August 28, 2024 Author: Rinehart Insurance
employee burnout

employee burnoutEmployee burnout is escalating globally, with a significant number of workers experiencing severe physical, emotional and mental exhaustion. The 2024 Global Talent Trends report reveals that approximately 82% of employees are at risk of burnout, primarily due to financial pressures and excessive workloads.

Burnout occurs when long-term stress overwhelms employees’ ability to cope, leading to lower productivity, negative feelings and a diminished sense of effectiveness at work. It can also result in serious health consequences, such as insomnia and heart disease.

As substantial burnout levels persist, it’s important for employers to recognize the signs and implement preventive measures to create a healthier, more productive work environment.

Spotting Signs of Employee Burnout

Recognizing burnout is the first step toward addressing it. Check with your employees if they exhibit the following symptoms:

  • Persistent tiredness and lack of energy
  • Noticeable decline in productivity, creativity and efficiency
  • Feelings of disconnection from colleagues and a lack of enthusiasm for work
  • Increased irritability, anxiety and depression
  • Frequent headaches, muscle pain and other stress-related ailments

Tips for Preventing Employee Burnout

Creating a work culture that values employee well-being is essential in preventing burnout. Here are some strategies your organization can adopt:

  • Encourage employees to take “micro-breaks” (e.g., stretching, five- to 10-minute walks) during the day to help lower stress.
  • Establish a culture of care where workers feel comfortable discussing their stressors.
  • Schedule frequent, proactive check-ins with workers to address their well-being needs.
  • Train leaders to identify employees at risk of burnout and offer resources to support those affected.
  • Analyze how your employees collaborate and adjust systems to enable them to work more seamlessly.
  • Ensure workloads are manageable and distributed fairly.
  • Be flexible and understanding with work schedules and deadlines.
  • Encourage workers to use their vacation days and disconnect from work after hours.
  • Provide career development programs that can keep employees motivated and reduce feelings of stagnation.
  • Reinforce a positive work environment by regularly acknowledging employees’ hard work and contributions.
  • Share resources and tools that can help improve mental and physical well-being.

Conclusion

Employee burnout is a widespread problem that can significantly impact organizations. As such, it’s crucial for employers to reassess their strategies and prioritize employee well-being.

For more workplace guidance, contact us today.

Scheduled Versus Blanket Limits for Commercial Property Insurance

Date: May 8, 2024 Author: Rinehart Insurance
Commercial Property Insurance

Commercial Property InsuranceCommercial property insurance is an essential form of coverage for any organization. Such a policy can provide much-needed financial protection if an organization’s commercial building or its contents are damaged or destroyed by covered perils (e.g., fire, theft, vandalism, wind and lightning). Specifically, this coverage can help reimburse property repair or replacement expenses when these perils occur. 

A commercial property policy is usually subject to a coverage limit, which refers to the maximum amount an insurance carrier pays toward a claim after the deductible is met. There are two main types of coverage limits available under commercial property insurance: scheduled and blanket. These limits largely determine the extent of financial protection afforded to an organization’s property amid potential losses, thus playing a major role in the valuation and claims processes.

With this in mind, it’s important for organizations to know the differences between these limits and better understand how their commercial property policies will respond when losses occur. This article provides more information on scheduled and blanket limits, outlines the main distinctions between them, and weighs the advantages and disadvantages of these coverage offerings.

Scheduled Limits

Also known as a specific limit, a scheduled limit applies to individual property or assets at a single insured location; in other words, each property or asset has a personalized limit of coverage. This means that each of an organization’s commercial buildings may have its own coverage limit, and the various contents stored within each building—commonly called business personal property (BPP)—may also have separate limits. For example, if an organization has two insured locations, one location may have coverage limits of $1 million for the building and $500,000 for the BPP, whereas the second location may have different limits, such as $2 million for the building and $750,000 for the BPP.

When an organization has a commercial property policy with scheduled limits, it’s imperative to itemize each asset with its respective value and update these values as needed (e.g., upon making property updates or after purchasing new assets). In doing so, the organization can maintain accurate coverage limits for individual property and avoid costly out-of-pocket losses when claims arise.

Blanket Limits

A blanket limit either applies to several different assets at a single insured location or the same types of property across multiple locations. In some cases, a blanket limit may even apply to all property at any insured location.

Rather than each property being assigned a specific limit, the same limit applies to all assets, therefore providing a blanket of coverage. For instance, an organization may have a coverage limit of $1.5 million for both its commercial building and BPP at a single location. On the other hand, if an organization has multiple insured locations, it may leverage one of the following blanket limit options:

  • Separate coverage limits for buildings and BPP—With this option, the organization may have a blanket limit of $2 million for its buildings and $1 million for its BPP, regardless of location.
  • Separate coverage limits for each location—Alternatively, the organization may have a blanket limit of $1.25 million for both its building and BPP at one location and $1.75 million for the same types of assets at another location.
  • The same coverage limit for all properties and locations—Finally, the organization may have a single blanket limit of $3 million for both its buildings and BPP across all locations.

Commercial property policies with blanket limits are known to offer more coverage flexibility as property values fluctuate and assets get moved around, ultimately lowering the likelihood of underinsurance concerns and minimizing out-of-pocket losses.

Coverage Differences

In addition to the distinctions in how commercial property is itemized and valued, here are some of the key coverage differences between scheduled and blanket limits:

  • Premium costs—In most cases, commercial property policies with blanket limits are more expensive to obtain than those with scheduled limits. That is, a policy offering the same coverage will typically carry higher premiums with blanket limits than with scheduled limits.
  • Coinsurance penalties—Coinsurance clauses are included in many commercial property policies. Such a clause requires a policyholder to maintain a minimum amount of coverage (usually between 80% and 90% of the value of their insured property). If the policyholder submits a claim and an inspection reveals that their coverage doesn’t meet the minimum amount, the insurance carrier will penalize the policyholder by paying a reduced percentage of the claim.
    Because scheduled limits require organizations to ensure accurate values for individual property and assets, they could leave organizations more vulnerable to coinsurance penalties than blanket limits. After all, just one undervalued asset can invoke a penalty with scheduled limits, whereas blanket limits allow for more leeway when property values change.
  • Margin clauses—Commercial property policies with blanket limits sometimes include mandated coverage endorsements known as margin clauses. This type of clause generally states that the insurance carrier won’t pay more than a certain percentage of commercial building and BPP values (usually between 110% and 125%) toward a large-scale claim, thus preventing the policyholder from potentially abusing their blanket limit and leveraging the entirety of their coverage to reimburse one major loss.

Yet, even with margin clauses, commercial property policies with blanket limits tend to offer more coverage versatility than those with scheduled limits. Nevertheless, it’s best for organizations that have policies with blanket limits to be aware of margin clauses and their related stipulations.

Advantages and Disadvantages

The primary benefits of commercial property policies with scheduled limits are that this coverage often includes less expensive premiums than its blanket counterpart and can provide organizations with greater control over the valuation of individual property and assets. However, maintaining up-to-date values for all commercial buildings and BPP can also leave organizations with substantial administrative responsibilities. What’s more, failing to uphold accurate values for all property and assets can result in serious consequences, including coinsurance penalties and underinsurance concerns.

As it pertains to commercial property policies with blanket limits, this coverage can allow organizations to simplify their property valuation processes by applying a single limit across different buildings and BPP. Further, blanket limits can offer greater coverage fluidity and significantly mitigate out-of-pocket losses. Even so, this coverage carries a higher initial price tag and still comes with restrictions (i.e., margin clauses) that can limit total claim payouts.  

Conclusion

Organizations don’t have to navigate the commercial property insurance landscape alone; they can consult trusted insurance professionals to assess their coverage needs and determine which types of limits are most suitable for their assets and operations.

Contact us today for more insurance solutions.

4 Important Differences Between Traditional and Cyber Business Interruption Policies

Date: May 1, 2024 Author: Rinehart Insurance
Cyber Business Interruption

Cyber Business InterruptionWhen organizations face large-scale disasters or other unexpected losses, ensuring business continuity is often a top priority. Yet, various losses may make it challenging for organizations to avoid operational disruptions or temporary shutdowns. In these instances, even brief closures can carry costly consequences. Fortunately, that’s where business interruption (BI) insurance can help.

BI insurance can offer much-needed financial protection when organizations’ usual business activities are interrupted due to covered losses. This type of coverage is typically available through a few different commercial insurance policies. Traditional BI coverage can be purchased as a supplement to commercial property insurance or a business owner’s policy (BOP), whereas an alternative form of BI coverage can be secured via cyber business interruption insurance.

Nevertheless, there are several differences between traditional and cyber business interruption policies, including when they apply and what they cover. As such, organizations should be aware of these differences and better understand their overall coverage capabilities. The following article provides more details on traditional and cyber BI insurance and offers a coverage comparison between these policies.

Traditional Business Interruption Insurance

Traditional BI insurance is typically added onto a commercial property insurance policy or comprehensive insurance package, such as a BOP. This coverage generally includes financial protection for the various expenses that can arise if an organization is forced to pause its operations or temporarily close its doors due to a covered loss. Such a policy may reimburse these operating costs:  

  • Income that an organization would be earning if it were running normally
  • Commercial mortgage, rent, lease, loan and tax payments due during a disruption
  • Payroll expenses to maintain employees’ wages amid a closure
  • Relocation costs related to an organization’s move to a new or temporary location during a disruption
  • Commission and training costs stemming from an organization having to replace damaged tools or machinery amid a closure and educate workers on how to use the new equipment
  • Extra expenses that an organization reasonably incurs (beyond typical operating costs) during a disruption to help it get back up and running

Examples of covered losses under traditional BI insurance include a range of perils, such as fires, theft, vandalism and certain natural disasters. For instance, if a fire destroys the kitchen in a restaurant, this coverage may help reimburse the business for lost income and employees’ wages while it temporarily closes for repairs.

With traditional BI policies, some insurers may also offer contingent business interruption (CBI) coverage, which provides financial protection for operational disruptions caused by covered losses among suppliers and business partners. Some insurers may also provide civil authority coverage, which can help compensate expenses stemming from government-mandated business closures (e.g., a citywide curfew, local evacuation order or temporary road closure).

Cyber Business Interruption Insurance

As its name suggests, cyber BI coverage is solely available through the purchase of a standalone cyber insurance policy. This relatively newer coverage offering has become increasingly common as organizations expand their digital operations and invest in various technological advancements, thus driving up their associated cyber exposures and leaving them more susceptible to disruptive attacks. Even so, not all insurers include BI coverage in their cyber policies; with this in mind, organizations should carefully review their policies for this offering rather than assume they have coverage.

Cyber BI insurance usually provides financial protection for costs stemming from an organization experiencing technology failures (e.g., system shutdowns or network outages) and related operational disruptions due to a covered loss. Such a policy may help reimburse many of the same operating costs as traditional BI coverage, including lost income, employees’ wages and extra expenses.

Examples of covered losses under cyber BI coverage include a variety of security and privacy events, such as data breaches, social engineering scams and ransomware attacks. For instance, if an online retailer’s website gets temporarily shut down due to a ransomware attack, this coverage may help compensate the business for lost profits incurred while the website is offline.

With cyber BI coverage, some insurers may also provide financial protection for digital disruptions caused by human errors (e.g., an employee accidentally downloading a harmful computer virus) or malfunctioning software (e.g., an organization’s network unexpectedly freezing during a routine system upgrade). Further, some insurers may offer cyber CBI coverage, which can help reimburse expenses arising from third-party cyber events that result in software provider shutdowns or cloud vendor outages. 

Coverage Comparison

Despite some similarities, traditional and cyber BI policies are not the same. Here’s a coverage comparison to highlight the main differences between these coverage offerings:

1) Coverage triggers—Both traditional and cyber BI policies have a waiting period, which refers to the amount of time that must pass once a loss occurs before coverage can be triggered. Under traditional BI coverage, the waiting period is typically 72 hours. With cyber BI coverage, however, this period is often shorter. Since cyber events happen quickly and are generally resolved faster than losses caused by property-related perils, the waiting period for such coverage is almost always less than 24 hours, usually between six and 12 hours.

2) Period of measurement—In the scope of BI coverage, the period of measurement pertains to the calculation of lost income caused by an operational disruption. Traditional BI policies primarily apply to commercial property losses that pause typical business activities for long periods, making it relatively easy to determine the period of measurement.

On the other hand, digital disruptions stemming from cyber losses may only last for hours or days, making it more difficult to calculate lost income correctly. To accurately determine the period of measurement and ensure sufficient reimbursement of lost income with cyber BI coverage, it’s best to collect more detailed loss data, such as hourly profit statements and sales records.  

3) Period of restoration—One key factor in determining the overall value of any BI loss is the period of restoration, which refers to the total length of an operational disruption. In most cases, the period of restoration is measured from the start date of a loss (e.g., when property damage occurs or a cyber event initially strikes) until the affected organization fully recovers and resumes normal operations (e.g., when property repairs are completed or digital assets are restored). The period of restoration is often pretty simple to determine when it involves property damage, but cyber events aren’t as straightforward. There can be far less certainty regarding when cyber events start and end, as there could be minimal evidence of physical recovery.

What’s more, some cyber insurers may even define the period of restoration differently than others, prompting more confusion surrounding cyber BI policies than traditional BI policies. Considering these difficulties, it may be necessary to closely review policy wording, consult forensic accountants and assess additional loss elements (e.g., how and when cyber events were detected and resolved, what technology was affected, and which operations were paused) to correctly calculate this period following digital disruptions.

4) Reputational losses—When organizations encounter traditional BI losses, they usually don’t have to worry about reputational damage, as these losses generally stem from perils out of their control. Yet, with cyber BI losses, stakeholders may partially blame organizations for their involvement in cyber events, especially if these events involve a breach of confidential data or are caused by preventable security failures.

Consequently, organizations may experience prolonged profit losses due to diminished customer loyalty even after recovering from cyber events and associated digital disruptions. That’s why cyber BI policies may offer coverage for reputational losses, whereas traditional BI policies do not.

Conclusion

While there are a number of differences between traditional and cyber Business Interruption policies, both forms of coverage can prove valuable and offer significant financial protection to organizations facing operational disruptions. Organizations can consult trusted insurance professionals to learn more about these coverage offerings and discuss their specific BI insurance needs.

Contact us today for further insurance solutions.

What Are Stay Interviews And Why Are They Important?

Date: March 13, 2024 Author: Rinehart Insurance
stay interview

Employee turnover can be a significant challenge for employers, as it can lead to increased costs, loss of productivity and a negative impact on company culture. Stay interviews offer a proactive approach to understanding and addressing the needs of employees, ultimately enhancing retention rates. Unlike exit interviews, which are conducted when an employee is leaving, stay interviews are conducted while the employee is still employed at the organization with the goal of identifying factors that contribute to their job satisfaction and commitment.

This article outlines best practices for employers to conduct effective stay interviews.

The Importance of Stay Interviews

Stay interviews are usually once-a-year meetings conducted with each employee and their supervisor or an HR professional. Unlike performance reviews, these meetings focus on an existing employee’s attitude toward an organization. Specifically, stay interviews attempt to discover what makes an employee want to work—or stop working—for the organization and any aspects of the company that need to be addressed to make working there more attractive. Not only can stay interviews enlighten employers about issues before they manifest into employee departures, but they also help employees feel heard, showing them that their employer cares enough about retaining them to improve workplace operations.

Especially in a tight labor market, giving employees this level of attention is critical. Even if an employee is resolved to leave, understanding their motivations can help the employer retain other employees who may feel similarly. Stay interviews enable employers to learn this information sooner and address those issues head-on.

Stay Interview Best Practices for Employers

Impactful stay interviews can help maximize employee satisfaction, engagement and retention. Consider the following best practices for stay interviews:

  • Establish clear objectives. Before conducting stay interviews, employers should establish clear objectives and goals. It’s important to determine what information should be gathered from employees and how it will be used to improve engagement and retention strategies. This may include identifying areas of dissatisfaction, uncovering potential issues and recognizing areas of strength within the organization.
  • Integrate stay interviews into onboarding. Stay interviews aren’t just for the company’s tenured employees; they can be incorporated into the 30-, 60- and 90-day milestones of employee onboarding. By gauging employee satisfaction early on, employers can proactively address any issues and make necessary adjustments. Early identification of potential problems can prevent them from escalating into larger issues down the line.
  • Create a safe and confidential environment. A safe and confidential environment is crucial to encourage open and honest communication during stay interviews. Employees should be assured that their feedback will be kept confidential and that there will be no negative repercussions for sharing their thoughts and concerns. This trust-building exercise can foster genuine dialogue and provide valuable insights.
  • Train interviewers. Ensure that managers and HR professionals conducting stay interviews are adequately trained in effective communication and active listening skills. Training should emphasize the importance of empathy, respect and nonjudgmental attitudes when engaging with employees. Interviewers should be prepared to ask probing questions to uncover underlying issues and concerns.
  • Ask open-ended questions. Open-ended questions can prompt employees to freely share their thoughts, feelings and experiences. It’s important to avoid leading questions and instead focus on topics such as job satisfaction, career development, leadership and management, work-life balance and organizational culture. Examples of open-ended questions include:
    • What motivates you to work here?
    • What aspects of your job do you find most fulfilling?
    • Are there any challenges or obstacles you’re currently facing in your role?
    • What do you like least about your job?
    • How can we better support your professional growth and development?
    • If you could change any aspect of the organization or your job, what would it be?
    • What would cause you to consider leaving the organization?
  • Actively listen and validate. During stay interviews, it’s essential for interviewers to actively listen to employees’ responses without interrupting or dismissing their concerns. Validating employees’ feelings and experiences demonstrates empathy and understanding. Interviewers should paraphrase workers’ responses to ensure clarity and show that their feedback is valued. Probing to learn more can also demonstrate authenticity.
  • Identify actionable insights. After conducting stay interviews, feedback must be analyzed to identify common themes, trends and actionable insights. Employers should look for opportunities to address areas of concern and implement changes that align with employees’ needs and preferences. They should also consider involving employees in the decision-making process when looking to make changes to foster a sense of ownership and empowerment.
  • Follow up and track progress. Following up with employees after stay interviews is crucial to communicate any actions taken based on their feedback and provide progress updates. To evaluate the long-term effectiveness of stay interview initiatives, retention metrics and employee satisfaction levels must be continuously tracked. Strategies should be adjusted as needed to ensure ongoing improvement.

Summary

Employee retention is top of mind for many employers. Keeping talent happy and engaged often starts with understanding what employees want, what they like and what they’d like to change in the workplace.

Stay interviews represent a proactive approach to employee retention, as they allow employers to gain valuable insights into the factors influencing job satisfaction and commitment. By implementing best practices, organizations can strengthen employee engagement, improve retention rates and foster a positive workplace culture. Investing in stay interview initiatives demonstrates a commitment to valuing and supporting employees and their opinions, ultimately contributing to long-term organizational success.

Contact us today for more workplace guidance.

Debunking 5 Common Cybersecurity Myths

Date: February 14, 2024 Author: Rinehart Insurance
cybersecurity myths

cybersecurity mythsAlso known as IT security, cybersecurity refers to the act of safeguarding internet-connected systems, critical data and other digital assets from potential cyberthreats—threats that may attempt to exploit sensitive information, steal funds or disrupt normal business operations. In other words, cybersecurity consists of the strategies implemented to help protect people, processes and technology from cyberattacks and related losses.

Cybersecurity has become all the more important as organizations of all sizes and sectors expand their reliance on technology and other digital services in their operations. After all, cyberattacks can carry serious consequences, including damaged data and systems, prolonged business disruptions, diminished customer loyalty, lost revenue and potential regulatory concerns amid strengthening cybersecurity laws.

Even so, there are a variety of myths circulating regarding cybersecurity, many of which undermine the severity of possible threats and diminish the value of effective mitigation strategies. If organizations mistakenly assume these myths to be true, they could leave themselves increasingly vulnerable to cyberattacks and subsequent losses. The following article debunks five of the most common cybersecurity myths, giving organizations the information needed to better understand their exposures and implement appropriate risk management measures.

Myth #1: Cybersecurity measures are only necessary for large corporations.

Some organizations think small businesses are unlikely targets for cyberattacks, as they often have less data and funds for cybercriminals to exploit. As such, it has become a frequent misconception that adopting proper cybersecurity measures only makes sense for large corporations, particularly those that possess substantial capital and store sensitive information.

Large organizations are definitely susceptible to cyberattacks, but this doesn’t mean small businesses are immune to such incidents. On the contrary, some cybercriminals consider small organizations more attractive targets than their larger counterparts because these businesses are more likely to have weaker cybersecurity measures in place, thus simplifying the overall attack process. According to a recent study conducted by international IT services and consulting company Accenture, 43% of all cyberattacks target small businesses, and 66% of such organizations have experienced an attack within the past year. With this in mind, it’s clear that cybersecurity measures are necessary for organizations of any size, but especially small businesses.

Myth #2: Basic cybersecurity procedures are enough to protect against possible threats.

For certain organizations, cybersecurity consists of a few basic protocols, such as deploying firewalls, installing antivirus software and encouraging employees to maintain strong passwords. While these procedures can certainly prove useful, adopting such a single-layered approach to cybersecurity probably won’t be effective in minimizing all possible threats.

For instance, basic cybersecurity protocols aren’t as successful in protecting against brute-force incidents and social engineering scams, which are some of the most common attack techniques. To put this in context, a report from multinational cybersecurity firm Kaspersky Lab found that brute-force attacks contribute to nearly one-third (31.6%) of all cyber incidents; meanwhile, the aforementioned Accenture study revealed that 85% of organizations have encountered social engineering scams. This means that organizations would remain vulnerable to a sizeable proportion of cyberattacks with only basic protocols in place.

As the cyber risk landscape shifts and changes, organizations’ mitigation strategies should follow suit. By implementing a multilayered approach to cybersecurity and leveraging a wide range of protective measures (e.g., multifactor authentication, endpoint detection and response solutions, email authentication technology, patch management plans and data backup systems), organizations will be better equipped to handle their advancing digital exposures.

Myth #3: Cybersecurity measures aren’t worth the associated costs for small businesses.

Small organizations may initially be less inclined to invest in cybersecurity due to the related expenses, especially considering their limited budgets. Most of the time, this stems from these organizations thinking that cybersecurity measures aren’t worth the various benefits they provide; yet, the reality is quite the opposite.

As previously mentioned, small businesses are frequent targets for cyberattacks. What’s worse, these businesses are more likely to face financial ruin in the aftermath of such attacks. In fact, global cyber economy researcher Cybersecurity Ventures reported that 60% of small businesses close their doors within just six months of experiencing a cyber incident. Considering this data, small organizations simply can’t afford to ignore cybersecurity. Investing in sufficient mitigation strategies could make all the difference in helping these businesses avoid major losses and prevent financial devastation at the hands of cyber incidents.

Myth #4: Cybersecurity is the IT department’s job.

Even when organizations make the wise decision to invest in cybersecurity, they may still make the mistake of placing all related responsibilities on the IT department. Although these professionals definitely play a role in upholding adequate cybersecurity measures, they can’t act alone. The most effective cybersecurity models involve companywide participation, which requires support from corporate executives and routine training for all employees.

Without companywide participation, organizations are more likely to have poor cyber hygiene and awareness. Not to mention, businesses that don’t take cybersecurity seriously will likely pass the same attitude to their employees by neglecting to provide essential education on digital risks. This is particularly concerning, as recent research conducted by World Economic Forum, an international lobbying organization, found that 95% of cyberattacks stem from human error.

As a result, it’s imperative that organizations foster a strong working culture that encourages everyone to take responsibility for cybersecurity. This entails having company executives lead by example, training employees to detect and defend against prevalent cyberthreats, and recognizing those who demonstrate a continued commitment to security.

Myth #5: Cyberthreats are always external.

When most employers and employees picture a cybercriminal, they likely visualize an external threat actor. Nevertheless, cyberattacks can also arise from insider threats. An insider threat refers to an individual who has been entrusted with access to or knowledge of an organization’s confidential resources and information (e.g., an employee, vendor or third-party collaborator). Due to their unique privileges, insider threats have the potential to compromise organizations’ most valuable assets and leave them more susceptible to a range of cyber incidents (also called insider events).

More than 7,300 insider events took place throughout the past year, according to research from the Ponemon Institute. Further, a recent survey conducted by IT platform Cybersecurity Insiders found that the average insider event costs over $755,000. Therefore, it’s vital for organizations to consider both external and internal threats when developing their cybersecurity measures.

Conclusion

By adopting an informed approach to cybersecurity and understanding the reality behind common myths, organizations can effectively position themselves in this evolving digital risk environment and limit the likelihood of large-scale losses. Contact us today for more risk management guidance and insurance solutions.

4 Ways Artificial Intelligence Will Impact the Workplace in 2024

Date: January 31, 2024 Author: Rinehart Insurance
artificial intelligence

artificial intelligenceArtificial intelligence (AI) garnered attention from every industry in 2023, revolutionizing the way organizations operate and make decisions. Many employers adopted this technology to streamline operations, enhance workflows and improve customer experience. Looking ahead, organizations are expected to adopt AI at an even more rapid pace. According to Grand View Research, AI has an expected annual growth rate of 37.3% between 2023 and 2030, indicating the growing impact of AI technology in the coming years.

In 2024, employers are expected to increasingly rely on AI to make critical business decisions and improve productivity. Savvy employers will stay current on evolving legal, ethical and transparency issues surrounding the heightened adoption of AI in the workplace. This article discusses four key impacts AI will have on workplaces in 2024.

1. Enhanced Decision-making Capabilities

In 2023, many employers adopted artificial intelligence to streamline HR and managerial functions such as hiring, onboarding, training and open enrollment. As this technology advances, employers will likely increasingly rely on AI to support HR professionals and managers in areas where they are inexperienced or burnt out. For example, in 2024, AI may be used to create thoughtful performance reviews and career coaching and identify internal growth opportunities for employees, empowering organizations to grow and upskill their workforce. 

In addition, as employers place more trust in AI’s decision-making capabilities, organizations may rely on this technology for cybersecurity. In this capacity, AI’s ability to rapidly sift through large amounts of information, gain insights and create business strategies may proactively identify and mitigate potential cyberthreats to protect company data.

2. Increased Productivity

Chatbots and virtual assistants showed significant potential in 2023, with the ability to enhance the employee experience, respond to customer inquiries, and perform mundane and repetitive tasks. These capabilities can free employees to focus on solving more complex issues more efficiently. A 2023 report by management consulting company Mckinsey & Company found that current generative AI and other technologies can potentially automate work activities that take up 60% to 70% of employees’ time today. As AI capabilities advance, these technologies may also create workplace-specific algorithms to identify project misalignments and tasks requiring immediate attention. Thus, this year, these algorithms will be increasingly used to bolster employee productivity and ensure customers receive timely and personalized feedback on complex queries.

3. Greater Focus on Legality, Ethics and Transparency

AI legislation is beginning to evolve, with various states and cities—such as Illinois, Maryland and New York City—creating laws regarding its use. The U.S. Equal Employment Opportunity Commission has also prioritized the enforcement of applicable federal laws concerning AI in employment. These regulations are expected to expand further as lawmakers face growing pressure to regulate its use. As such, remaining abreast of legal developments regarding AI will be crucial for organizations this year. Failing to comply with applicable regulations could result in costly lawsuits, fines and penalties, as well as reputational damage.

Employers may also focus more on ensuring that AI systems are fair and transparent. This will include understanding the sources used to train AI, potential biases in these datasets and the ethical implications of AI-powered decisions. Employee training will also be critical to ensuring safe and ethical use. A recent survey by social networking platform FishBowl found that just 32% of individuals who use AI tools at work do so with their boss’s knowledge. Moreover, according to the Josh Bersin Company, only 4% of organizations have a defined strategy for AI in HR. In 2024, employers are expected to prioritize creating formal AI policies to meet evolving legal, ethical and transparency standards.

4. Heightened Focus on Skills-based Hiring

Increased adoption of AI is expected to change the qualities employers look for in employees in 2024 and beyond. There will likely be a greater focus on hiring employees with behavioral skills, such as data analysis, AI literacy and the ability to work alongside AI systems. “Human” soft skills, such as problem-solving and communication, that AI can’t replicate, will also be in high demand. Additionally, as generative AI takes over certain workplace tasks, it will also create the need for new job roles and requirements. For example, AI ethicists, data curators and algorithm trainers may become emerging professions. AI proficiency may become a popular requisite on job postings as employers create more AI-centric business strategies. As such, the 2024 workforce will likely be defined by the ability to learn and work productively with AI technology.

Conclusion

The prevalence of artificial intelligence in the workplace is a trend that isn’t going away. As this technology advances, employers will increasingly integrate AI into everyday operations and decision-making processes. However, the relative newness of this technology has the potential to create legal and ethical issues for organizations that adopt AI without proper protocols in place. Employers can stay ahead by monitoring AI trends impacting the workplace in 2024 and beyond.

 

The Importance of Cyber Security for Your Small Business

Date: September 13, 2023 Author: Rinehart Insurance
cyber security

cyber securityHigh-profile cyber attacks on companies such as Target and Sears have raised awareness of the growing threat of cyber crime. Recent surveys conducted by the Small Business Authority, Symantec, Kaspersky Lab and the National Cybersecurity Alliance suggest that many small business owners are still operating under a false sense of cyber security.

The statistics of these studies are grim; the vast majority of U.S. small businesses lack a formal internet security policy for employees, and only about half have even rudimentary cyber security measures in place. Furthermore, only about a quarter of small business owners have had an outside party test their computer systems to ensure they are hacker proof, and nearly 40% do not have their data backed up in more than one location.

Don’t Equate Small with Safe

Despite significant cyber security exposures, 85% of small business owners believe their company is safe from hackers, viruses, malware or a data breach. This disconnect is largely due to the widespread, albeit mistaken, belief that small businesses are unlikely targets for cyber attacks.

In reality, data thieves are simply looking for the path of least resistance. Symantec’s study found that 43% of attacks are against organizations with fewer than 250 employees.

Outside sources like hackers aren’t the only way your company can be attacked—often, smaller companies have a family-like atmosphere and put too much trust in their employees. This can lead to complacency, which is exactly what a disgruntled or recently fired employee needs to execute an attack on the business.

Attacks Could Destroy Your Business

As large companies continue to get serious about data security, small businesses are becoming increasingly attractive targets—and the results are often devastating for small business owners.

According to a recent study by the Ponemon Institute, the average annual cost of cyber attacks for small and medium-sized businesses is over $2 million. Most small businesses don’t have that kind of money lying around, and as a result, nearly 60% of small businesses victimized by a cyber attack close permanently within six months of the attack. Many of these businesses put off making necessary improvements to their cyber security protocols until it was too late because they feared the costs would be prohibitive.

10 Ways to Prevent Cyber Attacks

Even if you don’t currently have the resources to bring in an outside expert to test your computer systems and make security recommendations, there are simple, economical steps you can take to reduce your risk of falling victim to a costly cyber attack:

  1. Train employees in cyber security principles.
  2. Install, use and regularly update antivirus and antispyware software on every computer used in your business.
  3. Use a firewall for your internet connection.
  4. Download and install software updates for your operating systems and applications as they become available.
  5. Make backup copies of important business data and information.
  6. Control physical access to your computers and network components.
  7. Secure your Wi-Fi networks. If you have a Wi-Fi network for your workplace make sure it is secure and hidden.
  8. Require individual user accounts for each employee.
  9. Limit employee access to data and information, and limit authority to install software.
  10. Regularly change passwords.

In addition to the listed tips, the Federal Communications Commission (FCC) provides a tool for small businesses that can create and save a custom cyber security plan for your company, choosing from a menu of expert advice to address your specific business needs and concerns. It can be found at www.fcc.gov/cyberplanner.

Your Emerging Technology Partner

A data breach could cripple your small business, costing you thousands or millions of dollars in lost sales and/or damages. We have the tools necessary to ensure you have the proper coverage to protect your company against losses from cyber attacks. Contact us today to for additional cyber risk management guidance and insurance solutions.

Business Interruption Insurance And How To Safeguard Against Unexpected Disruptions

Date: August 8, 2023 Author: Rinehart Insurance
business interruption insurance

business interruption insuranceSmall businesses regularly face several risks that could necessitate a temporary shutdown or reduction of operations, both of which can have devastating effects on a business. One way businesses can protect themselves from the financial impacts of these occurrences is by securing business interruption insurance. This type of coverage can offer valuable assistance following a covered event. This article provides more information about business interruption insurance, including what it is and how small businesses can obtain it.

What Is Business Interruption Insurance?

Business interruption insurance, also known as business income insurance, provides a financial safeguard against temporary revenue losses and extra expenses that result from covered business shutdowns or reductions of operations. For example, if a fire or a vandal damages a company’s building and lead to a temporary closure, business interruption insurance can provide financial assistance while the building is shuttered for repairs.

Policies may also offer coverage if a civil authority (e.g., a local, state or federal governmental entity) forbids access to the business’s premises. This may happen following a natural disaster, even if the business’s property is not damaged. Each policy is unique, and businesses should work with their agent or broker to fully understand the scope of their coverage.

Why Do Small Businesses Need Business Interruption Insurance?

Small business shutdowns created by unforeseen events can have significant financial ramifications. In these circumstances, business interruption insurance can provide coverage for the following:

  • Lost income. Business interruption insurance can help replace the revenue a business would have generated if it did not need to close temporarily.
  • Continued operating expenses. Business interruption insurance can also provide financial assistance to cover standard, ongoing operating expenses such as salaries, taxes, utilities and mortgage, lease or rent payments that are due during the impacted period.
  • Relocation costs. Business interruption insurance coverage can also offer financial assistance for moving expenses if a business needs to relocate to a temporary office.

Additionally, a specialized form of business interruption insurance known as contingent business interruption insurance offers coverage if disruptions in the supply chains create losses. For example, if property damage to a third-party vendor impacts a business’s capability to continue its operations, this type of coverage may be able to mitigate the resulting financial impact. It can typically be added as an endorsement to a standard business interruption policy.

How Do Small Businesses Obtain Business Interruption Insurance?

For small businesses, business interruption insurance is typically bundled with commercial property and liability coverage in a business owners policy (BOP). Businesses with 100 or fewer employees and revenue of $5 million or less may be eligible for a BOP that includes business interruption insurance. For businesses that are not eligible for a BOP, business interruption insurance may be available as a standalone policy or added to a commercial property policy. It is essential for businesses to review their existing coverage to determine if business interruption insurance is included.

Conclusion

Business interruption insurance can provide crucial financial assistance for small businesses if they need to temporarily shut down or reduce operations. Contact us today for more information on this type of insurance and risk management planning.