6 Recession-proofing Strategies for Small Businesses and Their HR Teams

Date: November 16, 2022 Author: Rinehart Insurance

A recession is a prolonged and pervasive reduction in economic activity. Generally speaking, multiple successive quarters of negative growth in gross domestic product—a monetary calculation of the market value of goods and services generated and sold during a set time period within a given country—constitute a recession.

A recession can last for several months or years. Furthermore, recovering from this state to the nation’s previous economic peak can take years, even after a recession ends. Because a recession typically results in diminished economic output, lowered consumer demand and a drop in employment, such a downturn can present various challenges for organizations across industry lines—especially small businesses.

Although a recession can’t be prevented, the strategies that HR teams implement can greatly impact whether their organizations withstand such a downturn. Specifically, HR teams can ensure their organizations are sufficiently prepared for a recession by taking steps to limit related ramifications and maintain financial stability. This article outlines how a recession impacts small businesses and explores what HR teams can do to adequately prepare their organizations for an economic downturn. We have 6 recession-proofing strategies to share with you.

How a Recession Impacts Small Businesses

Amid a recession, organizations of all sizes and sectors usually experience decreased sales and profits stemming from changing consumer behaviors. An economic downturn may also limit organizations’ credit capabilities and reduce their overall cash flow as customers take more time to pay for products and services.

While these behaviors can threaten the financial stability of any organization, large businesses are often better positioned to weather a recession because of their substantial revenues, excess reserves and privileged access to a wider range of credit markets. Small businesses, on the other hand, may be particularly vulnerable during an economic downturn, as they generally lack the additional capital necessary to offset extended periods of loss. As a result, when a recession occurs, small businesses are more likely to have to make difficult financial decisions to avoid issues such as insolvency or bankruptcy.

Financial media website Investopedia reported that nearly 1.8 million small businesses closed their doors amid the last major U.S. economic downturn, known as the Great Recession, which took place between 2007 and 2009. Looking ahead, a recent survey conducted by investment banking company Goldman Sachs found that the vast majority (93%) of small businesses fear the nation will enter another recession in the coming months. With this in mind, now is the time for HR teams to help prepare their organizations for an economic downturn.

Tips to Prepare for a Recession

To promote financial stability among their organizations during an economic downturn, HR teams should consider the following recession-proofing strategies:

Revisit compensation and benefits strategies. Many employers have responded to recent labor challenges by increasing workers’ salaries, providing substantial bonuses and expanding employee benefits and perks. However, with the possibility of a recession on the horizon, HR teams may need to rethink how their organizations will address attraction and retention struggles. This may involve curtailing salary increases and reducing employee benefits. After all, recession-proof organizations tend to develop their budgets with an eye toward the future, thus requiring HR teams to revisit compensation and benefits strategies.
Automate internal processes. The more efficient organizations are, the more resilient they will likely be during a recession. In particular, recession-proof organizations tend to stay one step ahead by optimizing their resources and automating where possible. As such, HR teams can improve organizational productivity by automating processes and implementing new technologies. This may entail automating recruiting, onboarding and payroll operations to bolster efficiency.
Try to minimize layoffs. When organizations’ financial capabilities become uncertain, their immediate plans may be to reduce costs through layoffs. However, layoffs should only be considered a last resort, seeing as they can create additional risks (e.g., legal liabilities, lower morale and employee distrust) and negatively impact business operations by decreasing productivity and proficiency. Instead, HR teams may be able to minimize the need for layoffs within their organizations by implementing voluntary reduction-in-force programs or choosing to slow hiring or pause it entirely.
Stay transparent. The possibility of a recession can bring uncertainty. Employees will likely be concerned about their futures, the long-term viability of their respective organizations and how their work processes may change. With this in mind, HR teams need to find ways to keep employees informed without fostering their worries. Creating transparent workplace cultures can help organizations limit recession-related ramifications.
Prioritize employee engagement. Employee engagement can be vital leading up to and during a recession. During periods of economic uncertainty, employees are likely to feel stressed. If organizations are forced to lay off employees, the remaining employees could be asked to shoulder additional responsibilities and greater workloads. As a result, these employees may feel overworked and worried about their futures. According to industry experts, highly engaged employees can help limit recession-related labor challenges among organizations, as they are more likely to accept negative work changes and remain loyal. HR teams can increase employee engagement within their organizations by meeting with employees, listening to them and addressing their concerns. By increasing employee engagement during difficult times, HR teams can help maintain staff morale and productivity.
Manage health care costs. As their health care budgets shrink during a recession, searching for cost-effective solutions can allow organizations to maintain affordable benefits for employees. Implementing effective strategies to manage health care expenses (e.g., reevaluating plan designs and offerings, directing staff to cost-effective services and improving employee health care literacy) can help HR teams keep their organizations’ reduced benefits budgets intact without sacrificing employees’ needs.

Conclusion

A recession can have serious impacts on small businesses. Fortunately, by properly preparing for an economic downturn, HR teams can help their organizations be better positioned to minimize financial hardships. It is important to have recession-proofing strategies in place.

For more resources, contact Rinehart, Walters & Danner Insurance Agency today.

Important General Liability Exposures Every Organization Should Know

Date: September 14, 2022 Author: Rinehart Insurance

Almost every organization faces commercial general liability exposures. A commercial liability loss exposure is a condition or situation that presents the possibility of an organization becoming legally and financially responsible for injury, harm or damage to another party.

These exposures stem from the kind of work an organization performs and where that work is executed. They also encompass other aspects of business-related circumstances, activities or events that could result in harm to a third party.

Read this article to better understand the most common types of commercial liability loss exposures and potential consequences and for guidance on how the correct insurance policy can reduce the risk to organizations.

Common Types of Commercial Liability Exposure to Know

There are five types of commercial liability exposure that every organization should know. Possible loss exposures that may affect an organization include the following:

Premises liability—Premises liability describes the risk an organization faces if a customer or client is injured on the premises (e.g., tripping and hurting themselves at the store). Organizations that require customers or clients to be physically present, such as retail stores and landlords, are particularly at risk for these losses and may be held liable for bodily injury or property damage.
Operational liability—Operations liability exposure refers to the possibility that an organization will be held liable because of bodily injury or property damage that occurs as a result of their ongoing (as opposed to completed) operations. For example, imagine a contractor working on a client’s home. During the course of their work, an employee from the contractor drops a tool, striking a passerby and causing bodily injury and property damage to the home itself.
Products liability—Products liability refers to the loss exposure an organization faces as a result of manufacturing, distributing or selling an unsafe or defective product. Any organization that makes or sells products is at risk. Associated injuries may occur virtually anywhere in the world once an organization’s products have been manufactured or sold.
Completed operations liability—The completed operations liability exposure refers to injuries or damages incurred by a third party due to work (including construction work) that has been finished, turned over to the purchaser or client, and/or put to its intended use. For example, an electrical fire caused by faulty wiring at a completed construction project would represent a completed operations exposure for the contractor who completed the work. It should be noted that injuries or damages arising out of completed operations can occur after a business’s relationship with the injured party has ended.
Contractual Liability—Organizations take on contractual liability loss exposures when they enter into a contract. By agreeing to contractual terms, an organization becomes liable if the other parties involved in the contract believe an organization has not fulfilled its obligations under the agreement.

Potential Consequences of Liability Exposures

In the event of a commercial liability loss, organizations can face a variety of potential consequences, such as:

Damages—If a court deems an organization responsible for a loss, that organization may be held financially accountable for paying damages to the harmed or injured party.
Defense costs—The organization may have to pay legal defense costs and the costs associated with the claim.
Reputational harm—Due to general liability losses, organizations may experience reputational harm, including but not limited to the loss of business, decreased employee retention, and a loss of consumer loyalty and investor trust.

Although commercial liability loss exposures are a risk for every organization, the severity of the consequences can be alleviated with proper insurance policies.

Commercial Liability Insurance

No matter how careful an organization is, there will always be risks associated with commercial liability loss exposures. Therefore, the best way to protect an organization is to purchase commercial general liability coverage (CGL).

CGL policies are designed to cover an organization from liability claims for bodily injury and property damage to third parties. CGL policies have three standard coverages:

Bodily injury and property damage—This coverage protects organizations from the legal liability arising from bodily injury and property damage stemming from an organization’s premises or operations.
Personal and advertising injury—This aspect of CGL policies protects insureds from liability stemming from accusations of libel, slander, false arrest, copyright infringement, malicious prosecution, theft of advertising ideas and invasion of privacy.
Medical payments—Medical payments coverage includes payments for injuries sustained by third parties that are caused by an accident at the insured’s premises or the insured’s operations. Unlike bodily injury and property damage coverage, medical payments coverage can be triggered without legal action and is designed to settle smaller, less serious medical claims without litigation.

Conclusion

Consult a trusted insurance professional for further guidance on how to protect your organization from commercial liability loss exposures.

5 Tips for Managing Employees During the Great Reshuffle

Date: July 20, 2022 Author: Rinehart Insurance

The Great Reshuffle—a mass movement of workers leaving jobs with which they are not satisfied—shows no signs of slowing down. As Generation Z and Millennials begin to make up more of the workforce, it has become clear that values and priorities have shifted from those of previous generations. Furthermore, unemployment rates are down, and the employment market is currently very worker-friendly. The combined effect of these factors is that employees more readily move between different jobs to find those that align with their priorities and desires. This often means seeking out better compensation or benefits, workplace flexibility, career development opportunities or the right culture fit.

The Great Reshuffle can make for a challenging environment for employers, but several tips can help mitigate the issues employers may face. Consider the following strategies:

1. Offer Remote and Hybrid Options

Prior to the COVID-19 pandemic, working remotely seemed a lot more difficult than it turned out to be. Now, many workers have grown accustomed to having the flexibility to work from home at least part of the time, and many will leave their current roles if this is not an option. In order to retain top talent, employers should consider providing options to work remote or hybrid (i.e., part of the week in the office, part of it at home) schedules when feasible.
Remote and hybrid work options will not be possible for every position or industry. However, employers can still consider how to partner with employees to offer opportunities such as flexible work schedules or expanded paid time off policies in instances where remote work is not an option.

2. Focus on Employee Well-being

Not only do employees want work-life balance so they can enjoy life outside of work, but they also want to feel like more than just another worker helping an organization meet its goals. LinkedIn’s recent Global Talent Trends report shows that 42% of employees want their company to invest in their mental health and wellness.

One way managers can help to meet this need is to find constructive ways to check in with their employees. This could look like having weekly or biweekly one-on-one meetings to ask open-ended questions about how the employee is doing in and outside of work. Employers can also prioritize mental health by offering accessible mental health and wellness resources to employees, such as employee assistance programs. Prioritizing employee well-being is a great way to increase employee satisfaction and, in turn, retention. Additionally, workplace cultures that promote health and well-being are often the ones that workers on the move may be interested in.

3. Play to Each Employee’s Strengths

There are many different strategies and approaches when it comes to management. One that might be beneficial during the Great Reshuffle is for managers to focus on each employee’s strengths rather than only working to strengthen their weaknesses. If an employee has exceptional knowledge in a certain area or a unique skill set, play to those abilities. This can make employees feel like they are doing well at their job and are assets to the team. Moreover, it may actually increase productivity to have each worker play to their strengths than it would to try to correct their weaknesses. Not only can this strategy lead to increased performance, but it makes employees feel valued, increasing the likelihood of retaining them.

4. Create Systems of Accountability

Managers won’t know how to create a better environment for their employees without proper feedback. Creating a system that allows employees to provide feedback is a way to help managers improve their performance and make employees feel heard. One way to do this is by periodically conducting surveys or having skip-level meetings. Managers could also implement open-door policies so that employees can speak to them freely. If employees are able to openly communicate about what is and isn’t going well, they are more likely to see changes they want at their current job rather than leaving for another one.

5. Maximize Employee Rewards and Recognition Programs

It is essential to make employees feel valued if retaining them is the goal. Having a formal reward or recognition program is a simple but effective way to express to employees that they are doing a good job. Alternatively, informal recognition is just as valuable. Giving a shout-out to an employee who went above and beyond or shooting them a quick thank-you message can go a long way. When employees feel they are good at their job, they are less likely to leave it.

For More Information

The Great Reshuffle is a trend that does not seem to be going anywhere for the foreseeable future, so employers need to work with managers to address issues that are contributing to the current market. By applying various management strategies, employers can mitigate the effects of the Great Reshuffle.

For more information on workplace trends, contact Rinehart, Walters & Danner Insurance Agency today.

Helping You Understand Common Components of a Cyber Insurance Policy

Date: May 25, 2022 Author: Rinehart Insurance

In recent years, organizations of all sizes and sectors have become increasingly reliant on workplace technology and digital systems to conduct their operations. Nevertheless, utilizing such technology carries additional exposures and liabilities. That’s why it’s crucial to secure adequate cyber coverage.

Having a cyber insurance policy in place can provide protection against financial losses that may result from a range of cyber incidents, including data breaches, ransomware attacks and phishing scams. Especially as these kinds of incidents continue to surge in both cost and frequency, organizations simply can’t afford to ignore the importance of cyber coverage.

Specific cyber insurance offerings differ between carriers. Furthermore, organizations’ coverage needs may vary based on their particular exposures. In any case, cyber insurance agreements typically fall into two categories—first-party coverage and third-party coverage. It’s best for policyholders to have a clear understanding of both categories of coverage in order to comprehend the key protections offered by their cyber insurance. This article outlines the primary components of a cyber insurance policy.

First-party Coverage

First-party cyber insurance can offer protection for losses that an organization directly sustains from a cyber incident. Types of first-party coverage include:

Incident response costs—This coverage can help pay the costs associated with responding to a cyber incident. These costs may include utilizing IT forensics, hiring external services and restoring damaged systems.
Data recovery costs—Such coverage can help recover expenses related to reconstituting data that may have been deleted or corrupted during a cyber incident.
Business interruption loss—This coverage can help reimburse lost profits or additional costs incurred due to the unavailability of IT systems or critical data amid a cyber incident.
Contingent business interruption loss—Such coverage can assist with expenses stemming from business interruptions caused by a third-party cyber incident (e.g., a supplier, vendor or utility).
Cyber extortion—This coverage can help pay costs associated with hiring extortion response specialists to evaluate recovery options and negotiate ransom payment demands (if applicable) during a cyber incident.
Reputational damage—Such coverage can help recover lost revenue related to higher customer churn rates and reduced sales resulting from poor publicity following a cyber incident.
Financial theft and fraud—This coverage can help reimburse direct financial losses stemming from the use of workplace technology to commit fraud or theft of securities, money or other property.
Physical asset damage—Such coverage can assist with expenses resulting from the destruction of hardware or other physical property due to a cyber incident.

Third-party Coverage

Third-party cyber insurance can provide protection for claims made, fines incurred or legal action taken against an organization due to a cyber incident. Types of third-party coverage include:

Data privacy liability—This coverage can help recover the costs of dealing with third-party individuals who had their information compromised during a cyber incident. These costs include notifying impacted individuals, offering credit-watch services and providing additional compensation.
Regulatory defense—Such coverage can help pay fines, penalties and other defense costs related to regulatory action or privacy law violations stemming from a cyber incident.
Multimedia liability—This coverage can help reimburse defense costs and civil damages resulting from defamation, libel, slander and negligence allegations associated with the publication of content in electronic or print media. Multimedia liability coverage can also offer protection amid copyright, trademark or intellectual property infringement incidents.
Network liability—Such coverage can help recover expenses related to third-party liability concerns that may arise from a cyber incident affecting IT networks. Network liability coverage can also provide protection in the event that cybercriminals pass through IT networks to attack other parties (e.g., customers, investors or suppliers).
Technology errors and omissions liability—This coverage can reimburse costs associated with third-party claims alleging technical service or product failures, including claims filed in response to a cyber incident.

For More Information

Overall, it’s evident that cyber insurance has become increasingly vital for organizations across industry lines. By securing proper coverage and understanding the key elements of their policies, organizations can stay properly protected against various cyber threats.

For additional insurance guidance and solutions, contact us today.

Your Home-based Business May Not Be Protected

Date: May 18, 2022 Author: Rinehart Insurance

The time is finally here. You quit your full time job and are going to fulfill your dream and start your own home-based business!! Your hobby of many years has now transformed into a new business venture. You own your home and have it covered by homeowners insurance, but does that also protect your new home-based business? Well, there’s a chance it will not. Most homeowners insurance policies do cover a small amount of business equipment, but it’s likely that what you own will exceed the limit offered. Also, the liability portion of your homeowners insurance policy will not cover any injuries that may occur to any clients that may be on the premises.

Protecting your home-based business and your home

Your homeowners insurance is designed to protect your home and your personal exposure. To ensure you have your business properly covered, here are a few topics to consider.

How much is your equipment worth? Put together a list of inventory that includes everything required to run your business.
Will your business create extra liability? Do you take possession of other customers’ property? What if your product is defective?
Do you stock inventor? If so, make a list of the materials used and completed products you may have.
Are there any vehicles? If a vehicle that is used for business purposes must be insured.
Do you have employees? You may need to purchase workers compensation coverage.
Do you perform work in customers’ homes? If so, a bond may be required.

Now that you have this list of ideas and questions, it’s time to talk to your insurance agent and discuss what option would be best to protect your hone-based business. There are 3 options to choose from depending on your level of risk.

Homeowners Policy Endorsement

This option provides the least amount of coverage, and it not ideal for most home-based businesses. This type of coverage could be an option for a freelance writer with one computer and no customers visiting your home office.

In-home Business Policy

This option is more comprehensive than a homeowners policy endorsement and is a stand-alone policy. This policy would provide higher amounts of coverage for business equipment and liability.

Business Owners Policy, or BOP

A BOP bundles property and liability insurance into one policy. This policy is specifically designed for small to mid-size businesses and will cover your business property and equipment, loss of income, extra expenses and liability. This is the most comprehensive property and liability coverage option. This does not include workers’ compensation, health or dental insurance, but those can be purchased as separate policies.

The best way to ensure that your home-based business is protected is to gather up as much information you can and schedule an appointment with your insurance agent. When provided with all the facts, they will be able to assist you in choosing the best coverage option that will fit into your budget.

Did you find this information helpful? If so, please share our post.

5 Strategies for Reducing Health Benefits Costs in 2022

Date: September 8, 2021 Author: Rinehart Insurance

For the past two decades, health costs have increased each year. This happens for a variety of reasons, such as inflation or, say, a global pandemic. With that in mind, employers can bank on prices going up in 2022.

According to a PricewaterhouseCoopers (PwC) report, medical costs are projected to increase 6.5% in 2022. This is about average for the past decade; although, it is slightly lower than the 7% increase projected this year (as more spending goes toward the COVID-19 pandemic).

Yet, 6.5% is still a considerable increase, especially when so many budgets have been reallocated or slashed due to the pandemic. That’s why employers must think both strategically and creatively about how they can lower their health benefits expenses in 2022.

This article includes five ways to help reduce spending without compromising benefits quality.

1. Control Drug Spending

Drug prices are rising faster than any other medical service or commodity. Prices are now 33% higher than they were in 2014, according to GoodRx. This is a significant problem during inpatient procedures, where individuals aren’t usually given an option to select a generic medication—patients rarely know what drugs they’re given until after the fact. Even in routine prescription scenarios, employees may be prescribed name-brand medications simply due to physician preference.

Employers can educate employees on the price differences between name-brand and generic medications. Doing so can help employees understand that they can save money while still receiving the same quality treatment.

Additionally, employers may consider introducing varying levels of prescription drug coverage. For instance, fully covering generic prescriptions or drugs used for chronic conditions. For higher levels (e.g., specialty drugs), employers may cover less of the costs. Ultimately, employers will need to determine the appropriate coverage levels for their unique workplaces.

2. Encourage Active Benefits Participation

Beyond drug spending, employers can help limit overall health costs by making employees active participants in their health care. This means encouraging employees to improve their health literacy, research treatments and price shop.

Price shopping, in particular, should be easier in 2022, given the new hospital price transparency rule that takes effect Jan. 1, 2022. Employees will now be able to see specific prices for procedures and other services. This incentivizes employees to educate themselves before making costly health decisions.

3. Offer Savings Accounts with Carryovers

Health plans with savings components are becoming more popular each year. That’s because these tax-advantaged savings accounts empower employees to control their own spending and improve their health literacy. The accounts include health savings accounts (HSAs), flexible spending accounts (FSAs) and others.

Many accounts allow for fund carryover year to year, or allow employers to add that option onto their plan designs. Allowing carryover encourages employees to contribute more funds, since they’re no longer “use it or lose it.” Since many employers match contributions up to a limit, more money added to these accounts means greater tax savings for everyone.

4. Embrace Virtual Health Options

One major takeaway from the COVID-19 pandemic has been that virtual solutions can offer high-quality outcomes. This is so true that many companies are allowing employees to work remotely permanently. Virtual health options are no exception to this trend.

There are countless telehealth services available these days. Individuals can connect with health professionals in just a few clicks—no waiting times or driving to a clinic. Additionally, individuals will not need to take large chunks of time off work, allowing for greater productivity. As such, telehealth solutions are often much less expensive than a typical in-person doctor visit. Even the Centers for Medicare and Medicaid Services (CMS) acknowledges the usefulness of telehealth services, seeking to expand access.

Employers can consider adding telehealth services into their plan designs. In some cases, it may be cost-efficient for employees to schedule a virtual health visit before an in-person appointment, under certain circumstances. In any case, having a telehealth option expands access to care and lowers expenses for everyone.

5. Consider Plan Funding Alternatives

A more drastic option for reducing health costs is restructuring how plans are funded. For instance, a self-funded plan may be more cost-effective than paying a monthly premium for a fully insured plan. Other options include level-funding or reference-based pricing models, each of which carries its own set of administrative rules and legal constraints.

Funding decisions should not be taken lightly and should be based on several factors, such as the size of an organization, risk tolerance, and financial stability. Employee financial stability should also be considered, especially while the effects of the COVID-19 pandemic can still be felt. Employees may not be able to burden large premium increases, constraining some plan funding flexibility options.

Historically, employers have shifted costs onto their employees (usually through higher premiums) as a way to reduce spending. However, that trend is not expected to be widespread in 2022. Considering the tight labor market and how many individuals are struggling financially due to the pandemic, employers will likely be hesitant to shift too much of the burden. Doing so may cause employees to seek other jobs or simply forego preventive care, which can lead to chronic conditions and higher future health care costs.

Conclusion

Employers have a variety of ways in which they can help contain health care expenses. Choosing the right method will depend on unique employee populations and budgets.

Reach out today for help strategizing your best options.

Are You Using Penetration Testing To Keep Your Business Safe From Cyber Risks?

Date: September 1, 2021 Author: Rinehart Insurance

Keeping workplace technology up and running is vital to any organization’s success. While this task seems feasible, it’s growing harder and harder each year as cybercriminals expand their reach. It’s not enough to simply protect workplace technology with software and security protocols. It’s also critical for your organization to test the overall effectiveness of these protocols on a regular basis. That’s where penetration testing can help.

Essentially, penetration testing consists of an IT professional mimicking the actions of a malicious cybercriminal to determine whether an organization’s workplace technology possesses any vulnerabilities and can withstand their attack efforts. Conducting a penetration test can help your organization review the effectiveness of workplace cybersecurity measures, identify the most likely avenues for a cyberattack and better understand potential weaknesses.

Review this guidance to learn more about what penetration testing is, the benefits of such testing and best practices for carrying out a successful test within your organization.

What is Penetration Testing?

Put simply, penetration testing refers to the simulation of an actual cyberattack to analyze an organization’s cybersecurity strengths and weaknesses. This testing usually targets a specific type of workplace technology, such as the organization’s network(s), website, applications, software, security systems or physical assets (e.g., computers and smart devices). Penetration testing can leverage various attack methods, including malware, social engineering, password cracking and network hacking, among others.

Generally speaking, penetration testing is often performed by a professional from a contracted IT firm who is not associated with the organization being assessed in any way. This helps the cyberattack simulation seem as authentic as possible. Penetration testing is typically either external or internal in nature. The primary differences between these forms of testing are as follows:

External penetration testing requires the IT expert to attack an organization’s external-facing workplace technology from an outside perspective. In most cases, the IT professional won’t even be permitted to enter the organization’s physical establishment during external penetration testing. Rather, they must execute the cyberattack remotely—often from a vehicle or building nearby—to imitate the methods of an actual cybercriminal.
Internal penetration testing allows the IT expert to attack an organization’s internal-facing workplace technology from an inside perspective. This form of testing can help the organization understand the amount of damage that an aggrieved employee could potentially inflict through a cyberattack.

In addition to these testing formats, there are also two distinct types of penetration tests. How much information an organization provides the IT professional prior to the cyberattack simulation will determine the penetration test type. Specifically:

An open-box test occurs when the IT expert is given some details regarding the organization’s workplace technology or cybersecurity protocols before launching the attack.
A closed-box test occurs when the IT expert is provided with no details other than the organization’s name before conducting the attack.

Ultimately, the penetration testing format and type should be selected based on the particular workplace technology elements or cybersecurity measures that an organization is looking to evaluate.

Benefits of Penetration Testing

Penetration testing can offer numerous advantages to your organization, including:

Improved cybersecurity evaluations—By simulating realistic cyberattack situations, penetration testing can help your organization more accurately evaluate its varying security strengths and weaknesses—as well as reveal the true costs and of any security concerns.
Greater detection of potential vulnerabilities—If any of your workplace technology or other cybersecurity protocols fail during a penetration test, you will have a clearer picture of where your organization is most vulnerable. You can then use this information to rectify any security gaps or invest further in certain cyber initiatives.
Increased compliance capabilities—In some sectors, organizations are legally required to engage in penetration testing. For example, the Payment Card Industry Data Security Standard calls for organizations that accept or process payment transactions to execute routine penetration tests. As such, conducting these tests may help your organization remain compliant and uphold sector-specific expectations.
Bolstered cybersecurity awareness—Mimicking real-life cyberattack circumstances will highlight the value of having effective prevention measures in place for your employees, thus encouraging them to prioritize workplace cybersecurity protocols.

Penetration Testing Best Practices

Consider these top tips for executing a successful penetration test within your organization:

Establish goals. It’s crucial for you to decide what your organization’s goals are regarding the penetration test. In particular, be sure to ask:
o What is my organization looking to gain or better understand from penetration testing?
o Which cybersecurity threats and trends are currently most prevalent within my organization or industry? How can these threats and trends be applied to the penetration test?
o What specific workplace technology elements or cybersecurity protocols will the penetration test target?
Select a trusted IT professional. Consult an experienced IT expert to assist your organization with the penetration test. Make sure to share your organization’s goals with the IT professional to help them understand how to best execute the test.
Have a plan. Before beginning the penetration test, work with the IT expert to create an appropriate plan. This plan should outline:
o The general testing timeframe
o Who will be made aware of the test
o The test type and format
o Which regulatory requirements (if any) must be satisfied through the test
o The boundaries of the test (e.g., which cyberattack simulations can be utilized and what workplace technology can be targeted)
Document and review the results. Take detailed notes as the penetration test occurs and review test results with the IT expert. Look closely at which cybersecurity tactics were successful during the attack simulation and which measures fell short, as well as the consequences of these shortcomings. Ask the IT professional for suggestions on how to rectify security gaps properly.
Make changes as needed. Based on penetration test results, make any necessary adjustments to workplace technology or cybersecurity protocols. This may entail updating security software or revising workplace policies.
Follow a schedule. Conduct penetration testing at least once every year, as well as after implementing any new workplace technology.

For more risk management guidance and insurance solutions, contact us today.

What Is Two-factor Authentication And Why Is It Important?

Date: July 7, 2021 Author: Rinehart Insurance

As cyber attacks become more and more common, protecting your data is increasingly difficult. In fact, a study from Juniper Research found that by 2023, cyber criminals are expected to steal an estimated 33 billion records. In light of the growing number of cyber attacks, many companies are turning to two-factor authentication to enhance their cyber security. This is also commonly called 2FA or multifactor authentication. While no cyber security method is foolproof, using two-factor authentication can add an extra layer of security to your online accounts. So how exactly does two-factor authentication work?

What is Two-factor Authentication?

While complex passwords can help deter cyber criminals, they can still be cracked. To further prevent cyber criminals from gaining access to employee accounts, two-factor authentication is key. It adds a layer of security that allows companies to protect against compromised credentials. Through this method, users must confirm their identity by providing extra information when attempting to access corporate applications, networks and servers. Examples can include a phone number or unique security code.

With two-factor authentication, it’s not enough to just have your username and password. In order to log in to an online account, you’ll need another “factor” to verify your identity. This additional login hurdle means that would-be cyber criminals won’t easily unlock an account, even if they have the password in hand. A more secure way to complete two-factor authentication is to use a time-based one-time password (TOTP). A TOTP is a temporary passcode that is generated by an algorithm. Meaning it’ll expire if you don’t use it after a certain period of time. With this method, users download an authenticator app, such as those available through Google or Microsoft, onto a trusted device. Those apps will then generate a TOTP, which users will manually enter to complete login.

Why Two-factor Authentication and Password Management Is Important

As two-factor authentication becomes more popular, some states are considering requiring it for certain industries. It’s possible that as cyber security concerns continue to grow and cyber attacks become more common, other states will follow suit. Even if it’s not legally required, ongoing password management can help prevent unauthorized attackers from compromising your organization’s password-protected information. Effective password management protects the integrity, availability and confidentiality of an organization’s passwords. Above all, you’ll want to create a password policy that specifies all of the organization’s requirements related to password management.

This policy should require employees to:

change their password on a regular basis
avoid using the same password for multiple accounts
use special characters in their password

For additional cyber risk management guidance and insurance solutions, contact us today.

Business Email Compromise, What Is It And How To Prevent It

Date: June 23, 2021 Author: Rinehart Insurance

Cybercriminals continue to become more sophisticated, leveraging a wide range of tactics in order to attack their victims. One tactic that has increased in frequency, complexity and resulting losses over the past few years is the use of business email compromise (BEC) scams.

Put simply, a business email compromise scam entails a cybercriminal impersonating a seemingly legitimate source—such as a senior-level employee, supplier, vendor, business partner or other organization—via email. The cybercriminal uses these emails to gain the trust of their target, thus tricking the victim into believing they are communicating with a genuine sender. From there, the cybercriminal convinces their target to wire money, share sensitive information (e.g., customer and employee data, proprietary knowledge or trade secrets) or engage in other compromising activities.

BEC scams can lead to numerous consequences within your organization—including stolen data, financial hardship and potentially severe reputational damages. Nevertheless, these scams can be deterred through various cybersecurity techniques. Review this guidance to learn more about what BEC scams are and top measures that your organization can implement to prevent such scams.

Business Email Compromise Scams Explained

Essentially, BEC scams consist of cybercriminals impersonating an individual or entity within their targets’ trusted networks for malicious gains. These scams are categorized as a form of social engineering—which refers to a broader cyberattack method that preys on key human behaviors (e.g., trust of authority, fear of conflict and promise of rewards) to obtain unwarranted access to organizational systems, funds or data.

Cybercriminals who execute BEC scams often utilize these social engineering strategies:

Creating confusing variations—In an attempt to convince their targets that they are a trusted source, cybercriminals may create email addresses that are nearly identical to the source they are impersonating, with the exception of a few characters (e.g., altering the email address “janedoe@samplecompany.com” to “janedoee@samplecompanyy.com”).
Using spear-phishing techniques—Cybercriminals may engage in spear phishing by conducting additional research on their targets and leveraging any extra details they discover to further motivate victims to believe their false identities. When spear phishing, cybercriminals often impersonate sources who are more directly connected to their targets (e.g., a close colleague or department leader).
Deploying malware—When sending fraudulent emails in BEC scams, cybercriminals may encourage their targets to download harmful attachments or click on deceptive links in an effort to launch malicious software—also known as malware. Once activated, this software can help cybercriminals more easily gain access to their victims’ systems, funds and data.

According to the FBI, there are several different types of BEC scams, including the following:

False invoice scheme—In such a scheme, a cybercriminal impersonates an organizational supplier to trick their target into paying fraudulent invoices or transferring funds to a phony account.
CEO fraud—This scam method entails a cybercriminal impersonating a senior-level employee or executive and requesting that their victim conduct a wire transfer to a fake account. The request is often demanding in nature, threatening the victim with work-related consequences or other punishments for failing to comply.
Account compromise—Within this scam tactic, a cybercriminal hacks into an employee or executive’s actual email account and distributes messages to various contacts—attempting to fool these recipients into paying fraudulent invoices.
Attorney impersonation—This scam technique refers to a cybercriminal impersonating a lawyer or other legal representative and requesting a payment be made to a phony account in order to handle an organizational matter deemed “sensitive” or “pressing.”
Data theft—In such a scam method, a cybercriminal impersonates an HR professional to trick their target into sharing personal information about employees or executives. The cybercriminal can then leverage this sensitive data during future attacks.

Preventing Business Email Compromise Scams

Any employee can become the target of a BEC scam, putting the security and financial stability of your entire organization at risk. Be sure to implement the following cybersecurity measures to help deter BEC scams:

Educate your employees. Minimizing losses from BEC scams starts with training your employees on how to detect and prevent such instances. Equip your staff with these best practices:
o Refrain from sharing personal or work-related information on social media platforms, as cybercriminals could use those details to help launch a BEC scam.
o Avoid opening or responding to emails from individuals or organizations you don’t know. If an email claims to be from a trusted source, be sure to verify their identity by double-checking the address.
o Be wary of emails that lack personalization, contain spelling and grammatical errors, request sensitive details or use threatening language. Don’t divulge financial information over email.
o Never click on suspicious links contained in emails. Similarly, avoid downloading email attachments or from unknown sources.
o If you suspect a BEC scam, contact your manager or the IT department immediately for further guidance.
Implement effective payment protocols. Having safe and secure payment procedures within your organization can help put a stop to BEC scams before any money is lost. As such, instruct employees who handle your organization’s financial operations to carefully analyze invoices and fund transfer requests to ensure their validity. When possible, these requests should be discussed in person before moving forward—especially if they involve alternative payment procedures or changes in account numbers. Further, consider utilizing several verification methods to confirm payment requests.
Restrict access to sensitive data. Only provide employees with access to sensitive organizational data if they are trusted, experienced and require such information to conduct their work tasks. Protect this data with access controls and multifactor authentication measures.
Utilize security features. Make sure all organizational devices possess adequate security features to help deter BEC scams—including access to a virtual private network, antivirus and malware prevention programs, email spam filters, data encryption capabilities and a firewall. Update these security features as needed.
Have a plan. Lastly, ensure that your organization has an effective cyber incident response plan in place. This plan should specifically address response protocols and mitigation measures for BEC scams. In particular, your organization should plan on contacting your financial institution as soon as a BEC scam occurs to determine whether funds have been stolen from your account. If money has been taken, the account should be temporarily frozen to prevent further theft. Apart from consulting your financial institution, your organization should also report BEC scams to your local FBI field office and log such scams with the Internet Crime Complaint Center.

For more risk management guidance, contact us today.

7 Ways Conservation Can Save Your Business Money

Date: October 25, 2020 Author: Rinehart Insurance

Embracing conservation can be advantageous for your business. Not only does it benefit the environment, it also can save your company money, increase employee productivity, enhance a company’s reputation and make it more attractive to environmentally conscious employees and applicants.

Reduce Energy Usage

Here are some tips to make your organization more environmentally friendly:

Employees should turn off lights if they plan to leave a room for more than 15 minutes.
Purchase Energy Star-rated light fixtures and bulbs, which use two-thirds less energy than normal lighting. Visit www.energystar.gov for more information.
Install timers or motion sensors that shut off lights when no one is present.
Purchase LED desk lamps that use minimal energy.
Arrange your workspace so more employees have access to natural light. This is proven to increase productivity and job satisfaction as well as use less electricity.

Use Computers Efficiently

Computers waste an enormous amount of electricity each year, particularly in the business sector.

Employees should turn off their computers and power strips they are plugged into (if applicable) before leaving work each day.
Employees should set their computers to “go to sleep” when they are away for a short period of time since sleep mode uses 70 percent less energy than a normal screen. This is not the same as using screensavers and standby settings, which still draw power even when the machine is not in use.
Invest in energy-saving computers, monitors and printers when purchasing new materials for the company.
Recycle electronic equipment properly when the company has no more need for it. Visit www.epa.gov for more information on recycling electronic waste safely. Or, donate electronics that are less than five years old to a charity such as www.techsoup.org. Tax deductions generally apply to these donations.

Print with Care

On average, an office worker uses 10,000 sheets of printer and copy paper per year.

Instruct employees to print on both sides of the page or use the back of old faxes, scrap paper or drafts to make new copies.
Print in draft mode versus regular mode and avoid using colored ink whenever possible.
Purchase remanufactured toner and ink cartridges, and recycle the old ones.
Request 100 percent recycled paper when using a print company to make copies or print materials for your company.
Ask that employees reduce font sizes, use narrower fonts, decrease line spacing and decrease margins when feasible, to use less paper when printing.
Purchase chlorine-free paper made from a high percentage of recycled materials. Be wary that not all paper labeled “recycled” is truly made from recycled materials. In fact, some paper simply contains the trim waste from the production process which reduces costs for the manufacturer but does not necessary help the environment. Instead, purchase post-consumer recycled (PCR) or post-consumer waste (PCW) paper. This is still high quality and can be used in inkjet and laser printers. Also consider paper made from bamboo, hemp, organic cotton or kenaf as an alternative.

Reduce the Paper Trail

The following strategies can be used to help cut back on paper usage:

Request that employees stop receiving unnecessary industry newsletters, magazines and junk mailings. Instead, sign up for emails on industry-related topics and information, or check if various publications have an e-newsletter as an alternative to receiving a print version.
Post employee manuals and policies online versus printing out paper copies of these documents. This makes updating policies and procedures easier and more efficient too.
Store documents electronically instead of using a filing cabinet, write emails versus sending paper letters and review documents as a PDF versus printing.
Make use of a company intranet to cut down on printed materials. Post or distribute an e-newsletter (instead of mailing out a printed company newsletter), host an online bulletin board, and provide materials and communications online rather than in printed form.

Recycle

Considering the following recycling tactics to assist with conservation efforts:

Post employee manuals and policies online versus printing out paper
Recycle paper from faxes, envelopes and junk mail company-wide.
Visit www.epa.gov to learn more about recycling employee electronics such as cellular phones and PDAs.
Make recycling bins easily accessible to employees by placing them in high traffic areas and post information (electronically) about what can and should be recycled on a daily basis.
Reuse shipping boxes and use shredded paper as packing material.
Purchase office furniture and supplies made from recycled materials. Visit www.conservatree.org or www.thegreenoffice.com for more information on how to purchase these products.

Look for office products that do not contain harmful materials. These items are certified by The Forestry Stewardship Council (FSC) and The Rainforest Alliance and are made from wood from sustainable harvested forests.

Eat with the Environment in Mind

Being mindful of the environment when purchasing and eating food can go a long way in helping reduce waste:

Ask that employees bring their own reusable dishes, utensils and glassware to work for eating meals, rather than items made of plastic or foam. Also suggest that employees bring food in a reusable lunch sack or container.
Purchase organic coffee or tea for employees, and organic and local foods for company parties and events.
Provide filtered drinking water devices to deter employees from drinking bottled water.
Suggest that when employees place food orders, they do so with others to eliminate added waste from individual orders.
Recommend that employees bike or walk when going out to eat for lunch.

Maintain a Healthy Environment

To promote a healthier workplace, consider the strategies outlined below:

Use nontoxic cleaning materials, biodegradable soaps, and recycled paper or cloth towels.
Buy cleaning materials in bulk and recycle their containers.
Suggest that employees bring a plant into work for their desks to absorb indoor pollution.
Purchase furniture, carpeting and paints that are free of volatile organic compounds (VOCs).