Cyber Liability Update: Tax Season and W2 Phishing Scams

Most companies are familiar with phishing emails and train their employees to recognize suspicious emails sent from malicious actors. Less commonly discussed, however, are W2 scams that target human resources departments.

During tax season, cybercriminals target human resources departments by impersonating an executive of the company, most notably through email. The goal is to obtain W2 information then file a fraudulent tax return and collect the refunds. This time of year is ripe for malicious actors, as HR personnel are busy preparing tax information for employees and sharing sensitive data through multiple departments.

Even after employees receive their W2, HR departments need to stay vigilant and keep an eye out for phishing emails. For most people, tax season doesn’t end until they’ve filed a return, and employees are bound to have questions leading up to that time. Human resources professionals should be on the lookout for suspicious emails from anyone asking for individual or bulk tax information. Multiple grammatical errors and blurry headers are also signs of cybercriminals.

According to IRS Commissioner John Koskinen, “This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme.”

The W2 phishing scam is occurring earlier in the tax season and to a broader scope of organizations. The number of attacks increased by 870 percent last year and there’s no evidence to suggest these attacks will slow down. As far as action an employer should take, it is recommended to send an email to phishing@irs.gov and place “W2 Scam” in the subject line.

Cyber Liability Insurance policies cover risks associated with W2 scams. For a consultation or assistance with any cyber inquiries, contact us today.

Industry Guide: Reporting Near Misses in the Construction Workplace

Most safety professionals agree that a facility or site audit would uncover at least one near miss condition or scenario at any time, on any day.

In the construction industry, near miss incidents are common occurrences where an accident was narrowly avoided. They’re also a precursor to more dangerous and expensive events. Tracking near misses can help companies reduce the number of incidents by monitoring when and where potential hazards take place. In Hays Companies’ new white paper, Senior Vice President Abby Ferri details:

  • How to start a near miss reporting program
  • Why it’s so important
  • The impact it could have on your company’s bottom line

Construction firms differ in their level of safety reporting sophistication. Some may need to start from the ground up, while others can quickly implement a near miss program. No matter where you are on the spectrum, treat near misses like incidents by recognizing and recording everything.

Click here to read the full white paper!

Will 2019 Be the Year of the Cybercriminal?

Consider this—in 2018, two of the five biggest cyberattacks in history occurred. Between the hacks on Marriott and Under Armour, criminals accessed the personal information of more than 650 million people. Cyber attacks also caused billions of dollars in lost revenue as hackers infiltrated everyone from mega-corporations to mom and pop shops.

The growing number of attacks and the costs associated with them are staggering. And while it’s difficult to detail the full extent of the economic impact in 2018, most experts predict that 2019 will be worse. Despite this, many companies have been slow to adopt modern cybersecurity protections, though most have implemented at least the minimum level of cyber protection.

But even the most secure businesses may not be thinking of the most significant threat—their people.

Research indicates that 95% of all data breaches are attributed to some human error.

Not huge mistakes, either. These simple errors happen in a fast-paced environment when everyone’s busy, such as falling victim to phishing. Someone opens an email and downloads an attachment, assuming it’s from a reputable source. Included in that email is malicious code—malware—that allows hackers to infiltrate a company’s network. Some people transfer corporate data outside the company over an unsecured network or simply don’t delete old data, leaving it vulnerable to leaks.

Cyberattacks will make headlines in 2019. No matter how much is spent on security, nothing can cover every human error or new techniques hackers use to infiltrate your network.

Sophisticated cybersecurity systems could help curb the cost of human error. When they’re implemented alongside a culture that prioritizes online safety, you can reduce the number of hackers who gain access to your people and help employees understand how to spot the threats that do breach your system.

Diligent training efforts will help prevent carelessness, breaches and help reduce costs. Here’s a short list of best practices:

Reaffirm culture

Do your people understand the value of information security? If you’re unsure of the answer, it’s time to start an internal communications plan that reinforces your organization’s standards.

Invest in cyber protection

Even if you have the most modern security software, it still requires regular maintenance. Many companies take a “set it and forget it” approach, but all security technology should always have the most recent updates.

Commit to encryption and multi-factor authentication solutions

Many cybercriminals take the path of least resistance, preying on companies that have minimal security. Simple additions like encryption and multi-factor authentication will help augment your security and move your company into safer territory.

Make a plan in the event of an incident

No one is immune to a hack, not even the most secure organizations. But there are ways to minimize the damage, both to your bottom line and your reputation. Create a detailed list of who to call and what steps to take if ransomware shuts down your access or customer information is stolen.

Cyberattacks will make headlines in 2019. No matter how much is spent on security, nothing can cover every human error or new techniques hackers use to infiltrate your network. When you are making your post-attack plan, the call to your cyber insurance broker should be at the top of your list. Insurance won’t stop an attack, but it will help pick up the pieces afterwards.

Contact Hays Companies to learn more about how we can cover you in the event of an attack.

Hurricane Impacts – The Aftermath of Hurricane Florence

Large scale catastrophic events can have significant impacts to your business for many reasons. The most obvious is direct damage to your facilities, which can also result in impaired operations. However, there are many secondary issues which can have detrimental effects. Utilities (including power, water, sewer, gas, etc.) often become unreliable due to wind damage or flooding. Infrastructure can sustain damage, which impedes access to and from your facilities. Governmental or other civil authorities may issue orders which restricts access to your locations. Even if your business is not located in a catastrophe-prone area, you can be impacted if large customers or suppliers sustain damage which hinders their production.

Catastrophic conditions often trigger ancillary additional coverages that are included in many policies. Frequently these additional coverages have their own sublimits, specific deductibles or waiting periods. It is important to review your specific policy terms and conditions. The following discussion is not intended to be a comprehensive review of coverages, but rather provide an idea on what to look for depending on your circumstances.

Protection & Preservation of Property (Property Damage & Time Element) – frequently costs are incurred to temporarily protect your property from an impending threat (for example boarding up in advance of a hurricane). This may also cause a business to shut down, resulting in a loss of income. Issues to consider specific to this coverage may include:

  • The costs generally need to be spent on insured property due to an imminent threat from insured physical loss or damage and be considered temporary in nature.
  • If the event ultimately does not materialize, generally the deductible for the event that would have happened is what is applied to the coverage.
  • There may be a stipulated recovery time for Time Element losses (for example 48 hours before & after protecting property).

Ingress/Egress (Time Element) – there may not be access to your property due to damage to roadways, bridges, tunnels or other infrastructure. This may result in Time Element losses. Issues to consider specific to this coverage can include:

  • The prevention of access generally must be from physical damage of the type insured to property of the type insured and at an insured location.
  • Whether the damage needs to be within a certain radius of an insured location.
  • There may be a specific number of days that the coverage is afforded for or separate sublimit.
  • Whether access need to be totally shut off, or if partial impairment qualifies coverage.

Civil/Military Authority (Time Element) – authorities may restrict access to your facility, resulting in a Time Element loss. Issues to consider specific to this coverage can include:

  • The order must be from physical damage of the type insured at an insured location or within a specified radius from the impacted location.
  • There may be a specific number of days that the coverage is afforded for or separate sublimit.
  • Whether access need to be totally shut off, or if partial impairment qualifies coverage.
  • Whether there is a specified amount of time that the order must be in place (Waiting Period):
    • For coverage to apply, and is subject to a different deductible OR
    • Which serves as the deductible for this coverage

Service Interruption (Property Damage & Time Element) – your facility may sustain damage from a loss of incoming/outgoing gas, sewer, electricity water, refrigerant, etc. This may also result in a Time Element loss for operations which rely heavily on utilities for their processes. Issues to consider specific to this coverage can include:

  • Review exclusions to confirm if change of temperature or spoilage is covered specifically for Service Interruption (for operations where this may apply).
  • Does physical loss/damage of the type insured to property of the type insured apply or can any accidental event to the utility provider’s property occur to trigger coverage. Some policies require that a specified peril (i.e. wind, flood, etc.) damage the utility’s property before coverage applies. Additionally, damage to certain types of the utility’s property may be excluded (transmission and distribution systems for example).
  • The damage to the utility’s property may need to have occurred within a certain distance from your affected location.
  • Losses may be subject to a specified waiting period before coverage applies (24 hours for example). This measurement may be different between Property Damage (the length of time utilities are interrupted) and Time Element (the length of outage and the amount of time to resume normal operations). The waiting period can serve as a coverage qualifier with a separate deductible applicable or can be considered the deductible itself.
  • The insured may need to notify the utility of the outage (save this documentation in support of your claim).

Contingent Time Element – Even if one of your locations is not in an area affected by the storm, customers or suppliers critical to your operations can be damaged by a catastrophic event. These types of scenarios can become complicated quickly as the damage has not occurred to your property and you may have very limited control over the situation. Issues to consider specific to this coverage can include:

  • Generally, the customer/supplier must have been impacted by physical loss or damage of the type insured to property of the type insured and at a contingent time element location.
  • The definition of a contingent time element location should be reviewed closely to confirm the number of customer/supplier tiers included. Policies can consider only the first/direct tier, a specified number of tiers, or include all tiers.
  • There may be specific sublimits/deductibles for Contingent Time Element coverage, which can also be scheduled on a per customer/supplier basis.

Attraction Property (Time Element) – Your property can be spared from significant damage, but it may rely heavily on a nearby property, which you do not own or control, that becomes damaged (for example, a hotel which relies on guests being attracted to a nearby non-owned theme park). Issues to consider specific to this coverage can include:

  • Generally, the Attraction Property must have been impacted by physical loss or damage of the type insured to property of the type insured.
  • The Attraction Property may need to be within a specified radius from your location.
  • There may be a specific number of days that the coverage is afforded for or separate sublimit

Deductibles: Deductibles may seem like a relatively straight forward issue, but can quickly become complicated if there are multiple perils involved (i.e. flood & wind in a hurricane), several locations, or if they are calculated on a non-monetary basis. Deductibles can apply on a:

  • Per Occurrence basis-one deductible applies to all losses associated with the same event (no matter the number of locations involved).
  • Per Location basis – a separate deductible is applied to each location involved, even if more than one location is involved in an event.
  • Combined Property Damage/Time Element basis or separately for each coverage type.
  • Generally, only the largest deductible applies to a loss, unless it is otherwise specified in the policy.

There can be several different ways that deductible values are determined. Some examples are as follows:

  • Monetary Deductibles-a specific stated dollar amount.
  • Percentage Deductibles-generally a stated percentage in the policy is applied to the values present at a damaged location (Property Damage) or to the annual Time Element value that would have been earned (Time Element) to determine the monetary value of the deductible. Depending on policy wording, the percentage can be applied to all values combined or separately to each individual unit of insurance involved (Building, Stock, Contents, Time Element, etc.). Percent deductibles are often applicable to properties that are in high hazard wind or flood zones.
  • Day Equivalent (or Average Daily Value)-a stated number of days multiplied by the total daily Time Element value at the affected location (plus the proportion of the Time Element value at any affected interdependent locations).
  • Day Equivalent Contribution-a stated number of days multiplied by the Time Element value for which the damaged property contributes to the entire affected location (plus the proportion of the Time Element value at any affected interdependent locations). This deductible can have a significant advantage over the Day Equivalent when a location has a loss where only part of operations are affected. For example, consider a plant that has three lines; all which contribute to 1/3 of the operations’ value. If only one line is damaged, then the Day Equivalent Contribution deductible only applies to the Time Element value passing through the damaged line. This results in a deductible which would be 1/3 of the Day Equivalent, which considers the total Time Element present.

In an increasingly complex and interdependent marketplace, insurance claims can quickly become complicated and confusing-especially following a catastrophic event. Hays has the expertise to assist with navigating complex property damage and time element claims; with the goal of mitigating operational impacts and expediting the claims process.

Contact our claims team for assistance:

Emergency Claims Hotline

612-758-8551

1-844-239-4937

Email:

hurricaneclaims@hayscompanies.com

What’s Next After Hurricane Florence?

Hays is here to help. When trying to clean up the damage caused by a storm of this magnitude, it can be overwhelming to know where to begin. We have you covered with our dedicated disaster recovery team.

After receiving the official announcement from authorities that it is safe to return and you find you have sustained property damage or business interruption, you should:

  • Call Hays Emergency Claims Center at 844-239-4937 or email hurricaneclaims@hayscompanies.com
  • Record video or photograph of property damage.
  • Track all expenses you incur to mitigate your loss and continue business.
  • Exercise caution when inspecting damage. Do not try to inspect damaged utilities and appliances; contact a professional to do so.
  • Do what you can to prevent further damage to your property, (e.g., putting a tarp on a damaged roof), as insurance may not cover additional damage that occurs after the storm.
  • Secure Inventory – prior to a storm’s arrival, you should have compiled an inventory of all of your possessions at your home or business. If you did not create one, start as soon as possible.
  • File a Claim Immediately – it is in your best interest to file a claim as quickly as possible. Insurance adjusters may not be able to access the property right away, but it helps insurers to know where to look for damage and how to contact you in the coming weeks.

For additional information on how to stay safe after a hurricane, please visit: https://disastersafety.org/hurricane/after-a-hurricane-safety-tips/

Additional Helpful Links:

National Ocean Service Hurricane Florence Updates: Aerial photos taken by NOAA following the storm, which can be overlaid to pre-storm satellite imagery.  Depict where flooding has occurred.

North Carolina Department of Transportation: Map with affected roadway closures by region.

South Carolina Department of Transportation: Interactive map with Hurricane Florence conditions.

Duke Energy-North Carolina: Impacts to North Carolina power grid

Duke Energy-South Carolina: Impacts to South Carolina power grid

National Weather Service: https://alerts.weather.gov/

National Hurricane Center: http://www.nhc.noaa.gov/

Public Health Sanitation Division: http://www.wvdhhr.org/phs/disaster/index.asp

Hurricane Preparation and Recovery – Claims Guidelines

Hays is standing by to assist clients who have been affected by Hurricane Florence; including those with facilities that have been directly impacted or experiencing supply chain disruptions.

If this is an emergency, please contact our Emergency Claims Hotline at 1-844-239-4937 or via email at hurricaneclaims@hayscompanies.com

Hays has the expertise to support you with navigating the complicated claims process, which allows you to focus more of your time and energy on assisting employees, mitigating losses and restoring business operations.

We suggest the following three-phase approach to facilitate an efficient and successful recovery.

Phase I – Emergency Response
1. Notify Hays and your insurer of the loss as soon as possible.

2. Coordinate your loss response team and direct responsibilities for each individual. Typical parties which may be involved include the following: Risk Management, Finance, Operations, Supply Chain, Logistics, Third-Party Vendors, and your Hays Claims Consultant. We suggest appointing a singular direct point of contact with the adjuster (often the risk manager).

3. Establish accounting procedures for capturing loss activity (typically a separate accounting string to which all loss-related expenses are tracked).

4. Contact remediation contractor(s) to complete emergency repairs (water extraction/drying equipment). Protect buildings and equipment from additional damage by making temporary repairs. Restore service to fire protection systems as quickly as possible. Document conditions with photographs.

5. Evaluate and separate damaged from undamaged stock. Document with photos and retain all property for the adjuster to inspect. Create an itemized inventory of the property including type (SKU, make/model, S/N, etc.), description, quantity, disposition (undamaged, reprocess, dispose of) and price.

6. Create a recovery plan for re-establishing operations and mitigating business interruption. Typical options include the use of undamaged inventory on hand, outsourcing to sister facilities, implementation of additional shifts/OT, and rental of temporary alternate locations.

7. Review applicable leases (Landlord/tenant, leased machinery/equipment, etc.) for insurance requirements and notify third parties who may have an additional interest.

Phase II – Recovery and Claim Submission
1. Review of policy jointly with Hays to identify policy provisions and deductibles which may be relevant. Frequently there are special coverages, sublimits or deductibles that apply to hurricane-related losses.

2. Commence with reconstruction. This should be coordinated with the adjuster to ensure agreement on the scope of work and how invoices will be issued (competitive bid, agreed lump sum, or time & materials basis).

3. Track and document all loss-related repair expenses (emergency response, temporary repairs, reconstruction, inventories, etc.).

4. Identify and document loss-related issues that impair operations, which may include: direct physical damage at your location(s), infrastructure damage (bridges, roadways, etc.), utility interruption (sewer, power, gas, etc.), damaged facilities of customers/suppliers and orders issued by civil/governmental entities. For issues that do not originate at your location, confirm the specific cause and site where the damage occurred.

5. Prepare loss analyses demonstrating Business Interruption losses and Extra Expenses in a clear and concise format, in accordance with your insurance policy.

6. Prepare overall damage estimates and communicate potential loss exposures with the adjuster to ensure they understand the total impact to your business.

7. Submit claim(s) to your insurer including explanatory narrative, calculations and supporting documentation. Request advance payments from your insurer as necessary. It is essential to communicate timelines for payment expectation with the adjuster well in advance, to allow adequate time for evaluation and processing.

8. Continually monitor timelines for claim process and business recovery.

Phase III – Ongoing Activities, Adjustment, and Settlement
1. Respond to inquiries from your insurer and their representatives.

2. Direct timely and complete exchange of claim documentation. Analyze insurer’s evaluation/response to determine areas of difference and coordinate with Hays to strategically respond.

3. Prepare for and embark upon final claim negotiations and settlement with the insurer.

Please contact your Property marketing representative or the claims team at any time to discuss your claim and how Hays may be of assistance.

Emergency Claims Hotline

612-758-8551

1-844-239-4937

Email:

hurricaneclaims@hayscompanies.com

Upcoming MN Workers’ Compensation Indemnity Benefit Increase Effective 10/1/2018

A new bill hailed as the most comprehensive workers’ compensation legislation in the last twenty years was recently signed into law in Minnesota. Following both houses’ unanimous approval, Governor Mark Dayton also gave the bill his signature on May 20th.

The bill, H.F. 3878, included recommendations from the Workers’ Compensation Advisory Council, a group comprised of appointed representative as well as the presidents of the largest statewide Minnesota business organization and the largest organized labor association. Supporters of the bill believe it will help improve the system’s administrative process, and directly benefit employers, health care providers and injured workers.

At a high level, the following changes will be enacted as a result of the bill’s passage:

  • The maximum number of weeks of TPD benefits eligibility has increased from 225 weeks to 275 weeks
  • The PPD benefits schedule has been increased
  • PTD benefits eligibility has increased from age 67 to age 72

These changes will go into effect for injuries on or after October 1st, 2018. If you have question about how the new legislation will impact your business, please contact your local Hays representative or email us at info@hayscompanies.com.

To view the complete language for 2018 Minnesota Sessions Laws Chapter 185—H.F.No.3873, please click here.

The Florida Insurance Roundup Podcast Feature: National Flood Insurance Reform

Brian Squire, Managing Executive Senior Vice President at Hays Companies, recently sat down with Lisa Miller on her Podcast “The Florida Insurance Roundup” to lend his insights on the National Flood Insurance Program (NFIP) as well as strategies on how to navigate it as a Florida resident.

Listen to the Podcast, here.

Description:

Congress continues to debate how to reform the beleaguered National Flood Insurance Program (NFIP) that 1.8 million Floridians depend on for their property flood protection. Congress must also reauthorize the program because without it federally-backed home mortgages which require flood coverage for high-risk zoned properties may be at risk. The taxpayer-subsidized NFIP is $25 billion in debt and relies on old flood data and maps, with rates that do not match risk.  Congress is considering reauthorization under a package of reform bills called the 21st Century Flood Reform Act.

Podcast Host Lisa Miller, a former Florida deputy insurance commissioner, explores two key reforms on this program: what to do with grandfathered properties that are still enjoying 1960’s-era premiums and riddled with repetitive losses, and how best to encourage private flood insurance market alternatives. It is estimated that 77% of Florida properties would see lower premiums with private market policies.

Joining Lisa are presenters Brian Squire, Managing Executive Senior Vice President at Hays Companies in Destin, Florida and Helen Devlin, Senior Lobbyist with the National Association of Realtors in Washington D.C.  Together, they outline what is at stake for Florida NFIP policyholders and ideas on how best to balance flood insurance affordability with NFIP sustainability, without hurting Florida’s growing real estate market.

This Podcast originally appeared on lisamillerassociates.com. To view the original posting, please click here.

Insurance Journal ranks Hays in Top 25 of 100 Property/Casualty Agencies for 2018

Hays Companies was named one of the Top 25 Property/Casualty Agencies in the United States by the Insurance Journal, a leading industry publication for the Property/Casualty arena. The list is based on total revenue for 2017 and is comprised of agencies focused on retail policies.

Per the Insurance Journal, the list is indicative of “the nation’s most successful independent insurance agencies and brokerages.”

Hays Companies ranked 22nd this year, after experiencing $90,300,000 in total Property/Casualty revenue. This is the 25th year of consecutive growth for Hays.

“Our customers are at the center of everything we do,” explained Jim Hays, CEO of Hays Companies. “Each year, we are growing organically and extending our reach to better meet the needs of our clients. We will continue to be an industry leading company by going above and beyond to ensure we are the broker of choice for our customers.”

To view the full list, please click here.

Hays Companies Vice President Bruce Lyon Receives 2018 Excellence Award

Hays Companies of Kansas City is proud to announce that Bruce Lyon, Vice President and Director of Risk Management, was honored by the Board of Certified Safety Professionals with the 2018 CSP Award of Excellence.

A leader in high quality credentialing for safety, health and environmental practitioners, the Board of Certified Safety Professionals (BCSP) was founded in 1969. Since then, they have grown to be recognized as the leader in credentialing for practitioners in the safety, health, and environmental industries. Their highly prestigious Award of Excellence is awarded to top practitioners that embody outstanding leadership, deep industry knowledge and a strong commitment to advancing safety excellence.

Lyon has over 37 years of experience in the insurance and consulting fields and continues to be a passionate advocate for the advancement of the safety profession. He currently serves as Advisory Board Chair to the University of Central Missouri (UCM) Safety Sciences program as an active collaborator with the faculty, a frequent lecturer and mentor.

Additionally, Lyon is Vice Chair of the ISO 31000 Risk Management standards US Technical Advisory Group (US TAG), a member of the ANSI/ASSE Z590.3 Prevention through Design standard review committee, and a subject matter expert in the development of the Board of Certified Safety Professionals’ (BCSP) Safety Management Specialist (SMS) certification.

To learn more about the Board of Certified Safety Professionals and the other Excellence Award recipients, please click here.