Category Archives: Business

Want to scan your crypto wallet for risks? Check: AML crypto BTC, USDT, ETH. Checking cryptocurrency wallets for dirty money.

Understanding Insurance Coverage for Traveling Employees

Posted on by

BOSTONThe odds of dying in a terrorist attack: 1 in 9.3 million. The odds of getting sick while traveling: 1 in 2. But both should concern companies sending their employees around the world for business, panelists Kathleen Ellis of CNA International, Erin Wilk of Facebook and Andrew Miller of International SOS said at a RIMS 2019 panel titled “Is Insurance Enough When Employees Travel?”

The answer to this question, the panel agreed, was emphatically “no.” But, as Ellis and Wilk noted, insurance coverage is an important part of the equation for many of the biggest things that do go wrong. Even though the risk of catastrophic incident is minor compared to seemingly mundane travel concerns like weather and petty theft, companies should still prepare for the worst in advance.

This is true whether employees are going to common destinations within the United States traditionally thought of as safe or to less familiar places.

buy zydena online https://ozgurmd.com/wp-content/uploads/2023/10/jpg/zydena.html no prescription pharmacy

It is also true, Wilk said, whether the employee is an experienced traveler (who can be over-confident) or a novice (who can over-prepare and miss warning signs around them).

The panelists repeatedly stressed that companies should approach travel risk with protecting employees as their priority. Not only do companies have a “duty of care” (a legal responsibility to mitigate the risks traveling employees face), but they also need to be cognizant of the “standard of care” and “duty of loyalty.” Standard of care is the industry standard for employees’ travel risk protection, and companies’ obligation to meet that standard.

Duty of loyalty is the employees’ responsibility to abide by the safety measures the company has put in place. As recently discussed in Risk Management, this is largely on the employee, but the panel noted that employers also have a critical role to play in creating a culture that enables and encourages their people to take the necessary steps to protect themselves while traveling. As Wilk said, “Policy is a piece of paper. Employee practice is what actually matters.”

When it comes to insurance, companies should make sure they are covered, but not over-covered. For example, Miller discussed cases in which companies’ benefits, HR and legal department have all purchased travel coverage without communicating their purchases to the other departments. Businesses may also be unfamiliar with the coverage they have and pay to remediate travel problems themselves when their insurance policies would actually cover those issues.

Key insurance options include:

  • Foreign voluntary workers compensation, which covers workers traveling on business in a way similar to traditional workers’ comp, paying for disease, or repatriation or evacuation
  • Business travel accidental death and dismemberment coverage, which works like life insurance and covers both work-related and non-work-related incidents, and is an option for covering employees’ spouses and dependents
  • Kidnap and ransom coverage, which provides pre-trip support, crisis management services during an incident, and reimburses for ransoms paid for kidnapping extortion, wrongful detention and hijacking
  • Expatriate medical, which is an option for employees who are traveling long-term, and
  • Defense base act coverage, which handles government contractors overseas at embassies and military bases

The panelists also emphasized that travel risk not only endangers employees’ well-being, but also the company’s bottom line. If an employee gets sick while traveling for business, for example, the company’s investment in the trip can be wasted. Additionally, traveling employees who feel unsafe or unprepared for the risks they are facing feel less loyal to their company, and can also be distracted, potentially derailing the important business they are traveling to conduct. The panel urged that pre-trip training and a thorough understanding of the company’s existing coverage are the best ways to mitigate these risks and help employees succeed when traveling for work.

Q&A: 2019 Risk Manager of the Year Luke Figora

Posted on by

Luke Figora, senior associate vice president and chief risk and compliance officer at Northwestern University, was named the RIMS 2019 Risk Manager of the Year today.

With annual revenues of approximately .

5 billion (reported in 2018) and nearly $700 million in sponsored research annually, Northwestern is among the country’s leading research universities. Figora has risen quickly through the ranks at Northwestern, where his enterprise risk management (ERM) framework has elevated its risk culture across three campuses—two in Illinois and one in Qatar.

Figora spoke with Risk Management Monitor about his experience as one of the youngest stakeholders among Northwestern’s leadership, his process of customizing an ERM matrix and his reaction to the recent college admissions scandal.

Risk Management Monitor: You and your department created an ERM matrix in the past year that united Northwestern’s compliance owners and that may even set a precedent in higher education. What went into its creation?

Luke Figora: We spent a lot of time defining risk appetite statements and tried to make our program a little more outcome-based and actually show how we’re moving the needle on uncertain key risks for Northwestern. And we avoided spending too much time aligning perfectly to one of the ERM frameworks like COSO or ISO. So I think if someone looked at our program from the outside, it might not check all the boxes from a typical model perspective, but it’s driving action here at Northwestern and it seems to be the right level for engagement with our stakeholders.

I think one of the biggest challenges for ERM at Northwestern—and maybe this is true across the industry—is that we don’t necessarily have one strategy right now. We have some pillars and values that Northwestern follows, but we’re ultimately a very decentralized institution that has a number of schools, and a number of units in each one of those have slightly different objectives and goals.

RMM: It seems that there is a degree of transparency, but not full transparency.

LF: Right. For example, athletics and the School of Medicine have very different risk profiles and neither one of them should know the other’s risks or operations. And it would be hard for someone in athletics to speak about the risks of animal research within the School of Medicine. I think that’s where our risk office plays a role in right-sizing the expectations and taking the feedback from all the units, but trying to do some triage through that.

RMM: Many of your colleagues are several years your senior—how has that impacted your work?

LF: I am probably the youngest person on the leadership team across the institution, but it has probably been beneficial. I have tried to bring different ideas and update the ways in which we think about risk. I’m not jaded by the insurance industry, and I think people are receptive because of that.

RMM: Since arriving at Northwestern nearly five years ago, you moved up the ranks relatively quickly, although you’ve maintained that was not your goal. How would you advise young risk professionals as they get their feet wet?  

LF: I think all of us at early stages in our careers can’t wait to be a manager and want that vertical growth and the chance to lead a team, but the bigger driving factor for me has been horizontal growth and expanding the portfolio. After that, I believe the other opportunities will come. That is a belief I try to hammer home in my work and when I make industry presentations.

RMM: The college admissions system is a hot topic due to the major scandal that broke in March. How might that have affected where the admissions process is on Northwestern’s risk register?

LF: Last year at this time, fraud in the admissions cycle wouldn’t have been one of our top 10 enterprise risks. But when things like this break, there is a tendency to go into reaction mode and examine whether we have similar issues. I always try to keep people level-headed and remind them that just because this hit doesn’t mean it moves to number one on our crisis management list for the year. It is worth doing a deep dive into the question or topic that’s in the news, but whenever scandals hit, I think we’ve tried to approach them with a rational view.

RMM: It sounds like the knee-jerk reaction is to go into crisis communication mode, even though it’s not your crisis.

LF: We know we’re going to get questions from our trustees, so there’s an initial all-hands-on-deck mentality. You have to make sure you have talking points that outline how we’ve thought about it because we know we’re going to get questions from the media. We do focus on crisis communications, but it becomes more about knowing if we have the right controls that could protect the institution from something like this happening to us.  

Figora was also the special guest on this week’s RIMScast, which you can download here.

Are Your Employees Preparing to Quit?

Posted on by

A new study shows that changes in employee engagement and loyalty can indicate whether an employee is planning to leave, and these changes may start up to 9 months before an employee quits. In The 9-Month Warning: Identifying Quitters Before It’s Too Late, workplace data analytics firm Peakon and its research arm Heartbeat drew on polling of 30 million employees in 125 countries to help employers spot the signs and mitigate resulting risks.

Turnover and recruitment to replace departing employees is costly for companies. The hiring process can take weeks or months, and includes both direct and indirect costs from paying recruiters to staff time and lost productivity. Training new staff also takes time and money, and losing institutional knowledge when an employee departs can slow operations or, in a worst-case scenario, can even compromise client relationships or handicap major aspects of the company’s business. There can also be reputation costs, especially if the potential applicants see a stream of departures.

The study stresses that decreasing employee engagement—which it defines as “the level of personal investment an employee has in their work”—is an important indicator of imminent departure. Nine months before quitting, researchers found an employee’s engagement and loyalty to the company drop significantly. The study measured engagement by asking respondents, “How likely is it you would recommend [Company Name] as a place to work?” and measured loyalty by asking, “If you were offered the same job at another organization, how likely is it that you would stay with [Company Name]?”

Various factors contribute to a decline in engagement and loyalty, including in some counterintuitive ways. The study shows that respondents considered unchallenging work more of a reason to leave than having too much work. When their work is not challenging, employees’ sense of accomplishment begins to significantly drop 9 months before quitting, while their feelings about their workload stay relatively steady until their departure.

online pharmacy antabuse with best prices today in the USA

Additionally, the study found that communication and relationships between managers and employees may be more important for retention than salary level or other factors. Employees are more likely to leave if they feel unable to discuss their pay with their manager than if they feel underpaid, and their manager’s support is more important than relationships with colleagues, feeling at home at an organization or believing in its mission.

When employees believe that they do not have opportunities for growth, they also become more likely to leave. This includes personal growth, advancement within the company and whether their managers encourage and provide pathways for growth.

online pharmacy tobrex with best prices today in the USA

“When we feel our role is helping us develop into our best self, it can have an incredibly powerful impact on employee engagement,” the study explained.

Companies can address these factors in a number of ways, including offering training programs and growth opportunities, starting an employee recognition program, implementing more frequent or more in-depth employee engagement surveys and providing additional training for managers. One way companies can incentivize these steps is by tying executive pay and other rewards not just to financial performance, but also to retention.

By ensuring that employees feel challenged in their work, feel comfortable communicating with their managers and providing opportunities for recognition and growth, employers may reduce staff attrition and save on costly recruitment and training.

online pharmacy rybelsus with best prices today in the USA

NCSA and NASDAQ Advise Risk Managers to Look ‘Beyond IT’ Following a Breach

Posted on by

NEW YORK — “Incident Response and Recovery” was the theme of the National Cyber Security Alliance (NCSA) and Nasdaq Cybersecurity Summit on April 17. Security and risk professionals from the Department of Homeland Security (DHS) and various companies and organizations convened at the Nasdaq Marketsite to discuss methods that focus on resilience and recovery following a cyber attack or data breach.

NCSA Executive Director Kelvin Coleman led the fireside chat with Matthew Travis, deputy director for the DHS’ Cybersecurity and Infrastructure Security Agency (CISA). The timing of Travis’ appearance was unique, considering that Kirstjen Nielsen–formerly the secretary of Homeland Security and Travis’ director–recently resigned from her post on April 7. While that announcement grabbed widespread attention due to her involvement with the humanitarian and immigration crisis at the U.S.-Mexico border, it also has major impacts for the country’s efforts to counteract cyberrisk and data breaches. Last September, Nielsen announced the formation of the National Risk Management Center (NRMC), an initiative focused on defending critical infrastructure from cyberattacks and providing a single point of access to the full range of government activities to defend against cyber threats.

“There is no doubt [Nielsen] was the most cyber-savvy secretary the department’s ever had. She brought real bonafide domain expertise in cybersecurity to the department,” Travis said. He added that the creation of CISA is her legacy and that the relationship with Kevin McAleenan, the new acting secretary of homeland security, has been harmonious.   

Travis reminded attendees that its partnerships with the private sector were crucial and that CISA regularly monitors national critical functions such as elections, electrical grids and financial transactions, which he said are the “big things that drive our economy.” He also said that companies can leverage CISA resources immediately after a breach as a supplement to the FBI’s criminal investigation.

“We’re going to help you understand exactly what happened and help you recover the data and mitigate some of the impact. The private sector firms do that very well, but the difference is that…

online pharmacy cytotec with best prices today in the USA

[CISA] is free,” he said. “That is where we would like to work with owners and operators, when there is an event, to help them get back on their feet as soon as possible.”

Additionally, Coleman and Travis discussed that though CISA is not part of the intelligence community, it does have access to the intelligence collection and monitors trends that can be used to warn private sector companies of cyberrisks. He cited the recent Domain Name System (DNS) infrastructure hijacking campaign that CISA warned about in February—in which at least 40 different organizations across 13 different countries were compromised—as an example of the agency taking steps to alert both the public and private sectors.   

“When we issue technical alerts or emergency directives,” Travis said, “[we] communicate to our stakeholders what to look out for.”

How to Reduce Uncertainty After A Breach  

In the next session, panelists agreed that even when companies use new technologies to remedy security flaws and migrate data to cloud storages, new vulnerabilities occur. Dr. Michael Siegel, principal research scientist and director of cybersecurity at the Sloan School of Management at the Massachusetts Institute of Technology (MIT), said that the old adage of risks being rooted in people continue to be prophetic.

“It’s always been about people and things that sit in our systems for a long time,” he said. “You’ve heard this since the 2000s and it’s still true, and even more true today.”

Should a business find itself in a situation where ransom is being demanded for intangible assets and information, Siegel advised that then is not the time when stakeholders should first decide whether they’d be willing to pay.

“They should know whether they’d pay ransomware because they have [presumably] done tabletop exercises…that will be absolutely essential because any time you wait and indecision will be [catastrophic],” he said. “You have to have practiced it in advance. You can build a scenario-generator and run it through a classroom.”

Companies can also learn from breaches, if tracking is implemented within their code, noted Tyler Shields, vice president of strategy for Sonatype, and open source governance platform. “The ability to track your code from creation to deployment—that entire life cycle—needs to be instrumented so that when a breach occurs you know what component was affected, where it came from, who implemented it and what protections were in place.”

Incident Response Recovery Beyond IT

The final session panelists agreed that holistic approaches were essential for successful responses and recovery periods. Internal and external communications should be well thought-out and designating a person or team to handle them sets the appropriate company precedent. Lisa Plaggemier, chief evangelist at Infosec and NCSA board member said that, for example, while a company’s lawyers are critical during these times, they might not be the best communicators.

“Lawyers, when they write for communications, tend to sound more scary than reassuring,” she said.

online pharmacy arava with best prices today in the USA

“You want to have collaborations and have that communications person in the room with them.”   

Photo courtesy of the National Cyber Security Alliance

When it comes to crisis communication, Plaggemeir advocated that employees—especially those who detected the incident—should be armed with talking points for traditional and social media outlets to avoid data leakage.

“We want to make sure we equip those people so that the rumor mill doesn’t start flying and we don’t end up with communications that are out of our control,” she said.

online pharmacy chloroquine with best prices today in the USA

buy penegra online https://royalcitydrugs.com/penegra.html no prescription

Dovetailing on that notion, moderator Andrew Derboben, senior director of security operations at Nasdaq was quick to mention reputation risk. He said another way to reduce data leakage and misrepresentations in the media—which can further harm a company’s reputation in the aftermath of a breach—is to arm all company employees with a brief script on what to say to anyone, even just passersby making small talk.

“Don’t even have them say ‘no comment,’” Derboben said. “Point them to the experts who have all the data. Because if we’re missing a key piece of information and it’s not communicated properly it could determine how an article will be written.”