Category Archives: Workplace

Игроки всегда ценят удобный и стабильный доступ к играм. Для этого идеально подходит зеркало Вавады, которое позволяет обходить любые ограничения, обеспечивая доступ ко всем бонусам и слотам. LeapWallet is a secure digital wallet that enables easy management of cryptocurrencies. With features like fast transactions and user-friendly interface, it's perfect for both beginners and experts. Check it out at leapwallet.lu.

Beware of Coverage Gaps for Social Engineering Losses

Posted on by

Social engineering is the latest cyberrisk giving companies fits and large financial losses. A social engineering loss is accomplished by tricking an employee of a company into transferring funds to a fraudster. The fraudster sends an email impersonating a vendor, client, or supervisor of the company and advises that banking information for the vendor/client has changed or company funds immediately need to be wired at the “supervisor’s” direction.

buy prelone online blackmenheal.org/wp-content/uploads/2023/10/jpg/prelone.html no prescription pharmacy

The email looks authentic because it has the right logos and company information and only careful study of the email will reveal that the funds are being sent to the fraudster’s account. Unsuspecting and trusting employees unwittingly have cost their companies millions of dollars in connection with social engineering claims.

But when companies look to their traditional insurance program, they are usually met with the unhappy surprise that they do not have coverage for such a loss.

buy ventolin online blackmenheal.org/wp-content/uploads/2023/10/jpg/ventolin.html no prescription pharmacy

Most assume that the loss will be covered by the crime/fidelity policy that nearly all companies have. Insurers, however, have denied coverage for social engineering claims under those policies, claiming that the loss did not result from “direct” fraud. Insurers contend that the crime policy applies only if a hacker penetrates the company’s computer system and illegally takes money out of company coffers. In the case of a social engineering claim, company funds have been released with the knowledge and “consent” of an employee, albeit the employee has been induced by fraud to release the funds. Policyholders and insurers are currently litigating the scope of coverage under traditional crime policies nationally with mixed results.

Some crime policies also contain exclusions that may pose specific barriers to social engineering claims. For example, many traditional crime policies contain a “voluntary parting” exclusion that bars coverage for losses that arise out of anyone acting with authority who voluntarily gives up title to, or possession of, company property. In addition, some insurers have put overly broad exclusions on crime policies that are directed toward eliminating coverage for many cyber risks, including social engineering claims.

Given the prevalence of social engineering claims and the clear market for companies looking to insure against such risks, some insurers have begun to offer an endorsement that provides coverage for social engineering claims.
buy flagyl online https://galenapharm.com/pharmacy/flagyl.html no prescription

The coverage may be subject to a sublimit and may include coverage for some, but not all, social engineering risks. The coverage also might be subject to additional exclusions.

buy robaxin online blackmenheal.org/wp-content/uploads/2023/10/jpg/robaxin.html no prescription pharmacy

Like all insurance policies, the precise words of the endorsement matter and, therefore, should be carefully reviewed.

Finally, and most important of all, social engineering coverage will not automatically be added to a company’s policy and not all insurers will provide such coverage. Therefore, companies should review their current insurance program with their insurance professionals and experienced coverage counsel to determine whether they have appropriate coverage that is in line with the market for social engineering claims.

Check out “6 Tips to Minimize the Risks of Social Engineering Fraud” from Risk Management.

Zika and the Olympics: Business Travel Risks

Posted on by

Zika
The Zika virus, and its presumed association with serious birth defects and a paralytic neurological disorder, poses an unusual problem for business leaders and risk managers. While the virus is not currently being spread by mosquitoes in the U.S., Brazil is an important destination for many U.S. business travelers, which will only increase in the build-up to this summer’s Olympic Games. For many companies, health and safety concerns are top priorities, but travel to Brazil may be a business necessity. Before making decisions around these two opposing drives, it is vital that risk managers and business leaders weigh the facts around Zika.

The Risk to Employees

Brazil ranks in the top 10 in the business travel global rankings, making it one of the world’s largest corporate travel markets. With the Olympics, business travel to Brazil is expected to increase considerably this year, yet many Americans are worried about the threats of the virus. Consider the results of a recent survey conducted by my company, On Call International: 64% of Americans and 69% of all women surveyed, said they would cancel their travel plans because of Zika. There is, however, a disparity between these widespread concerns and the ways businesses have actually responded to the virus. A survey by the Overseas Security Advisory Council found that of the 321 businesses that responded, less than 40% are allowing female employees to defer travel to affected countries, and only a fifth are allowing men to opt out. The majority of respondents are only taking steps to inform their employees about the virus.

Should more employers allow their employees to defer travel? In considering this question, business leaders need to turn to authoritative travel health sources such as the World Health Organization (WHO) and the Centers for Disease Control and Prevention (CDC) to help make informed choices around employee health and safety concerns.

Furthermore, women currently account for nearly half of all business travelers. The virus’s risks around pregnancy-related issues like miscarriages and birth defects will be top of mind for many businesswomen with travel plans to Brazil. Are employee concerns enough reason for businesses to stop travel to Brazil? Turning to authorities such as the CDC—and its recent travel advisory urging women who are pregnant or thinking of becoming pregnant to avoid travel to places like Brazil—provides a compelling reason for business leaders to consider more flexibility.

While women’s apprehensions around Zika seem obvious, the rising concern of the virus being transmitted sexually means that men with pregnant partners, or partners who may become pregnant, also have reason for concern. Notably, the CDC has issued warnings specifically for men traveling to locations like Brazil, which is another reason for businesses to give deferral of travel by men further consideration.

Duty of Care

As part of a company’s Duty of Care—the legal obligation to protect your employees from any reasonably foreseeable harm—your employees’ concerns around the Zika virus should be taken seriously. The virus is a new obstacle for businesses, and its risks require new approaches before any business travel to Zika-affected areas. Through proactive education, there are appropriate and responsible ways organizations can consider responding to the virus that are aligned with their legal and ethical responsibilities to their employees and their business. Organizations should consider meetings with all employees to discuss the virus and the health risks the virus imposes for travel.

If Travel is Necessary

While the symptoms of the virus – which are generally mild – are not immediately life-endangering, it is a good precaution to ensure employees are aware of resources such as doctors or hospitals in the areas where they are traveling. With special events like the Olympics, business leaders can also look into potential resources that are developed to help provide backup services for Rio during the Games. In preparation, Brazil is expected to invest $3.7 million in projects that include improving the medical infrastructure. These are investments that can benefit business travelers, if they have are made aware of them.

As there is no vaccine for the virus, organizations should share protection methods, including:

  • Avoid mosquitos and limit outdoor activities, especially from dawn until dusk when the Aedes aegypti mosquito is most active
  • Stay in accommodations with properly air-conditioned rooms. Netting for beds can also go a long way in protecting against the virus
  • Avoid unnecessary skin exposure by wearing long sleeves and pants
  • Purchase the correct insect spray—specifically those that contain DEET, picaridin, oil of lemon eucalyptus or IR3535

Embracing Flexibility

A sound approach includes weighing the risks and rewards of travel to Brazil and other Zika-affected areas. Where possible, be flexibile. For example, if your organization has employees based permanently in Brazil, or local partners, leverage them for any work that needs to be done in person to reduce the risks of sending additional employees to Zika-affected areas. There are also easy, technology-driven solutions, such as video chats or teleconferences. Be creative in your travel risk management solutions and identify which methods work best for your organization. Building your risk management program from a solid base of proactive education helps empower employees to make informed decisions regarding their travel plans to locations affected by Zika.

For more on this topic, check out our May feature in Risk Management Magazine.

Hidden Exposure: Protecting Your Business with Third-Party EPLI

Posted on by

Coffee shop
In today’s increasingly litigious society, harassment and discrimination are trending upward. To protect your business from workers’ claims, including wrongful termination, breach of employment contract, wrongful discipline, failure to employ or promote, sexual harassment and discrimination, you likely have employment practices liability insurance (EPLI) in place.

But if your employees frequently deal directly with the public, there may be a glaring gap in your coverage. Your business and workers may also be at risk for harassment or discrimination claims from a customer, client, supplier, vendor or visitor. The bad news: these types of claims are not covered by commercial general liability insurance or standard first-party EPLI.

To protect your business from customer or client allegations, third-party EPLI is the answer.

buy actos online www.nicaweb.com/images/layout1/gif/actos.html no prescription pharmacy

The types of wrongful acts typically covered by third-party EPLI are discrimination and harassment. Discrimination can include claims based on nationality, sex, disability, age, race, religion, pregnancy or sexual orientation. Harassment can take on many forms, such as unwelcomed sexual advances, requests for sexual favors, and other types of verbal or physical abuse. Third-party EPLI reimburses your company for court and legal fees, as well as any settlements between the business and the accuser.

Third-party EPLI may be appropriate if you frequently meet with clients or deal with vendors. And it is absolutely essential for businesses that interact with the public. Examples include large customer service teams, cable television installers, contractors, restaurant, hotel and transportation workers, and real estate agents.

For example, a customer sued a New Jersey gas station after being sexually assaulted by an attendant who was filling up her car. The woman claimed the station attendant made inappropriate advances, performed a lewd act and touched her while she was buying gas, according to NJ.com. The woman also claimed that another employee at the gas station did nothing to prevent the incident or intervene during it.

In another example that made national headlines, thousands of African American patrons of Denny’s restaurants claimed they were refused service, were forced to wait longer, had to prepay for food, or pay more for food compared to white customers, the New York Times reported. These claims, which totaled 4,300 and spanned several years across multiple states, culminated in a class-action lawsuit against the national restaurant chain. Denny’s settled the suit in federal court, and members of the class-action suit were awarded $54 million for damages.

Starbucks was sued in federal court by a group of 12 deaf customers who said they were mocked and mistreated at a coffee shop in New York City. The group claimed being harassed multiple times because of their disability.

buy zetia online www.nicaweb.com/images/layout1/gif/zetia.html no prescription pharmacy

During one instance, a Starbucks employee called the police in response to a group of deaf patrons who met at a Starbucks to hold their monthly Deaf Chat Group, although the patrons were paying customers, according to USA Today. The police apologized to the patrons and reprimanded the employee for calling the police when there was no illegal conduct.

As you can see, the level of interaction a company has with those who might claim a wrongful act, and the industry in which you operate, can affect the cost of third-party EPLI. Other factors come into play as well, like whether you’ve been sued in the past over employment practices.

While third-party EPLI helps defray the cost of lawsuits and judgments brought against your business, one thing it doesn’t protect is your reputation. Therefore, forward-thinking employers are doing more than just purchasing a third-party EPLI policy; they’re also taking steps to make it less likely they will have to use that policy. Effective training and education, no matter your level of exposure, can help prevent claims of wrongful acts against your business or employees. Creating training programs to educate employees on what constitutes harassment and discrimination, as well as putting processes in place about what to do in the event of an allegation, are good starting points.

When screening and hiring new employees, it is essential to create programs that help your hiring team vet candidates solely on their qualification for the job. Documenting your process helps everyone understand the requirements and will provide backup should issues arise.

It’s also a good practice to display all corporate policies as they relate to hiring and worker conduct in employee handbooks so the policy is available to everyone and can be reviewed when necessary. Many companies also ask employees to sign a document affirming they have read the employee handbook.

buy proscar online www.nicaweb.com/images/layout1/gif/proscar.html no prescription pharmacy

Unfortunately, all of the education and training in the world can’t stop a customer or vendor from claiming harassment or discrimination by one of your employees. But a carefully developed third-party EPLI plan that assesses your exposure and helps you completely cover your business can minimize your risk.

Phishing: Understanding Your Cyber Adversaries

Posted on by

Nearly two years ago, an infamous incident occurred where stolen pictures of celebrities flooded the internet. Originally, it was thought that this was due to an iCloud vulnerability that allowed a brute force attack. But it now turns out it was because of a simple social engineering phishing hack.

Phishing usually involves sending mass emails that masquerade as legitimate communications, coming from a trustworthy source like a big bank or credit card company. The phisher seeks to trick the recipient into clicking on a link or opening an attachment that downloads malware onto the victim’s computer. The malware can then be used for criminal activity including theft of sensitive data or money. While phishers may send thousands of emails, all they need are a few or even one individual to fall for their trick to get into the IT system. It’s easy to forget that security threats aren’t always the work of sophisticated technology geniuses with malevolent intent. As in the case of the celebrity photos, the method was relatively simple. However, it still caused reputational damage.

Cyber attacks don’t appear out of nowhere.

buy valtrex online www.delineation.ca/wp-content/uploads/2023/10/jpg/valtrex.html no prescription pharmacy

At the beginning and right through development and attack, humans are involved. Recently, we profiled half a dozen types of attackers. We call them the “Unusual Suspects.” An attack might start with the Professional working in the digital shadows seeking to make the most money possible from the damage they cause. Then you’ve got the Mules and Getaways who are on the front line, and will be the first to get caught when the law comes knocking. There are also Activists and Nation State Actors who are looking to change the world or steal information on behalf of their country’s government. And then there’s the Insider leaking sensitive information accidentally or on purpose with malicious intent.

bae - the usual suspects

These are all just some of personas BAE Systems recently identified as key threats to businesses and without them, cybercrime can’t exist.

Wising up to phishing attacks

In the IT space, one of the most common ways cyber criminals target employees of a company is through phishing. In the aforementioned celebrity photos case, court documents said Ryan Collins, 36, of Pennsylvania, hacked more than 100 people. According to reports in the press he used email names like ‘e-mail.protection318@icloud.com’ and asked for password details.

With these credentials, the hacker was able to go through email accounts looking for photos and videos, managing to get into around 50 iCloud accounts and 72 Gmail accounts mostly belonging to celebrities. It’s quite easy to imagine the damage hackers could cause if they got hold of corporate emails – think of the damage the 2014 Sony hack inflicted.

You can’t patch a human

Employees will always be a weak spot, and clever social engineering is leading to more examples of how this weakness can be exploited. The effects can be devastating. For example: a company that collects credit card data from its customers is at risk of a major data breach from a single employee clicking on an email leading to a website laced with malware. The financial and/or reputational damage and the related fines or compensation claims that result could be significant.

At its core, combating social engineering is a human problem that requires human solutions. In certain cases victims may violate policies, but it may often be the case that the rules or training were not clear enough for the employee to know they were doing something that could have serious consequences. And because humans are behind social engineering attacks, they are capable of evolving, matching the way the business world is using technology.

buy amoxil online www.delineation.ca/wp-content/uploads/2023/10/jpg/amoxil.html no prescription pharmacy

To mitigate against social engineering attacks, there needs to be security awareness and culture from top to bottom. This might mean ongoing training for employees to understand the threats, as well as the right policies and procedures in place. This helps employees understand the risk from social engineering and what role they have in preventing it. Remember, this all has to be done in tandem with putting the right technology in place.

Defeating the Unusual Suspects

Defending against cyber threats is all well and good, but what about catching these Unusual Suspects? This is difficult, because they use sophisticated tactics to escape detection–they are located all over the world, and use secure software to escape detection and remain anonymous, often routing communications through multiple countries to avoid being caught.

buy rybelsus online www.delineation.ca/wp-content/uploads/2023/10/jpg/rybelsus.html no prescription pharmacy

Fortunately this is a case where human fallibility is a good thing–criminals will make mistakes and leave digital finger prints that sophisticated analytics and forensic analysis can pick up. Finally don’t underestimate the power of human ingenuity–thanks to the efforts of security professionals, we’re finally getting to a point where the investigation of online crime is being slowly demystified and defenses put in place to mitigate the threat.