Игроки всегда ценят удобный и стабильный доступ к играм. Для этого идеально подходит зеркало Вавады, которое позволяет обходить любые ограничения, обеспечивая доступ ко всем бонусам и слотам.

The bebe Hack: Guarding Against Cyberbreach During the Holiday Shopping Season

Posted on by

bebe data breach

On Friday, retail chain bebe announced that it had identified an attack on computers that operate the in-store payment processing system. The attack may have exposed data from cards swiped in retail locations in the U.S., Puerto Rico, and the U.S. Virgin Islands between Nov. 8 and Nov. 26, including cardholder name, account number, expiration date and verification code. The breach did not impact customers who shopped online or in other international locations, bebe reported, and the company has hired a security firm to stop and investigate the attack.

Almost exactly a year after the massive Target hack, this latest incident comes after a steady stream of sizable breaches among retailers, including Home Depot, JPMorgan Chase and eBay. Consumers have begun to find these hacks increasingly less surprising, and stopped paying as much attention – a phenomenon many are calling “breach fatigue.”

But companies are not entirely off the hook. While Target is on the rebound and subsequent breach victims have endured less damage to consumer perception, these cybersecurity incidents still demand a notable amount of contingency planning and mitigation.

According to public relations and social media firm Affect, there are four keys to protecting brand reputation in the event of a security breach:

1) Develop a Fully Locked and Loaded Response Plan

In the digital age, it is essential to have a cyber attack plan in place as part of an organization’s crisis management strategy. Companies can get ahead of a crisis by leveraging social media to diffuse damaging situations. In order to prepare, be sure to anticipate and understand the kinds of threats that could influence your business and your industry.

“There are four phases of crisis communications: readiness, response, reassurance and recovery,” said Sandra Fathi, president of Affect. “In order to properly respond to a crisis, each stage must be ready to go at a moment’s notice — develop materials such as messages and prepared statements, prepare delivery channels like hotlines and social media platforms and train employees regarding awareness and organizational procedures.
buy filitra online https://galenapharm.com/pharmacy/filitra.html no prescription

2) The Customer is Top Priority

Arguably the most important step in maintaining a brand’s image amid a breach is to be honest with customers and inform them about what has occurred — the sooner the better, especially if their personal information is at stake. In fact, 47 states have Security Breach Notification Laws that govern communication with customers in the face of a security breach including the timeline for those communications. Several weeks elapsed before Target released an official statement to their customers and as a result, experienced massive backlash from customers, other organizations and the media alike.

Adam Levin, chairman and founder of IDT911, a provider of data risk and identity management services, believes every company needs to demonstrate three things in the wake of a data breach.

buy amoxil online www.methanol.org/wp-content/uploads/2022/08/png/amoxil.html no prescription pharmacy

“Urgency, transparency, and empathy are all critical. I don’t think they [Target] showed enough of those three,” Levin said in an interview with ABCNews.com. Not being upfront with customers can result in a loss of confidence in the brand that can hinder not only the company’s reputation, but could lead to a loss in revenue.

buy flexeril online www.methanol.org/wp-content/uploads/2022/08/png/flexeril.html no prescription pharmacy

3) Monitor the Situation in Real-Time

Social media can be a powerful tool but “with great power comes great responsibility.” While positive engagements boost a brand’s respect, companies must always monitor for negative interactions in real-time and be even more stringent during a security breach, as customers will turn to social media to respond to situations, regardless of their allegiance to the brand. Develop a Social Media Response Map that outlines anticipated situations and correlated standard responses to avoid any last minute shuffle. Don’t shy away from angry customers that continuously post adverse comments.

buy zydena online www.methanol.org/wp-content/uploads/2022/08/png/zydena.html no prescription pharmacy

Depending on the situation, it may be worthwhile to engage with these individuals in a private forum and resolve their concerns, taking the negative sentiments offline.

4) Don’t Repeat the Same Mistakes

For brands, it is especially important to not make the same mistakes twice. Customers may or may not forgive a first offense, so a second go-around is even harder to rebound from. Companies must carefully document and analyze each breach to identify how it happened, why it happened and how to prevent such an event in the future. Consider changing security vendors, deploying new software, re-training staff and amending company policies. It is also important to communicate these changes to customer to reassure them that a similar breach will not reoccur.

Captives under Scrutiny

Posted on by

A mere decade ago, captive insurers were viewed by most regulators as a small, even exotic part of the insurance industry. Most were assumed to be offshore and aroused little attention. Now, captives have gone mainstream. A sizable, but undetermined, portion of the property casualty coverage is placed through, or issued by, captives. A good guess is 30% to 40%, but no one has been able to establish an accurate number. Thirty-nine states have some form of captive or self-insurance law. Captives are now part of everyday life for regulators and the result is more scrutiny.

The issues now on the agenda for captives are significant:

• XXX and AXXX Reinsurance Captives

According to Superintendent Joseph Torti (Rhode Island), 80% to 85% of life and annuity insurance is ceded to reinsurers. Much of the so-called “excess reserves” required by Rules XXX and AXXX are ceded to captive reinsurers or special purpose vehicles owned by the same licensed life and annuity companies which cede the risk. Because the amount of this risk is so large, any trouble collecting this reinsurance could have a major effect on the industry. Some regulators, even a few who approved these cessions, have criticized these arrangements. In some cases, the collateral for the reserves has been subject to parental guarantees, which tends to undermine the confidence which can be placed in the transaction. The NAIC is continuing its examination and has met some stiff resistance from the industry.

• Multistate Insurers 

The proposal to amend the preamble to the NAIC Accreditation Standards to treat captive reinsurers as “multistate insurers” (with some limited exceptions) was withdrawn at the last NAIC meeting in Louisville. A new proposal should be forthcoming (and may have already been issued by the date of publication of this Newsletter). The premise of this proposed change is that non-domiciliary regulators need to know how insurance issued in another state may affect the citizens of their state. The opposite point of view is that the regulators of the domicile have done their job and should be trusted by their regulator colleagues and that the transaction should not affect third parties, anyway. Some say the risk to the domestic captive industry is existential. If enacted and enforced, the proposed change could, ironically, drive much of the industry offshore and therefore beyond the authority of the regulators promoting it.

• Nonadmitted Risk and Reinsurance Act

Captives have been inadvertently drawn into the regulatory structure imposed by this federal legislation intended to streamline the reporting and payment of surplus lines taxes. It has shined a spotlight on the payment (or non-payment) of state self-procurement taxes, but, ironically, does not in any way alter either the application of them or their payment. While risk retention groups (RRGs) were able to get an exemption from the law during its formative phase, captives, because they are (generally) single state entities and therefore not doing business as a “non-admitted” insurer, did not even attempt to get an exemption. Now there is a group, the Coalition for Captive Insurance Clarity, which is seeking a legislative exemption on Capitol Hill.

• Insurance Company Income Taxation

The Internal Revenue Service is investigating several insurance pooling mechanisms and, in some cases, the captives that have utilized them to establish third party risk—which is essential for an insurer to get the benefit of insurance tax treatment. This investigation is presumably a response to the rapid growth of “micro-captives” as mechanisms to assist with avoidance of taxation in estate planning and wealth transfer. This process is in its early stages, but is likely to produce some dramatic results.

• Federal Home Loan Bank (FHLB)

Who would have thought that the FHLB would have anything to do with captives?  It appears that some captives, and at least one risk retention group, are members of the FHLB, which allows them to obtain federal funds at advantageous rates. The Federal Housing Finance Agency (FHFA), which regulates the twelve FHLBs, has proposed a rule that would exclude all captives from membership by defining “insurance company” to mean an entity which “has as its primary business the underwriting of risk for nonaffiliated persons.”

Why is this happening now? While there are numerous reasons for these kinds of actions, there are two primary motivators. First, regulation is always subject to the problem of “what’s worth doing is worth overdoing.” Reasonable minds can differ on the interpretation of statutes and regulations. Each of the above includes an element of “pushing the envelope,” which can be significant or insignificant issues depending on your point of view. Second, captives have been caught in the vortex of regulatory competition. As we have discussed before in this column, the National Association of Insurance Commissioners (NAIC), the Federal Insurance Office (FIO), and the International Association of Insurance Supervisors (IAIS) are jockeying for position and power. Add to the mix the position of the Organization for Economic Cooperation and Development (OECD) that captives may be used as a device to avoid taxation (“base erosion” in OECD parlance), and you have a tumult of regulatory action which at the same time can be challenging and conflicting in its goals and implementation.

What does this bode for the future of captives? Once you have been seen on the radar, it is hard to drop off. Captives can expect more of the same for the foreseeable future.

This blog was previously published on the Morris, Manning & Martin, LLP website.

Companies Report Increased Optimism and Risk Appetite

Posted on by

Heading into the fourth quarter, private companies reported higher profitability, greater risk appetite, and notable plans for growth in 2015, according to a survey from PwC.

buy cipro online greendalept.com/wp-content/uploads/2023/10/cipro.html no prescription pharmacy

The Q3 “Trendsetter Barometer” reports that more companies are seeing profitability increases, and optimism about the U.S. economy rose to 63%—the highest level since early 2011.

The study’s most notable findings include:

PwC Trendsetter Barometer

About 80% of companies expect revenue growth in 2015, with almost a third projecting double-digit change. When planning for that success, the biggest anticipated challenges reported will include direct hits to the supply chain and the workforce:

PwC Growth

The Case of the $1.7 Million Laptop

Posted on by

Federal regulators are serious about data privacy. Two recent announcements from the Department of Health and Human Services signal a new tough stance on guarding patient information and, in particular, on encrypting portable electronic devices.

The announcements settled cases against Concentra Health and QCA Health Plans and called for substantial payments — .

buy cenforce online imed.isid.org/wp-content/uploads/2023/10/jpg/cenforce.html no prescription pharmacy

7 million for Concentra and $250,000 for QCA — as well as extensive correction programs.  They stemmed from the loss of just two unencrypted laptops.

buy mobic online imed.isid.org/wp-content/uploads/2023/10/jpg/mobic.html no prescription pharmacy

What exactly is encryption?  What are the rules?  What do these two cases tell us?  And how should health care providers respond?

Encryption is the process of encoding or “scrambling” a message in such a way that the information becomes indecipherable to an unauthorized recipient. The message or information is encrypted using an algorithm that renders it unreadable. Only an authorized recipient, using a key, can convert it back into usable text.

HIPAA’s Security Rule is clear: Any electronically stored patient information must be safeguarded by encryption or an alternative reasonable means.  If an organization does not encrypt, it must document its decision and the reasons it was deemed not reasonable and appropriate.

In Concentra’s case, the settlement showed that Concentra Health knew that 163 of its 597 laptops were unencrypted. As luck would have it, the laptop stolen from Concentra ended up being one of the unencrypted devices. The investigation, by HHS’s Office for Civil Rights, revealed that Concentra did not take steps to encrypt this known inventory of unencrypted laptops. On top of that, Concentra did not document its reasons for failing to encrypt, nor did it adopt a reasonable alternative safeguard.

OCR did not look kindly on this. Ultimately, as a result of the investigation, Concentra agreed to a $1.7 million settlement payment as well as a burdensome and lengthy corrective action plan that can expose Concentra to additional penalties.

QCA Health Plans reported the theft of an unencrypted laptop from an employee’s car; an incident that affected only 148 individuals. Despite the low number of individuals affected, QCA paid $250,000 to settle potential violations of the HIPAA Privacy and Security Rules.

The Office of Civil Rights found that QCA had failed on a number of other fronts. They were systematically non-compliant. QCA didn’t establish a security program; they didn’t properly assess the risks of using Electronic Patient Health Information (ePHI) and they didn’t physically guard their equipment.

Doing the math, QCA settled for about $1,690 for each lost record—a hefty sum per person affected, and a cost that would have easily been avoided had the laptop been encrypted or proper security procedures put in place.

Looking at the bigger picture, the cost of encrypting a single laptop can be as low as $100. And larger institutions can obtain volume discounts, which can, at times, drive down costs to as low as $50 to $80 per device.

The message is clear. It makes sense to make sure every single device – without any exceptions – is encrypted. Or, as an alternative, to document the reasons for a different approach. And as the OCR explained in the QCA Health Plans case, a company has to have an established safety program.

buy pepcid online imed.isid.org/wp-content/uploads/2023/10/jpg/pepcid.html no prescription pharmacy

Looking at Concentra Health, it’s worth noting that they had already invested in encryption for nearly three quarters of their portable devices. They could have brought the rest into compliance for a fraction of the ultimate cost. Instead a single stolen laptop cost the company $1.7 million.