Skip to main content
Monthly Archives

January 2014

SURVEY: MANY COMPANIES LACK RISK MANAGEMENT

By Risk Management Bulletin

Most privately held businesses have not implemented effective steps to protect themselves against a variety of risks, according to a recent nationwide study.

The Chubb 2013 Private Company Survey, based on interviews from executives at 450 U.S. companies, uncovered a number of disturbing conclusions. For example:

  • Although nearly three in four of respondents (73%) use a third-party provider to administer their employee benefits plan, fewer than half (46%) have taken steps to reduce their fiduciary liability.
  • Only two in five (42%) have a broad policy against hiring employees with criminal backgrounds, which could be a violation of state law.
  • Among the more than two in three companies( 68%) that use social media, only one in ten (12%) percent are concerned about being sued for defamatory posts, while fewer than half (48%) have a written social media usage policy for employees.

During the past three years, approximately half of respondents suffered at least one loss from such exposures as employment practices liability, fiduciary liability, crime, workplace violence, and cyber liability.

“Many private companies have not taken loss prevention measures or purchased the appropriate insurance to help insulate themselves from litigation, government fines, and their related financial and reputational consequences,” says Tracey Vispoli, Chubb Senior Vice President and Specialty Insurance Global Customer Segments Leader. She add that, “This is surprising, because a large number of these firms have been sued in recent years by employees, customers, government agencies; and other parties; and many are planning to participate in activities such as mergers that can increase their risk profile.”

How effective is your risk management program?

DATA BREACH RISK REDUCTION: BACK TO THE BASICS

By Risk Management Bulletin

In its 2013 Data Breach Investigations Report, Verizon Enterprise found that nearly three in four cybersecurity breaches (74%) to small businesses are “crimes of opportunity” that occur because a hacker notices and exploits a weakness in the system: the cyber equivalent of a robber seeing a window propped open and a wallet on the sill.

The report also shows that nearly half of these breaches (48%) result from basic mistakes by non-technical employees with no expertise in in data security.

To protect themselves against financial losses from stolen or compromised client information, more and more firms are carrying cyber liability coverage. However, a preventive approach that focuses on beefing up IT security can play a key role in minimizing costly claims from data breaches– which helps keeps premiums under control and reduces the time, expense, and hassle of litigation from angry clients.

Ted Devine, CEO of TechInsurance (Allen, TX), recommends that businesses reduce this risk exposure by going “back to the basics.”

  1. Provide training. Make sure that non-tech employees understand and implement best practices for storing data, sharing files, and transporting hardware.
  2. Encourage password security measures. According to the Verizon Enterprises report, more than three in four data breaches (76%) take place because a hacker is able to guess a password. The solution: create strong passwords and update them regularly.
  3. Use antivirus software.
  4. Encrypt sensitive data and limit access to it.
  5. Set up protocols for off-premises work.

For more information, see the article “Workers’ Electronic Devices Pose Risks for Employers” in this newsletter).

If you’d like a complimentary review of your company’s data security procedures, just give us a call.

WORKERS’ ELECTRONIC DEVICES POSE RISKS FOR EMPLOYERS

By Risk Management Bulletin

The widespread practice of employees bringing their own electronic devices to work can be risky for businesses. However, despite the growth of this trend, one nationwide study found that 60% of companies surveyed had no policy for dealing with remote access, while 80% provided no training about the potential risks involved.

One key issue with the use of these devices is the blurring of lines between employees’ personal and work life, which involves such questions as: 1) potential violations of employees’ privacy rights; 2) whether firms should buy electronic devices for lower-level workers who would not purchase them on their own; 3) who backs up the data and where; 4) whether companies should pay overtime when workers use these devices outside of regular hours: and 5) who owns the data (an issue that can arise when an employee leaves the company).

Another major danger involves a firm’s loss of control over its data.

The good news: you can take steps to reduce these risks. For example, workers should be sure to use effective password protection procedures. Warns one data security specialist, “Don’t just use ‘1234,’ and whatever password you choose, never put a sticky note on the back of your device.” Experts also recommend loading security apps onto devices to protect them and requiring workers to turn on the remote erasure capabilities of their devices.

Last, but not least, make sure to encrypt data on all devices. (Many states exempt companies from notifying clients about a data breach on lost or stolen devices if this information is encrypted).

Our specialists would be glad to offer their expertise on helping you reduce the risks of your workers using mobile devices on the job.

RISK MANAGEMENT LESSONS FROM THE EXXON VALDEZ

By Risk Management Bulletin

Twenty-five years ago, the oil tanker Exxon Valdez struck a reef in Prince William Sound, AK, spilling more than 11 million gallons of crude oil – an environmental catastrophe that cost ExxonMobil $507 million in punitive damages (not to mention the impact to the company’s reputation).

In the wake of this disaster, the giant conglomerate implemented a fundamental shift in its corporate culture to stress safety and preparedness throughout the organization – a focus that businesses from mom-and-pop retail stores to construction companies can use to manage risk. Rather than simply publishing policy and procedural guidelines, ExxonMobil management stressed the need for workers to execute every task, even the most basic, with care and consideration for unintended consequences. For example:

  • Employees were told to back their cars into parking spaces so they could see clearly if they needed to pull away during a potential emergency.
  • Daily acts that might have hazardous consequences (such as not turning off a coffee burner or wiping up after a spill) could lead to written reprimands.
  • Departments organized safety meetings and competitions, with prizes for acts as minor as making sure that file drawers were closed. Managers and workers used these sessions to share stories of near misses or catastrophes averted. This approach was so pervasive that it spread to sharing safety tips for employees’ personal lives.

The result: dramatic reductions in insurance claims (and premiums) litigation, on-the-job accidents, and lost worker hours – not to mention human misery.

Your business can learn from ExxonMobil’s example by creating and promulgating your own culture of preparedness.

As always, our agency stands ready to help you implement a comprehensive risk management program.

HELP KEEP YOUR NEW WORKERS SAFE

By Workplace Safety

Insurance statistics show that recently hired employees are far more likely to suffer on-the-job injuries than more experienced workers.

Here are some of the causes behind injuries to new hires – and what can you do to curb these mishaps:

  1. Employers assume new employees know more than they really do. Orientation offers an opportunity to find out how these workers know about safety.
  2. Many new employees are afraid to ask questions. Supervisors need to tell these workers there are no “stupid” questions about safety. Many workplaces assign an experienced employee to guide and mentor new hires.
  3. Because the environment is unfamiliar people don’t know what to do in an emergency. Make sure new employees familiarize themselves quickly with the facility and receive training in emergency procedures.
  4. Employee training focuses on tasks, not safety. Job instructions should address potential dangers and how to avoid them.
  5. Employees lack knowledge about hazardous substances. Provide appropriate raining when assigning new workers to jobs that could expose them to hazardous materials.
  6. New workers don’t understand the importance of personal protective equipment. Injury statistics show that an alarming number of new workers weren’t wearing PPE that could have prevented or reduced the severity of the mishap. Make sure your orientation includes information about selection, use, and care of PPE.
  7. The worksite doesn’t convey the message. New employees need to see a workplace that’s clean and orderly, supervisors who answer safety questions promptly and politely, and frequent drills in emergency procedures. The initial impression can make a huge difference in the new worker’s attitude toward safety.

We stand ready to offer our professional advice on helping you keep all of your employees safe on the job.

WHAT’S IN YOUR HAZCOM PLAN?

By Workplace Safety

If your business uses hazardous chemicals, OSHA requires you to provide a written hazard communication (HazCom) plan?

In case of an accident, your plan is the first thing a compliance officer will ask to see. Although it doesn’t have to be long or detailed, this document must be well thought out, clear, and comprehensive.

Your HazCom plan should include:

  • Policy statement. Explain the purpose of the plan and express your commitment to letting employees know how they can protect themselves from chemical hazards
  • Plan administration. Describe the duties of the program administrator and others with responsibilities for different aspects of the plan, together with contact information.
  • Updates and reviews. Schedule updates and reviews of the plan at regular intervals and whenever new hazards are uncovered.
  • Plan availability. Explain how employees and government regulators can access the document.
  • Labels. Describe the requirements for container labeling.
  • Safety data sheets (SDS). Set procedures for ensuring that employees can obtain necessary sheets.
  • Employee training. Identify information about hazardous chemicals for communication to employees in comprehensive training sessions, with follow-up.
  • Nonroutine tasks. From time to time, employees might need to perform nonroutine tasks that could result in temporary exposure to hazardous chemicals. Your plan should include a statement that, in these cases, you will provide workers with information on the hazard, appropriate safety measures or equipment, and methods of reducing the danger.
  • List of hazardous chemicals. Attach a list of hazardous substances that includes each chemical’s name. number, manufacturer, and areas in which the chemical is used.

For a complimentary review of your HazCom plan, feel free to get in touch with the workplace safety professionals at our agency. We’re always here to serve you.

THE ABCS OF HHES

By Workplace Safety

Although you’re usually well aware of workplace health hazards, they might not always be obvious. A health hazard evaluation (HHE) from the National Institute of Occupational Health and Safety (NIOSH) can determine whether your workers are exposed to hazardous materials or harmful conditions that might create health problems.

An HHE request can be filed by any employee (with the signature of two other workers), a union officer, or a manager. NIOSH will keep the name of the requestor confidential, if asked.

The agency logs in the request and usually sends a letter to the person making the request within a few weeks. If NIOSH decides that a phone consultation or a workplace visit is needed, it assigns a project officer within four to six weeks who will get in touch with the requesting party If this is an employee or union, the agency will inform the employer about the request and arrange to visit the site (NIOSH seldom conducts surprise visits).

The agency reports its initial conclusions to employers, employees, and employee representatives, either during a conference at the conclusion of a site visit, or by telephone. After analyzing all the information and data, NIOSH gives a final report of findings and recommendations, with copies to the requesting party, employer, union representative, OSHA, and other appropriate agencies.

The agency requires the employer is required to post the final report in a place accessible to employees from all areas evaluated. Although NIOSH cannot force an employer to adopt its recommendations, experience has shown that most employers attempt to address the problems the report identifies.

For more information, feel free to give us a call.

COMP SCAMS: BEWARE OF THESE ‘RED FLAGS’

By Workplace Safety

Workers Compensation fraud is a widespread and serious problem that’s not only illegal, but leads to higher insurance premiums for all businesses – including yours.

According to industry experts, Comp-related scams often involve one or more of these “red flags.” Although no one sign should necessarily be cause for alarm by itself, two or more should raise suspicions and could trigger an investigation of the claim:

  1. Monday morning report of injury. The alleged injury occurs first thing on Monday, or late Friday afternoon, but is not reported until Monday.
  2. Change in employment status. The reported accident occurs immediately before or after a strike, job termination, layoff, end of a major project, or the conclusion of seasonal work.
  3. Suspicious providers. The claimant’s medical provider or legal consultant has a history of handling dubious claims.
  4. Lack of witnesses. No one else saw the accident and the employee’s description does not support the cause of the injury.
  5. Conflicting descriptions. The employee’s account of the accident doesn’t match with the medical history or injury report.
  6. History of claims. The employee has filed a number of questionable or litigated claims.
  7. Refusal of treatment. The claimant declines a diagnostic procedure to confirm the nature or extent of the injury.
  8. Late reporting. The employee delays reporting the incident without a reasonable explanation.
  9. Elusiveness. The allegedly disabled employee is hard to reach.
  10. Instability. The claimant changes physicians, addresses, or jobs frequently

If one of your workers files a claim that has some of these warning signs, be sure to let us know. We’ll work with you and your Workers Comp carrier to check it out.