Temps Are Making a Comeback. Are They Right for Your Business?

by J Easto29. July 2014 08:22

temp worker surrounded by the tools of his trade

When the economy fell apart in 2008, the market for temporary workers spiraled with it. But according to the data crunched by ESMI, a CareerBuilder company, the number of temporary workers in the United States hasn’t just recovered – it’s booming.

Almost every major metropolitan area has seen substantial growth in the temporary help sectors, with Raleigh, NC; Kansas City, MO; and Indianapolis, IN rounding out the top three.

According to ESMI, a healthy temporary help market is a strong indicator of fulltime hiring trends. That’s good news. But before small-business owners decide to hire a temporary worker, they need to understand the risks.

What Small-Business Owners Need to Know about Temporary Workers

Temporary workers, as the name suggests, are workers that a business hires for non-permanent work. Sometimes, these workers are referred to as “independent contractors.” Generally speaking, a small-business owner hires a contractor for…

  • A specific project with a definite end date.
  • Sporadic freelance work.

It’s important to realize that a temporary worker is not the same thing as a part-time employee (though they may work only a few hours a week for your business). In fact, some contractors work 40 hours a week. Why does this matter? Because the IRS cares about the classification of your workers. It determines your tax obligations, among other employer requirements. If you accidentally classify an employee as a temporary worker (or vice versa), your business could be fined.

What’s the Difference between an Employee and an Independent Contractor?

One of the perks of hiring independent contractors is that employers can potentially cut some costs. When you hire a permanent employee, you must…

  • Pay a portion of their Social Security and Medicare taxes.
  • Contribute to other benefits, such as disability and healthcare (if applicable).
  • Follow fair wage and overtime laws.
  • Insure them with Workers’ Comp coverage (depending on your state’s laws).

Because independent contractors are not permanent employees, employers don’t have to worry about benefits or other tax obligations. However, it’s not always easy to tell whether a worker should be classified as an employee or as an independent contractor. The IRS doesn’t have a cut and dry definition, either. Instead, it looks at several factors of the job, including…

  • How the worker does their job (behavioral).
  • How the worker is compensated by the employer (financial).
  • What type of employer-worker relationship has been established (type of relationship).

(For a more detailed explanation, visit the IRS’s Independent Contractor or Employee? page.)

The Consequences of Misclassifying an Employee as an Independent Contractor

The cost of misclassifying an employee – intentionally or unintentionally – can be expensive. Take a look:

  • Fines and penalties. If the IRS determines that you’ve misclassified an employee, you may be fined. You’ll also have to pay the back employment taxes that have accrued while the employee was misclassified.
  • Lawsuits. If a worker believes they’ve been misclassified as an independent contractor, they can sue your business. (Check out “$2 Million Fine for Misclassifying Employees” for a real-world example.)
  • Workers’ Compensation Insurance fines. There’s a good chance that if you’ve misclassified temporary workers on your payroll, you’ve misclassified them on your Workers’ Compensation Insurance as well. In most states, independent contractors don’t have to be covered with Workers’ Compensation Insurance. But misclassifying employees can result in hefty fines – and criminal charges.

In order to avoid these consequences, be sure to carefully classify your employees. But even preventative measures can’t prevent all employment lawsuits. That’s where Employment Practices Liability Insurance (EPLI) comes in. This policy covers the cost of employment lawsuits – from your lawyer fees to judgment and settlement costs.

how is your business exposed

EPLI on Wall Street: The Goldman Sachs Gender Lawsuit

by J Easto28. July 2014 08:30

man with a head start racing a woman

Two former Goldman Sachs employees are suing the investment bank for gender discrimination. And according to Bloomberg Businessweek, Cristina Chen-Oster and Shanna Orlich have recently filed papers requesting class status. If granted, Goldman Sachs won’t have just one employment lawsuit on its hands, but the cases of thousands of women.

Many people aren’t surprised by the women’s “boy’s club” allegations. This isn’t the first time a major financial institution has come under scrutiny for workplace discrimination charges. But just because behavior is common doesn’t mean it’s legal.

Goldman Sachs denies the allegations. But even if a judge determines that the company did nothing wrong, the lawsuit is still going to cost them money.

What Are the Grounds for a Gender Discrimination Case?

In the United States, there are laws that protect certain groups of employees from workplace discrimination. Under these laws, women can’t be treated differently from their male counterparts simply for being women. (Check out “Employment Discrimination Lawsuits: Case Studies” for more real-world examples.)

But what are the telltale signs of gender discrimination? Take a look:

  • Wage discrepancies. Female employees cannot be paid less than their male counterparts for doing similar work. The Goldman Sachs lawsuit alleges that female employees are paid up to 21 percent less than their male colleagues with comparable experience.
  • Unfair promotions. Women who qualify for promotions cannot be passed up for advancement simply for being female. Women were promoted “more slowly and more reluctantly than men” at Goldman Sachs, according to the lawsuit.
  • Hostile work environments. Workplaces and their culture cannot create an environment that is hostile to women. The Goldman Sachs lawsuit mentions numerous occasions were strip club outings promoted a “boy’s club” atmosphere.
  • Punishment for pregnancy. Women cannot be punished or fired for having children. The lawsuit notes that women at Goldman Sachs saw their responsibilities diminished after becoming mothers.

Someone might argue that some of these situations seem hard to prove. For instance, a woman might think she was unfairly passed up for a promotion when really her boss chose a more qualified candidate.

Problems arise when employers cannot support their decisions and when evidence suggests that the only difference between one employee and a promoted employee is gender. Goldman Sachs’s promotion decisions appear opaque to employees. And unless the company has documented proof to substantiate the slow advancement of its female employees, it could be found guilty of gender discrimination.

What Can Small Businesses Do to Avoid Gender Discrimination Lawsuits?

Discrimination lawsuits are not just an issue for big businesses. Even the smallest employers can be accused of gender discrimination. That’s why it’s important for small-business owners to…

  • Review employment laws.
  • Train employees in workplace discrimination and harassment prevention.
  • Create and follow written protocol that actively discourages discriminatory practices.
  • Keep documentation for all employment decisions, including hiring, firing, training, and promotions.

For more tips, read “How Small-Business Owners Can Prevent Employee Discrimination Lawsuits.”

Keep in mind that employees can sue you for discrimination even when you’ve taken preventative measures to avoid such claims. That’s why small businesses often carry Employment Practices Liability Insurance. This insurance policy covers the expenses of an employment discrimination lawsuit, including lawyer fees, judgments, and settlements.

know your business risks

Liability Insurance vs. Property Insurance: What's the Difference?

by J Easto25. July 2014 08:26

destroyed property

Small-business owners must purchase a number of different insurance policies to protect their businesses, so understanding the difference between Liability Insurance and Property Insurance is an important way to make sure you know what you're getting. Take a look:

  • Liability Insurance covers the expenses that result when things you do (or fail to do) cost someone money. Namely, this includes lawsuits – whether you go to trial or settle the dispute out of court.
  • Property Insurance protects the stuff your business owns by paying to repair or replace damaged items after a covered event.

Small businesses need both of these coverages because they work together to make sure you have enough money to pay your bills when an incident or loss threatens your business. A lawsuit or property damage could wipe out your savings, put you in debt, and require that new revenue go toward legal bills or repair costs. Meanwhile, your business suffers.

But when you invest in Business Liability and Property Insurance, your insurance company – not your bank account – handles sudden financial burden.

What Insurance Protects You from Lawsuits? (Hint: Business Liability Coverage)

A “liability” is something that your business is legally responsible for. When you are “liable” for causing someone a loss, you are legally responsible for “making up” the loss, usually with money. And that’s where lawsuits come into the picture. Business Liability Insurance helps you pay for the cost of lawsuits and other expenses that you are legally responsible for.

Say an advertising firm rolls out a new social media campaign for a local restaurant. What happens if the restaurant’s sales don’t improve? It could sue the marketing firm, claiming it failed to fulfill its professional responsibilities.

The firm must now hire lawyers. These lawsuits can take years to go to trial, and the final cost could be huge. After paying for a client's lost profits, damages to their reputation, and other court-ordered remunerations, the firm could pay over $100,000 in total expenses.

Because small businesses don't have that kind of money, they invest in policies that offer liability coverage for…

  • Lawyer fees.
  • Settlements (when you resolve the dispute out of court for a set sum of money).
  • Judgments (the damages a judge orders you to pay when you lose a lawsuit).
  • Miscellaneous court and legal fees.

It's important to know that there are many kinds of liability insurance. Small businesses need to have different liability policies to cover different types of lawsuits, such as…

How Does Property Insurance Work?

When you buy Property Insurance, the insurance company can insure equipment, computers, supplies, inventory, offices, and other business property against loss or damage.

Property Insurance covers damage that result from the specific events outlined in your policy. Common covered events include…

  • Fires.
  • Thefts.
  • Acts of vandalism.
  • Some weather events.

Say a fire burns down a non-profit medical clinic. The NPO loses tens of thousands of dollars’ worth of medical equipment. In addition, the clinic must repair its building, replace furniture, and spend money on cleanup costs.

A Property Insurance policy covers all of these expenses, and some policies even cover the income you lose if your business has to shut down after a covered event. See our Business Interruption Insurance page for more on how your insurance helps pay your bills when your business suffers too much damage to operate normally.

As a small-business owner, you might qualify for a lower Property Insurance rate if you purchase this policy together with General Liability Insurance. This insurance bundle is called a Business Owner's Policy and offers a discount to qualifying small businesses.

It Takes Two: How to Get Business Liability Insurance and Property Insurance

These two types of coverage work together to protect your business from sudden bouts of bad luck. Whether it's a client lawsuit, a Workers' Comp claim, or a property loss, your insurance protects your business from the unexpected expense.

For free quotes for any of the small business insurance policies described above, fill out our online insurance form

protect your assets

Allied Health Professionals: Why Your Data Isn't Safe

by J Easto24. July 2014 08:15

two doctors with a tablet

Healthcare professionals are less prepared for a cyber attack than any other industry. As reported on the FierceHealthIT website, experts believe that the healthcare industry is more vulnerable to attacks than even retail or financial services industries. Why? Because more and more healthcare professionals are switching to electronic records without taking the data security measures to keep those records safe.

This news is particularly troubling because, as you well know, healthcare professionals have HIPAA and HITECH laws to contend with. When you violate these regulations, you’re penalized with heavy fines, making a healthcare data breach more expensive than standard breaches. (For more information, check out our other posts on HIPAA data breaches.)

What Do Hackers Want with Health Records Anyway?

Hackers don’t steal information for the fun of it – they steal to make money. The whole point of breaking into a business’s network is to find valuable information (names, credit card numbers, etc.) to sell on the black market. Other criminals then pay for this information in the hopes that they “steal” someone’s identity to make purchases or pilfer from their bank accounts.

What does this have to do with health records? A complete health record contains information that makes it easier for a criminal to assume the victim’s identity. As FierceHealthIT notes, an average data record can sell for about a buck on the black market. But a medical record with a “complete identity profile” can sell for $500.

In other words, hackers have more incentive to break into a healthcare professional’s network. And many healthcare professionals are making it easy. According to the article…

  • 50 percent of healthcare CIO describe their data security “abilities” as average.
  • Many healthcare facilities have leaked their own data.

So what can a healthcare professional do?

How Allied Health Professionals Can Combat Cyber Criminals

How can you make your healthcare business a less desirable target for hackers? Unfortunately, there is no getting rid of your valuable health records. That means you have to do all that you can to protect those records and secure your network. These tips can help:

  • Use strong passwords. This means using complex letter-and-number passwords for each account. You should also use a different password for each account.
  • Limit access. Only people who need to have access to sensitive information should have access. Remote hackers aren’t the only people stealing businesses’ information. In fact, most data breaches occur because of human error (such as accidentally releasing records) or thieving employees. Don’t forget to make sure employees who have been fired or who have moved on no longer have access to your network.
  • Don’t let employees take data home. Sometimes it’s tempting to allow employees to work from home, but you should never allow sensitive information to leave your office. For one thing, you have no control over how secure the employee’s home network is. For another, it’s easy for your business’s thumb drive to pick up malware from an outside computer. For the same reasons, it may also be a good idea to limit the use of personal devices (your employees’ smartphones, tablets, etc.) on your business network.
  • Encrypt your data. You should always encrypt data on your network – and keep the encryption keys in a completely separate location. Experts distinguish between a “secure” data breach (one in which data can’t be used because of proper encryption techniques) and an “unsecure” data breach (one in which data can be stolen and used). A data breach still costs money, but one that results in actual identity theft will cost even more.
  • Use firewalls and antimalware software. Every network should be protected by a firewall, and your business should use effective, updated antivirus and antimalware protection. Don’t be afraid to contact an IT consultant to help you choose and install this protection. Malware is constantly evolving, so it’s important to have top-level security software.

Unfortunately, there are no guarantees when it comes to data security. You can take all the proper preventative measures and still be breached. That’s why Healthcare Cyber Liability Insurance was invented. It helps you pay for the expenses of your data breach response. This may include reimbursement for lost profits, customer outreach, credit-monitoring services, damage-control marketing campaigns, and more.

To learn more about your insurance options, contact an agent that specializes in healthcare small business insurance at 1-800-688-1984

how is your business exposed

Tracy Morgan Lawsuit against Walmart Highlights Commercial Auto Liability Issues

by Ruth Awad23. July 2014 08:13

car accident

According to an article by The Hollywood Reporter, comedian Tracy Morgan is suing Walmart for negligence. Walmart’s driver Kevin Roper, running on 24 hours without sleep, reportedly ran his truck into a limousine transporting Morgan and passengers on a New Jersey turnpike. Though all passengers sustained serious injuries that required hospitalization or surgery, comedian James McNair didn’t survive the crash.

Morgan’s suit alleges that Walmart should have known it was unreasonable for Roper to drive 700 miles before his shift and that Roper’s fatigue was the cause of the accident. The claim also notes that Walmart routinely breaks shift limit regulations established by the Federal Motor Carrier Safety Administration.

Though Roper was behind the wheel, the suit aims to make Walmart take responsibility for their driver’s actions. The plaintiffs – Morgan, his assistant Jeffrey Millea, Krista Millea, and comedian Ardie Fuqua – are seeking compensatory and statutory damages, punitive damages, and legal fees. In addition to suing for negligence, Krista Millea is suing for loss of consortium.

But this lawsuit isn’t just an anecdote. It’s a lesson for small-business owners. Let’s unpack it and see what you can learn from this unfortunate accident and subsequent lawsuit.

Lessons Learned from Tragedy: How to Safeguard Your Small Biz on the Road

Perhaps the most notable reminder from the Morgan lawsuit is simply this: your employees represent your business in every capacity. And when they drive on behalf of your business, you can be held liable for their mistakes and accidents – even if they happen in vehicles your business doesn’t own.

If you’re like most small-business owners, you likely don’t have the funds to defend your business against a negligence lawsuit spurred by an auto collision. It doesn’t help that these claims are some of the most costly that a person or business may face.

Fortunately, there are two ways to ensure your business has the funds to defend itself against such a lawsuit:

  • Commercial Auto Insurance. Let’s say you’re a professional installer, and your utility truck is in your business’s name. Chances are you need Commercial Auto coverage for adequate protection. At its most basic, this policy can cover your vehicle against loss or damage caused by collisions or theft. However, to spare yourself the cost of a lawsuit, you want a policy that also offers liability protection.
  • Hired and Non-Owned Auto Insurance. If your business rents vehicles or relies on its employees to use their personal vehicles for business errands (e.g., a caterer), this is the option for you. Hired and Non-Owned Auto Insurance covers your business’s legal expenses when it’s sued over auto accidents in borrowed vehicles. However, this type of auto coverage doesn’t cover physical damages to the vehicles.

How to Find Appropriate Commercial Auto Coverage

To find appropriate insurance coverage for your business’s vehicles, answer the following:

  • Does your business own its vehicles? If so, state laws usually require you to carry Commercial Auto Insurance. Your rates vary depending on where you live, the kind of vehicle(s) your business owns, your claims history, and other factors. To learn more, read “What Goes into a Quote for Commercial Auto Insurance?
  • Do you rely on employees to drive personal vehicles for business errands? If so, consider adding Non-Owned Auto Insurance coverage to your business protection plan. Your employee’s personal auto coverage should protect them if they are sued over an accident that happens while running errands for your business in their own vehicle. This policy only covers your business when it is sued over the same accident.
  • Do you rent vehicles to use for business? You may be able to save money on your rental insurance if you carry Hired Auto Insurance. Keep in mind that Hired Auto coverage only addresses your business’s liability in auto accidents. It won’t pay for physical damage to the rented car.

For more information on Commercial Auto Insurance and Hired and Non-Owned Auto Insurance, contact one of our small business insurance agents.

know your business risks

The OTHER Way Data Breaches Hurt Small Businesses

by J Easto22. July 2014 08:13

woman at computer looking frustrated

Last week, we looked at the ways in which small businesses can be the targets of data breaches in our post “Cyber Insurance: Why It Matters, Where You’re Exposed.” In general, small-business owners might not understand how data breaches work, and so they don’t take the security steps to avoid them.

But small businesses can be affected by cyber crime even when they aren’t the primary targets of the breach. Technology trends and analysis site CIO.com points out a subtler way that big-name data breaches (such as Target’s last year) affect small businesses: by disrupting their automated payments.

How Big-Box Data Breaches Put Stress on the Little Guy

Imagine you are a small-business owner who relies on monthly customer subscriptions – a magazine or a yoga studio, for example. To make it easy on your customers, you allow them to sign up for automated payments. Once a month, a fee is automatically deducted from their accounts and placed into yours.

But here comes the Target data breach, which according to CIO.com, affected 84 percent of financial institutions. Bank after bank deactivates their clients’ debit and credit cards as a precaution. Next month, several of your customers’ automatic payments can’t be processed because their cards have been disabled and they forgot to update their information with your yoga studio.

Now you’re out a good portion of your monthly revenue, and you’ll have to put in extra hours to contact your customers and ask them to fulfill their payments.

How Can Small Businesses Avoid the Costs of Data Breaches?

As CIO.com reports, it’s “easy” to think that hackers will never target your business. But with the growing number of big-name breaches, it won’t be so easy to escape their wrath.

So what do you do? Try these tips:

  • Make a plan. On CIO.com, Dr. Larry Ponemon, founder of the Ponemon Institute, notes that companies – big and small – need an “Incident Response Plan.” This is written protocol that outlines your data breach response. The average data breach already costs businesses about $3.5 million (think lost revenue in addition to the data breach investigation and repair). But Ponemon says that without an Incident Response Plan, business can expect the average cost to rise 10 to 15 percent.
  • Have a form email ready. Because you can be affected by other business’s data breaches, have a form email or letter ready so you can notify your customers that they need to update the credit cards they have on file with your business. This saves you a lot of time and energy in the long run.
  • Hire a security consultant. Ponemon also recommends hiring a professional to take a look at your data security defenses. Does your business allow employees to use their own devices at work? Do you encrypt sensitive information? Do you use secure passwords? An IT professional can take a look at these issues and much more.
  • Get Cyber Liability Insurance. Cyber Liability Insurance helps businesses pay for the cost of a data breach – notifying customers, investigating and repairing the breach, offering credit monitoring services, and more. It’s important to realize that the other liability insurance you may have (General Liability, for example) does not protect your business from the cost of a data breach.

For more information on cyber security, check out our other blog posts on data breaches.

protect your assets

How Small Businesses Can Avoid Employment Law Fines

by J Easto21. July 2014 07:48

The Fair Labor Standards Act of 1938 (FLSA) established several employment regulations that many of us take for granted today: a 44-hour max workweek (and time-and-a-half overtime for certain jobs), a national minimum wage, and child labor laws.

Still, FLSA violations are not uncommon. Business News Daily cites a 2011 study that found 56 percent of surveyed business owners had been sued for FLSA violations in the past 10 years – and almost 27 percent of those business owners had been sued more than once.

Below, we summarize Business News Daily’s advice for avoiding these violations.

5 Ways to Avoid FLSA Violations

1. Try to sort out the issue through arbitration. Arbitration is a way to resolve a dispute before it goes to court. Much like a judge, a neutral third party listens to both sides of the argument and comes to a decision. The difference? Arbitration is usually much faster and cheaper than a court trial. You can include an arbitration clause in your employment contracts. When an employee signs, they give up their right to participate in a class-action or multi-party lawsuit.

2. Conduct regular wage and hour audits. Because job duties are constantly evolving, it’s a good idea to have regular audits to ensure you are in compliance with FLSA guidelines. What do you need to look out for? Exempt and nonexempt employee classifications, overtime calculations, and compensable hours.

3. Properly classify workers. Business News Daily reports that there are two common types of misclassification: classifying employees as interns or independent contractors when they aren’t and classifying an employee as exempt from minimum wage and hour payments when they aren’t. We’d like to add that in addition to FLSA fines, misclassifying employees can lead to Workers’ Compensation Insurance fines, too.

4. Know what “compensable hours” are. When employers don’t understand what the FLSA means by “compensable hours,” they can get into trouble. Employers must pay employees for “all time spent in physical or mental exertion.” This can include lunch breaks. If you don’t keep track of all these hours, you may violate minimum wage or overtime regulations.

5. Swiftly address complaints. Communication is key. If an employment complaint is brought to your attention (or to a supervisor’s attention), it should be addressed immediately. You should have established protocol for addressing such complaints – including seeking legal counsel when necessary.

What Happens When You’re Served with an Employment Lawsuit?

Despite taking precautions, there’s still a chance your business might one day face an employment lawsuit. That’s just the nature of the game. Fortunately there is something you can do about it: carry small business insurance.

Most employment lawsuits can be covered with Employment Practices Liability Insurance (EPLI). This policy covers wage disputes, wrongful termination claims, workplace discrimination and harassment claims, and more.

As we mentioned above, FLSA claims related to employee misclassification may overlap with Workers’ Compensation Insurance violations. As you likely know, Workers’ Comp regulations vary from state to state. You can avoid these violations by following your local laws. (Check out our guide to Workers’ Comp laws for more information.) However, most Workers’ Comp Insurance policies come with Employer’s Liability Insurance, which pays for the cost of lawsuits over workplace injuries.

If you are interested in purchasing these policies, you can receive free, customized insurance quotes by submitting an online insurance application.

know your business risks

Franchise Owners Sue 7-Eleven for Racial Discrimination

by J Easto18. July 2014 09:11

Man holding convenience store bag

Last Friday, a group of California franchise owners filed a lawsuit against 7-Eleven. According to an article in the LA Times, the franchise owners claim the convenience store company is responsible for “racial discrimination, invasion of privacy, illegal surveillance, and mistreatment,” all of which violate federal and state employment laws.

The LA Times notes that this isn’t the first time franchise owners have sued 7-Eleven. In the last two years, more than 12 franchise owners have filed lawsuits against 7-Eleven after the company took over their stores. However, this is the first lawsuit accusing 7-Eleven of racial discrimination. South Asian franchise owners claim their stores were taken away from them because of their “cultural and work habits.”

Corporate 7-Eleven claims this is a “frivolous lawsuit” and that it took over the stores because the owners were stealing. Frivolous or not, this lawsuit is going to cost 7-Eleven money. Here’s why.

Employment Lawsuits Can Cost Small Businesses Big Money

Employment lawsuits are among the most expensive lawsuits a business can face. They allege that an employer has violated employee civil rights that are protected under federal and state employment laws. These laws enforce the rights of “protected classes” and make it illegal for employers to discriminate based on…

  • Age.
  • Disability.
  • Genetic information.
  • National origin.
  • Pregnancy status.
  • Race or skin color.
  • Religion.
  • Sex.

Attorney Jon Hyman estimates that defending one of these cases can cost a business between $75,000 and $250,000. An attorney must work to build your case, and it can be a long, difficult process. Even if the lawsuit is frivolous, an employer is forced to hire an attorney just to prove the fraudulent claim isn’t worth a trial.

It’s also important to remember that the above numbers don’t include the cost of a verdict. The franchise owners in the 7-Eleven case aren’t even seeking monetary damages, but most of the time, the plaintiff (i.e., the person suing your business) will ask for monetary compensation.

Most small businesses don’t have the extra cash on hand to protect themselves against these claims. So what can you do?

How to Protect Your Small Business from a Pricey Employment Lawsuit

The first thing small-business owners should do is read and understand employment laws. That way, you can enforce protocol that reduces the risk of violations. (For some tips, check out our other posts on employment discrimination and harassment risks.)

But you can’t always prevent a lawsuit from happening. That’s why you can purchase Employment Practices Liability Insurance, a policy that helps you pay for legal defense costs, court fees, judgments, and settlements when you’re sued for discrimination and other employment issues.

protect your assets

Small Business Faces $3,000 Fine for Data Breach

by Ruth Awad17. July 2014 08:38

professional woman in a state of dismay

According to an article by the Brattleboro Reformer, a small gift store in Vermont was fined $3,000 by the attorney general’s office. The offense? The Shelburne Country Store didn’t inform its customers of a credit card security breach. Turns out, the shop’s website was hacked last year, exposing 721 online shoppers’ credit card information.

If nothing else, this story reminds small-business owners of two important things:

  1. Any business – of any size – can face a data security breach.
  2. According to many state laws, it’s not enough to simply fix the breach.

Let’s take a look at how some states are attempting to address the rising problem of data breaches by creating stricter reporting requirements (and fines for businesses that don’t comply).

States Buckle Down on Data Breach Reporting Requirements

Though the Shelburne Country Store did promptly fix their security vulnerabilities, it failed to comply with Vermont’s Security Breach Notice Act. Under this law, businesses must…

  • Inform the attorney general of the breach within 14 business days of its discovery.
  • Notify customers about the breach within 45 days.

When businesses neglect these reporting obligations, they can be fined. And Vermont isn’t the only state enforcing these types of policies. SecurityInfoWatch.com reports that Kentucky recently enacted two laws that tighten the belt on data breach reporting.

Both state and private sectors in Kentucky have to alert the following entities when a data breach occurs (depending on which is directly involved):

  • Kentucky State Police.
  • Auditor of public accounts.
  • Attorney general.
  • Kentucky Department of Education.
  • Council on Postsecondary Education.

Unlike Vermont, Kentucky’s laws don’t specify a time period for alerting individuals affected by the breach.

Also worth noting is that the new legislature doesn’t regulate the already regulated health industry. As you may already know, the Health Insurance Portability and Accountability Act (HIPAA) requires health agencies to report data breaches. (Learn more about HIPAA, HITECH, and data breaches here: “HIPAA Has Teeth: What Accountants, Lawyers, and Other Professionals Need to Know When Working with Clients in Healthcare.”)

How Small Businesses Can Manage Data Security Risks

In addition to knowing your state’s reporting laws, the best way to stay on the right side of the law is to avoid a breach altogether. Easier said than done, right?

Perhaps these tips can help:

  • Don’t keep highly sensitive data on your databases. Unless you’re a healthcare professional and you must allow your patients online access to their health records, it’s best to keep confidential information offline as much as possible.
  • Encrypt everything. This includes security codes, access codes, passwords, and personally identifiable information. Though this is an extra step most businesses don’t take, it puts another obstacle between the hacker and your valuable information.
  • Enact companywide data handling procedures. Outline policies for handling sensitive information, and train your employees on these policies. Your protocol should also detail how and when to notify affected parties after a breach per your state’s regulations.

Of course, even your best efforts to improve your data security might not be enough to keep a persistent hacker at bay. That’s why small-business owners should always have a backup plan in place. Luckily, Cyber Liability Insurance can help your business recover from a data breach by covering the cost of notifying affected parties, investigating and repairing the breach, and more.

how is your business exposed

Data Security: When Malware Training Could Save You Thousands

by J Easto16. July 2014 08:23

Woman looking suspiciously at computer

Cyber thieves are up to their old tricks in Brazil. Forbes recently reported on a new type of malware – called “Bolware” – that allows cyber criminals to redirect electronic payments into fraudulent accounts and steal login credentials. The malware is named after the Boleto, Brazil’s most popular form of online payment. A Boleto is sort of like a money order and allows consumers to pay a merchant an exact amount.

The RSA report cited in the article estimates that Bolware has made almost 500,000 fraudulent transactions and stolen about 84,000 email credentials (mostly from hotmail.com and live.com domains). It’s estimated that there are more than 192,000 infected PCs across Brazil.

Fortunately, this sneaky form of malware only appears to function with Boletos, so individuals and businesses in the United States don’t have to worry about it. But that doesn’t mean there isn’t a lesson to be learned.

What Is Malware?

Malware is a generic term for malicious software, including viruses, worms, rootkits, spyware, trojans, and adware. Different types of malware behave in various ways – and some are more dangerous than others. But malware is always serious. Many types steal private information, which can lead to identity theft and fraud. Anyone – including small-business owners – can accidently install malware.

How Small Businesses Can Protect Themselves from Malware

One of the things that make Bolware so dangerous is that it’s very difficult to detect. The fraud is invisible both to both browsers and individuals. Plus, because of the nature of the Boleto, it’s difficult for consumers to verify that their Boleto information has not been replaced with information from a fraudulent account.

It’s unclear exactly how Bolware infects computers – and cyber criminals regularly update its methods and self-protection. But because Bolware is known to steal email credentials and send spam, it’s likely that users unknowingly install the malware by clicking on fraudulent links or by visiting malicious websites.

Even though Bolware is not an issue in the United States, standard malware is. Anyone – including you and your employees – can fall victim to a phishing scam and end up with malware on your devices. The best defense? Train your employees to recognize malware and other types of viruses. As long as your business knows what to look for, you can avoid downloading malicious software.

Here are some tips from PCWorld that can help you recognize online dangers:

  • Websites. Don’t download anything from a website that looks strange or malicious. Sometimes malware is disguised as something that mimics the type of update downloads we see every day. Always read dialog boxes carefully before you hit “install.” If a piece of software or a company sounds unfamiliar, research the name first.
  • Email. Avoid opening spam email altogether, and never click on any of the links. Most of the time, spam is easy to spot. But hackers are getting craftier. They disguise spam to look like it’s coming from a trusted institution (the USPS, for example) or a business associate. Sometimes, these emails ask you for personal information. When in doubt, call the institution or person in question to verify that the email came from them.
  • Physical media. This includes CDs, DVDs, flash drives, and other types of media. A good rule of thumb is to never use outside media on your business computers. Employees, for example, shouldn’t use the same flash drive they use for work at home.
  • Pop-up windows. At best, a pop-up window is a legitimate (if annoying) advertisement. At worst, it will try to con you into downloading something or “scanning” your computer for viruses. If a pop-up window claims it’s detected a virus on your computer, take a minute to examine the message. Make sure the name of the antivirus software exactly matches the kind you use on your computer. If it doesn’t, you know it’s a scam.

If you don’t have antivirus or antimalware protection, get some and scan your computer regularly. Additionally, you should always keep your operating system, browser, and software up to date to ensure you have the latest security patches. Lastly, don’t forget to run a firewall!

Unfortunately, your best defenses sometimes fail. Accidentally installed malware can lead to a security breach, which can cost a business thousands in lost revenue and data breach cleanup. That’s why insurers offer Cyber Liability Insurance. It helps you pay for your data breach response, including credit-monitoring services, investigation, and marketing campaigns.

know your business risks