Allied Health Professionals: Why Your Data Isn't Safe

by J Easto24. July 2014 08:15

two doctors with a tablet

Healthcare professionals are less prepared for a cyber attack than any other industry. As reported on the FierceHealthIT website, experts believe that the healthcare industry is more vulnerable to attacks than even retail or financial services industries. Why? Because more and more healthcare professionals are switching to electronic records without taking the data security measures to keep those records safe.

This news is particularly troubling because, as you well know, healthcare professionals have HIPAA and HITECH laws to contend with. When you violate these regulations, you’re penalized with heavy fines, making a healthcare data breach more expensive than standard breaches. (For more information, check out our other posts on HIPAA data breaches.)

What Do Hackers Want with Health Records Anyway?

Hackers don’t steal information for the fun of it – they steal to make money. The whole point of breaking into a business’s network is to find valuable information (names, credit card numbers, etc.) to sell on the black market. Other criminals then pay for this information in the hopes that they “steal” someone’s identity to make purchases or pilfer from their bank accounts.

What does this have to do with health records? A complete health record contains information that makes it easier for a criminal to assume the victim’s identity. As FierceHealthIT notes, an average data record can sell for about a buck on the black market. But a medical record with a “complete identity profile” can sell for $500.

In other words, hackers have more incentive to break into a healthcare professional’s network. And many healthcare professionals are making it easy. According to the article…

  • 50 percent of healthcare CIO describe their data security “abilities” as average.
  • Many healthcare facilities have leaked their own data.

So what can a healthcare professional do?

How Allied Health Professionals Can Combat Cyber Criminals

How can you make your healthcare business a less desirable target for hackers? Unfortunately, there is no getting rid of your valuable health records. That means you have to do all that you can to protect those records and secure your network. These tips can help:

  • Use strong passwords. This means using complex letter-and-number passwords for each account. You should also use a different password for each account.
  • Limit access. Only people who need to have access to sensitive information should have access. Remote hackers aren’t the only people stealing businesses’ information. In fact, most data breaches occur because of human error (such as accidentally releasing records) or thieving employees. Don’t forget to make sure employees who have been fired or who have moved on no longer have access to your network.
  • Don’t let employees take data home. Sometimes it’s tempting to allow employees to work from home, but you should never allow sensitive information to leave your office. For one thing, you have no control over how secure the employee’s home network is. For another, it’s easy for your business’s thumb drive to pick up malware from an outside computer. For the same reasons, it may also be a good idea to limit the use of personal devices (your employees’ smartphones, tablets, etc.) on your business network.
  • Encrypt your data. You should always encrypt data on your network – and keep the encryption keys in a completely separate location. Experts distinguish between a “secure” data breach (one in which data can’t be used because of proper encryption techniques) and an “unsecure” data breach (one in which data can be stolen and used). A data breach still costs money, but one that results in actual identity theft will cost even more.
  • Use firewalls and antimalware software. Every network should be protected by a firewall, and your business should use effective, updated antivirus and antimalware protection. Don’t be afraid to contact an IT consultant to help you choose and install this protection. Malware is constantly evolving, so it’s important to have top-level security software.

Unfortunately, there are no guarantees when it comes to data security. You can take all the proper preventative measures and still be breached. That’s why Healthcare Cyber Liability Insurance was invented. It helps you pay for the expenses of your data breach response. This may include reimbursement for lost profits, customer outreach, credit-monitoring services, damage-control marketing campaigns, and more.

To learn more about your insurance options, contact an agent that specializes in healthcare small business insurance at 1-800-688-1984

how is your business exposed

Tracy Morgan Lawsuit against Walmart Highlights Commercial Auto Liability Issues

by Ruth Awad23. July 2014 08:13

car accident

According to an article by The Hollywood Reporter, comedian Tracy Morgan is suing Walmart for negligence. Walmart’s driver Kevin Roper, running on 24 hours without sleep, reportedly ran his truck into a limousine transporting Morgan and passengers on a New Jersey turnpike. Though all passengers sustained serious injuries that required hospitalization or surgery, comedian James McNair didn’t survive the crash.

Morgan’s suit alleges that Walmart should have known it was unreasonable for Roper to drive 700 miles before his shift and that Roper’s fatigue was the cause of the accident. The claim also notes that Walmart routinely breaks shift limit regulations established by the Federal Motor Carrier Safety Administration.

Though Roper was behind the wheel, the suit aims to make Walmart take responsibility for their driver’s actions. The plaintiffs – Morgan, his assistant Jeffrey Millea, Krista Millea, and comedian Ardie Fuqua – are seeking compensatory and statutory damages, punitive damages, and legal fees. In addition to suing for negligence, Krista Millea is suing for loss of consortium.

But this lawsuit isn’t just an anecdote. It’s a lesson for small-business owners. Let’s unpack it and see what you can learn from this unfortunate accident and subsequent lawsuit.

Lessons Learned from Tragedy: How to Safeguard Your Small Biz on the Road

Perhaps the most notable reminder from the Morgan lawsuit is simply this: your employees represent your business in every capacity. And when they drive on behalf of your business, you can be held liable for their mistakes and accidents – even if they happen in vehicles your business doesn’t own.

If you’re like most small-business owners, you likely don’t have the funds to defend your business against a negligence lawsuit spurred by an auto collision. It doesn’t help that these claims are some of the most costly that a person or business may face.

Fortunately, there are two ways to ensure your business has the funds to defend itself against such a lawsuit:

  • Commercial Auto Insurance. Let’s say you’re a professional installer, and your utility truck is in your business’s name. Chances are you need Commercial Auto coverage for adequate protection. At its most basic, this policy can cover your vehicle against loss or damage caused by collisions or theft. However, to spare yourself the cost of a lawsuit, you want a policy that also offers liability protection.
  • Hired and Non-Owned Auto Insurance. If your business rents vehicles or relies on its employees to use their personal vehicles for business errands (e.g., a caterer), this is the option for you. Hired and Non-Owned Auto Insurance covers your business’s legal expenses when it’s sued over auto accidents in borrowed vehicles. However, this type of auto coverage doesn’t cover physical damages to the vehicles.

How to Find Appropriate Commercial Auto Coverage

To find appropriate insurance coverage for your business’s vehicles, answer the following:

  • Does your business own its vehicles? If so, state laws usually require you to carry Commercial Auto Insurance. Your rates vary depending on where you live, the kind of vehicle(s) your business owns, your claims history, and other factors. To learn more, read “What Goes into a Quote for Commercial Auto Insurance?
  • Do you rely on employees to drive personal vehicles for business errands? If so, consider adding Non-Owned Auto Insurance coverage to your business protection plan. Your employee’s personal auto coverage should protect them if they are sued over an accident that happens while running errands for your business in their own vehicle. This policy only covers your business when it is sued over the same accident.
  • Do you rent vehicles to use for business? You may be able to save money on your rental insurance if you carry Hired Auto Insurance. Keep in mind that Hired Auto coverage only addresses your business’s liability in auto accidents. It won’t pay for physical damage to the rented car.

For more information on Commercial Auto Insurance and Hired and Non-Owned Auto Insurance, contact one of our small business insurance agents.

know your business risks

The OTHER Way Data Breaches Hurt Small Businesses

by J Easto22. July 2014 08:13

woman at computer looking frustrated

Last week, we looked at the ways in which small businesses can be the targets of data breaches in our post “Cyber Insurance: Why It Matters, Where You’re Exposed.” In general, small-business owners might not understand how data breaches work, and so they don’t take the security steps to avoid them.

But small businesses can be affected by cyber crime even when they aren’t the primary targets of the breach. Technology trends and analysis site points out a subtler way that big-name data breaches (such as Target’s last year) affect small businesses: by disrupting their automated payments.

How Big-Box Data Breaches Put Stress on the Little Guy

Imagine you are a small-business owner who relies on monthly customer subscriptions – a magazine or a yoga studio, for example. To make it easy on your customers, you allow them to sign up for automated payments. Once a month, a fee is automatically deducted from their accounts and placed into yours.

But here comes the Target data breach, which according to, affected 84 percent of financial institutions. Bank after bank deactivates their clients’ debit and credit cards as a precaution. Next month, several of your customers’ automatic payments can’t be processed because their cards have been disabled and they forgot to update their information with your yoga studio.

Now you’re out a good portion of your monthly revenue, and you’ll have to put in extra hours to contact your customers and ask them to fulfill their payments.

How Can Small Businesses Avoid the Costs of Data Breaches?

As reports, it’s “easy” to think that hackers will never target your business. But with the growing number of big-name breaches, it won’t be so easy to escape their wrath.

So what do you do? Try these tips:

  • Make a plan. On, Dr. Larry Ponemon, founder of the Ponemon Institute, notes that companies – big and small – need an “Incident Response Plan.” This is written protocol that outlines your data breach response. The average data breach already costs businesses about $3.5 million (think lost revenue in addition to the data breach investigation and repair). But Ponemon says that without an Incident Response Plan, business can expect the average cost to rise 10 to 15 percent.
  • Have a form email ready. Because you can be affected by other business’s data breaches, have a form email or letter ready so you can notify your customers that they need to update the credit cards they have on file with your business. This saves you a lot of time and energy in the long run.
  • Hire a security consultant. Ponemon also recommends hiring a professional to take a look at your data security defenses. Does your business allow employees to use their own devices at work? Do you encrypt sensitive information? Do you use secure passwords? An IT professional can take a look at these issues and much more.
  • Get Cyber Liability Insurance. Cyber Liability Insurance helps businesses pay for the cost of a data breach – notifying customers, investigating and repairing the breach, offering credit monitoring services, and more. It’s important to realize that the other liability insurance you may have (General Liability, for example) does not protect your business from the cost of a data breach.

For more information on cyber security, check out our other blog posts on data breaches.

protect your assets

How Small Businesses Can Avoid Employment Law Fines

by J Easto21. July 2014 07:48

The Fair Labor Standards Act of 1938 (FLSA) established several employment regulations that many of us take for granted today: a 44-hour max workweek (and time-and-a-half overtime for certain jobs), a national minimum wage, and child labor laws.

Still, FLSA violations are not uncommon. Business News Daily cites a 2011 study that found 56 percent of surveyed business owners had been sued for FLSA violations in the past 10 years – and almost 27 percent of those business owners had been sued more than once.

Below, we summarize Business News Daily’s advice for avoiding these violations.

5 Ways to Avoid FLSA Violations

1. Try to sort out the issue through arbitration. Arbitration is a way to resolve a dispute before it goes to court. Much like a judge, a neutral third party listens to both sides of the argument and comes to a decision. The difference? Arbitration is usually much faster and cheaper than a court trial. You can include an arbitration clause in your employment contracts. When an employee signs, they give up their right to participate in a class-action or multi-party lawsuit.

2. Conduct regular wage and hour audits. Because job duties are constantly evolving, it’s a good idea to have regular audits to ensure you are in compliance with FLSA guidelines. What do you need to look out for? Exempt and nonexempt employee classifications, overtime calculations, and compensable hours.

3. Properly classify workers. Business News Daily reports that there are two common types of misclassification: classifying employees as interns or independent contractors when they aren’t and classifying an employee as exempt from minimum wage and hour payments when they aren’t. We’d like to add that in addition to FLSA fines, misclassifying employees can lead to Workers’ Compensation Insurance fines, too.

4. Know what “compensable hours” are. When employers don’t understand what the FLSA means by “compensable hours,” they can get into trouble. Employers must pay employees for “all time spent in physical or mental exertion.” This can include lunch breaks. If you don’t keep track of all these hours, you may violate minimum wage or overtime regulations.

5. Swiftly address complaints. Communication is key. If an employment complaint is brought to your attention (or to a supervisor’s attention), it should be addressed immediately. You should have established protocol for addressing such complaints – including seeking legal counsel when necessary.

What Happens When You’re Served with an Employment Lawsuit?

Despite taking precautions, there’s still a chance your business might one day face an employment lawsuit. That’s just the nature of the game. Fortunately there is something you can do about it: carry small business insurance.

Most employment lawsuits can be covered with Employment Practices Liability Insurance (EPLI). This policy covers wage disputes, wrongful termination claims, workplace discrimination and harassment claims, and more.

As we mentioned above, FLSA claims related to employee misclassification may overlap with Workers’ Compensation Insurance violations. As you likely know, Workers’ Comp regulations vary from state to state. You can avoid these violations by following your local laws. (Check out our guide to Workers’ Comp laws for more information.) However, most Workers’ Comp Insurance policies come with Employer’s Liability Insurance, which pays for the cost of lawsuits over workplace injuries.

If you are interested in purchasing these policies, you can receive free, customized insurance quotes by submitting an online insurance application.

know your business risks

Franchise Owners Sue 7-Eleven for Racial Discrimination

by J Easto18. July 2014 09:11

Man holding convenience store bag

Last Friday, a group of California franchise owners filed a lawsuit against 7-Eleven. According to an article in the LA Times, the franchise owners claim the convenience store company is responsible for “racial discrimination, invasion of privacy, illegal surveillance, and mistreatment,” all of which violate federal and state employment laws.

The LA Times notes that this isn’t the first time franchise owners have sued 7-Eleven. In the last two years, more than 12 franchise owners have filed lawsuits against 7-Eleven after the company took over their stores. However, this is the first lawsuit accusing 7-Eleven of racial discrimination. South Asian franchise owners claim their stores were taken away from them because of their “cultural and work habits.”

Corporate 7-Eleven claims this is a “frivolous lawsuit” and that it took over the stores because the owners were stealing. Frivolous or not, this lawsuit is going to cost 7-Eleven money. Here’s why.

Employment Lawsuits Can Cost Small Businesses Big Money

Employment lawsuits are among the most expensive lawsuits a business can face. They allege that an employer has violated employee civil rights that are protected under federal and state employment laws. These laws enforce the rights of “protected classes” and make it illegal for employers to discriminate based on…

  • Age.
  • Disability.
  • Genetic information.
  • National origin.
  • Pregnancy status.
  • Race or skin color.
  • Religion.
  • Sex.

Attorney Jon Hyman estimates that defending one of these cases can cost a business between $75,000 and $250,000. An attorney must work to build your case, and it can be a long, difficult process. Even if the lawsuit is frivolous, an employer is forced to hire an attorney just to prove the fraudulent claim isn’t worth a trial.

It’s also important to remember that the above numbers don’t include the cost of a verdict. The franchise owners in the 7-Eleven case aren’t even seeking monetary damages, but most of the time, the plaintiff (i.e., the person suing your business) will ask for monetary compensation.

Most small businesses don’t have the extra cash on hand to protect themselves against these claims. So what can you do?

How to Protect Your Small Business from a Pricey Employment Lawsuit

The first thing small-business owners should do is read and understand employment laws. That way, you can enforce protocol that reduces the risk of violations. (For some tips, check out our other posts on employment discrimination and harassment risks.)

But you can’t always prevent a lawsuit from happening. That’s why you can purchase Employment Practices Liability Insurance, a policy that helps you pay for legal defense costs, court fees, judgments, and settlements when you’re sued for discrimination and other employment issues.

protect your assets

Small Business Faces $3,000 Fine for Data Breach

by Ruth Awad17. July 2014 08:38

professional woman in a state of dismay

According to an article by the Brattleboro Reformer, a small gift store in Vermont was fined $3,000 by the attorney general’s office. The offense? The Shelburne Country Store didn’t inform its customers of a credit card security breach. Turns out, the shop’s website was hacked last year, exposing 721 online shoppers’ credit card information.

If nothing else, this story reminds small-business owners of two important things:

  1. Any business – of any size – can face a data security breach.
  2. According to many state laws, it’s not enough to simply fix the breach.

Let’s take a look at how some states are attempting to address the rising problem of data breaches by creating stricter reporting requirements (and fines for businesses that don’t comply).

States Buckle Down on Data Breach Reporting Requirements

Though the Shelburne Country Store did promptly fix their security vulnerabilities, it failed to comply with Vermont’s Security Breach Notice Act. Under this law, businesses must…

  • Inform the attorney general of the breach within 14 business days of its discovery.
  • Notify customers about the breach within 45 days.

When businesses neglect these reporting obligations, they can be fined. And Vermont isn’t the only state enforcing these types of policies. reports that Kentucky recently enacted two laws that tighten the belt on data breach reporting.

Both state and private sectors in Kentucky have to alert the following entities when a data breach occurs (depending on which is directly involved):

  • Kentucky State Police.
  • Auditor of public accounts.
  • Attorney general.
  • Kentucky Department of Education.
  • Council on Postsecondary Education.

Unlike Vermont, Kentucky’s laws don’t specify a time period for alerting individuals affected by the breach.

Also worth noting is that the new legislature doesn’t regulate the already regulated health industry. As you may already know, the Health Insurance Portability and Accountability Act (HIPAA) requires health agencies to report data breaches. (Learn more about HIPAA, HITECH, and data breaches here: “HIPAA Has Teeth: What Accountants, Lawyers, and Other Professionals Need to Know When Working with Clients in Healthcare.”)

How Small Businesses Can Manage Data Security Risks

In addition to knowing your state’s reporting laws, the best way to stay on the right side of the law is to avoid a breach altogether. Easier said than done, right?

Perhaps these tips can help:

  • Don’t keep highly sensitive data on your databases. Unless you’re a healthcare professional and you must allow your patients online access to their health records, it’s best to keep confidential information offline as much as possible.
  • Encrypt everything. This includes security codes, access codes, passwords, and personally identifiable information. Though this is an extra step most businesses don’t take, it puts another obstacle between the hacker and your valuable information.
  • Enact companywide data handling procedures. Outline policies for handling sensitive information, and train your employees on these policies. Your protocol should also detail how and when to notify affected parties after a breach per your state’s regulations.

Of course, even your best efforts to improve your data security might not be enough to keep a persistent hacker at bay. That’s why small-business owners should always have a backup plan in place. Luckily, Cyber Liability Insurance can help your business recover from a data breach by covering the cost of notifying affected parties, investigating and repairing the breach, and more.

how is your business exposed

Data Security: When Malware Training Could Save You Thousands

by J Easto16. July 2014 08:23

Woman looking suspiciously at computer

Cyber thieves are up to their old tricks in Brazil. Forbes recently reported on a new type of malware – called “Bolware” – that allows cyber criminals to redirect electronic payments into fraudulent accounts and steal login credentials. The malware is named after the Boleto, Brazil’s most popular form of online payment. A Boleto is sort of like a money order and allows consumers to pay a merchant an exact amount.

The RSA report cited in the article estimates that Bolware has made almost 500,000 fraudulent transactions and stolen about 84,000 email credentials (mostly from and domains). It’s estimated that there are more than 192,000 infected PCs across Brazil.

Fortunately, this sneaky form of malware only appears to function with Boletos, so individuals and businesses in the United States don’t have to worry about it. But that doesn’t mean there isn’t a lesson to be learned.

What Is Malware?

Malware is a generic term for malicious software, including viruses, worms, rootkits, spyware, trojans, and adware. Different types of malware behave in various ways – and some are more dangerous than others. But malware is always serious. Many types steal private information, which can lead to identity theft and fraud. Anyone – including small-business owners – can accidently install malware.

How Small Businesses Can Protect Themselves from Malware

One of the things that make Bolware so dangerous is that it’s very difficult to detect. The fraud is invisible both to both browsers and individuals. Plus, because of the nature of the Boleto, it’s difficult for consumers to verify that their Boleto information has not been replaced with information from a fraudulent account.

It’s unclear exactly how Bolware infects computers – and cyber criminals regularly update its methods and self-protection. But because Bolware is known to steal email credentials and send spam, it’s likely that users unknowingly install the malware by clicking on fraudulent links or by visiting malicious websites.

Even though Bolware is not an issue in the United States, standard malware is. Anyone – including you and your employees – can fall victim to a phishing scam and end up with malware on your devices. The best defense? Train your employees to recognize malware and other types of viruses. As long as your business knows what to look for, you can avoid downloading malicious software.

Here are some tips from PCWorld that can help you recognize online dangers:

  • Websites. Don’t download anything from a website that looks strange or malicious. Sometimes malware is disguised as something that mimics the type of update downloads we see every day. Always read dialog boxes carefully before you hit “install.” If a piece of software or a company sounds unfamiliar, research the name first.
  • Email. Avoid opening spam email altogether, and never click on any of the links. Most of the time, spam is easy to spot. But hackers are getting craftier. They disguise spam to look like it’s coming from a trusted institution (the USPS, for example) or a business associate. Sometimes, these emails ask you for personal information. When in doubt, call the institution or person in question to verify that the email came from them.
  • Physical media. This includes CDs, DVDs, flash drives, and other types of media. A good rule of thumb is to never use outside media on your business computers. Employees, for example, shouldn’t use the same flash drive they use for work at home.
  • Pop-up windows. At best, a pop-up window is a legitimate (if annoying) advertisement. At worst, it will try to con you into downloading something or “scanning” your computer for viruses. If a pop-up window claims it’s detected a virus on your computer, take a minute to examine the message. Make sure the name of the antivirus software exactly matches the kind you use on your computer. If it doesn’t, you know it’s a scam.

If you don’t have antivirus or antimalware protection, get some and scan your computer regularly. Additionally, you should always keep your operating system, browser, and software up to date to ensure you have the latest security patches. Lastly, don’t forget to run a firewall!

Unfortunately, your best defenses sometimes fail. Accidentally installed malware can lead to a security breach, which can cost a business thousands in lost revenue and data breach cleanup. That’s why insurers offer Cyber Liability Insurance. It helps you pay for your data breach response, including credit-monitoring services, investigation, and marketing campaigns.

know your business risks

Ohio’s Proposed Change Could Make Out-of-State Workers’ Comp Easier to Find

by J Easto15. July 2014 08:19

Truck driving through road construction

The Columbus Dispatch reports that the Ohio General Assembly passed legislation that will make it easier for businesses to secure Workers’ Compensation Insurance for employees who temporarily work across state lines. Through a “fronting arrangement,” Ohio’s state fund for injured workers can directly contract with insurers to provide out-of-state Workers’ Comp policies that are backed in full by the Ohio Bureau of Workers’ Compensation.

Why is this a big deal? Before, businesses with workers who crossed the state lines had to get separate insurance in those border states, which is often difficult and expensive. If Ohio businesses could not comply with those states’ Workers’ Compensation laws, they could be audited or fined.

If you live in Ohio and have employees that work across the border, this is great news. For everyone else, this story prompts a couple reminders.

1. Out-of-State Workers Must Be Covered with Insurance.

As you likely know, every state (except Texas) requires employers to carry Workers’ Compensation Insurance for their employees – even if those employees sometimes work in another state. Workers’ Comp provides benefits to employees who suffer workplace injuries and illnesses. Most policies (except those provided by monopolistic state funds, such as Ohio’s) automatically include Employer’s Liability Insurance, which pays for Workers’ Compensation lawsuits.

2. Every State’s Laws Are Different.

When employees work in a different state than your business operates in, you must follow the Workers’ Comp laws of the other state in addition to your own. Because states control their own Workers’ Compensation laws, each state’s policy requirements are different. A neighboring state might have much different laws than you are used to.

To find out more about each state’s requirements, check out our State-by-State Guide to Workers’ Compensation Laws.

3. Noncompliance Leads to Expensive Consequences.

As the article mentions, if you are caught without adequate insurance for your employees, you could be fined, audited, or worse. In some states, a Workers’ Compensation Insurance violation can lead to civil suits or criminal charges.

Additionally, work-injured workers can sue your business for damages if you don’t have Workers’ Compensation Insurance to cover their medical bills. And because you don’t have coverage, you’ll have to pay for the lawsuit by yourself.

Fortunately, insureon can help small businesses obtain adequate coverage. As long as you don’t live in a state that requires you to find a policy through the state fund, you can fill out our online insurance application to receive free Workers’ Comp Insurance quotes.

how is your business exposed

Reminder: Communicating with Customers Can Prevent Professional Liability Lawsuits

by J Easto14. July 2014 08:34

Depressed silhouettes of computer users

By now you’ve likely heard that Facebook has published a study in which the social-media giant manipulated the content on users’ feeds to see if it had any effect on said users. The study found that users who were exposed to more “negative” feed items tended to post more negative posts as well. The same was true of the reverse.

Many Facebook users were appalled by the news, and now the Wall Street Journal’s tech site Digits reports that the Electronic Privacy Information Center, a privacy watchdog group, has filed a complaint with the Federal Trade Commission (FTC) about the study. The group claims that Facebook’s User Agreement did not inform users that their data would be available to researchers.

Facebook denies this, saying that this “research” is covered under the section of the agreement that asks “permission to use their information to prove and enhance the services” Facebook offers.

While it’s unclear whether the complaint will progress or not, one thing is for sure: small-business owners can learn a lesson from Facebook about User Agreements.

What Is a User Agreement?

A User Agreement is a legal agreement between a business and its customers that describes what kind of customer information the business will use and how it will use it. Usually, a customer must agree to these terms before it can use the business’s product or service. You’ve probably clicked through several of these agreements on the websites you frequent – likely without reading them.

Even though most users accept these agreements without reading them, business are held legally responsible for violating the terms set forth in the agreement. For example, a judge recently allowed a lawsuit against professional-networking site LinkedIn. According to Insurance Journal, LinkedIn allegedly violated its User Agreement by emailing its users’ contacts just a few more times than was allowed by the agreement.

If your business offers products or services that require you to collect customer data, you should have a User Agreement. What is considered customer data? Take a look:

  • Names.
  • Addresses.
  • Phone numbers.
  • Email addresses.
  • Credit / debit card information.
  • And more.

User Agreements – if used properly – can help protect a business from lawsuits by clearly stating the business’s intentions. But if you don’t effectively communicate with your customers, you could find yourself in the middle of a legal battle anyway.

How Good Communication Prevents Liability Lawsuits

Arguably, the primary issue with Facebook’s User Agreement is its lack of specificity. Facebook can claim that “research” helps “enhance” users’ experience, but the opposition can argue that the agreement wasn’t clear enough.

There should never be any gray area when it comes to your business’s products or services. When a customer expects one thing and receives another, they can sue your business. This type of lawsuit is called a professional liability lawsuit.

To prevent these costly and inconvenient claims, your business needs to keep the lines of communication open. And remember, good communication extends beyond User Agreements. It should be incorporated into every facet of your business. That means you should…

  • Have effective contracts. If you provide services, you should use detailed, written contracts that include information about what you will and will not do, terms of payment, deadlines, and more. That way, clients understand exactly what they are getting. You may even choose to go over the contract with your client to make sure everything is clear.
  • Inform your customers when things go wrong. Sometimes, issues beyond your control may cause you to deviate from the plan – a project is delayed or a customer’s order is late. When this happens, don’t avoid your customers. Inform them of the issue as soon as possible and make a plan to address it.
  • Keep in touch. It’s important to keep in touch with clients, even when they stop contacting you. So say, for example, you run a medical office, and a patient cancels an appointment but fails to reschedule. You should be proactive about securing another appointment because if your patient develops a health issue, they can blame you for not catching it sooner.
  • Never make promises you can’t keep. In certain industries, it’s easy to exaggerate your products or services – but resist the urge. If you promise one thing and deliver another, you could be slapped with a professional liability lawsuit. This is also true for professionals who encounter problems outside their area of expertise. If you don’t refer your clients to specialists, it could come back to bite you.

These are just a few steps you can take to reduce your risk of a professional liability lawsuit. Unfortunately, because of the human factor at play here, you can’t always avoid a lawsuit. A customer can sue you whether or not you’ve done anything “wrong.”

That’s why insurers provide Professional Liability Insurance (aka Errors and Omissions Insurance). It helps you pay for lawsuits over issues related to your work – including miscommunications. 

protect your assets

Cyber Insurance: Why It Matters, Where You’re Exposed

by J Easto11. July 2014 08:31

Businessman hanging up the phone in distress

The number of businesses purchasing Cyber Liability Insurance is on the rise. According to Entrepreneur, Cyber Insurance customers used to be concentrated in a few fields: tech, financial, and healthcare. It makes sense – those industries have obvious data security risks. But now businesses large and small are jumping on the Cyber Insurance wagon. Why? Because data thieves don’t discriminate.

Why Small Businesses Are Buying Cyber Liability Insurance

According to the Entrepreneur article, there are two types of customers driving Cyber Liability Insurance sales: current customers who are adding more coverage and new customers, including small businesses. Several factors spur business owners to purchase coverage:

  • Visible threat. Target. P.F. Chang’s. Without even trying, you can probably tick off several major data breaches that have happened over the last few years. In the past, cyber attacks seemed like an abstract concept, but now, the threat is real. Entrepreneur reports that one study found the average cost of a data breach increased from $5.4 million in 2012 to $5.9 million in 2013.
  • New cyber crime regulations. Most states now require businesses to notify customers when data breaches reach a certain size. Notifying every customer that could be affected takes a lot of time and money – two things that most small-business owners don’t have to spare. The appropriate Cyber Liability Insurance policy can take on this expense for you.
  • Customers want it. The small business profiled in Entrepreneur’s article purchased Cyber Insurance because its customers were asking about it. If it’s important to a business’s customers, it’s likely important to the business, too.
  • Small businesses are targets. For every big breach you hear about on the news, there are several smaller breaches that target smaller businesses. Entrepreneur notes that most data breaches are crimes of opportunity. According to a cited study, a business with less than 10,000 records is more likely to be attacked than one with more than 100,000 records.

Why Are Small Businesses Targets of Cyber Crime?

While it’s true that small businesses are helping fuel Cyber Liability premium sales, one fact remains: most small businesses aren’t familiar with data security threats and take very few steps to protect the sensitive information stored on their networks.

A recent LA Times article outlines how and why small businesses are targets of cyber crime:

  • They don’t understand their enemies. It’s not just faceless hackers that are stealing small businesses’ data. Data breaches can occur at the hands of wayward vendors, employees gone rogue, and common computer thieves.
  • They don’t realize anyone can be attacked. The LA Times notes that California businesses are required to notify the attorney general’s office if more than 500 Californians are affected by a data breach. At the time of publication, over 380 of these notifications had been filed since January 2012. Who sent these letters? Dentist offices, colleges, wineries – you name it. Every business is a potential target.
  • They don’t bother with cyber security. As the article mentions, 8 million businesses accept credit and debit card payments, but most don’t bother with recommended data security protocol. Many small businesses don’t even use strong passwords or antivirus and antimalware software – and they only become aware of a breach when a customer reports fraudulent activity. They also tend to use the same computers for business and personal activities (such as browsing Facebook), which could leave them vulnerable to threats.

What Can Small Businesses Do to Mitigate Cyber Risk?

Now that you know your small business could be the target of a cyber attack, there are a few things you can do. First, get to know the basics of cyber security. Check out the FCC’s tips for more information.

But because you can’t prevent every data breach, you can also jump on the bandwagon and purchase a Cyber Liability Insurance policy. This coverage protects you from the most common expenses that occur after a data breach, including…

  • Lost accounts / revenue.
  • Contacting customers.
  • Credit monitoring.
  • Marketing efforts.

The good news? Cyber Liability Insurance premium prices are declining because so many businesses are adding the coverage to their business protection plans. Fill out our online insurance application to find out how much you can save on Cyber Liability Insurance.

know your business risks