Cyber Risk Hits Home: 4 (true) Stories

by P. Andersen

I wanted to share 4 Cyber stories – these are actual stories that have happened in the past year or so, most caught before the problem escalated.  Each story represents a core problem businesses and individuals face every day in this fast paced world, and no company is immune from the dangers.  What do we recommend for our business clients?

 

Education: Educate your staff, and have policies and procedures to prevent opening or sending/forwarding of potentially corrupt emails/attachments/web-links.   There are now services available that can send your employees fake emails to test how well they avoid clicking on potential viruses.

Invest: Invest in technology and expert staff or consultants, to ensure you have effective and up-to-date protection (firewalls, email scanning software, etc.)

Insure: Purchase a cyber-liability and data-breach insurance policy, which can help pay for expenses your company incurs as a result of a cyber/data breach event, and/or expenses for which your company is liable, if you accidentally cause a cyber/data-breach event affecting others.   Annual premiums can range from around $1,000 to $10,000 or more, depending on your company’s size, operations, number of personnel/client files, and amount and type of coverages… perhaps well worth it, given the increasing threat of cyber/data-breach events for companies of all sizes.

 

Story 1: Small Business Beware

First, we discuss a firm that was nearly tricked into a substantial wire transfer, why they didn’t fall for the scam, and what coverage would have responded had they sent the money…  A small business client of ours nearly fell victim to a “spear phishing” campaign, a targeted email request based on intimate knowledge of the key players in the business.  The wife and bookkeeper received an email that appeared to be from her husband, asking her to wire money to a seemingly known recipient.  The instructions were not unusual – the wiring of funds and how the email was received were both “normal”, and the recipient was familiar.  The wife took the extra step of calling her husband to verify that the wire transfer request was real, and was grateful she did.  The husband verified that he had made no such request.

As in this case, your firm should ALWAYS double check any financial email request, BY PHONE, before acting.  Note that if an email has been compromised, replying to the email may get you a response from the hacker, telling you that the bogus payment is acceptable.  Always get a verbal response before proceeding.  This “spear phishing” scam has been responsible for countless millions of dollars being sent to cyber criminals.  In the heat of the moment, when time is short, a seemingly accurate email may be acted upon without any verification, and money sent to untraceable sources.  If you do not have proper cyber coverage, the money is lost and there is no recourse.

What Cyber Coverage Applies?  Social Engineering

“Spear Phishing” is considered “Social Engineering”, because cyber criminals invest time to learn about an individual before approaching them.  “Social Engineering” coverage is an available option on certain cyber liability policies – see your Cyber Liability quotation or policy for details.

 

Story 2: The Inadvertent Infection

It is said that the greatest cyber risk to a company is not a hole in a firewall, server, or anti-virus program, but employees sitting at their computers.  When you mix technological holes with human error, the risks rise considerably.

A Levitt-Fuirst client, through an unknown series of events, received a virus on an employee’s workstation.  When that employee inadvertently sent an email containing the virus to another company, and the virus infected that business partner’s network, a potential liability was created.  At the very least, a company whose employee sends a virus to another company may be expected to pay to correct the cyber damage caused.  Experts agree – if you send a virus to another individual or firm, even if you have no idea you are doing it, you can be held liable for the damages incurred by your mistake.

What Cyber Coverage Applies?  Security & Privacy Liability

Security & Privacy Liability protects your company from liability resulting from a security and privacy wrongful act, including failure to safeguard electronic or non-electronic confidential information, failure to prevent virus attacks, denial of service attacks or the transmission of malicious code from your computer system to the computer system of another party.

 

Story 3: Sharing Private Information

In today’s fast paced world of deadlines, we sometimes do things too fast, without double checking the details.  A financial services client, under deadline, emailed payroll accounts to the wrong client.  These payroll reports contained extensive “Personally Identifiable Information” (PII) including names and social security numbers.  Federal law requires any entity that shares PII, or has files containing stolen PII, to identify those impacted by the breach, notify all impacted individuals or parties, and an offer credit monitoring to those impacted individuals or parties.

In this case, the list of individuals was clear, but forensic expense to find out if data was stolen and who is impacted, could have run into the hundreds of thousands of dollars – simply to understand who the impacted individuals or groups were!

What Cyber Coverage Applies?  Breach Event Costs

Breach Event Costs is coverage for reasonable mitigationcosts and expenses incurred as a result of a privacy breach, security breach or adverse media report, including legal expenses, public relations expenses, advertising and IT forensic expenses, postage, and the cost to provide call centers, credit monitoring and identity theft assistance.  The coverage also includes coverage for Proactive Privacy Breach Response Costs – public relations expenses incurred in response to a privacy breach, but prior to the publication of an adverse media report, in an effort to avert or mitigate the potential impact of such an adverse media report on the insured’s reputation. Coverage also includes Voluntary Notification Expenses – expenses incurred in notifying affected parties of a privacy breach where there is no requirement by law to do so.

 

Story 4: The Non-Profit and The Board

Recently, a non-profit client of Levitt-Fuirst suffered a spear phishing, or social engineering, attack that almost bore fruit.  We have all seen emails that appear to be from someone we know, but realize (by good sense or a note of warning) that it is a scam.  Most often, these are “Spoofed” email addresses – the user wasn’t hacked, but their email address was faked to entice you into clicking.

The board president of our non-profit client had his email address spoofed, and an email was sent to other board members “from” the board president.  The note asked each board member to pay some vendors this month because the non-profit didn’t have the cash available.  The email said the board members would be reimbursed once dues were collected.   One board member, knowing the financial challenges the non-profit sometimes faced, surmised that the request was not unreasonable, and sent a check via overnight delivery.  Luckily, this board member realized her mistake and quickly put a stop payment on her check and called the overnight company to stop delivery of the check…  Crisis (barely) averted.

What Cyber Coverage Applies?  Social Engineering

“Spear Phishing” is considered “Social Engineering”, because cyber criminals invest time to learn about an individual before approaching them.  “Social Engineering” coverage is an available option on certain cyber liability policies – see your Cyber Liability quotation or policy for details.

2018 Paid Family Leave – What You Need To Know About the New Law

In 2018, New York will implement one of the most complete Paid Family Leave laws in the United States.  The law will be applicable to every employed New Yorker, and the policy will piggy back onto your current business Disability policy.  There are decisions to be made, however, and now is the time to begin the process.
What is Paid Family Leave?

Starting in January 2018, Paid Family Leave (PFL) becomes a mandatory benefit in New York, providing employees with job protection and paid time off for these qualifying events:

  • Providing care for family member with serious health condition
    • Child
    • Parent
    • Spouse
    • Grandparent
    • Grandchild
    • Domestic Partner
  • Bonding leave after giving birth, adoption, or welcoming a child into foster care
  • Qualifying military service

Employees are also guaranteed to be able to return to their job and continue their health insurance. If you contribute to the cost of your health insurance, you must continue to pay your portion of the premium cost while on Paid Family Leave

Benefits

 

Year Weeks Available Max % of Employee Average Weekly Wage Cap % of State Average Weekly Wage Max based on current NY AWW of $1305.92
1/1/2018 8 50% 50% $652.96
1/1/2019 10 55% 55% $718.26
1/1/2020 10 60% 60% $783.55
1/1/2021 12 67% 67% $874.97

Examples: In 2018, an employee who makes $1,000 a week would receive a benefit of $500 a week (50% of $1,000). Another employee who makes $2,000 a week would receive a benefit of approximately $652, because this employee is capped at one-half of New York State’s Average Weekly Wage (NYSAWW) —currently $1,305.92. Half of that amount is the $652 benefit.

The Average Weekly Wage (AWW) is set every year after a comprehensive analysis by the New York State Department of Labor.

Who is eligible?

  • All covered employees working for covered employers in the State of New York
  • Coverage applies to both full and part time employees
  • Full time employees are eligible after 26 weeks of being hired. Part-time employees are eligible after 175 days of being hired.

How it works:

  • PFL coverage will automatically be endorsed onto your Statutory Short Term Disability Policy (DBL) effective 1/1/18.
  • Benefits can be 100% employee funded via payroll deduction or Employer can choose to pay all or part of it.
  • The weekly contribution rate is 0.126% of the employee’s weekly wage capped at the statewide wage of $1305.92 which translates to a maximum contribution of $1.65 per week or just under $86 per year per person.

Important Resources For PFL:

A Family Owned Business, A Family Atmosphere

by P. Andersen

The Business Council of Westchester 2017 Hall of Fame

On April 25th, Levitt-Fuirst Associates was honored to receive the Hall of Fame Family Owned Business Award, presented by the Business Council of Westchester.  The evening included 5 other award recipients (Montefiore, Valerie Wilson Travel, Better Homes & Gardens Rand Realty, Leason Ellis Law Firm, and DeCicco & Sons Grocer) along with 680 attendees, and was held at the beautiful venue of Glen Island Harbor Club in New Rochelle.  We were honored to be inducted into the Hall of Fame, and 40 or so Levitt-Fuirst employees, along with many of our clients and business partners, attended the event.

Watch the short video the Business Council created to tell the story of Levitt-Fuirst.

The Levitt-Fuirst Family

The Family Business Award is fitting for Levitt-Fuirst, as we were founded by David Levitt and Alan Fuirst in 1969, and continues to flourish today with Ken Fuirst, Jason Schiciano (Son-in-law to David Levitt), Valerie Levitt, and Ondrea Levitt all continuing the two-family tradition.  It is also fitting because the business is not simply run by two families, it is run like a family.  The employees at Levitt-Fuirst are treated as a part of the LF family, with trips to Long Beach Island every year, regular after work meet-ups to celebrate “Non-Work Related” events (Cinco de Mayo 2017, here we come!), monthly birthday events, holiday parties, and many other events for employees and our families.  We work together, spend time outside of work together, and volunteer together – as a family.

Like any family, there are ups and downs – but like any family, we stick together.  Levitt-Fuirst has had amazingly low turnover of its staff, something that is unusual in the very aggressive insurance brokerage industry.  In our region, we compete with the largest regional and national brokerage firms – they are known to churn employees at a startling rate.  In the middle of this storm, Levitt-Fuirst keeps its people by treating them like human beings, and by understanding that to be a true leader in our industry, you must hire and keep good people.

Consistency

I have been at Levitt-Fuirst for 6+ years, and most of the faces I started with are still here.  There are many more faces, mind you – we have added 20 employees since that time – but the core people I met when I began work here continue to plug along with me day after day.  During Jason’s BCW acceptance speech, he mentioned 3 people in particular, evidencing what Levitt-Fuirst stands for.  Louise Rush just finished her 25th year at Levitt-Fuirst (you would never guess by looking at her).  Louise has worked in just about every department in the office – our office’s swiss army knife, doing what needs to be done wherever her talents are needed.  Jose Arevalo began as a mail clerk, and is now a million-dollar producer.  Jose always joked he is Ken’s younger brother, because Alan Fuirst always treated him like a son.  Kimberly Vargas was a receptionist, and is now the exceptional manager of our Personal Lines department, a highly profitable and essential piece of our business.  3 stories, unique to the industry but not unique to Levitt-Fuirst.

The Family Owned Business Award was fitting, on many levels.  The Levitt & Fuirst families have built a great business, relying on a great staff.  The staff stays because we are treated well, and our opinions matter.  Because we have good people, and consistent staffing, our clients are better served.  Because our clients are happy (Levitt-Fuirst retains clients on an exceptional level), we continue to grow.  With growth, we hire more top notch employees.  With our continued growth, we moved to a new office in Tarrytown, NY in 2016, and opened a Bonding office in New Jersey in 2017.  We are happy with what we have been able to attain as a team, but are not satisfied – we look forward to the next challenge to continue to grow – as a family.

We want to thank the BCW for recognizing the Levitt-Fuirst Family, the entire Levitt-Fuirst family, for this award.  We truly appreciate the honor.

Impact Building & Realty News

 

Levitt-Fuirst Associates Named a “Best Place to Work in Insurance”

Levitt-Fuirst Associates Named a Best Place to Work in Insurance by Business Insurance Magazine 

BI_2015_places_final

We are proud to announce that the national trade periodical Business Insurance has named Levitt-Fuirst as a winner of their Best Place to Work in Insurance competition!

This summer our 50 employees completed an anonymous survey on their opinions about working at Levitt-Fuirst.   This included questions about: their compensation and benefits, how they are treated and respected, opportunities and recognition for individual achievement, what they thought of their co-workers and managers, and some general open ended questions.

 2015 LF Beach Day
2015 Family Beach Day

Levitt-Fuirst Principals also had to complete an in-depth survey that took about 3 hours to complete.   This involved information on: salary distribution, benefits offered, availability of flexible work schedules, number of minority employees, female and minority managers, how do we recognize individual and group achievement, and employee longevity.    We also had to submit pictures of activities we do as a company, such as our Habitat for Humanity project, our offsite team building exercises, and our summer fun day at the beach (including employees’ family members)!

We know that our employees are our strongest asset.   We do our best to help them to thrive, both as individuals and as members of a team.  We strive to offer our staff the independence needed to achieve personal success.   To retain the best in the industry, we provide innovative incentives, such as subsidized gym memberships and healthy lunches, monthly recognition awards, and fun celebrations (when deserved!).

 

 Habitat
Habitat for Humanity

We are very proud of this Best Place to Work in Insurance award, especially since it reflects that our employees enjoy being part of the Levitt-Fuirst family.