Home Posts tagged prepare
Insurance Special Coverage

Into the Breach

 

 

 

When hackers gained access to a large retailer’s computer network through scam emails to employees, more than 900 store locations were affected, and 2 million customers were impacted before the company was alerted by a security blogger six months later. That led to several class-action lawsuits against the company, attorney generals in multiple states opened investigations, and the affected credit-card companies issued fines.

In another case, a ransomware attack blocked all access to a regional accounting firm’s computer system, and also deleted files. After ransom was paid, it took several days to restore the applications and recover deleted files from a backup. As a result, the firm was unable to meet tax-filing deadlines, causing brand and reputation damage.

Then there was a company that provides technicians to a laptop manufacturer’s repair center. While a young woman’s laptop was in the custody of technicians at the center, her Facebook account was hacked, and several sexually explicit photos were posted to it. She negotiated a quick multi-million-dollar settlement with the laptop manufacturer, which demanded, in turn, that the staffing company compensate it for the privacy breach.

These are only three of many real-life cases detailed by the Hartford Financial Services Group as warnings that companies of any kind and any size are vulnerable to cybercrime.

“That’s where insurance comes in, to mitigate the cost of a claim,” said Chris Rivers, senior vice president of Phillips Insurance Agency in Chicopee. “Small businesses sometimes feel they have less risk than larger ones, but that’s not the case. Anybody can be hacked and be held ransom or have data get out.”

Breaches can come at all severity levels, he noted, from a simple Facebook hack to an attack that steals credit-card information or Social Security numbers from tens of thousands of consumers.

Chris Rivers

Chris Rivers

“Small businesses sometimes feel they have less risk than larger ones, but that’s not the case. Anybody can be hacked and be held ransom or have data get out.”

The Hartford reports that the average cost of a data breach in 2020 was $3.86 million, and the U.S. will account for half of all breached data in the world by 2023, when an estimated 33 billion records will have been stolen by cybercriminals.

One of the more severe types of attacks, those involving ransomware, take place every 11 seconds, and the average ransom payment increased to more than $233,000 in 2020. Such attacks result in an average of 19 days of business interruption and downtime.

Again, it’s not just large companies at risk of cyberthreats of all kinds, said Jack Dowd, vice president of Personal Lines and a commercial risk consultant for the Dowd Insurance Agencies in Holyoke.

“The percentage of small businesses that are targeted is significant,” he noted. “A lot of the people doing this know that a lot of small businesses don’t have the infrastructure in place that a larger business does and are more susceptible to attack, and that’s why they’re attacking them.

“It’s important to know, if you’re taking credit cards or you have a system where you store any type of sensitive information with clients, you’re vulnerable,” he went on. “We’ve seen them target people who wouldn’t think they’d be typical targets, and your best course of action is to protect yourself as best you can, and that would include looking into cyber insurance.”

 

Costs Pile Up

According to the Philadelphia Insurance Companies, the average cost of a data breach is $204 per lost record, with more than half of such costs attributable to lost customers and the associated public-relations expenses to rebuild an organization’s reputation.

That’s one reason why cyber insurance policies cover two distinct classes of loss: first-party and third-party.

First-party coverages include loss resulting from damage to or corruption of electronic data and computer programs; income reimbursement during the period of restoration of the computer system; customer notification, regulatory fines and penalties, and public-relations expenses; and reimbursement for extortion expenses, among others. Third-party coverages, on the other hand, include legal liability for financial damage and privacy violations involving customers, employees, and other third parties.

“Network-security liability is a coverage that will provide defense and settlement costs in the event a third-party claimant sues the insured over a failure to secure their own computer system,” Dowd explained.

Jack Dowd

Jack Dowd

“If you’re taking credit cards or you have a system where you store any type of sensitive information with clients, you’re vulnerable.”

But he warned that these expenses can total much more than the client anticipates. In fact, insurers often include sublimits on certain specific types of losses, and it’s up to the insured party to purchase higher limits.

“A lot of insurance companies give a certain amount, say $50,000, toward notifying people they’ve been hacked. But the notification costs alone, depending on the size of the client book, could be more than that. Then there’s the cost to rebuild data, the cost to secure their network … a lot of things go into cyber insurance that people don’t always consider.”

Rivers agreed. “Within the insurance industry, a lot of carriers have thrown in some smaller sublimits that weren’t there in the past. But you can always buy more, up to what you want.”

It’s easy to see why they would. The Philadelphia Insurance Companies lists many breaches over the past several years that affected thousands of customers, like the international hacking group that gained access to the computerized cash registers of a restaurant chain and stole the credit-card information of 5,000 customers, starting a flood of fraudulent purchases around the world.

Or an employee of a Massachusetts rehabilitation center who improperly disposed of 4,000 client records that contained Social Security numbers, credit- and debit-card account numbers, names, addresses, telephone numbers, and sensitive medical information. The center settled the claim with the state and agreed to pay fines and penalties as well as extending $890,000 in customer redress funds for credit monitoring on behalf of the victims.

Selective Insurance Group relates the case of a payroll employee at a plastics manufacturing company who received a spoofed email from a scammer purporting to be the CEO, requesting that the employee send all employees’ W2s immediately. Which he did, and multiple employees reported that fraudulent tax returns were filed in their name.

This last example is a case of what’s known as ‘social engineering,’ and such phishing attempts have become more savvy and authentic-looking. “They’ve gotten a little more sophisticated in recent years,” Dowd said, which is why companies, often encouraged by their insurance companies, initiate training to reduce the chances of human error causing a breach.

 

Closing the Circle

Insurance companies provide another human element to the fight against cyberthreats, Dowd said.

“If you have a cyber policy, you have a place to go, a place of refuge, if you will. If you ever go to work Monday morning and your system is hacked and someone is demanding a ransom payment, you don’t know where to begin. But if you have cyber insurance, you can call the company; they’ve been through this many times, and they’ll tell you exactly what to do. It gives you a starting point you wouldn’t have otherwise.”

When quoting a policy, he added, an agency might run a test of the company’s system and let it know of any holes that need to be closed, Dowd added. “Even if you don’t proceed with coverage, at least you know you have those entry points, and you can pass it on to a person able to close those gaps for you.”

Insurers may also supply clients with training and quarterly check-ins, he added. “They’ll have your employees take these quizzes that will supply them with real-life incidents that happen in the cyber world, and have them identify the errors or signs that they were fake or malicious; they can actually give you some real-life practice on that.”

Rivers said many insurers provide an online help center, but many clients don’t use that resource, instead hiring a computer specialist to make sure the company has the correct virus and malware protection and that there are no gaps in security, in both the hardware and human realms.

However they delegate it, keeping up to date with the latest threats, strategies, and technology is critical, he added. Even though there’s a cost associated with that, it can pale compared to the cost of a breach.

“It’s something that is out there, and everyone can be impacted by it, no matter how small or how big they may be,” Rivers told BusinessWest. “The reputation of a company can certainly be impacted by it. It’s something people don’t always think about — or want to think about. They say, ‘I only have a couple computers; it can’t happen to me.’ But it can.”

 

Joseph Bednar can be reached at [email protected]

Coronavirus Manufacturing

Current Events

Tony Contrino

Tony Contrino says his utility’s extensive practice with preparing for weather events has certainly helped in its efforts to cope with the pandemic.

 

Tony Contrino says Westfield Gas & Electric, like all utilities, has considerable practice watching storms develop, getting ready for possible damage, and, as the old saying goes, hoping for the best but preparing for the worst.

The COVID-19 pandemic has been like that — sort of, said Contrino, general manager of Westfield G&E. It could be seen coming, and there were certainly efforts to prepare for it. But the pandemic is, in most all ways, not like weather events like Tropical Storm Isaias, which barreled through Western Mass. earlier this month, leaving sometimes days-long power outages up and down the Valley and creating huge headaches for utilities — and the customers they serve.

Indeed, those storms come and go, the damage is repaired, and life goes — until the next storm. This crisis is different, not only in its duration, but in its far-reaching effects — everything from a significant drop in electricity use (7% to 10% are the most often-given estimates), and its impact on the bottom line, to an equally sharp rise in delinquent payments, which also affects the bottom line, to changes in how work is carried out — right down to putting one person in each truck, rather than two.

But as with those weather events, area energy providers are working their way through this crisis, adapting and pivoting, as businesses in all sectors have, and encountering challenges and opportunities — again, like most all other businesses have. But, unlike many businesses, they’re providing a vital service, and thus they’re being diligent about working with, and communicating with, those they serve.

“It’s certainly a different, and very challenging, time — for us, but also for all our customers,” said Contrino. “We’ve made a real effort to communicate through all this, not only with employees but customers as well. We’re trying to keep people aware of what’s going on and what our plans are, and try to give them some assurance that we want to work with them.”

Craig Hallstrom, Eversource’s president of Regional Electric Operations for Massachusetts and Connecticut, agreed. He said the investor-owned utility has been working to keep the power on — yes, Isaias has certainly impacted those efforts — while keeping employees and customers safe.

“It’s been a very different year for us and for all utilities,” he told BusinessWest. “We have half our workforce working at home, and people have been very creative and able to adapt to their work at home. We’ve been able to work differently to do the things we need to get done. Everyone’s working differently — we’ve learned how to use videoconferencing very well — and, for the most part, we’re getting our work done.”

Craig Hallstrom

Craig Hallstrom

“It’s been a very different year for us and for all utilities.”

While making adjustments within their own operations, the utilities we spoke with said they’re working with clients, both commercial and residential, to help during this time of crisis.

Jim Lavelle, general manager of Holyoke Gas & Electric, observed that, while his utility is facing declines in revenue and sharp rises in delinquent payments — further impacting cash flow — these problems often pale in comparison to what customers are facing.

“If we were looking at our losses in isolation, we would be very alarmed, and we are concerned about the numbers,” he noted. “But when we look at the impact to the overall economy and what many of our customers are going through … we’ll figure out a way to manage and get through this.”

For this issue and our ongoing coverage of the COVID-19 crisis, BusinessWest shines a light, pun intended, on how the pandemic has impacted those in the energy business — and how they are responding.

Hitting the Switch

As he talked with BusinessWest, Contrino was just returning from a vacation — only he didn’t get as much relaxation time as he planned, or hoped. Isaias saw to that.

“I was very involved in the storm activity — I just took care of it all remotely,” he said nearly a week after the storm came through, leaving tens of thousands across the region without power for long stretches and “hitting Westfield hard,” as he put it.

That phrase is appropriate for the pandemic as well, obviously, and it applies to every community across the region. Indeed, large numbers of businesses, including some large users of electricity, such as colleges and universities and some manufacturing facilities, but mostly smaller ventures in the hospitality and service sectors, have been shut down for long stretches. And some, like the colleges, are, for the most part, still closed.

Jim Lavelle says Holyoke G&E

Jim Lavelle says Holyoke G&E was thinking about consolidating some facilities, but COVID-19 and a need to socially distance has prompted a re-evaluation of those plans.

Meanwhile, many businesses that are open are struggling and finding it difficult to pay all the bills, including the one from the utility company. And many individuals working for these businesses — or not, as the case may be — are in the same boat, with matters likely to get worse before they get any better (see related story on page 53).

All this has presented a number of challenges for utilities, who are responding, as all businesses are, with use of reserves, belt tightening, and sometimes delaying planned expenditures when possible.

While estimates on the decline in power usage vary — Lavelle also put it at roughly 10% — and the overall drop in demand has been mitigated to some degree by a very hot summer that has commanded more use of air conditioners, said Hallstrom, the bite is significant.

“Over the course of a year, a 10% reduction would mean an impact to us in the vicinity of $4 million to $5 million — and that’s a big number,” Contrino noted. “We’re cutting back, we’re not doing some of the work we would typically be doing, and we’re trying to control expenses as best we can and work our way through this.

“We anticipate that we’re going to be hit on the receivables side, and we’re planning for that,” he went on. “We’ve got funds in place to help us with that, and we’re thinking long-term — I don’t think this is going to end that quickly; I’m sure it’s going to extend into next year to some degree.”

Lavelle agreed, noting that, while Holyoke G&E is looking at a similar hit, it has been helped by some new businesses coming online, including a few involved in cannabis cultivation, which are typically large users of power.

“We’re seeing a few of those businesses start to ramp up, and that will offset some of the COVID impact,” he explained. “But the COVID impact is about 10% overall.”

And while that is, as Contrino said, a big number, it pales in comparison to what businesses across a number of sectors are facing, said Lavelle, adding that it’s important to keep things in perspective.

“We can’t compare to what some of the businesses and some of our residential customers are dealing with,” he went on. “Many of our business customers have shut down for months, and that’s been one of the frustrating things about this pandemic — seeing the customers we’ve worked with and that have worked so hard to build up their businesses go through this type of economic challenge.”

To help these businesses — and residential customers as well — Holyoke G&E, like other utilities, has been working with customers to help them through the crisis.

“Many of our business customers have shut down for months, and that’s been one of the frustrating things about this pandemic — seeing the customers we’ve worked with and that have worked so hard to build up their businesses go through this type of economic challenge.”

There is a moratorium on shutoffs for late payments — the governor put one in place for investor-owned utilities, and municipally owned operations have followed suit — and Holyoke G&E is working with individual customers to create payment plans, said Lavelle, adding that, overall, the utility has seen a 25% rise, roughly $1 million to date, in delinquent payments.

Like Contrino, Lavelle said his utility is handling the decline in revenue through reserves and some reductions in expenses, many of which are coming naturally as a result of the pandemic, such as those involving travel, training (some programs cannot be carried out remotely), and other areas.

Lines of Communication

While coping with the pandemic’s impact to their customers, and the bottom line, area utilities have, like other businesses, been forced to adjust and change how they do things.

This means everything from having some employees who can work remotely do just that, to putting one person in each service truck, instead of two; from closing offices, thereby compelling customers to pay online, to taking steps to make sure those in the pivotal control rooms are at minimal risk of exposure to the virus.

Overall, the goal, said those we spoke with, has been to keep people apart as much possible in order to keep operations moving as efficiently as possible. In fact, Holyoke G&E was thinking about consolidating some of its operations prior to the pandemic, and now, it is certainly rethinking that strategy.

“For a fairly small utility, we have several different buildings, and we had been looking at a consolidation plan,” Lavelle said. “But the distance between facilities and the number of facilities has actually helped us comply with social distancing and other recommendations associated with good COVID hygiene. So we’re revising that whole consolidation plan at present.”

Contrino said his utility’s experience in preparing for weather events like Isaias has been beneficial as it continually adjusts to life during the pandemic.

“We’ve had quite a bit of experience working through numerous storms and large-scale electric outages in the past, and have conducted various emergency-response drills over the years,” he explained. “So we were somewhat prepared to take action — although the duration of this pandemic is something we’ve never experienced before.”

Elaborating, he recalled that, as it became clear the pandemic was coming and there would be a significant impact, the Westfield G&E implemented an emergency-management plan, designated a COVID-compliance officer, and formed an incident-response team of key management personnel — a team that continues to meet regularly to discuss what’s happening and what is likely to happen in the weeks and months to come, although looking far down the road is extremely difficult.

“During this pandemic, we’re always concerned about the health and safety of our employees, our customers, and the general public,” Contrino told BusinessWest. “Although we have essential services to provide, we want to keep everyone safe; we have that balancing act going on — while we’re trying to provide our services, we’re also going to keep everyone healthy.”

Hallstrom concurred, also using the phrase ‘balancing act’ to describe how Eversource is working to keep the power flowing while keeping employees and customers safe.

He said roughly half the utility’s 8,000 employees‚ including those in finance, HR, accounting, and other business functions, have been working at home the past 20 weeks or so. Most of ‘his’ 2,800 employees, those who work to directly provide power and maintain service, have been coming to the office — in whatever shape it takes — every day.

Keeping these individuals safe has become a top priority.

“We’ve implanted many safety protocols — we promote face masks and washing hands, and instead of crews going out two per truck, we’ve had them going out one per truck,” he explained. “We’ve actually bought trucks and taken vehicles out of retirement to increase our fleet so that people can go out by themselves in a vehicle.”

Precautions also extend to service in individual homes and businesses — crews will go in only after ensuring there are no COVID-related issues at the address in question — and to the control centers, which are vital to managing the electric system.

“Day to day, we have a sufficient number of people to manage these facilities, but one of the fears from the pandemic is that if someone got sick and they passed it to fellow employees, that might quickly impact our people and make it so we couldn’t operate that system,” Hallstrom explained. “Those people are highly trained, and in the case of transmission, they’re certified, so that was a big concern.”

While some utilities had control-room personnel quarantine and stay in what amounts to a bubble, he noted, Eversource, which has several smaller control rooms, has been able to spread out its people so there are fewer individuals in a given control room, while some of these facilities were set aside as ‘sterile environments’ that employees not infected with the virus could be moved to in order to keep the system running properly.

Meanwhile, like banks, utilities have had to close their doors to their main offices, which have traditionally seen large amounts of traffic involving customers paying their bills or conducting other business. This business has now shifted online in many cases, said Lavelle, and for some customers, it’s been a big change.

“Being shut down has really impacted how we conduct business,” he explained. “We’ve had online services for some time, so a lot of it has been training customers how to pay online or sign up for a new account online; we’ve seen an uptick of more than 200% in online transactions.

“It’s been pretty seamless,” he went on. “There’s been a little bit of hand holding with some customers, but other than that, it’s gone quite well.”

Watt’s Next

Drawing one more analogy to Isaias — and all the other storms his utility has confronted over the years — Contrino said that, when it came to the pandemic, Westfield G&E prepared for the worst.

And this is the mindset that will continue as the crisis plays itself out, with certainly more questions about what’s on the horizon than answers.

“It’s been a difficult time for everybody,” he told BusinessWest. “However, we’ve put a lot of thought and effort into working through this and moving forward in a disciplined and measured manner.”

With that, he spoke for all the utilities that have been working to keep the power on — tropical storms and all — during a crisis that is testing them in every way and on every level.

George O’Brien can be reached at [email protected]

Senior Planning

Take care to prepare

What was once a demographic ripple has become a full-blown wave — and it’s getting bigger.

According to the U.S. Census Bureau, in 2000, the number of adults age 65 and older was 35 million, or 12.4% of the total population. In 2016, the number of seniors had risen to 49.2 million or 15.2% of the population.

By 2030, the bureau estimates, more than 20% of U.S. residents will have passed their 65th birthdays, and by 2035, that demographic will outnumber children younger than 18 — an unprecedented swing.


View the PDF flipbook HERE

 

What does all this mean?

It means it’s time to prepare — the sooner, the better.

As the Baby Boom generation continues to march into their retirement years — at the rate of 10,000 per day — Americans are living longer than ever. But what that life will entail, post-65, can wildly vary depending on lifestyle preferences, health status, finances, and more.

The questions are myriad. What levels of care are available, and what do they include? How will I pay for all of this, especially if I, or my parents, live well past 80 or 90? How do I approach mom or dad with my concerns that they might not be able to live alone anymore? What’s an estate plan, and what documents do I need to worry about?

It’s a lot to think about, and no single guide can answer all those questions. But hopefully, this special section will sort through some of the confusion and get those conversations started.

buy ivermectin for humans buy ivermectin online
buy generic cialis buy cialis
payday loans online same day deposit 1 hour payday loans no credit check