Jan 2022 – CYBER THREAT – Software Security Hole Puts Firms at Risk


THE FEDERAL government is warning that a newly discovered computer software vulnerability poses a major threat to the security of computer networks around the country.

Cyber criminals are exploiting holes in open-source code software commonly used in computer applications, websites and cloud services, which can allow them to seize control of a business’s computer network if preventative measures are not taken.

This is not a threat that businesses should take lightly as it could cripple your organization if your network is affected. If your firm is large enough to have dedicated IT staff, it should be their focus now.

 

The danger

The vulnerability lies in the Log4j software library, written in the Java programming language and created by the Apache Software Foundation. Many software vendors incorporate the Log4j software library into products such as websites, applications and cloud services to record network security and performance information.

It is likely that some of the software your business uses is built around Log4j. It runs on everything from cloud services to business enterprise software to internetconnected devices such as security cameras.

The federal Department of Homeland Security, the National Security Agency and other agencies announced on December 10 that they were “responding to active, widespread exploitation” of the vulnerability.

They warned that, if a company’s software has this vulnerability, a criminal could take over the network and cripple the business.

 

VULNERABLE BRANDS
Software developed by these firms have the security hole:

  • Microsoft

  • McAfee

  • Hewlett Packard

  • IBM

  • Red Hat

  • Dell

  • Cisco

  • Adobe

  • Salesforce

  • Oracle

 

What you should do

Do not take this threat lightly. As stated above, if you have dedicated IT staff, make it their primary focus right now. Major software developers have  reported that their products have the vulnerability.

You can find the full list of affected vendors and software here. Apache has published three software patches to address the problem since it became known. Software developers who use Log4j are likely applying the patches and making updates to their software available to business users.
If you receive notification about an updated version of software you are using, it should be installed promptly.

Companies that do not have their own IT department, should contact computer network consultants as soon as possible to get advice on how to proceed.

The Cybersecurity & Infrastructure Security Agency has technical information on this threat on a dedicated website. IT experts should review the site’s content, take appropriate actions as soon as possible, and monitor the site for further updates to the situation.

In the meantime, system administrators should adjust logging system settings so it does not interpret data as computer code.

Antivirus software, using a virtual private network for remote access to the system, and being alert for phishing e-mails are also important protections. Sound network data security coupled with safe internet practices can protect your business’s systems and your ability to continue operating.

 


Jan 2022 – RISK REPORT – Stay on Top of New Laws, Rules in New Year


EVERY YEAR starts with a flurry of new laws and regulations that California employers have to contend with.
And 2022 is no different as the California legislature had a busy year and the stresses of the COVID-19 pandemic resulted in more activity. The end result is another round of new laws that employers need to stay on top of so they don’t run afoul of them.
With no further ado, here are the top regulations and laws affecting California businesses.

 

1. Big change to Cal/OSHA citations

SB 606 adds two new Cal/OSHA violation categories for purposes of citations and abatement orders: “enterprisewide” and “egregious” violations. Cal/OSHA can issue an enterprise-wide citation that would require abating the violation at all locations. And the employer can face a maximum penalty of $124,709 per violation.
The law also authorizes the agency to issue a citation for an egregious violation if it believes that an employer has “willfully and egregiously” violated a standard or order. Each instance of employee exposure to that violation will be considered a separate violation and fined accordingly.

 

2. Permanent COVID standard

On Sept. 17, 2021, Cal/OSHA released a draft text for proposed permanent COVID-19 regulations, which if adopted would be subject to renewal or expiration after two years and would replace the current emergency temporary standard, which is set to expire Jan. 14, 2022.
Adoption is expected in the spring of 2022. Here’s some of what the draft standard would do:

CDPH rules – It would require that employers follow California Department of Public Health COVID-19 prevention orders.
Masks for unvaxxed staff – Unvaccinated staff must wear masks. Employers must provide masks when the CDPH requires them.
Outbreak rules – During an outbreak in the workplace, all staff would be required to wear face coverings regardless of vaccination status. Employers would need to provide respirators during major outbreaks to all employees.

 

3. COVID exposure notification

On Oct. 5, 2021, AB 654 took effect, updating requirements for what an employer must do if there is an outbreak of COVID-19 cases at its worksites.
This law somewhat curtailed earlier outbreak-reporting requirements as well as other required notifications for certain employers, and updated several provisions of the 2020 outbreak notification law, AB 685.
Here are some highlights:

Employers have one business day or 48 hours, whichever is later, to report a workplace COVID-19 outbreak to Cal/OSHA and local health authorities.
• Employers do not need to issue these notices on weekends and holidays.
• When an employer has multiple worksites, it only needs to notify employees who work at the same worksite as an employee who tests positive for  coronavirus.
• The new definition of “worksites” for the purposes of the law has been changed to exclude telework.

 

4. Expansion of the California Family Rights Act

AB 1033 expands the CFRA to allow employees to take family and medical leave to care for a parent-in-law with a serious health condition.
More importantly, it adds a requirement that mediation is a prerequisite if a small employer (one with between five and 19 workers) is the subject of a civil complaint filed by one of its employees.

 

5. Workplace settlement agreements and NDCs

A new law took effect Jan. 1 that bars employers from requiring non-disclosure clauses in settlement agreements involving workplace harassment or discrimination claims of all types. This builds on prior law that barred NDCs only in cases of sex discrimination or sexual harassment.
The new law expands that prohibition to all protected classes, such as: race, religion, disability, gender, age, and more.
One important note: While employees can’t be prohibited from discussing the facts of the case, employers can still use clauses that prohibit the disclosure of the amount paid to settle a claim.

 

6. OSHA vaccine mandate

As of this writing, Fed-OSHA’s new emergency COVID-19 standard was set to take effect on Jan. 1, with the most contentious part of the rule mandating that employees who work for employers with 100 or more staff be vaccinated or submit to weekly testing.
Unvaccinated workers would also be required to wear masks while on the job under the new rules, which have faced fierce challenges in courts.
The U.S. Court of Appeals for the Sixth District recently reversed a stay of the order as challenges to it are litigated, meaning the order can take effect as scheduled as the legal process challenging the rule proceeds.
The U.S. Supreme Court will hear expedited arguments Jan. 8 on the U.S. Court of Appeals for the Sixth Circuit’s decision to lift the Fifth Circuit’s stay.

 

7. Wage theft penalties

AB 1003, which took effect Jan. 1, added a new penalty to the California Penal Code: Grand Theft of Wages. The new law makes an employer’s intentional theft of wages (including tips) of more than $950 from one employee, or $2,350 for two or more workers, punishable as grand theft.
The law, which also applies to wage theft from independent contractors, allows for recovery of wages through a civil action.
As a result, employers (and potentially managers and business owners) would be exposed to both criminal and civil liability for wage and hour violations like failing to pay staff accurately and in a timely manner.
Review your compensation policies and practices to make sure you are in compliance with current wage and hour laws.

 

8. COVID cases may be included in X-Mods

The Workers’ Compensation Insurance Rating Bureau of California has proposed plans to start requiring COVID-19 claims to be included when calculating employers’ X-Mods.
The proposal, which would have to be approved by the state insurance commissioner, would bring to an end current rules that exclude the impact of COVID-19 workers’ compensation claims on X-Mods.
If approved, the new rule would take effect on Sept. 1, 2022. That means that employers will be held accountable for COVID19-related workers’ compensation claims and, if any employee needs treatment or dies from the coronavirus, it could result in higher premiums in the future.

 

9. Notices can be e-mailed

A new state law authorizes employers to distribute required posters and notices to employees via e-mail. SB 657 adds e-mail as a delivery option to the list of acceptable notification methods, which also includes mail.
Required posters and notices will still need to be physically posted in the workplace.

 

10. Warehouse quota rules

A new law that took effect Jan. 1 makes California the first (and only) state to regulate quotas used by warehouse employers.
While the bill was written with Amazon Inc. in mind, it affects all warehouses with 100 or more workers, and violations of the new law can be costly for an employer.
Under AB 701, warehouse employees must be provided with a written description of the quotas to which they are subject within 30 days of hire. Common quotas include the number of tasks the employee is required to perform, the materials to be produced or handled, and any adverse employment action that may result from a failure to meet the quota.

 

While employers may still implement quotas, employees are not required to meet a quota if it:

• Prevents them from taking required meal or rest periods,
• Prevents them from using the bathroom (including the time it takes to walk to and from the toilet), or
• Contravenes occupational health and safety laws. The law also bars employers from discriminating, retaliating or taking other adverse action against an employee who:
• Initiates a request for information about a quota or personal work-speed data, or
• Files a complaint alleging a quota violated the Labor Code.

 


October 2021 – CONSTRUCTION INDUSTRY – Building Risks Evolve, Creating Unique Challenges


AS THE CONSTRUCTION industry booms, contractors face evolving risks that, left unchecked, can leave their operation exposed to new liabilities.
If you already operate a construction firm, you know that there is a labor shortage that has made it difficult to find experienced workers and that hiring entities are asking builders to take on more of the design function, as well.
Your liability picture has also likely changed with the increasing use of wrap-ups and, if you’re using technology in your operation, you now have rising cyber-security risks, too.

Lack of qualified workers

The bottom fell out of the construction industry in the U.S. during the first few months of the COVID-19 pandemic, and many worksites were idled. Now that the industry has found its footing, it’s been dealing with a severe labor shortage.
As construction firms struggle to find workers, the ones who are on the job are having to take on larger workloads, which can put them at risk of injury or making mistakes.
Also, many contractors are having to take on younger, less-seasoned laborers, who may lack the experience to identify and avoid hazards, which puts them and others at risk of injury. Those injuries in turn affect your workers’ comp
premiums.
A lack of workers coupled with inexperienced new ones on sites can also end up drawing out projects, forcing contractors to miss deadlines.

Professional liability risks

As more project owners want an all-in-one job with the lead contractor designing and building the project, contractors now face a new type of risk: professional liability.

But the typical contractor’s insurance policy doesn’t provide protection for any design work you take on.
Courts have ruled that:

  • Designers who perform “builder activities” lose limitation of liability typically enjoyed by design professionals.
  • Builders who perform “design activities” assume responsibility for design deficiencies.

Wrap-ups more prevalent

Many construction projects are now covered under one general liability policy to cover the work of the general contractor, as well as of all the subs. More lenders are requiring that liability is set up in one all-encompassing policy.
A properly assembled general liability wrap-up should provide coverage not only during the construction period, but also up to 10 years after the work is completed.  These policies often reduce the cost of coverage.

More cyber-security risks

Like all industries, the construction sector has grown increasingly reliant on technology to get the job done. That exposes contractors to a variety of cyber risks, including keeping project designs, client records and employee records confidential.
Many building contracts today include clauses requiring the contractor to be responsible for potential cyber breaches.
Given the increasing popularity of practices such as “building information modeling,” “integrated project delivery,” and file-sharing between participants in a construction project, contractors may be at increased risk of liability in the event of a data breach.


April 2021 – Social Engineering Crime – Business Compromise Scams Growing Fast


BUSINESS COMPROMISE scams that use both technology and a human touch to steal funds from businesses are growing as criminals engage in social engineering tactics to dupe unsuspecting employees.

Businesses have lost millions of dollars to social engineering scams, where attackers impersonate a company president or executive who is authorized to approve wire transfers to trick employees into transferring funds into a fake client or vendor account.

According to the FBI’s Internet Crime Complaint Center, in 2019 U.S. businesses were hit with an estimated 23,775 e-mail compromise scams that
resulted in aggregate losses of $1.7 billion. Figures for 2020 are not yet available.

Vishing – or voice phishing – attacks have been growing. The FBI in January warned of an increase in vishing attacks targeting employees working remotely in the COVID-19 pandemic, and of the heightened risks companies face when network access and broadening of online privileges may not be fully monitored.

 

How to train employees

Providing practical employee phishing training is key to keeping your company safe. The following are activities and tips to help you train employees to stay vigilant.

Remote workers should be vigilant in checking internet addresses, more suspicious of unsolicited phone calls, and more assertive in verifying the caller’s identity with the company, the FBI recommends.

When training staff, you should:

  • Explain what vishing and phishing is, how it happens, and what risks it poses on a personal and company level.
  • Explain the different types of phishing attacks.
  • Train your workers in identifying signs of phishing attacks, like e-mails with poor spelling and grammar, incorrect e-mail addresses (for example BobS@ Startbucks.com), and fraudulent URLs.
  • Train your staff in recognizing phishing links, phishing attachments, and spoofed e-mails. Additionally, your employees should know what steps to take after they identify a threat.
  • Conduct simulations that send employees fake phishing e-mails. The results should be shared with them to show how they fell for the scam and the damage that being duped into clicking on a malicious link can cause.

 

Insurance

As vishing and business e-mail compromise scams increase, more employers are seeking to add coverage in their commercial crime policies.
Typically, these policies have been used to cover losses for internal theft, but lately, about 50% of claims are for losses related to phishing and fishing scams.
The price of social engineering coverage varies by risk and limit, but it can often be added to a crime policy as a rider.
One thing though: social engineering coverage will often have lower limits than a typical commercial crime policy. This is because of the risk of much larger financial losses than a company could expect from internal theft or white-collar crime perpetrated by an employee.

 

ADVICE FROM THE FBI

  • Consider instituting a formal process for validating the identity of employees who call each other.
  • Restrict VPN connections to managed devices only (meaning not on employees’ personal devices).
  • Restrict VPN access hours.
  • Employ domain monitoring to track the creation of or changes to corporate brand-name domains.

April 2021- Cyber Insurance – As Attacks and Costs Mount, Rates Climb Higher


CYBER INSURANCE rates are going to increase dramatically in 2021, driven by more frequent and more severe insured losses, according to a recent industry study.

The report by global insurance firm Aon plc predicted that rates would jump by 20% to 50% this year due to two main factors:

 

1. Cyber attacks are becoming more frequent

While publicly disclosed data breach/privacy incidents are actually occurring less often, ransomware attacks are exploding in frequency.

Ransomware incident rates rose 486% from the first quarter of 2018 to the fourth quarter of 2020. The comparable rate for data breach incidents fell 57% during the same period. The incident rates for the two types of events combined rose 300% over the trailing two years.

 

2. The costs of these attacks are growing

The average dollar loss increased in every quarter of 2020. Ransomware attacks were particularly severe – many of them resulted in eight-figure losses. Others may grow to that level as business interruption losses are adjusted and lawsuits against insured organizations proceed.

The combination of more frequent and more costly losses is a
recipe for higher rates.

Cyber insurance rates continued increasing in 2020, with rises of between 6% and 16% in the last four months of the year. In January 2021, most of the top 12 cyber insurance companies told Aon they were planning more drastic rate hikes. Nearly 60% reported that they would be seeking rate increases of 30% or more during the second quarter. None of them expected increases less than 10%.

 

New underwriting criteria

When insurers evaluate cyber insurance applicants, they will be particularly concerned with the organization’s overall cyber risk profile, its cyber governance and access control practices, and its network and data security. Prior loss history will be less important because the frequency of attacks is growing so quickly.

Some insurers may also cap how much they will pay for ransomware losses, or even exclude them entirely. They may also increase the waiting periods before coverage begins to apply.

 

WHAT BUSINESSES CAN DO

To improve your chances of getting more favorable pricing and coverage, the report recommends that you focus on:

  • Reducing the risk of cyber losses.
  • Measures to keep data private.
  • Building an internal culture of cybersecurity.
  • Preparing for ransomware attacks and disaster recovery planning.
  • How your contracts and insurance will respond to a supply chain security breach.
  • Understanding primary and excess coverage terms and
    communicating primary terms to excess insurers.

Pandemic Transition – How to Reopen, Bring Staff Back to Work Safely – July 2020


IF YOUR business is reopening after a relaxation of shelter-in-place orders, you should proceed with caution and make sure you have safeguards in place to protect your workers, as well as customers if they are entering your premises.
Here are some recommendations from the Los Angeles Department of Public Health and other sources that can apply to any municipality anywhere in the country.

Measures to protect employees
• If someone can continue working from home, let them do so.
• Tell employees not to come to work if sick.
• If any employee tests positive for, or has symptoms that are consistent with COVID-19, you should:
– Ask that they isolate at home, and
– Ask all employees who may have come in contact with that colleague to immediately self-quarantine at home.
• Check employees for symptoms or a fever before they enter. This must include a check-in concerning cough, shortness of breath or fever, and any other symptoms the employee may be experiencing.
• These checks can be done remotely or in-person upon the employee’s arrival. A temperature check should be done at the worksite, if feasible.
• Offer at no cost to your employees cloth face coverings if they are going to have contact with the public during their shift. If they are disposable, masks should be thrown away at the end of every shift. If they are reusable, they should be washed after every shift in hot water.
• Instruct employees not to touch their masks.
• Disinfect break rooms, restrooms, and common areas frequently.
• Place hand sanitizer in strategic locations.
• Allow employees to take frequent breaks to wash their hands.

Signage
Place signs at each public entrance of your facility to inform all employees and customers that they should:
• Avoid entering if they have a cough or fever.
• Maintain a minimum 6-foot distance from one another.
• Wear a mask for their own protection, as well as for the safety of others.

Controlling crowds, lines
Limit the number of customers on the premises at any one time, to allow customers and employees to easily maintain at least 6-foot distance from one another at all practicable times. Post an employee at the door to ensure the maximum number of customers in the facility is not exceeded. If people are queueing up, mark the ground outside to ensure proper social distancing.

Spacing between employees
• Require employees to work at least 6 feet apart. You may need to reorganize workspaces to ensure proper spacing.
• In jobs where workers are on their feet, mark spots on the floor where they should stand to ensure social distancing.
• Space out tables, chairs, and microwaves in break rooms.
• Another option is to use partitions made of plexiglass so workers can communicate and make eye contact.
• In addition, you may want to abandon the popular open workspace concept and revert to using cubicles, which gained popularity in the 1980s and 1990s as a way to increase productivity by putting barriers between office workers. Having that divider will make your staff feel safer and can offer some protection.
• Reconfigure furniture placement in offices, public seating areas, and other work areas to support physical distancing.

Cleaning and circulation
Take steps to minimize air from fans blowing from one worker directly at another. Also, consider opening windows for circulation.
Also important are:
• Disinfecting surfaces in workspaces, as well as doorknobs, buttons, and controls. Pay special attention to areas that are frequented and touched more often.
• Providing workers and customers with tissues and trash receptacles.
• Employees who are cleaning and disinfecting should wear disposable gloves.
• Cleaning surfaces using soap and water, then using a disinfectant.
• Sanitizing any other personal protective equipment such as hardhats after every shift.


CARES ACT – New Law Helps Coronavirus-hit Employers, Workers – April 2020


THE $2 TRILLION Coronavirus Aid, Relief, and Economic Security (CARES) Act stimulus law has a number of provisions that employers and their workers need to know about and can take advantage of during this crisis.

The CARES Act aims to help workers and employers weather the outbreak by:
• Extending unemployment benefits.
• Requiring health plans to cover COVID-19-related costs.
• Providing Small Business Administration (SBA) emergency loans.
• Providing emergency loans for mid-sized and large companies.

Parts of the CARES Act will likely benefit your organization and employees in some way. Here’s what you need to know:

Extended unemployment

The CARES Act extends unemployment insurance benefits to workers, as long as they lost their jobs due to the outbreak.
Unemployment benefits under the CARES Act also apply to furloughed employees.
Workers in California will be able to collect both state unemployment and federal unemployment through the new law.
Under existing state law, workers who have lost their jobs can already receive regular unemployment benefits of between $40 and $450 per week, depending on their highest-earning quarter in a 12-month period beginning and ending before they apply for benefits with the state Employment Development Department. These benefits can last for up to 26 weeks.
The Pandemic Emergency Compensation program funded by the new law will provide an additional $600 per week on top of state unemployment benefits, through July 31.
The law extends state-level unemployment by an additional 13 weeks. For example, whereas most of California’s unemployment benefits last 26 weeks, the bill extends state benefits to 39 weeks.
The extended benefits will last through Dec. 31.

Health plan changes

Under the CARES Act, employer-sponsored group health plans must provide for covered workers – without cost-sharing or out-of-pocket expenses – the cost of COVID-19 testing, treatment and vaccinations when and if they become available.

SBA loans

In response to the Coronavirus (COVID-19) pandemic, small business owners are eligible to apply for an Economic Injury Disaster Loan advance of up to $10,000.
This advance will provide economic relief to businesses that are currently experiencing a temporary loss of revenue. Funds will be made available following a successful application. This loan advance will not have to be repaid.
This program is for any small business with fewer than 500 employees (including sole proprietorships, independent contractors and self-employed persons) as well as private non-profit organizations affected by COVID-19. You can find more information here.

And the law’s Paycheck Protection Program offers 1% interest loans to businesses with fewer than 500 workers. Borrowers who don’t lay off workers in the next eight weeks will have their loans forgiven, along with the interest. These loans are designed to provide a direct incentive for small businesses to keep their workers on the payroll. If small businesses maintain payroll through this economic crisis, some of the borrowed money via the PPP can be forgiven – the funds will be available through June 30. Act fast.

Mid-sized employers

Under the new law, the Secretary of the Treasury is authorized to implement financial assistance programs that specifically target mid-size employers with between 500 and 10,000 employees.
Loans would not have an annualized interest rate higher than 2% and principal and interest would not be due and payable for at least six months after the loan is made. But unlike loans under the PPP, these are not forgivable.


CYBER SECURITY – Malicious Coronavirus-related E-Mails Spread – April 2020


AS IF BUSINESSES didn’t have enough to worry about, online scammers have started sending out malicious e-mails to organizations about coronavirus that appear to be from business partners or public institutions. The criminals send these to rank and file employees in the hope that at least one of them will click on a link or attachment in the e-mail, which unleashes malware or tries to trick them into wiring money for supplies purportedly to protect the organization’s workers.

The number of malicious e-mails mentioning the coronavirus has increased significantly since the end of January, according to cybersecurity firm Proofpoint Inc. The company noted that this wasn’t the first time they had seen such widespread cyber attacks associated with some type of disaster. But because this is global in nature, it decided to track the new threat. This practice of launching cyber attacks that are centered around global news and outbreaks (like the current COVID-19 coronavirus) isn’t anything new. Cybercriminals have long employed these tactics to take advantage of users’ desires to keep as up to date with any new information as possible or to evoke powerful emotions (like fear) in the hope that their sentiments will get the better of them and they will not pause to check for the legitimacy of these e-mails.

The cybercriminals are using the public’s ignorance about coronavirus, as well as the conflicting claims of how to protect against it, to lure people into clicking on their malicious links or get them to wire money. Because people are afraid, their guards may be down and they may not be as careful about identifying the e-mail as dangerous.

Some real-life examples

• Japanese workers were targeted in January and February with e-mails that looked like they came from local hospitals. The messages even included legitimate contact information for key personnel. The e-mails were focused on employees of various companies and came in a message that would look like it’s a reply to something or a warning that people are getting from the government. But when they clicked, it was malware. E-mails were sent to companies in the transportation sector that looked like they came from an employee of the World Health Organization.
They included the WHO logo and instructions about how to monitor crews aboard ships for coronavirus symptoms, and they included an attachment with instructions. This phishing e-mail attack was
intended to lure individuals into providing sensitive data, such as personally identifiable information and passwords.
• Companies in the US and Australia have been receiving malicious e-mails that use a display name of “Dr. Li Wei” and are titled “CORONA-VIRUS AFFECTED COMPANY STAFF.”

What you can do

All that it takes to break into your business is a cleverly worded e-mail message. If scammers can trick one person in your company into clicking on a malicious link, they can gain access
to your data. It’s important to train your staff to identify suspicious e-mails. They should avoid clicking links in e-mails that:
• Are not addressed to them by name, have poor English, or omit personal details that a legitimate sender would include.
• Are from businesses they are not expecting to hear from.
• Ask you to download any files.
• Take you to a landing page or website that does not have the legitimate URL of the company the e-mail is purporting to be sent from.
• Include attachments purportedly with advice for what to do. Do not open them even if they come from relatives or friends.


CONSTRUCTION RISK – Why You Need ‘Key Man’ Insurance – April 2020


IF YOU are operating a small business, you are likely relying on a small staff to get the job done. Many employees in small firms have to wear many hats and if one of them or an owner should die, the business could suffer greatly from that sudden loss of talent. If you don’t have “key man” insurance, that setback could be devastating to the viability of your operations, whereas coverage would provide you with extra funding that you would need while recovering from the loss. Keyman insurance is life insurance on a key person or persons in a business. In a small business, this is usually the owner, a founder or perhaps a few vital employees. These are the people who are crucial to a business – the ones whose absence would sink the company. You need key man insurance on those people.

Key man insurance basics

Before buying coverage, give some thought to the effects on your company of possibly losing certain partners or employees. In opting for this type of coverage, your company would take out life insurance on the key individuals, pay the premiums and designate itself as the beneficiary of the policy. If that person unexpectedly dies, your company receives the claim payout. This payout would essentially allow your business to stay afloat as you recover from the sudden loss of that employee or partner, without whom it would be difficult to keep the business operating in the short term.

Your company can use the insurance proceeds for expenses until it can find a replacement person, or, if necessary, pay off debts, distribute money to investors, pay severance to employees and close the business down in an orderly manner. In other words, in the aftermath of this tragedy, the insurance would give you more options than immediate bankruptcy.

Determining whom to cover

Ask yourself: Who is irreplaceable in the short term? In many small businesses, it is the founder who holds the company together – he or she may keep the books, manage the employees, handle the key customers, and so on. If that person is gone, the business pretty much stops.

Determining amount of coverage

• The amount of coverage depends on your business and revenue.
• Think of how much money your business would need to survive until it could replace the key person, come up to speed and get the business back on its feet.
• Buy a policy that fits into your budget and will address your short-term cash needs in case of tragedy.
• Ask us to get some quotes from different insurers. • Check rates for different levels of coverage ($100,000, $500,000, etc.)


KEEPING OPERATIONS GOING – Tips for Successful Telecommuting – April 2020


WITH THE current isolation orders for most workers in California, many companies have had to scramble to put systems in place to allow their employees to telecommute. Many businesses are not set up for having employees work from home, and they have legitimate concerns about productivity and communications. But there are steps you can take to make sure that you keep your employees engaged and on task.

1. Make sure they have the right technology

If you don’t already have one, you may want to consider setting up a company VPN so your employees can access their work e-mail and databases. You will also need to decide if you are going
to provide them with a company laptop, and you need to make sure that they have an internet connection that is fast enough to handle their workload. Also provide an infrastructure for them to be able to work together on files. If they are not sensitive company documents, they can use Dropbox or Google Documents, which allow sharing between co-workers.

2. Provide clear instructions

It’s important that you provide clear instructions to remote workers. Some people do not perform well without direct oversight and human interaction. Without that factor, you will need to spell out your expectations and the parameters of the projects they are working on in detail. Make it clear that if they are confused or unsure about any part of the work, they should contact a supervisor for clarification. If you can eliminate misunderstandings, then your workers can be more efficient.

3. Schedule regular check-ins

To hold your employees accountable for being on the clock, schedule calls or virtual meetings at regular intervals. Even instant messaging works. During these meetings they can update their
superiors on their work. This also helps with productivity, since there are consequences for failing to meet expectations and coming to the meeting empty-handed. Their supervisors should be working when they are, so they can be in regular communication.

4. Keep employees engaged

One of the hardest parts of working from home is the feelings of isolation and detachment from colleagues. It’s important that you build in interactive time for your workers. One way to do that is by using a chat program like Slack, Hangouts or WhatsApp (which has a group chat function). For remote workers, these programs are a blessing because they make it easy to keep in touch with their colleagues in and out of the office – and they level the playing field, so to speak, by making distance a non-issue.

5. Cyber protection

With employees working from home, you also increase your cyber risk exposure, especially if they are using a company computer that is tapped into your firm’s database or cloud. Teach them cyber security best practices, such as:
• Not clicking on links in e-mails from unknown senders.
• Making sure their systems have the latest security updates.
• Backing up their data daily.
• Training them on how to detect phishing, ransomware
and malware scams, especially new ones that try to take advantage of people’s fears about COVID-19.


Request a Wholistic Mindful Analysis

Ask us how we can help your organization