Pandemic Cyber Security

by | Apr 13, 2020 | Risk Management | 0 comments

PAndemic Cyber Security

One thing this pandemic is certain to do is change the way we do things going forward. We have seen companies from all industries and sizes adapt the way their employees work to ensure they can stay afloat through this crisis. Perhaps your office employees are working from home with a laptop, or maybe you’ve cut all face to face interactions with clients. Either way, the exposure for cyber risk has already skyrocketed.

We’ve been talking about cyber exposures for a number of years now. Whether it be misinformation, a phishing email coming from your businesses email, or a hacker locking up your network and holding it for ransom, the number of attacks on businesses has grown exponentially.

Below are five quick tips on how you can limit your business’ risk of being victim to an attack:

1) Passwords:
First of all, don’t make your password something along the lines of SeasonYear!, as even I could guess that. Make it something more difficult like best NFL team (Packers), year, exclamation point. That is what I do and it works great (only kidding). In all seriousness, you need to make sure you, and your employees, are using complex passwords for any login that may have personal, company, or client information on it that could be valuable. I suggest using password savers like Roboform or Dashline to make sure passwords are updated and not forgotten. Also try to enable two factor identification as often as possible.

2) Out-Bound Emails
Emails are common places, if not the most common, for an attack to occur. Especially for a business like a tree service. For example, my dad received an email from a tree service in his area whose G-mail account had been hacked. It mentioned the job, which was actually just finished at my dad’s house, and where to send money. The only reason my dad caught it was because the amount was different from what they had originally discussed. Imagine if your email was hacked and clients sent you personal information, banking info, etc. You’d be on the hook for any damages, defense costs, credit monitoring for the client, and much more. Make sure your email is secure and that clients have a clear understanding of what type of things you would or would not ask for via email. And check with your insurance agent to see if you have cyber coverage. If not, I’d strongly recommend it as it is not very expensive and offers high limits!

3) In-Bound Emails
Are your office staff members and employees trained on what to be aware of when receiving emails? Follow these tips to be safe:

A. Make sure you have a good filter for blocking out spam emails. We work closely with an IT security company and we still see some slip through every once in a while.
B. Verify the sender before opening the email, and definitely before opening any attachments!
C. Hover over hyperlinks and make sure the URL matches the source. Look closely for any typos or odd spellings.

4) VPN
If you have employees working from home or working remotely, I encourage you to look into Virtual Private Networks (VPN’s). This would often come into play for anyone working out in the field that may connect to a public network. Employees could stop at a restaurant and connect to their wifi, or go to a conference and work from the hotel. When connecting to a public wifi spot, employees are at risk of connecting to a fraudulent network that imitates the network they think they are connecting to. Employees could also connect to the original network which may have been breached, allowing attackers to obtain information during your employee’s use. Check out VPN’s like ExpressVPN or Surfshark and make sure to consider the number of devices and frequency of use before purchasing.

5)Watch Out for Spoofs
People are desperate for new information right now. We want to know what updates there are regarding COVID19 and how it impacts us and our business. Consider that times like these mean we are most vulnerable to attacks and misinformation. Try to be conscious of where you’re gathering information and make sure it is from credible resources like the World Health Organization (WHO) or the Centers for Disease Control(CDC). Consider that emails, pop-ups, etc. for “COVID19 Update!” may be click bait and encourage those in your company not to jump to conclusions.

The World Health Organization recently stated they were also in the middle of an ‘Info-demic’ due to the large spread of misinformation regarding COVID19. As the employer, it is your responsibility to provide your employees with the correct information. Utilize resources such as WHO, CDC, TCIA, and ISA, to get relevant information throughout the pandemic. As always, feel free to reach out with any questions and we’ll see what we can do!

Written by: Malcolm Jeffris, CTSP

Employee’s Personal Vehicle for Work

by | Mar 30, 2020 | Risk Management | 0 comments

Employee’s Personal Vehicle for Work

One of the largest exposures your field workers have to contracting a communicable disease is spending time in the same vehicle with someone who is contagious while riding to and from the jobsite. The close quarters inside the cab of a truck make it very easy for an infected person to unintentionally transmit a virus to their co-worker.

Because of this many tree services have begun to allow employees to drive their own personal cars and trucks during the work day.

While this risk control measure is great for reducing the risk of spreading an illness, it creates other liabilities to the tree care business that needs to be managed. Below, I have outlined the additional concerns a tree care company must consider to address to successfully implement a “Drive Your Own Car Policy”.

For the Employee
In the vast majority of states, their personal auto insurance policy will be the primary policy in case of an accident. Meaning:
It is also the only policy that will pay for damage to their car. Their limit of liability is very important, as this limit is what initially will be used to pay for any injuries or property damage they cause to others.
If they use their personal vehicle regularly for work purposes, they should talk to their auto insurance company to make sure coverage is there for ‘business use’. Without their insurance company knowing about the use of the vehicle for work, there may not be coverage for an accident.

For the Company
A standard business auto insurance policy does not have coverage for anything that happens with non-owned vehicles. A tree service must add Non-Owned Auto liability coverage to provide liability protection if your company gets sued due to an accident by an employee with their vehicle while on company business. This is most likely going to be secondary coverage that pays after the employee’s personal auto policy limits are exhausted.

A business auto insurance policy does not and cannot provide coverage for physical damage to the employee’s car.

Management Best Practices
Know the driving record of the employee that is asked to drive their personal vehicle for work purposes. This is no different than analyzing if an employee can drive a fleet vehicle for the company based on their driving record. (Contact ArboRisk to get a copy of our MVR Guidelines to determine if you would like them to drive or not).

The tree service should get a copy of each employee’s personal auto insurance policy to prove coverage is in place and review their liability limits.
A minimum limit of liability that an employee is required to carry on their personal auto insurance policy is important. (We recommend requiring, at minimum, $500,000 coverage per person, but check with your state’s Wrongful Death Act regarding the minimum lawsuit for a minor’s death. Use that as a guideline for setting your limit.)

Decide whether or not the company will pay for repairs or deductibles associated with breakdowns or accidents that happen while on work time.

Inspect the employee’s vehicle for any safety issues before allowing that employee to drive for work.

Decide how the company will reimburse for expenses, either using the IRS guideline for mileage or another way that is better suited for the company.

Create a written policy that outlines all of the requirements and responsibilities of both the employee and the company.Allowing employees to drive their personal vehicles on the clock can be a very critical risk management move during the midst of a community wide outbreak, however, the tree care owner must ensure that proper steps are taken not to create a larger liability to the company when doing so.

Written by: Eric Petersen

Coronavirus and Insurance Claims

by | Mar 9, 2020 | Risk Management | 0 comments

Coronavirus And Insurance Claims

With all of the attention that the coronavirus (COVID-19) is getting, many tree service owners have asked us if they could be held responsible in any way if their employees or customers were to become infected. The answer really depends upon the specific circumstances of the infected person, but let’s take a deeper look at insurance coverage and illnesses.

To start, let’s discuss how flu epidemics are treated in contrast to location-specific illnesses like E. Coli or Salmonella. An outbreak of Salmonella can often be traced back to an exact source of contamination. This allows the local health department to take action against the company who harbored the bacteria. Depending on the facts surrounding the outbreak, the business could be liable for any illnesses or deaths associated with the outbreak. There are custom insurance coverages available to protect businesses that can be purchased, however, this is much more common in the food service and hospitality industries than the tree care industry.

Now during a flu epidemic, where someone could pick up the virus almost anywhere, it is near impossible to connect the contraction of the illness to a particular business or location. Therefore these events are unlikely to trigger a liability to your tree care company.

What we know about the coronavirus is that it is spread from person to person like the flu. The new known cases rarely have any connection to a specific location or source of infection, consequently the claims analysis for an infected coronavirus person would be handled similar to that of the flu.

In regards to Workers’ Compensation, a coronavirus infected employee could make a successful claim, however, there needs to be a very specific set of circumstances. In most states for a workplace illness to qualify as a Work Comp claim, it must be proven that the employee was subjected to a unique environment that is not common to the general public. If that unique environment was a known location to have a coronavirus outbreak and the employee was sent there to perform their work duties and they contract the virus, they could claim the illness on Work Comp.

In summary, despite the real fear of a widespread coronavirus pandemic, there will most likely not be business insurance coverage available to infected persons. Take all precautions to limit exposure to the virus, just like you would the flu and make contingencies for your office team to work remotely if possible to limit the spread throughout your organization. If you have a specific employee contract the virus and are concerned it may qualify for Work Comp, turn it into your insurance company right away and let them investigate it.

According to the Centers for Disease Control (CDC), here are some tips to minimize the impact of the coronavirus.

Ensure sick employees stay home and are symptom free for at least 24 hours before returning to work.

1. Be flexible with your sick leave policy and make sure employees know what they are expected to do when sick.
2. Educate employees on proper self-hygiene, like washing hands and covering your mouth during a cough or sneeze.
3. Keep cleaning supplies, tissues and hand sanitizer stocked and readily accessible.
4. Perform routine cleaning in your shop and office as well as providing disposable wipes to employees to keep their individual workstations clean.
5. Check the CDC’s Traveler’s Health Notices for travel guidance before sending an employee on business.

Written by: Eric Petersen

7 Deadly Sins of Workers Comp

by | Mar 2, 2020 | Risk Management | 0 comments

7 Deadly Sins of Workers Comp

If there is ever a place where the phrase ‘attitude is everything’ holds true, it is certainly in the Work Comp world. After partnering with tree care companies over the past fifteen years, I’ve noticed distinct patterns in the attitudes of business owners on how they view Workers’ Compensation and their individual company’s financial strength. These observations led to the creation of the 7 Deadly Sins of Work Comp analogy to help tree care owners and managers avoid destructive behavior.

When a tree care company exhibits any of the characteristics listed below there are grave consequences to both the business’ fiscal health and overall culture. The 7 Deadly Sins of Work Comp are listed starting from the most to least dangerous for a tree service.

Pride – dangerously corrupt selfishness – The deadliest Work Comp sin is Pride. Pride results when tree service owners believe they are already doing the best they can to prevent injuries from happening and they think they know everything about how to handle them. This prideful mindset blocks their ability to learn and grow as a leader for their company, putting their organization and everyone involved in a very precarious situation. Being open minded to suggestions and improvements on safety and injury handling practices can combat Pride. A tree care company owner can never learn too much about how to keep their employees safe and how to lessen the impact of injuries.

Wrath – uncontrolled anger or vengeance – Far too often, a tree care owner or leader gets so fed up with Work Comp that they assign the responsibility to someone else in their company. Their frustration, anger and negative attitude about the system demolishes any positive aspects of Work Comp and sets the company up for failure. A commitment to building a strong safety culture and implementing proper documentation and best practices for Work Comp, must start at the top of the company. The leaders should employ others on the team to help achieve success, however, the responsibility should never be assigned to someone else out of frustration or anger at the system.

Lust – intense longing – Every tree care company wants the lowest possible cost to their Work Comp. However, the intense desire for the lowest cost often blinds the business from how to properly achieve it. The insurance industry, unfortunately, has played a large part in creating this longing. Rather than helping to educate their clients and prospects on how to reduce their long-term Work Comp cost, most insurance agents simply focus only on beating the price of the current insurance company. This is exactly what happens to your customers when your competitors are focused solely on providing cheap tree care services and do not take the time to work with the customer on proper tree care. It is perfectly normal to want to get the lowest cost for your Work Comp policy, however the owner needs to make sure they understand how the system works so they can continue to keep their cost as low as possible into the future and not be blinded by a one-time low quote.

Sloth – lack of interest – The Work Comp sin of Sloth is similar to Pride, but instead of the tree care owner believing they are doing everything they can do; they have a disinterest in proactively preventing and managing injuries. Accepting that injuries are “just a part of tree work” is the surest way to have your company suffer because of them. The impact of the injury multiplies significantly when the tree care owner intentionally does not do anything to manage the injuries when they do happen. To avoid this, the owner must commit to preventing injuries from occurring and create a process to consciously manage them. Written policies and procedures, like safety and return to work programs, as well as injury reporting guidelines are part of the preparation a tree care company should go through to minimize both the financial and emotional pain of an injury.

Envy – insatiable desire – It doesn’t happen often in the tree care world, however, some employees will view Work Comp as an easy paycheck and grow envious of those that get a “free-ride” from the Work Comp company after an injury. If an employee is injured and cannot perform their assigned work duties, they will receive a paycheck from the company’s Work Comp policy. To dodge this sin, institute a formal return to work program outlining what tasks an injured worker can perform for your company. Make this a part of your employee handbook and have all employees sign the handbook, stating they understand that if they’re injured the company will provide work for them to perform within their medical restrictions. Communication between the tree care company, the injured employee, and the treating physician is critical for an effective return to work program.

Gluttony – overindulgence – Not only can an injured employee abuse the Work Comp system, but tree services may also be gluttonized by the medical community. Now, the overwhelming majority of doctors will do their best to return the injured employee to work as quickly as possible. However, a tree service must make sure the treating physician doesn’t see a Work Comp claim as a blank check. Treating physicians have the authority to assign the injured employee off of work to help the injury heal. Thus, just like with Envy, having a solid written return to work program in place protects a tree service from being taken advantage of. Ensure that the doctor knows immediately of any light duty work that is available so they can write any physical restrictions to accompany the light duty. Top performing tree care companies have established relationships with medical clinics before any injuries occur, thereby eliminating most of the potential for errors in communication and gluttony by the doctor.

Greed – desire by trickery – The final Work Comp sin happens when tree care owners intentionally misclassify their employees on their Work Comp policy to get a lower rate. Like other forms of deception, intentionally misclassifying employees sets up the tree service for audit penalties and disciplinary action from the Work Comp insurance company. Not only will the tree service receive an increase in premium from the audit, many insurance companies will non-renew policies if different classifications should have been used at the start the policy. The acceptance of different class codes is something that needs to be agreed upon with the insurance company prior to the policy start date. Owners must work with their insurance agent to understand how to track and report payroll if they can use multiple codes for an employee.

Don’t go to Work Comp hell! Avoid the 7 Deadly Sins of Work Comp to keep your business as strong as possible.

Eric Petersen of ArboRisk Insurance presented this topic at the 2019 TCIExpo in Pittsburgh, PA.

Written by: Eric Petersen

4 Tips to Minimize Credit Card Risk

by | Dec 3, 2019 | Risk Management | 0 comments

4 Tips to Minimize Credit Card Risk

Credit card fraud is everywhere and it’s scary, especially for tree services!

Just this past week, an underground website called Jokers Stash claimed to have 4 million credit card numbers for sale taken from fast food chains and that is just the most recent example.

Because most tree services accept credit cards in some manner, I consulted with Spencer Shimon of Heartland Payment Systems, the nation’s 5th largest payment card processor, to learn how tree care companies can minimize their credit card risk.

The first thing Spencer mentioned was that the lowest risk transaction will always be one that done in person by you or your team; via Swipe, EMV (Chip Card), or Contactless (entering directly into a web portal). When doing this you do not keep any of the information as the service is paid for right away.

If you ever write down credit card information, whether taking the payment over the phone or asking for the payment information online, you are subjecting your company to a much higher risk level, ultimately risking higher processing rates.

That said, Spencer’s four tips to reduce your risk are:

Mobile Card Reader – Get a mobile card reader and encourage your team to take payments out in the field. This way, no credit card information is written down or stored by your company and will help ensure you’re being PCI compliant. If you do have to write the credit card number down, you must shred that document immediately after use. It should also help you get payment faster!
Proper Information – Make sure you get as much information as possible when taking a payment over the phone. If you’re only getting the Card Number, CVV, and Expiration, then you’re missing very important consumer verification information. Always get the Zip Code and billing address to go along with the credit card info to ensure your customer is using their credit card.
Verify – Make sure you have a system that’s designed to catch user errors. Mistakes happen, and people give the wrong information and sometimes enter the wrong information. Understand the credit card processing fees that your business is being charged is based on your level of risk. Catching those mismatches will help in paying less fees over time.
Documentation – Keep good documentation on what services were agreed upon and what is being paid for with the credit card. If your gut tells you that something is fishy about the way the customer wants to pay for the services, ask more questions and get everything in writing. You don’t want to have a customer paying for your services with a stolen card.
If you or anyone on your team is interested in finding out how to make sure you are PCI compliant, or interested in reducing your overall risk for processing credit cards, please reach out to a Thrive member today!.

Spencer Shimon is a Relationship Manager for Heartland Payment Systems, the 5th largest processor in the United States. They deliver credit/debit/prepaid card processing, mobile commerce, e-commerce, marketing solutions, security technology, payroll solutions, and related business solutions and services to more than 400,000 business and educational locations nationwide.

https://www.merchantbillofrights.org/

Written by: Malcolm Jeffris, CTSP

Why Insurance is NOT Risk Management

by | Oct 1, 2019 | Risk Management | 0 comments

Why Insurance is Not

Risk Management

Written by Eric Petersen, CIC

Video by Mick Kelly

“I practice risk management. I buy insurance.”

It’s staggering how many times I hear that phrase and unfortunately it is equivalent to “crown raising is a great structural pruning method.”

Simply put, insurance is NOT risk management. Insurance is a part of a successful risk management program, but should never be considered to be your entire source of risk management. Just like crown raising may be a part of the structural pruning, it is by far not the only aspect to properly pruning a tree.

There are five steps to the risk management process and, as an arborist, you subconsciously use these steps every day in the field. Sadly, because many tree care company owners are not programmed to consciously think about these five steps, they miss some of these steps when looking at their own business. This article is meant to help you apply the risk management process to your business so you are not left relying solely on insurance to protect all of the hard work you’ve put into your business.

1. Risk Identification – It starts with understanding the potential risks: what could possibly go wrong? The identification of potential risks can be done a number of ways; a few examples are by using checklists, surveys, or interviews with employees and other industry professionals.

As an Arborist – The visual inspection of a tree and surrounding property to determine what equipment you need for the job and what potential problems you may incur when working on that tree.

As a Business Owner – Think about your physical property, liability concerns to other people, your internal team and the business’ income to identify where the exposures are in your business.

2. Risk Analysis – For each risk that was identified, what is the likelihood of it actually happening and how severe of a situation will it cause? The frequency and severity of your risks will help you understand where to spend your time and money in preventing these risks.

As an Arborist – Based on the particulars of the job, you begin to set up the jobsite in your mind. How will you minimize damage to the lawn and set up the work site? Which tree needs to be worked on first to have the project go smoothly?

As a Business Owner – For each of the risks that you have identified, ask yourself, if this happened, how much would it impact my business? Making a Risk Map, where you put Severity on the top and Frequency on the side, will help you focus on the risks that will disrupt your business the most.

3. Risk Control – Once you know the likelihood and potential severity of your exposures, you need to create a plan to control those risks. Each risk can be addressed either by avoiding it all together, retaining the exposure or assuming the loss yourself, reducing the loss by trying to prevent it from happening, or lowering the impact by being prepared before it happens and transferring the risk to someone else. Spoiler Alert: Insurance doesn’t come into the picture until you want to transfer your risk to someone else!

As an Arborist – Before you start your job, conduct a job briefing with your crew, discussing all of the particulars of the job. That briefing is the risk control method of preventing an accident from happening by talking everything through before you start the work. It also serves as a way to reduce the impact of an accident by being prepared before something happens. If weather conditions change you can stop the job and avoid an injury or accident from happening. These are all examples of Risk Control techniques that you use every day.

As a Business Owner – Your goal is to minimize the risks to your company at the optimal cost. Installing or strengthening your safety program is a great risk control method. Creating a hiring and recruiting plan to employ the very best employees can limit the potential for employee issues or lawsuits. Understanding your company’s financial strength and where you can self-insure or retain the small things that come up everyday is critical in this step.

4. Risk Financing – We finally get to the point in the process where we talk about insurance! The decision as to how the risk will be paid for is made. Do you want to assume the risk and control it some way or do you want to buy insurance?

As an Arborist – You either decide what extra equipment or labor is needed to get the job done safely, or you decide to assume the risk of something happening with less crew members and/or not the right equipment. Your decision can be influenced by the availability of your insurance coverage and deductibles, however, whichever way you decide to perform the job is an example of risk financing.

As a Business Owner – When looking at your Risk Map, most tree care owners are willing to self insure or assume the financial risk of the low severity incidents. Anything that is in green in the above chart typically is self insured. The yellow and red items are things that pose a greater risk to your business’ overall financial health. Insurance is purchased for these risks.

5. Risk Administration – The last step in the risk management process happens after all of the planning and decisions have been made and when the plan is implemented. Part of this step is also to assess the effectiveness of your actions to improve upon your overall plan in the future.

As an Arborist – You perform the job and take mental or physical notes on how to do the job better in the future. These personal experiences are crucial for minimizing your risk on similar jobs in the future.

As a Business Owner – You begin to implement the plan by focusing on the largest impact risks first and what to do with them. Then move to lesser exposures that your business faces. All the while you want to assess how you are doing in each area in case you need to make adjustments.

Focusing on true risk management within your business will give you the ability to confidently plan and budget for the uncertainty as well as become more profitable because you have reduced the cost of accidents and injuries. Insurance should be part of this process, but should NOT be relied on as the only method of risk management.

Because working with tree care companies is all that we do, contact ArboRisk to have one of our team members help you create a solid risk management plan. Also, check out our New Heights Thrive Risk Management Package – this structured program can help grow your business and take your company to new heights!