3 Critical Cyber Security Measures

by | Jan 8, 2019 | Risk Management | 0 comments

3 Critical Cyber Security Measures

“Cyber Security? Only mega corporations like Target and Home Depot have to worry about that. I’m just a small tree service. I don’t have anything that hackers would want.”

Be honest, have you ever found yourself saying that? Chances are you have and, naturally, this article will tell you why you need to pay attention to what is going on in the cyber security world. Last year, I attended a Cyber Risk Seminar and learned that 69% of data breaches occur from a negligent insider (or former insider). That means someone inside your company either clicked a bad link, emailed a virus or unknowingly allowed a hacker into your computer system.

Before discussing the ways to minimize your cyber liability, I want to highlight a few areas of exposure that every tree service has. As with any exposure to loss, there are internal and external risks that a business faces.

External Cyber Risks

1. Transmitting a Virus to a Customer/Vendor – Tree care companies rely on email to communicate with their customers and vendors. Email is the most efficient method of communication and also presents the easiest way for your company to be liable for a cyber breach. If one of your employees sends an email that contains a virus to a customer or, worse, your entire customer database, you could be facing a huge unexpected expense. It costs anywhere between $100 – $350 to remove a virus from an infected computer and that cost does not include if any personal data was compromised or any business shutdown occurred because of it.
2. Customer’s Personal Data – Every tree service has some personal information from their customers. Names, addresses, phone numbers, email addresses and credit card numbers are all considered Personally Identifiable Information (PII) and is therefore information that must be protected from a data breach. If a hacker gets into your computer system and gains access to this basic customer information, you will be responsible for notifying the customer of the breach and providing credit monitoring for one year.
In 2016 the average cost for a data breach was $158 per record – How much would a breach cost your business at that price point?

Internal Cyber Risks

1. Employee’s Personal Data – When hiring someone onto your team, there is a lot of personal information that you gather – Social Security numbers, birthdays and driver’s license numbers, to name a few. Do you have a direct deposit payroll system set up? If so, your employee’s bank information is in your system. As the business owner, you clearly have a responsibility to protect your employee’s data. What would happen to your employee loyalty if you failed at keeping their information safe?
2. Business’ Computer System – Interruptions seem to happen fairly often when using technology for your business. Sometimes the internet goes out due to a cut wire down the street. Your phone system may suffer a break in service due to something on the provider’s end. Those are out of your control, however, what you can do something about is your internal business system. Is your computer network backed up in the cloud or off-site? What would happen if your system got hacked and held for ransom from a cyber-attack?

Now that you know the common cyber exposures that all tree services face, here are three areas to focus on to reduce the chance of a cyber liability event. Implementing these changes can reduce your chances of a breach by almost 70%!

1. Inbox Security – Studies have shown that 93% of all computer hacks begins with email phishing. Email phishing is a tactic that hackers use to get the email user to click an infected link embedded in an email to gain access to their system. These can be specific to an individual and look VERY similar to an email that you would get. I’m sure you have received these before but may not have even realized it – an email from UPS about a package delivery or that your Amazon order needs more information. They look very real and ask you to take action by clicking the link included in the email to resolve the issue. Once you click the link, your system is compromised. Working with a proactive IT company will help you get the proper email controls in place to limit the phishing attempts on your employees.
2. Browser Security – The next part of cyber security is enabling the proper security features on your internet browsers. This can again be controlled by your IT firm and will help you restrict access to potentially damaging websites. We’ve all heard stories of how one employee used a work computer to search for something that wasn’t work related and the shady website that was viewed infected the computer and it spread to the other networked computers. Tighten up what sites can be opened and this exposure disappears.
3. Employee Behavior – Training employees on what to look for from a phishing attack or questionable website is the best way to limit the accidental “oops, I shouldn’t have opened that email.” In our agency, we signed our employees up for a six part training on email phishing. As the owner of my company, I need to do whatever I can to make sure my team understands how these schemes work so we don’t cause a data breach.

The world of cyber security can be overwhelming, however, if you focus on these three simple areas, you will drastically limit your exposure to a crippling data breach.

For more information on how to properly protect your business against a cyber event, contact our agency.

Written by: Eric Petersen

Is Your Safety Program Working?

by | Dec 5, 2018 | Risk Management | 0 comments

Is Your Safety Program Working?

As a risk manager for the tree care industry, I am often asked, “how does a tree service make sure their safety program is working?” Because of this common question, I want to share three simple ways that you can internally audit your safety program to ensure you are doing all you can to get every employee home safe at night.

Are your employees able to explain what to do?

An effective safety program will teach your team members exactly what to do in case of an injury. Simply ask employees from all departments to describe the steps to take. They should know who to call, which clinic they need to go to depending on location, and what forms to fill out as soon as the injury happens. Of course, if they cannot explain what to do during a non-emergency situation, they won’t know during a panic-filled time of injury. Make this the topic at your next safety meeting to train everyone on the procedure for an injury. Have your procedure written down, and kept at all locations and in each vehicle for an emergency.

Can you prove your program is being implemented?

Documentation is a key component of an effective safety program. Whether it is for OSHA or to obtain a lower insurance rates, being able to prove that that your safety program actually exists is the goal. You should have employees sign that they acknowledge and understand the safety program and employee handbook, as well as attendance sheets for the weekly or bi-weekly safety meetings. Be sure to note the topics on the attendance sheets as well. This also helps you recognize if an employee is not being properly trained on a piece of equipment or operational service that you provide.

Numbers Talk!

Have a safety committee member be in charge of monitoring your data. A simple Excel document is a great way to track important statistics like; number of incidents, number of different employees injured, number of missed work days, etc. These numbers should be reviewed monthly or quarterly at the very least. Make note to monitor both positive and negative trends as you’ll want to reward a strong safety environment while addressing any obvious issues.

Remember, even TCIA Accredited companies have serious injuries and fatalities that could have been prevented. Don’t let your safety culture get stale and ineffective. Use these three ideas to monitor the strength of your program so you know when and how to improve it.

Written by: Malcolm Jeffris, CTSP

Top Insurance Agencies for Tree Care Companies

by | Nov 6, 2018 | Risk Management | 0 comments

Top Insurance Agencies for Tree Care Companies

The tree care industry parallels the insurance industry in so many ways. A quick Google search of either results in hundreds of choices for the consumer, however, as you know there are only truly a handful of professional businesses that are the right fit for each situation.

 

Any arborist who has tried to find insurance for their company knows that most insurance agencies do not understand the tree care world at all. They do not know what the simple difference between an arborist and a tree trimmer is. They certainly have never foot locked up into a tree or been a Past-President of an ISA chapter before. Unfortunately, these general insurance agencies provide the majority of the insurance coverage to the tree care world.

 

At ArboRisk we pride ourselves on our dedication to the tree care industry. It is because of the in-depth knowledge that our team members have that we are able to help our clients get every one of their arborists home safe each night and make sure there is a job waiting for them in the morning.

 

However, rather than just selling ourselves to you, I want to give you a few other outstanding agencies that have committed to promoting the professionalism within the tree care world. Just as it is with tree work, the more tree services that utilize the best insurance agencies out there, the healthier the whole industry will be.

 

When looking at which agency is best for your organization, remember to not fall into the Quoting Trap as described in a recent article (found here). Interview each potential agency and select the one that fits best with you company’s goals and aspirations. Each of the agencies listed below belong to local ISA chapters and the TCIA.

 

Corcoran & Havlin Insurance Group, Wellesley, MA – (https://www.chinsurance.com/commercial-insurance/tree-care-insurance-risk/)

 

C&H’s Tree Care Team is led by Rick Weden, a frequent speaker at industry events and contributor to TCIA Magazine. Rick has been a true partner to the tree care industry for many, many years and takes great pride in understanding how accidents happen and helping companies prevent them from occurring.

 

Georgetown Insurance, Frederick, MD – (https://www.georgetownins.com/business-insurance/specialty-programs/arborists-insurance/ )

 

Georgetown agent, Matt Simmons, focuses on reducing a tree care companies exposure to risk by helping them implement safety programs, drug testing protocols and toolbox talks. Matt has been a supporter of the TCIA by exhibiting at multiple TCIExpo’s in the past.

 

Hub International, Santa Barbara, CA

 

Mark Shipp and the Hub International team have been helping tree care companies for over 20 years now. In addition to the Certified Insurance Counselor (CIC) designation, which is equivalent to the ISA’s Certified Arborist credential, Mark also holds his Certified Treecare Safety Professional (CTSP) designation.

Written by: Eric Petersen

Avoid the Insurance Quoting Trap

by | Oct 31, 2018 | Risk Management | 0 comments

Avoid The Insurance Quoting Trap

By Eric Petersen, CIC

Shopping for insurance coverage can be an exhausting task. Starting with your phone ringing off the hook three to four months before your renewal from agents trying to “quote” your policy, to gathering equipment lists and insurance loss runs to listening to final presentations for hours on end, the traditional way to get an insurance quote will leave you frustrated and worn out. And worst of all, at the end of it, you probably will stay with your current agent and insurance company because most quotes will be very similar in price anyway. That my friend, is what I call, the Quoting Trap.

So how do you avoid the Quoting Trap yet still secure the best possible insurance program for your business? You must first start with an understanding of the following facts about the current insurance industry.

Fact #1 – Not Many Options

Unfortunately, there are only a handful of insurance companies that truly have the proper knowledge of the tree care industry to offer the best protection at the lowest price. Because of this you will see agents scramble to submit your information to those insurance companies. The first agent that submits the account is the one that has authority to get the quote from them.

Fact #2 – Prove it

To offer the lowest price, insurance companies need proof of why you will not have an accident or injury. This typically means providing loss runs from your prior policies to the quoting insurance company to show what your incident history has been and answering a few questions regarding your safety program.

Fact #3 – Not all Agencies are Created Equal

I’m sure you are sick of explaining how an arborist is much more than a tree trimmer to insurance agents looking to give you a quote. Because the vast majority of insurance agencies do not specialize in working with tree services, their knowledge of your industry is very basic and therefore they feel their only value is to place coverage and do the minimal amount of work on your account so that you renew your coverage the next year. The good news is that there are agencies that have dedicated themselves to the tree care industry and offer many more services than just insurance policy issuance to help your business.

Considering the above facts, when you allow a few agents to earn your business by giving them the minimal information needed to get a quote, you shortchange yourself. You create a race to see which agent can get the submission to the insurance companies the quickest versus actually showing the insurance company how you will be a profitable account. Many agents skip gathering vital information about your company that would dramatically improve your chances of lowering the insurance cost just so they can be the first agent in. On top of it all, you have done nothing to guarantee that the fastest agent is actually the best agent that can help you well beyond insurance.

The Solution to the Quoting Trap is to select the best agent for your company first and have them find you the best possible insurance program. I know what you are thinking, “Wait, that’s not a competitive situation!” But it is. Instead of asking the agencies to compete for your business based on who can submit the information to the insurance companies the fastest, you are asking them to compete on a much tougher level; “What are you going to do for me?”

It is then the agent of your choice that submits your information to all of the available insurance companies for quotes on your behalf. It is remarkable how much more effective at securing lower insurance premiums it is when only one agent is submitting for quotes. I recently was asked to quote a policy for a tree care service. Since I knew they were using other agents to get quotes, I asked my insurance companies if they have received a submission for this account before. Their response was astounding, “This may be one of the most shopped accounts out there. This year we received it from one agency and had calls from another. Last year it came in from 2 different agencies than this year.” Guess what? The insurance company did not want to spend time quoting this account unless they knew they had a real opportunity to win.

If you need help with your insurance or are interested in a FREE coverage review, contact ArboRisk. Our Thrive Risk Management program, specifically our New Heights Package, can help address some of these pain points and help steer your insurance in the right direction!

The graphic below depicts the Quoting Trap:

Is my Business Compliant with the DOT?

by | Oct 10, 2018 | Risk Management | 0 comments

Is My Business Compliant with The Dot?

It’s safe to say we are familiar with the DOT…but are we aware of the impacts it can have on our business if we are not compliant? In 2017, the U.S. Federal Motor Carrier Safety Administration changed the schedule of fines for DOT violations, dramatically increasing the penalties. Falsification of required inspection records can result in fines up to $12,000+. Granted each state will vary relative to the Federal DOT requirements, but we wanted to take a closer look at the most common violations and run through details that can help avoid issues. Simply put, the penalties stem from two different areas. Fleet compliance and Driver Compliance.

Fleet Compliance

– Vehicles not properly maintained/inspected
– Failure to maintain 12 month accident log

Similar to safety standards, many of the maintenance compliance issues can be resolved with proper documentation. Depending on the size of your business, you may want to delegate that responsibility to someone other than yourself (i.e. fleet manager or mechanic). If you are a TCIA member, check their safety resources for a maintenance schedule log, or look for one in the owner’s manual. If you do delegate that task to someone else, make sure you are scheduling reviews to ensure everything is being properly logged.

Vehicle inspections are key for both compliance, and more importantly, safety of your employees. I recently sat in on a presentation by one of our insurance carriers that stressed the importance of detailed inspections. The carrier had received applications for a trucking company that, on paper, had looked like a more than profitable account to insure. No auto losses and few worker’s compensation claims. Due to the size and operations, the carrier performed an inspection prior to quoting. What they found was a fully operating truck that had a crack right in the middle of the axle. This business had been successful on driving strategies, yet they were one trip away from a serious accident due to poor inspections. You can meet inspection requirements by stopping at a state roadside inspection program, or a third party inspection of your choice. Be sure you are filing the reports for your records and maintaining a copy in the vehicle if you have had the vehicle for more than 30 days. Also, remember the BLT sandwich! Brakes, lights, tires. Click here for a vehicle inspection checklist from the DOT website.

Accident logs should be pretty straight forward. Document the who, what, where, etc. of each incident, and even close calls just to be safe. There isn’t a standard reporting form, so you’re welcome to create your own or there is one on the TCIA website if you are a member. In general, the DOT considers an accident to be any occurrence in which there is bodily injury or property damage.

Driver Compliance

– Driver not in possession of required qualifications or licensing
– Failure to test or follow up on testing of driver for drug or alcohol use while on duty
– Lack of or defects in required documentation

If the DOT is to perform an on-site review for driver compliance, they’ll first look into your drivers qualifications and up to date licensing. Check out our Driver Qualification Criteria to be sure your potential and current employees meet the standards for being on the road. You should be conducting annual MVR reviews and have an accident disclosure agreement in your employee handbook.

One of the biggest causalities for fines from the DOT is business owners mishandling drug and alcohol abuse situations. If you, the owner, have “reasonable suspicion” that there is substance abuse, you are obligated to perform and record training/testing on substance use. It then needs to be followed up with a series of random tests for up to 60 months following an incident(depends on the severity). For more information on substance abuse and testing obligations, please reach out to an ArboRisk team member!

Business owners should keep files of all active drivers. The files should contain original applications, MVR records, previous employment records, training documentation, any incident reports involving the driver, and medical information.

Notice the trend? Everything needs to be documented and kept for records. Documentation will not only help in the case of an audit from the DOT, but with ensuring everyone gets home safe each night. There are a number of resources available through the TCIA and DOT that we’d be happy to provide for you. Feel free to reach out with any questions!

Written by: Malcolm Jeffris, CTSP

Reduce the Risk of Losing a Lawsuit by 1/3rd

by | Sep 18, 2018 | Risk Management | 0 comments

Reduce the Risk Of Losing a LAwsuit by 1/3rd

Written by Eric Petersen, CIC

While attending an advanced insurance seminar recently, I learned that of all of the lawsuits that end in a jury or judicial award, 35% of them come from auto accidents (Bureau of Justice Statistics). When analyzing the incidents from our insured tree services we see the same pattern, where vehicular accidents are the leading cause of all claims.

This probably is not that surprising to you. Tree care companies obviously drive large trucks and equipment all day, every day to get to their work done. A small fender bender in a large truck typically produces more damage and more severe injuries than the same accident with a private passenger vehicle. Unfortunately, a lot of companies do not focus on limiting this huge exposure because it is just seen as a fact of doing business.

Below are the three most common ways to reduce your risk of losing a lawsuit by one third.

Hire the Right Drivers – Do you have a process in place to hire the best drivers? Start by developing a guideline for driving records and review the potential employee’s record at the start of the hiring process. It is not a secret why drivers with bad driving records pay more for their personal insurance, they are more likely to have another incident in the future. Once the applicant passes your written guidelines for their record, have them take a driving test with one of your vehicles. Assess their physical ability to operate your equipment safely. This not only can eliminate the risk of hiring a bad driver, it can also give you a starting point for training the individual.

Maintain Your Fleet – Are your trucks operating as safely as possible? Clearly, a well maintained vehicle is less likely to have a failure and cause an accident. So, create a maintenance schedule for each vehicle based off of the manufacturer’s recommendation. Whether your mechanic is in house or owns a separate business across town, make sure you keep a written record of the maintenance done to each truck and trailer so that you can prove the steps you took to minimize an accident from mechanical or equipment failure.

DOT Compliance – Do you know what you are required to have in place from a Department of Transportation perspective? If you are operating out of compliance and a serious accident occurs, judges and juries will have an easier time awarding a large settlement. Look for a separate article specifically on DOT compliance in a few weeks.

If one of your team members is involved in a serious accident, the judge and jury will look at what types of measures your company took to prevent the accident in the first place. If you can prove all three of these points above, your company will have a much better chance at winning the lawsuit or minimizing the settlement. And speaking about the settlement, make sure you purchase adequate liability limits on your Business Auto policy that will allow you to remain in business if a terrible accident does occur.

For more help with your safety program and/or tree care company, contact ArboRisk to learn more about our Thrive Safety Package!