How is commercial property insurance calculated?

The right commercial property insurance will help ensure your business bounces back in the event of an accident or a disaster. But with so many different policies and coverage types, it’s hard to determine which one will provide the right coverage for your business. Replacement Cost coverage and Actual Cash Value coverage are two types of commercial insurance that differ in how they calculate the value of property lost in an unforeseen event.

property insurance

What is Replacement Cost in Commercial Insurance?

Replacement cost policies cover the cost to repair or replace a building with materials of the same or comparable quality. This type of coverage replaces and repairs items to their identical state, so it doesn’t include improvements required by building codes or laws passed since the building was built. It also doesn’t include the value of any land. It’s determined by the amount needed to hire contractors and purchase materials to repair or replace a building.

Theoretically, the replacement cost of a commercial property insurance policy should be lower than its market value. Replacement cost only has to account  for building materials and labor to determine compensation. However, the costs of material and labor can fluctuate. This makes it possible for the replacement cost of a property to be higher than its market value.

Replacement cost policies offer more financial protection in the event of a loss because they don’t take depreciation into account when determining compensations. However, this type of coverage is usually more expensive and may not be the best option for every property. Without continuous maintenance and renovations, the value of a building will generally depreciate over time. It may be better to opt for a less expensive policy that still protects the operations of your small business.

What Is Actual Cash Value in Commercial Insurance?

An actual cash value policy also covers the cost to replace or repair a property, but the rate of compensation accounts for the depreciated value of the original property. Commercial property covered under an actual cash value policy will be replaced or repaired using modern construction techniques and materials. Actual cash value policies generally have lower premiums than replacement cost policies and may make more sense for particular types of properties.

How Is Commercial Property Insurance Priced?

Replacement cost and actual cash value aim to make your business whole again after a loss. The difference lies in how the loss value is calculated. Here’s an example that highlights the difference between the two.

Calculating Actual Cash Value Policies

Suppose the owner of a cafe installed a large screen TV purchased for $1,000 four years ago. Then there was a theft, and the TV was stolen.

If the owner has an actual cash value policy:

The small business owner will receive the difference between $1,000 and the depreciation for the time he/she owned the TV. The insurance company determines the useful life of a TV is 10 years, so 10% depreciation would apply to the TV each year.

4 years x 10% per year = 40% depreciation

$1,000 x 40% = $400 depreciation

$1,000 – $400 = $600 actual cash value.

So the payment from the insurance company would be $600 minus any applicable deductibles.

Calculating Replacement Cost Policies

Now let’s consider that same example if the owner had a replacement cost policy.

The cafe owner would receive the total amount it would cost to buy the same (or a very similar) TV at a store today with a receipt. Using the same example from above, the insured would receive a check for $600 which is the actual cash value and – with a proof of purchase showing he’d bought the same or a very similar TV as a replacement – he would receive a second check for $400. Both checks total $1,000, or the replacement cost value. (The business owner would also factor in any applicable deductibles.)

What’s Right for Your Business?

When deciding between replacement cost coverage and actual cash value coverage for your commercial property insurance policy, it’s important to review the exclusions carefully. The exclusions will determine if additional policies are necessary to meet your business’s specific needs. Also, some business loans have requirements for the type of coverage the business must have. Be sure to check with your lender for these requirements.

The specific elements of your business will also help determine which policy is right for you. For example, a store located in a very old building in a popular urban environment will not depreciate as quickly as a new office building located in a business park. The store is more location-sensitive and doesn’t require a specific type of building to operate. Thus an actual cash value policy with lower premiums may make more financial sense than a replacement cost policy with higher premiums.

If you’re still unsure which type of commercial property insurance is right for your business, contact one of our agents at Wallace, Welch & Willingham. Our insurance experts will help you determine the right coverage for your business.

New Call-to-action

Does your business need commercial hurricane insurance?

Hurricane Season: What kind of insurance does your business need?

Hurricane season starts on June 1st and lasts through the end of November. What does that mean for your business? There are several types of insurance coverage available to help you stay protected from a hurricane – making wise decisions about your coverage could make or break your business if the wrong storm hits at the wrong time.

What Type of Insurance Covers Hurricanes?

Hurricane insurance coverage is normally provided in your property insurance policy. There are several types of coverage available, depending on your location, your proximity to the coastline, and your carrier.

Property Insurance Coverage for Hurricane Damage

All Peril – This is the most comprehensive coverage – covering everything except for what is specifically excluded in the policy.

Named Peril – This will cover ONLY what is specifically noted in the policy. It’s usually less expensive but offers more restrictive coverage.

Wind and Hail – This is the most restrictive of the three coverages and only covers damage caused by wind or hail.

All Peril, Named Peril, and Wind & Hail policies will have a deductible attached. It can vary from a dollar amount to a percentage amount. A deductible is the amount of loss paid by the policyholder before the insurance will begin.

Does My Business Need Flood Insurance for Hurricanes?

Water damage isn’t the same as wind or storm damage. Most commercial property policies exclude coverage for losses caused by rising water. However, much of the damage caused by hurricanes in coastal areas involves rising water which isn’t covered under most property insurance policies.

In cases where homes or businesses sustain concurrent wind and rising water damage, some insurers attempt to separate the covered wind damage from the uncovered rising water damage and pay what they owe. Other carriers deny the claims entirely citing the flood exclusion. Consequently, it’s essential to make sure you’re covered for both wind and rising water.

Does Business Interruption Insurance Cover Hurricanes?

Even if you have proper coverage under your property and flood policies, your business could be in danger. Could your business survive being closed and non-operational for 30 days or more during repair time? Most small businesses would have a hard time surviving that long of a closure, and it causes many to shut their doors.

Fortunately, business interruption insurance kicks in after the 72-hour deductible period. It can help you cover ongoing expenses and make up lost revenue while you’re getting back on your feet.

Make Sure You’re Protected

Make sure you’re covered this hurricane season – contact an agent at Wallace, Welch & Willingham or call us at 727-522-7777 to find out what your business needs to be fully protected.

How to Get the Most Cost-Effective Cyber Policy

If you were to ask any company representative if cyber insurance is worth it, you’d undoubtedly be met with a resounding YES. The potential financial havoc that a cyber attack unleashes is significant enough for businesses both large and small to actively seek out cyber insurance coverage. The question therefore isn’t whether you require cyber insurance for your business. Instead, it’s: How much cyber insurance do I need?

Just like all insurance coverages, the answer is personal. You would not pay a higher level of homeowners insurance premium for a larger house than you own; so too should you not pay for more cyber coverage than your business needs. One-size-fits-all cyber insurance does not exist, and there are ways to drive the cost of coverage down by being proactive in your security efforts.

One business may need to purchase more cyber insurance, while others may need less. An organization that deals primarily online may have more potential exposure than another, for example. To get the most cost-effective cyber policy, do not just request a quote from the Internet. Instead, trust the cyber insurance advisors at W3 Insurance to learn about your company’s risks and to help you select a policy to mitigate them. 

Every day, cyber attackers become more savvy at draining company coffers. Those businesses who choose to pretend that they are not at risk stand to pay higher rates than those who actively protect themselves. Read below as we examine how cyber attack prevention can in fact be cost-effective and how a business can go about securing such coverage.

10 ways to reduce the cost of your cyber insurance policy

Think of this as akin to the ‘safe driving’ discount offered by some car insurance companies. If your business operates with safeguards in mind against cyber attack,  it is possible to reduce the cost of your cyber insurance policy. By reducing your risk, you also drive the cost of coverage down.

Some of these ways include the following:

1. Multi-Factor Authentication (MFA)

Are you who you say you are? That is the simple (yet effective) impetus behind multi-factor authentication. Also known as “two step” verification, this effective means to thwart cyber attack takes the standard ‘enter username and password’ command to a new level. Sure, you will need both of the above – and then some. Often, this added failsafe comes in the form of a code that is sent to a person’s cell phone. That way, even if a password and username are stolen, the attacker is stuck. 

2. Password managers

The days of the simple password are passe – pun intended. Password managers take complex combinations of letters, numbers and symbols and make undecipherable passwords that are nearly non-hackable. One of the type of cyber attack involves a hacker learning personal information about a mark on social media and then trying those elements as passwords. With password managers storing these intricate passwords, it’s not necessary to use the same one multiple times. 

The days of “I hate passwords 123” should be over. Thank you, password manager.

3. Keep your employees trained and up-to-date

In the event your business suffers from a successful cyber attack, don’t point fingers at the computer, because it is likely not the machine’s fault.. Nine times out of ten, security breaches are caused by human error. Cyber attack is a very human game, after all; human error is the reason many attacks do succeed. 

That’s why employee training is paramount. Have your employees been brought up-to-speed about the latest phishing attacks? Do they know not to respond to emails that demand sensitive information? Constant vigilance is required to fend off cyber attacks, and that means consistent, timely training for your employees about the latest threats and information regarding how to combat them.

4. Update your software when possible

Keep pressing ‘cancel’ when prompted for a software update? -Think again. Take a few minutes and let the software update; it most likely has built-in security protocols to protect against the latest cyber threats. Cyber attacks vary widely in their creativity and personalization; software updates can help thwart some attempts before they become a problem. 

5. Invest in cybersecurity tools

When it comes to protecting your business from cyber attack, cybersecurity tools are the weapons that can keep the threat at bay. Often, they are not exorbitantly expensive, either – at least, not in comparison to how much a successful cyber attack an potentially cause your business.

Consider the list below a good start:

  • Firewalls
  • Anti-virus software
  • Application whitelisting software
  • Intrusion detection/prevention systems
  • Managed detection and response systems

6. Create an adequate response plan

Even after all your best efforts, a cyber attack may crack your defenses and affect your business. Due to the ever-changing nature of cyber attack, this is a sad reality; knowing what to do if one occurs can minimize the damage. If you suspect your business has been a victim of cyber attack, first call your cyber insurance coverage provider. Then, use your response plan to move forward.

7. Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) are your friends

Plan for the worst and hope for the best. The adage is at the heart of business continuity planning (BCP) and disaster recovery planning (DRP). Have protocols in place as backups, and should a cyber attack occur, you may be able to continue business as (almost) usual while you work to restore prior workflows.

8. Continuously monitor your systems

Understanding what is normal for your business and what is not is a surefire way to spot a cyber attack. Watch for activity that is out of the ordinary, and if you spot something unusual in your data, dig into the cause. It may well be due to user error – or it may be a cyber attack in its infancy.

9. Hire a cybersecurity expert

Overwhelmed by the concept of cyber-securing your business? Professionals can assist you in deducing your business risk and implementing tools to address it. Consider hiring an expert to be an investment in your company’s wellbeing. The time you will spend to put all these measures in place may be better used elsewhere, and, if these protections are left undone, cyber attacks can have drastic fiscal consequences.

10. Be proactive

Simply follow the above advice, and you’ll be on your way to protecting your business from cyber attack. The proactive business owner understands that if it’s possible to prepare for an attack, fortifications should be made. Act early to prevent cyber attacks in the long run. What’s more, having these protections in place can result in a lower premium. After all, such a business is less risky than one that just buys coverage but does not put any safeguards into place.

Get an affordable quote from W3

The cyber advisors at W3 Insurance can help protect your business from cyber attack. For coverage that protects your business and advice that allows for personalization of your cyber policy, trust the W3 advantage. 

Cyber attack is a persistent threat. Contact us today for more information regarding how to protect your organization.

W3 Small Business Solutions

Owning a small business is no small feat. 

It can be difficult to know whether the solutions you’ve selected are right for your organization, and the time it takes to implement them without help could be better used flipping that ‘closed’ sign to ‘open.’ 

Luckily, our insurance experts at W3 make getting coverage and finding business solutions a seamless process. We’re here to offer answers for multiple small business scenarios.

When a small business owner asks how they can get the right small business insurance for their employees, or how they can improve employee retention, the answer is simple: discover the responses by partnering with advisors who have the best interest of your organization in mind and the tools to make a difference. 

Too many situations can arise within a small business setting for owners to be cavalier about coverage and processes. Entrust the experienced advisors at W3 to handle DOL compliance assistance, HR technology solutions, employee retention guidance and more.

DOL Compliance Assistance

Staying up-to-date regarding minimum wage and overtime requirements? Know every single Department of Labor rule and regulation? Even the most fastidious small business owner can’t do everything. Labor laws change periodically, and unless a small business owner devotes time on a regular basis to these updates, an oversight (or two, or ten) can happen. Labor laws exist to protect workers from unjust compensation. W3 Insurance can provide guidance to prevent issues that commonly arise when a small business does not keep up with these changes.

Common infringements in Department of Labor (DOL) compliance include:

  • Federal minimum wage and overtime requirements
  • Misclassification of employees (exempt versus non-exempt)
  • Employment law changes spurred by regulatory changes and court precedent

Even if you fully intend to be perfect in your DOL compliance, why take the chance that oversight could happen? There’s plenty more that you need to think about when it comes to running a small business than endlessly checking statutes. Knowing you are in compliance offers peace of mind.

Workers’ compensation

Even businesses that don’t demand a large amount of physical activity from their employees need coverage for workers compensation

Any workplace accident can trigger the need for ‘workers comp’; repeated injuries like carpal tunnel syndrome, a faulty chair that breaks at the last second, or a trip & fall. 

Truly, the list of possible mishaps is endless. Workers’ compensation offers coverage for workplace accidents like these and many more.

Workers’ compensation provides benefits such as lost wages and medical treatment incurred as a result of the workplace injury. Go without the right insurance as required by your state, and a small business could open itself to further fines and legal action. It’s important to note that the reason to carry workers’ compensation insurance is twofold. Not only does it help the injured employee, but it protects the organization as well. 

When should you elect workers’ compensation insurance? -Before you hire your first employee. Laws vary by state and industry, so a one-size-fits-all policy does not truly exist. To ensure you obtain the right coverage, enlist an insurance professional to evaluate your risk and recommend coverage options that fit your needs.

Mandated Federal Minimum Wage

A mandated federal minimum wage exists, but different states have their own qualifications as well. Partnering with W3 for compliance and legislation services takes the guesswork out of the equation. Instead of asking, “Are we really paying our workers according to law? You have a partner to advise the business and keep abreast of any changes.

It should come as no surprise that paying employees less than they are owed sets a business up for litigation (and an angry, under-compensated employee). W3 offers help to ensure that scenario never occurs.  

HR Technology Solutions

Streamline your human resource efforts and ensure the actions are compliant – W3 can help. Through various HR tech solutions, W3 partners with small businesses to make compliance easier. Benefits include hours of time saved with total clarity for employees, who can feel secure knowing their benefits and payroll are consistently tracked and rewarded.

Every small business needs HR tools that enable it to go about operations in a timely, organized manner. There is no need to do HR the old-fashioned way, with folders and collation and plenty of room for error. Instead, embrace the HR technology that continues to change the way we work.

W3’s advisors help businesses connect with these HR technology solutions:

  • HRIS – Access your employee reporting with just a few clicks of the keyboard. From keeping track of employee PTO to tracking new hires and making certain elements accessible to employees, it’s easy for HR to get (and stay) organized.
  • Payroll software – Pay your employees on time, every time. While you’re at it, secure tax information, create W2s, and integrate with your HRIS in real time – no cumbersome systems necessary!
  • Time & attendance – Link employees’ time worked with the payroll system and make it simple for your workers to log their time. 
  • Benefits administration – All of the tools for Benefits you and your employees need are found under this section. Instead of entrusting a Benefits consultant to explain every nuance of coverage, give employees agency by allowing them access to their personalized plan and more. 

Employee Recruitment and Retention

Attract and keep employees who make your small business shine. Employee Resources offered through W3 can help. When Employee Benefits are clear and concise, employees understand what they are entitled to. Rather than tasking employees to wade through laborious benefits package printouts with no support, why not personalize the offerings for them? 

Employee benefits guidance makes the right coverage choices clearer for employees. Being able to concisely explain the reasons employees should choose to work with your organization should help with employee recruitment and retainment.

Whether a business is small or massive, employees should never answer the question “What’s the value of working here?” with “I’m not sure.” Recruit and retain employees by understanding what is important to your workers and delivering on your promises.

Request A Quote from W3

Small business benefits can make the difference between success and failure for an organization. Though a business may be small, the goals it puts forth are lofty. Achieving those goals depends on a multitude of factors. Small business benefits is an important one.

W3 small business solutions exist to help small businesses stay compliant and run smoother. Call us at (941) 377-7283 ext. 233 to talk to one of our experts today.

Why Your Business Needs a Surety Bond

Do you plan to do work with a government agency in the future? Does your business calendar include appointments to bid on construction jobs? If so, you’ll likely need a surety bond to be seriously considered for employment. 

Surety bonds are a safeguard, and exist to assert confidence that your business will finish what it starts. They are required in multiple instances and across multiple sectors. Let’s talk more about them.

What is a surety bond? 

A surety bond is a promise backed by capital. This promise asserts that contract terms will be met by all parties, that agreements will be kept, and that all sides comply with the contract. 

Think of a surety bond as a handshake that holds legal weight. You or your business agree to complete a scope of work, and the entity employing you can have full confidence that this will happen. If it is not, recompense will be given to the slighted party.

The 3 parties of a surety bond

To understand how a surety bond works, you must first understand that each bond involves three parties. These are:

The Principal 

Often the owner of a small business, this bond purchaser opts to obtain a surety bond in order to enter a contract bid or do work. 

The Obligee 

If you require a surety bond, that means you’re the obligee. Obligees are commonly government agencies, but anyone looking for a solid guarantee of job completion can be one. 

The Surety

Someone has to guarantee this bond, and that is the surety, or insurance company. Think of them as the middleman: if the Principal neglects to hold up their end of the bargain, the surety steps in to remedy the situation. Completing the work is the overall aim, and the insurance company covers this as stated in the bond.

What do the terms licensed, bonded and insured mean?

These three terms are ‘the mighty three.’ A company that can list this trio has completed the triumvirate of items necessary to inspire ultimate consumer confidence. 

While a business can separately earn the designations of licensed, bonded and insured, there is a significant difference among the terms.

Licensed 

This is the bare bones, must-have designation for many industries. A company that is licensed meets some minimal guidelines for its sector. For example, it would be inadvisable to have an unlicensed stylist to cut your hair. The license hanging on the salon wall gives you confidence that the person holding the shears has completed some training as required by a licensing board.

Bonded

A company that says it is ‘bonded’ is simply sharing the information that a surety bond has been purchased to protect third parties doing business with it. If the agreed-upon project work is not completed, a claim can be filed for recompense.

Insured

A synonym phrase for insured is ‘transfer of risk,’ and that’s exactly what insurance does for a business.  An insured business commonly carries protection for workers compensation and general liability, though more coverage is available. Construction companies likely hold builders’ risk policies and property insurance as well.

What are the 4 types of contract surety bonds?

Bid bond 

Seen in the construction space, a bid bond guarantees that if a bid submitted by the contractor is accepted, that contractor will be entering a contract that involves an agreement of doing the work at the price given

Performance bond

An insurance company or bank stands behind a contractor in this situation, ensuring that a project is completed in a satisfactory manner. 

Payment bond 

A contractor opts for a payment bond, which is a surety bond that ensures subcontractors and those supplying materials are paid. Payment bonds are commonly seen alongside performance bonds.

Warranty bond 

This type of bond has an expiration date – consider it a limited warranty situation. Once that predetermined date has passed, the bond is no longer valid and active.

5 types of commercial surety bonds

License and permit bonds

Before you even apply for a permit or license in some instances, these bonds will be required. They act as a safeguard that the individual or business that obtained the license and/or bond will comply with applicable regulations and laws and that it can actually do what the license or permit details. This requirement discourages businesses that may not be completely able to perform the assigned work from agreeing to undertake it.

Court bonds

Whether one is the defendant or the plaintiff, it may be necessary to get a court bond. Included under the ‘court bond umbrella’ are the well-known bail bond, but bonds for appeal, attachment, replevin and injunction are available as well. 

Fiduciary/probate bonds

A surety bond, this type protects creditors, heirs and beneficiaries in the scenario of a trust. 

Public official bonds

If you hold a public office, you’ll likely be required to have a public official bond. These are designed to protect the public if the official does not perform as they are supposed to. It’s interesting to note the wide range of public officials who require surety bonds, including, but not limited to: treasurers, tax collectors, judges and more.

Miscellaneous 

Bonds can be personalized for nearly any situation. These fall under the category of miscellaneous, and do not fully comply with the already-mentioned common bonds. 

4 industries that need surety bonds

Auto dealers

Ever wonder why more lemons aren’t sold by well-known auto dealers? Surety bonds knows as auto bonds are a failsafe to make sure that auto dealers do not engage in fraudulent behavior. If the dealer lies about a vehicle’s age or condition or engages in another misleading claim, this surety bond protects the consumer. 

Construction contractors

If a construction contractor breaks laws and does not honor their contracts, a penalty 

lies ahead for them. That’s thanks to a contractor bond, whether residential, commercial or other. 

Financially responsible officer bond

Ethics is the name of the surety bond game here. A company’s FRO (financially responsible officer) is thus guaranteed to act becoming to a high standard. These bonds aren’t widely required. 

Healthcare providers

By now, you’ve likely learned that bonds ensure that an entity fulfills its contractual obligations. This is the same for healthcare providers, who may opt for a surety bond over an LOC (letter of credit). 

How much do surety bonds cost?

A variety of components factor into the answer to that question, including credit rating, industry expertise, riskiness of the undertaking and more. Consider a small construction company bidding for its largest project to date. It may need to pay more for a surety bond than, say, a larger company that has a proven track record of project successes. 

The best way to find out how much a surety bond will cost for your unique situation is to contact a professional, explain the scope of work, and let them do their due diligence.

How do I get a surety bond?

This answer is the most straightforward of all of them in the article: simply call our office at (727) 522-7777 to speak with one of the surety bond advisors at W3 Insurance. 

Whether you’re a Florida small business owner hoping to bid on a federal project or a contractor investigating the types of surety bonds necessary for the future, W3 has extensive surety bond expertise.

Cyber Insurance Coverage for Social Engineering Attacks

How many times has this happened to you: you’re checking your email and you find a message from a large trusted online company like Amazon or Facebook notifying you of some change to your account. But something doesn’t look right. Either the company’s never notified you this way before, or the email domain name is slightly off.

Suddenly you realize the message is a fraud: an attempt to get you to click a suspicious link or enter in personal information.

You’ve just been targeted by a social engineering cyber attack. And while sometimes these attacks are easy to spot, cyber criminals are getting more sophisticated every day. Read on to find out what social engineering is, what are the most common forms of social engineering attacks, and to find out how cyber insurance can protect you and your business from the risks these attacks pose.

What Is Social Engineering?

Social engineering is the use of psychological manipulation to get people to divulge private information online. The definition of social engineering is very broad, and it encompasses a wide variety of common cyber attack strategies.

Generally impersonation is the name of the game when it comes to social engineering. Instead of using an impersonal computer virus or other mode to obtain personal information, a thief using social engineering might impersonate a friend or a company to obtain sensitive data. In an age where personal credentials such as logins and passwords can mean the difference between emptying a bank account or keeping it secure, this means people need to be ever-vigilant about protecting their information.

For example, the social engineering swindle could involve a “repair person” who reaches out via email and asks for a credit card number in order to complete a renovation. Or a “supervisor” within your business requesting e-gift cards be sent to them. Or a fellow employee, who “forgot” the last four digits on the company credit card, and asks if you could please share those with them.

You get the picture. Within the façade created by social engineering, a thief may continue to ask questions of employees and build credibility until at least one person gives up the information. At that point, the jig is up. There are too many horror stories involving this type of swindle to name. That’s why it’s imperative that you double and triple-check any request, even if it seems that it’s coming from within your organization. Social engineers can be quite adept at procuring the items they seek.

Who Is Most Affected by Social Engineering Cyber Attacks?

It’s not just mammoth organizations that have to worry about cyber engineering as part of a cyber attack. Small to mid-sized businesses are frequently targeted. And the effects can be devastating: nearly 60% of small businesses victimized by a cyber attack close within six months.

Typically, cyber attackers employing the strategy of social engineering will target employees of small to mid-sized businesses who have initial access to a platform. They don’t necessarily reach out to those with the biggest influence. For instance, the target could be a receptionist who was just hired last week and hasn’t even finished onboarding, or an intern who is so quick to please that they respond quickly with log-in information without much cajoling.

But these are just the easy targets. Those most affected by social engineering cyber attacks are arguably businesses that have plenty to lose – but that doesn’t just mean the Googles or Microsofts of the world. Larger organizations usually have rigorous cyber policies that make them more impenetrable to attacks, but smaller businesses are often more lax with their security protocols.

Why Is Social Engineering a Common Cyber Attack?

Too few businesses have safeguards in place to combat cyber attacks, and that omission can be lethal. In fact, 98% of attacks are caused by employee error, and 65% of businesses don’t even enforce a password policy. That’s why social engineering attacks continue to happen – because employees have a lack of training regarding how to identify these threats and what to do when they occur. Social engineering is common as well because it exploits human nature. Depending on the swindle and the dedication of the cyber attacker, these attacks can be extremely well thought-out.

With the world going ever-more virtual, parasocial relationships affect the perceived validity of cyber requests. We pay our bills online, shop online and transfer money online – why not share sensitive data that way too? It’s in our automatic nature to do so in this age of quick transactions, and social engineering cyber attackers exploit this to their advantage.

What Are the 6 Social Engineering Attacks?

Phishing

Phishing is when a cyber attacker attempts to lure someone into revealing guarded information by claiming to be a representative of a reputable company. When sensitive credentials are revealed to a cyber hacker, the criminal may use them to spread malware or give access to websites that attack a company’s credibility and coffers.

Invoice Manipulation

This phishing-like scam involves the receiving party of the fraudulent request being a client. During this attack, the hacker requests payment of a client invoice, but the money never reaches the company who is seemingly requesting it. Instead, it goes right into the bank account of the criminal.

Baiting

“You’ve won $5,000 – click here to collect!” or “Enjoy a new computer, courtesy of _____ corporation!” – these are both examples of baiting. In the first giveaway scam, the cyber attacker collects personal or business information by claiming that the email recipient needs to provide that info to receive a prize. In the second example, software may be installed on the gifted equipment that uses trackers to transmit personal information such as bank accounts, etc. 

Pretexting

Some social engineering scams are more sophisticated than others. Hackers who take the long view (and take their time) employ pretexting, or gaining the trust of someone before asking for personal information. Within this scenario, a cyber attacker will swear by a story that makes them sound truthful. Later, when sensitive information is requested, the pretext gives the thief the social collateral necessary to convince others to answer his/her requests.

Scareware

Anyone who has ever had a warning pop up that their computer has been infected by a virus has experienced scareware. Designed to scare a person into submission, scareware is a type of cyber attack in which computer users are directed to purchase computer protection in order to avoid the loss of personal data.  

Business email compromise (BEC)

This is a targeted phishing attempt in which criminals pretend to be part of an organization in order to get what they want – usually goods, services, or – you guessed it – money. A business that has a “culture of caution” when it comes to cyber matters is better protected from this type of compromise, but sophisticated thieves still make it difficult.

How Can You Protect Yourself From Social Engineering?

Protect yourself (and, if at work, protect your organization) by being aware of the existence of social engineering in cyber attacks and preparing for their inevitability. This includes using password security and using a checklist when receiving email before responding.

This checklist includes:

  1. Checking the email address in its entirety. Is there an extra letter in someone’s name? Is the address not quite correct?
  2. Check the time stamp. Was this email sent late – after work hours?
  3. Does the email involve a request of sensitive information that usually would not be viewed as urgent?
  4. Is it possible to call this individual – and if their phone number is listed in the email, does it match the one I have saved in my phone?

Password Security

Keep track of passwords with a secure Password Manager. Remember: longer passwords are better. The days of being able to use your name plus 12345 are long over. Ideally, you should use a password that includes numbers, letters and characters more or less at random.

Using the same password for multiple devices? Change that practice immediately. Sure, they’re easier to remember. It’s also easier for a hacker to access every single one of them the moment they gain access to just one.

Business Security

Use multi-factor authentication (MFA) to require a password plus. That means every time you log on (or someone pretending to be you logs on) they will be asked at least two more questions in order to gain access. This will cost you a few more seconds before you’re able to access your device, but those seconds are worth it to protect your information. 

Protecting Your Business

There are two ways to protect your business from social engineering: on the front end and on the back. On the front end, you should put safeguards in place to lower the threat of ransomware, secure employees through training, and instill a cyber attack-aware employee culture. Ensure company websites are secure, lower the threat of phishing, and make sure to double and triple check any bank accounts or transfers. It takes a good deal of diligence, but you can lower the chances of cyber attack.

And if the protection you’ve put in place somehow fails and you find your business is a victim of a social engineering cyber attack, cyber liability insurance can cover you on the back end to help limit the damages and make your business whole again. 

With Wallace Welch & Willingham’s cyber liability insurance policies, you can protect your business from the fallout of a cyber attack. Cyber insurance helps your organization recover data, restore damaged equipment, and even pay legal fees and fines. It’s peace of mind in an age when cyber attacks show no sign of abating. Contact one of our cyber insurance agents at W3 Insurance to learn more about how to protect your organization. Request a quote today!

How Likely is Your Company to Be Cyber Attacked?

If you’re worried about how likely your company is to be cyber attacked, you’re not alone. As the world increasingly embraces the digital marketplace, valuable data is more at risk than ever, and it can be difficult to know whether a business is fully protected against a breach.

Just as you would secure your home against intruders, so too must your business be kept as secure as possible. Of course, a business is more difficult to protect than a physical abode. Lock the doors and windows of a home and enlist a solid alarm system, and you’re likely set. Conversely, cyber attacks enter the foundation of your business through tiny (and not so tiny) cracks in the online mortar left vulnerable by business owners and employees alike. 

While the likelihood that your company could get cyber attacked is out of your hands, how it affects your company is largely up to you and depends on how carefully you’ve prepared for the attack.

What is a cyber attack?

Cue the virtual mugshots: cyber criminals hide behind their PCs and Macs to forcibly extract data from other computers (or networks). Depending on the sophistication of the attack and how targeted it is, these criminals’ actions can result in the shuttering of the victimized devices completely. Other attacks just use that single compromised computer as a stepping stone for other attacks, and still others suck the data out of the device, compromising personal and financial information and sparking a whole onslaught of trouble.

Cyber attacks occur at every level of commerce (and are now even part of modern day warfare). Take, for example, the Apache Log4j vulnerability, which results in java-based web servers getting hitchhiked and used for a variety of ill effects such as the spreading of malware or ransomware.

Cyber attacks are now a regular part of actual war; for example, when the Russia-Ukraine conflict began, Ukraine saw cyber attacks directed at its military increase by 196%.  

Another well-known attack with a deceptively positive name is the Solarwinds Sunburst attack, which targeted more than 18,000 organizations by enticing them to download what seemed like a normal software update. Unfortunately, the ‘software update’ made it possible for cyber criminals to access data. This cyber attack is ongoing and extremely destructive.

These big cyber attacks are what make the headlines, and they could lead you to assume that only large organizations get targeted. But you’d be wrong. Every day, businesses and individuals suffer cyber attacks that never make the news. What should make the news is how devastating these attacks can be for small businesses: 60% of small businesses close within 6 months of suffering a cyber attack. That’s why it’s imperative to enact safeguards in the cyber realm on a consistent basis.

6 Industries at Risk of Cyber Attack

Small Businesses

Resist the urge to believe that a business that is small is not attractive to cyber criminals; the small businesses sometimes make the biggest targets. After all, what type of training does a small business offer to inform employees what data should and shouldn’t be shared with outside entities? Without proper security protocols, employees are more likely to download programs they don’t recognize or offer login credentials to cyber criminals posing as fellow employees.

The list of possibilities is long, and it’s tough for a training to cover all of them (and that’s assuming the small business has a training at all). That vulnerability makes a small business low-hanging fruit to cyber criminals.

Healthcare

COVID-19 made a mess of so many things in our world – the healthcare industry included. Lots of healthcare entities were targeted during the pandemic because the pandemic opened up new vulnerabilities, and ransomware has been rampant. This software puts a proverbial wall up between a person and their data, keeping them apart until a ransom is paid. Healthcare organizations see these attacks as virtual emergency situations. Not being able to access patient data or other important health information can literally be a matter of life and death. 

Government agencies

Cyber criminals who want to make problems for state and municipal governments have their weapons at the ready, and the results are costly. Ransomware cost the United States government $18.8 billion dollars in 2020 (estimated using cost of recovery, etc.). Education for government employees regarding cyber security is a definite necessity, given the popularity of this type of attack.

Financial institutions

Online banking is widespread, and with it comes the risk of online theft. All it takes is for a hacker to make a fake login page that looks legitimate and, voila! Sensitive information falls into the hands of those who seek to do harm. Trojan horses are widespread problems in this sector – and they don’t have anything to do with the ancient city of Troy.

A Trojan horse is a type of malware disguised as a legitimate program in order to gain access to a server. Data and server attacks upon financial institutions go straight to the sources of delicate information – ripping credit cards and social security numbers from supposedly ‘safe’ storage places and making them visible for hackers to exploit. In this type of cyber attack, malicious code is deployed to steal that information. 

Education

Online education platforms have drastically increased over the past few years (remember the online learning boom during the pandemic?). This use of technology for educational purposes has opened more schools up to cyber attack – specifically, to malware and spam. 

Energy and utility companies

If the United State’s largest fuel pipeline can be compromised due to ransomware, anything and anyone is at risk for cyber attack. In 2021 hackers shut down the Colonial Pipeline which originates in Texas and serves the southeastern U.S. The resulting gas shortages across the country resulted in an increase in fuel prices and a loss in consumer confidence. And while that example may be extraordinary, still there are (and continue to be) many other attacks on smaller utilities.

Cyber Attack Statistics

If you’re still not convinced of the importance of keeping your online data secure from cyber attacks, consider these figures:

  • 50% of all cyber attacks are against small to mid-sized businesses.
  • The average cost of a data breach for small businesses ranges from $120,000 to $1.24 million.
  • Between 2018 and 2020, over two thirds of all small to mid-sized businesses reported a cyber crime incident.
  • Cyber crime went up by 600% during the Covid pandemic.

Any web search of ‘cyber attack statistics’ will reveal the danger you and your organization are in on a daily basis. 

The 10 Most Common Cyber Attacks 

While there are many types of cyber attacks, the ones listed below are currently the most common. 

  • DOS and DDoS Attacks
  • MITM Attacks
  • Phishing Attacks
  • Whale-phishing Attacks
  • Ransomware
  • Password Attacks
  • SQL Injection Attacks
  • URL Interpretation
  • DNS Spoofing

Remember: a full-scale strategy to protect your business (and yourself) from cyber attack is the best strategy. Work with a professional who understands the risks you face and knows how to mitigate them. 

Is Cyber Insurance Worth the Cost?

Cyber attacks can be devastating – both personally and professionally. The cost of cyber insurance hinges on the type of business being protected and the level of risk it experiences. If the amount of personal data a business handles is significant, the cost will likely be more. One way to lower cost and protect the business at the same time is to put security protocols in place that lower your business’s risk for a breach. The coverage limits you select, along with the size of the deductible, will also determine the cost.

Just as with historical warfare, protection and preparation are important to a defense. Don’t be left vulnerable to cyber attack. Instead, have a clear and ongoing strategy to combat it. And if cyber criminals do slip through your systems and take sensitive data or release ransomware into the equation, know that you have cyber insurance to back you up.

Cyber insurance can protect different industries from popular types of cyber attacks. Contact Wallace Welch & Willingham to find out how our cyber liability insurance products can help protect your business. Request a quote today!

Home Business Coverage – Who Needs It?

From Etsy store owner to multi-level marketing mavens and every aspiration in between, plenty of business owners choose the home front as their business address. It’s conceivable that the coronavirus pandemic’s ‘stay at home’ directive has spurred a new wave of stay-at-home inspiration. After all, plenty of people are finding ways to work from home. How does this class of businesspeople protect themselves and the organizations they cherish?

Do home business moguls need to take insurance along for the ride as they build an empire?

The answer is likely ‘yes.’ Just because an office is a kitchen table and the commute involves a grueling six steps from the bedroom, that doesn’t mean that it’s time to neglect insurance coverage. Coverage is available for a wide variety of home-based businesses; opting for it is often a good idea. Here’s why.

  • The overbooked photographer scenario – Let’s say you’re a photographer who overbooks (gasp) a wedding. First, congratulations on being so popular. Secondly, be prepared for the possibility that you could be sued. The angry bride or groom-to-be who booked with you originally could sue you for the cost of a replacement photographer.
  • The home-based business accident – Do customers visit your home for business purposes? If so, it’s imperative to purchase insurance. Imagine the shock of the in-home piano teacher whose student tripped on a slick floor and broke his ankle, or the computer repairman who fell as he carried his overheated laptop up the driveway and needed multiple surgeries to repair a fractured hip. Guess who foots the bill for these medical snafus? -Hint: It’s often not the injured person.
  • Annihilated inventory – Are you a maker? A baker, crafter, or an all-around-artsy person? Do you store your products in the home? Don’t expect your homeowners policy to cover that collection that took you months to amass. Make sure that you have the correct coverage in place so that if something happens, you’re able to replace and rebuild. Business income coverage will go a step further by compensating a portion of lost income as a result of a covered accident.

So who is actually eligible to elect coverage? Crafters, jewelry makers, cosmetic/beauty sales consultants (Rodan + Fields, Monat, doTERRA), teachers/tutors, disc jockeys, bakers and photographers are some of the more common eligible professions. But even those that are commonly not eligible may find coverage through a commercial or professional lines form.

That’s why it’s so important to cultivate a relationship with an insurance provider who gives good advice regarding your personal and business coverage needs. And that’s where W3 Insurance shines. As an all-lines agency, W3 serves as your comprehensive coverage source. Contact an advisor today. Describe your business and its liability. A W3 advisor will advise you regarding coverage type and scope, so you can get back to what’s really important: focusing on your home business dreams.

The Equal Pay Act’s New Friend: Your EEO-1

Employers Need EPL Like Never Before

Employers: The time to elect Employment Practices Liability coverage is now. Component 2 of the EEO-1 is due September 30, 2019, and it dictates payroll data be disclosed to the EEOC, who enforces the Equal Pay Act.

But I don’t intend to pay my employees in a discriminatory manner, you say. Surely I’m not culpable for a pay disparity?

You are – and here’s why.

The Equal Pay Act is a strict liability statute, meaning there is no need for the employer to intend to pay in a discriminatory manner. Component 2 requires employers to provide hours and pay information by the same categories as Component 1, which includes the category of sex. To the extent that the EEOC finds your reported information persuasive, they will seek to use Component 2 pay data as admissible evidence in the event of an Equal Pay Act claim against your company. 

Dig into that payroll data, if you haven’t already, and check for objective disparity in your payroll that may give the appearance that it is based on sex. If it exists, check to see if there is a clear legitimate reason for each disparity (seniority, production, etc.). Find and fix any issues before someone else does.

Your next step? Contact W3 Insurance for an Employment Practices Liability policy. It’s our job to stay up-to-date regarding your employer requirements so you can focus on your ultimate goal –  your business.

New Call-to-action

Secure Your Business – Here’s How:

Thanks to all the news stories of businesses toppling amidst cyber attack, you’re likely convinced that the threat is real. As cyber insurance advisors, we can assure you that the battle is ongoing and that hackers and other miscreants show no sign of calling for a cease fire. How can you win the war? Besides purchasing cyber attack coverage, there are some relatively simple measures you can take to ensure your organization does not become a cautionary tale. Below is a short list of steps you can take:

  • Securely back up confidential information/important files in a remote location NOT connected to you business’s main network.
  • Update software as new updates are released to stay up-to-date with the latest security updates.
  • Be aware of logins and passwords
    • Take special care when dealing with passwords to portals that contain banking information, health insurance, PayPal information, etc.
    • Select long passwords with two factor authentication
    • Don’t reuse passwords
  • Always verify any change requests from vendors/clients by calling a pre-determined number. Never call the number ON the change request; it may be fraudulent
  • Keep employees current regarding all types of cyber scam techniques and the best ways to combat them.
  • Stay educated through reputable sites and share pertinent information with directors and officers, as well as employees. These include: iii.org, IC3.gov and idtheftcenter.org.
  • Recognize that prior to your business being targeted by phone or email, your computers likely will have been breached. Consult with computer technology experts and use updated cyber security software, secure Wi-Fi networks, and two factor authorization.

If you haven’t yet purchased cyber insurance, find your coverage here. All it takes is a few minutes to complete the application; afterward we’ll present you with a bindable quote. W3 Insurance is on your side in the fight against cyber attack. Thanks to extensive coverage options, we’re able to be part of the shield that keeps businesses like yours from becoming a statistic.