by Jim Taylor | Apr 27, 2023 | Business Insurance, Cyber Security
As workers increasingly use personal devices in the course of their workday, an inviting pathway has emerged for cybercriminals seeking access to your company’s sensitive data. Research shows that a significant number of data security personnel, as well as many senior executives, are aware of the possible security risks that come with the increasingly popular remote and hybrid work options.
According to the FTI Consulting report, “The Most Valuable, Vulnerable Commodity: Data Establishes a New Era of Digital Insights & Risk Management,” 91% of data security personnel have personally experienced the negative implications posed by remote and hybrid work.
The report further states that:
- 45% believe that working remotely or using the hybrid model has increased the risk of data breaches.
- 41% have reported data shared on devices, networks, and systems that do not comply with their security standards.
- 38% of respondents felt their business is more vulnerable to malicious acts due to remote working and the potential avenues for unauthorized access to company data.
In fact, the digital risk is quickly becoming a higher concern than other, more traditional sources of company risk.
Research Shows…
During the COVID-19 pandemic, many companies drastically switched to remote work schedules in a very short timeframe with the primary goal of safeguarding their employees’ well-being. Employers reluctant to lose valued workers by forcing them to return to the office have allowed remote work to become a standard option in many occupations.
Unfortunately, this has had the predictable effect of causing a corresponding increase in cybersecurity incidents by 238%, according to a 2022 Alliance Virtual Offices report.
Available online data is increasing not only in terms of quantity but also in terms of variety. With more sophisticated tools and platforms supporting remote collaboration, a diversity of new data types and formats has surfaced. This can be a great resource for businesses if it is handled responsibly. However, it also has the potential for disastrous consequences without proper precautions.
Companies with remote employees frequently allow their staff to use their own devices instead of those provided by the company. These “Bring Your Own Device” (B.Y.O.D.) policies present huge security risks. Unfortunately, personal devices can be a security risk as they usually come with vulnerabilities like outdated software and insufficient network controls, making it difficult for security specialists to protect company data from potential threats.
Cybercriminals can find methods of getting personal data from devices faster than the companies can protect it, as is indicative of their advanced tactics and strategies. Criminals are shifting their efforts to exploit those vulnerabilities by altering how they target employees.
Where businesses have spent decades safeguarding their digital assets from cyber threats like ransomware attacks and data breaches with firewalls and intrusion detection systems, employees are now working outside the perimeter of those protections. Therefore, it may be necessary to have BYOD policies allowing employees to access company networks on their personal laptops, smartphones, or tablets, provided they have sufficient protection.
Remote Working Cybersecurity Risks
Telecommuting increases the chances of data breaches, as there are multiple threats associated with working from home. Businesses should be aware of the most common potential cyber risks and have sufficient protection measures in place.
The areas of growing concern include the following:
- Increased attack surfaces
- Shortage of security talent
- Insufficient security staff oversight
- Risky data practices
- Susceptible to phishing
- Vulnerable unsecured hardware
- Vulnerable unsecured networks
- Access and enabling technology vulnerabilities
The effects of poor security practices can be extreme. Studies show that companies with more than 80% of their employees working remotely incurred a loss of $5.1 million due to data breaches in 2022. Companies with a smaller portion of their staff (20%) working remotely paid an average of $4 million, which is still significant.
Although it may not be possible for companies to do away with remote work schedules, there are things that companies can do to protect themselves. Cybersecurity should be a priority.
What Is the Answer?
Businesses that prioritize cyber-safety should analyze their cyber-liability insurance policies. These policies usually contain detailed security procedures that companies must follow to be eligible for full coverage, making them a great source of info on the most up-to-date practices.
Staying protected in the era of BYOD is an ongoing challenge. To address this, businesses should create incident response playbooks that describe how to handle and contain data security incidents when they occur. By doing so, it’s possible to minimize the damage and get back on track more quickly. Following that with practice runs can take the strategy to the next level.
The pandemic brought remote working to a greater number of businesses and that isn’t going anywhere. Therefore, it is wise to embrace it and take steps to protect the company.
by Jim Taylor | Nov 16, 2022 | Business Insurance
In this ever-changing landscape of technological advances, it can be difficult to keep up-to-date on everything. However, when regarding cyber security, being knowledgeable about the latest protection is imperative. This can be a daunting task for any business. Larger corporations often have entire departments or outsourced workers to protect their online presence.
Because of these factors, a large portion of cyber attacks are focused on emerging businesses. More than 43% of cyber attacks are targeting growing businesses and the owners do not have the luxury of a dedicated tech team to handle this and find themselves navigating the world of cyber security on their own.
While most of these business owners are concerned about the threat of such attacks, education on the issue is lacking. There are a number of measures these owners could take and many recourses available. The issue seems to be the lack of knowledge about these measures businesses should take on proactively.
Cyber Insurance may not be widely known, but it is a viable option for any business. The concept of Cyber Liability Insurance recognizes the risks of online markets and breaches within the systems. When you leverage a Cyber Liability policy, your insurer focuses on covering the damage resulting from such an attack. A typical policy would assist with:
- Informing customers when a breach in the system has occurred
- Recovering such compromised data of the business and customers
- Restoring the computer systems and security programs
Many providers also offer assistance for any monetary losses that the businesses or customers may have suffered as the result of a cyber attack.
Aside from the loss of funds and the breach of personal information, these attacks can further damage a company. The trust a customer has in the business can be demolished with such a cyber attack. The reputation and integrity of the company can be badly damaged and can cost further revenue in the future.
The first line of defense for these companies is programs and ransomware designed to protect them from such attacks. However, the better the programs become, the craftier hackers will become. While these systems provide the first line of defense and insurance acts as a safety net should the worst occur, there are further measures a business could take to ensure their information remain safe. The FCC provides a comprehensive list of additional steps an owner can take to keep these hackers at bay including:
- Providing firewall security for your internet
- Making backup copies of important data and information
- Keeping employees informed on safe cyber practices
- Limiting who can install software on computers
The knowledge and education of these tools are pivotal to maintaining a company’s security in the ever-changing technological landscape. Most importantly, working with a trusted business insurance provider can ensure your business has the right Cyber Liability coverage to meet your needs.
by Carolyn Kick | Apr 28, 2020 | Business Insurance, COVID-19 Resources, Cyber Security
The COVID-19 outbreak is changing how companies operate. While it is having a profound impact on supply chains and the nature of demand, the most direct impact is the fact that most people are confined to their homes. Many companies are now working fully remote, including some that had never had remote work policies in the past.
There are many considerations around the transition to remote work. The first ones that come to most employers’ minds are generally how to maintain productivity, communication, and morale while team members are working in isolation.
But working remotely also comes with significant cybersecurity risk ramifications. Company networks are inherently spread thin and ultimately rely on employees’ home network security to keep company data safe. Many companies’ cybersecurity practices just aren’t built around remote work and they will have to adapt to keep themselves safe.
Luckily, just a few additional measures can greatly mitigate your cybersecurity risks during the COVID-19 outbreak. Let’s take a look at the risks and how to tackle them, including:
- Why the outbreak creates openings for cyberattacks
- How to mitigate your company’s risks
- Protecting employees and their devices
- Business insurance coverage for cyberattacks against remote networks
Why COVID-19 Creates Opportunities for Cyberattacks
The main reason why the COVID-19 outbreak is changing the nature of cybersecurity is that just about everyone that can is now working remotely. Instead of operating as a closed system, companies’ networks now include each employee’s home networks and devices. And a distributed network is inherently harder to protect: you can’t just throw a firewall around it. Not to mention, most existing strategies and policies are focused around protecting the company networks and do not work for distributed or bridged networks.
Employees’ home networks are the most significant gap in your cyber protections. Unfortunately, VPNs and other standard protective measures only cover communications between home devices and company networks. They do not protect the home devices themselves or home networks. That means any company data stored on the devices is much more easily compromised by cyberattacks.
But on top of the technological challenges posed by the COVID-19 outbreak, the coronavirus is also creating opportunities for successful cyberattacks that rely upon the fear, isolation, and ignorance of people amid the outbreak. Phishing attacks related to the virus have increased more than six-fold in the past month and tens of thousands of people have clicked on malicious links that used the topic of the virus as bait. As a result, the total number of hits on malicious links nearly tripled from February to March.
What this means is that your employees are simply more likely to fall victim to malware, eCommerce fraud, or other cyberattacks thanks to the COVID-19 outbreak. And when they do they may inadvertently compromise their devices and your company data.
Minimize Your Risk
Cybersecurity risk management is a multi-tiered process that starts with avoiding and defending against attacks. If that fails, then you need to mitigate the damage from successful attacks and transfer the risk away from the company. While it is always better to stop an attack from being successful in the first place, you should still have plans and processes in place to handle the situation in the case it occurs.
So, how do you stop cyberattacks from compromising your remote work operations? The first step is to implement strong endpoint protection on all employee devices that will be used for work. Endpoint protection software is a bit like antivirus software evolved and takes a more comprehensive and proactive approach to threat prevention, detection, and defense.
Next, you need to educate employees and set standards for their home networks. Employees should use networks secured by a strong and unique password. Then, you should make sure that only authorized IP addresses can access your data and networks. IP blacklists, multi-factor identification, and identity management solutions can go a long way towards protecting your data during the outbreak. Finally, make sure that all of your standard protection measures are also in place and up-to-date. This includes VPNs and firewalls that protect your company networks from any attacks.
But if these measures fail, it’s time to mitigate the damage. That means implementing effective intrusion detection to discover a breach and start addressing it as quickly as possible. Ideally, these systems will tell you not just that there has been a breach but what systems were accessed. That can help you diagnose the damage and formulate your response. Another option is a managed detection and response system that combines software with hands-on attention from security experts for added protection.
It is just as important to minimize disruption to your systems and workflow. Many attacks try to damage or destroy data not just steal it. So, regularly back up all data in multiple locations to ensure that you don’t lose anything.
Finally, transfer the risks through business insurance coverage. As we’ll explore in detail later in this post, your business insurance will likely cover the damage from a successful cyberattack even if the attack was against an employee’s device or happened while the employee was working remotely.
Protect Your Employees
As we discussed earlier, remote work is not the only driver of cybercrime during the COVID-19 outbreak. Most attacks have to do with the virus itself, using outbreak-related lures to get people to click malicious links or even taking advantage of CARES Act stimulus payments to steal information and money from susceptible businesses.
While many of these attacks will target the individuals themselves – trying to gain access to their bank accounts or vital identity information – employers should still do everything they can to protect employees from falling victim to such attacks. Not only is it the right thing to do to take care of your team members, but the attacks can also compromise employees’ work devices and present cybersecurity risks. Just because an attacker planned to go after an employee’s bank account doesn’t mean that won’t pick up some valuable company data along the way, especially if it is low-hanging fruit.
So what can you do to protect your employees? In addition to providing powerful antivirus software, you need to educate and reassure. COVID-19 cyber-attacks feed on fear, isolation, and misinformation. Providing support and correct information about both the COVID-19 outbreak and common scams is the best countermeasure once your technology solutions are all sound and in place.
Work with your IT team, business insurance broker, HR consultants, and any other stakeholders to put together resources to inform employees about how to identify possible scams or malware attacks, and what to do if they think they may have clicked a malicious link or compromised their device. And work with your HR advisor to create outbreak-related resources that will fill the COVID-19 information gap so that employees are less likely to click the links in the first place. Finally, do everything that you can to minimize fear and isolation by keeping employees connected, engaged, and healthy in mind and body during the quarantine. Not only will this help minimize cybersecurity risks, but it will help your remote team work more effectively as well.
Know Your Business Insurance Coverage
If things do go wrong, will your business insurance protect you from the damages?
By and large, the answer is yes. There are several “triggers” that will cause your business insurance to kick in and which apply in the case of a cybersecurity breach from a remote employee.
A privacy insuring agreement may cover any damages if the attack results in the following privacy triggers. First, illegal access to company information is likely covered because your company will have been the victim of a crime. Secondly, if company information is compromised due to a cyberattack on an employee’s device that may count as violating an NDA, a common privacy trigger in business insurance policies.
But a security insuring agreement will often also apply. When someone is working from home, their computer and network will generally count as the company’s computer and network and thus be covered if attacked. This is especially true if they use a company device while working from home.
Keep in mind, though, that some insurers require a formal “Bring Your Own Device” policy with employees for them to cover the damages. This policy needs to outline safety measures and proper conduct that employees have to follow when using their device. So it is a good idea to have your employees sign such an agreement now that they are working remotely.
When in doubt, ask your insurer and business insurance broker about your cyber insurance to find out the details of your coverage. But if you have the correct policies in place, there is a good chance that you will be covered if your security measures fail.
Key Takeaways
There are many considerations when it comes to protecting company data, networks, and devices during the COVID-19 outbreak. Hopefully this article has given you a solid roadmap to start formulating your defense strategy and helped you figure out the right questions to ask your IT and business insurance providers. Just remember:
- Remote work means a distributed network for added security risks and possible entry points for attacks
- The outbreak has many people scared and looking for help, creating opportunities for attacks
- Educating employees about proper security measures, real information about the outbreak, and how to avoid falling victim to cybercrime goes a long way to protecting their data and the company’s data
- IT considerations to protect against cyberattacks during the outbreak include endpoint protection, intrusion detection, regular backups, home network security, and up-to-date antivirus, firewalls, and VPNs
- Working with your business insurance broker to ensure you have the correct cyber liability policies in place is crucial during this time
by Carolyn Kick | Apr 16, 2020 | Business Insurance, COVID-19 Resources, Return to Work
At some point, the quarantine will end and companies will start getting back to business. However, it’s unlikely this return will be “business as usual,” but will instead have to factor in the new nuances COVID-19 has brought about. How we handle going back to work will have a big impact on whether we rid ourselves of COVID-19 for good or if we see the coronavirus come back for new mass infections, as the Spanish Flu did a century ago.
As employers, we have an enormous responsibility to get our team members back to work as safely as possible. Rushing head-on as if nothing has changed since before the virus reached our shores is a surefire way to end up with another quarantine and many sick employees. So you have to plan TODAY for how you are going to reopen your business.
There is no proven formula for how to go back to work safely after COVID-19 has receded. As a world, we’ve never gone through anything quite like this before. But many people are thinking about how to work safely in a post-COVID-19 world and you do not have to reinvent the wheel to keep your team safe. In this post we’ll explore some of the main ideas out there about how to get back to business responsibly, including:
- Why it’s so important that you create a back-to-work plan today
- How to go back to business safely
- Long-term strategies to protect your team, business, and community
Why You Should Create a Back-to-Work Plan Today
If quarantines were lifted tomorrow and the CDC announced that the virus had been contained, do you know how you would begin bringing employees back into the office?
Given the rapidly evolving nature of the COVID-19 situation, there’s a good chance your answer is “no.” That’s why it is never too soon to start creating a back-to-work plan. You just can’t wait until things open up to create your plan: you have to be ready to hit the ground running as soon as you get the go-ahead.
But what if you didn’t put any particular plan into action? If the government says that it is safe to go back to work, what’s the risk?It’s highly unlikely the virus will be eradicated based on the current sporadic isolation orders, so there will still be people with the virus within the community. If you throw caution to the wind and jump right back into business as usual and one of those people is on your team, your entire company could potentially become infected. You can see how this could potentially snowball into another full-fledge outbreak, which would mean shutting down your office entirely once again.
For our own sake and everyone in our communities, we need to proceed cautiously and intelligently even after authorities say that it is okay to start getting back to business.
How to Go Back to Business Safely
Businesses must become an active participant in the effort to expand testing for COVID-19 and its antibodies. From looking at countries such as Singapore and South Korea that managed to control the outbreak, the key to stopping the spread of the disease once the quarantine is lifted and people go back to work is consistent and readily available testing, coupled with “contact tracing” – tracking interactions to identify people who might have been exposed. While the US is not necessarily set up to implement the kind of regimented, centralized testing and contact tracing system that Singapore used to great effect, employers can implement similar systems in their offices. Namely, through testing and keeping track of employee interactions such as meetings in order to isolate employees who may have been exposed if an employee tests positive.
There are many tests being developed and employers will have to work with their brokers and insurers to get the tests their team needs. The US is working to make testing more available, so it’s likely by the time your employees are coming back into work the tests may be much more widely available. Once you acquire the tests, you will have to decide on a testing cadence, testing your team as frequently as necessary without becoming overly burdensome. You can also use screenings such as temperature readings to identify candidates for testing. And don’t forget to test for antibodies as well as infections: it can be almost as useful to know who is already immune as it is to identify employees who might be carriers of the virus.
Another key consideration in your plan is determining how you will know when it’s time to get back to work. Currently, most organizations are in a waiting pattern to see when the quarantine will be lifted. Now is the time to be developing your return to work plan, and process which may includeleveraging recommendations from a range of trusted authorities and even employee feedback.
Once you determine that it is time to bring employees back into work, you need to make sure that they are doing it safely. This will make up the bulk of your back-to-work plan.One key best practice to keep in mind is to minimize the number of employees who are in the workplace at once. There are two main ways to do this: slowly phase employees back into the office and stagger employees’ schedules.
Instead of abruptly having everyone come back into the office, slowly have employees come back in based on how important it is that they work from the office. That way, you keep occupancy (and thus the risk of infection) down while simultaneously reducing the number of people who will get exposed if someone does come to work with the virus.
Also keep in mind that all of your employees do not have to come into the office at the same time. By staggering schedules, you can allow everyone to spend some time in the office but still keep occupancy down. For example, you can have different teams come in on alternating days so that people are in the office with their main collaborators while minimizing their risk. And staggered schedules do not just have to be by day. You can also modify employees’ daily hours, to the extent they feel comfortable with, so that everyone is not arriving to and leaving from the office at the same time.Once you decide who will be in the office and when, then it is time to establish office safety precautions.
Firstly, you should do everything in your power to prevent employees from coming into work if they are sick or have been exposed to the virus. The easiest strategy you can leverage to diminish sick individuals from coming into the office is to maintain a flexible work-from-home policy and encourage employees to stay at home whenever they feel under the weather or think that they have been exposed to the virus.
But you also cannot solely rely on your employees to self-report illness or exposure. While it might sound extreme, you should consider conducting daily health screenings before employees are allowed to start their shifts or workdays. Work with a third party vendor that provides health professionals to take employees temperatures at the door and conduct questionnaires to determine their level of risk of exposure. And if an employee seems ill, either send them home to work remotely or refer them to additional screening or treatment.
Another top priority should be to implement and enforce social distancing protocols. Just because employees can come into the office again does not mean that they shouldn’t limit their interactions. Encourage your employees to avoid close contact by issuing distancing guidelines and limiting occupancy for elevators, meeting rooms, and common areas. And if necessary, redesign your office to create distance or physical barriers between desks (the gold standard being recommended is 6-feet of space between individuals at all times).
Finally, you have to maintain a clean work environment and supply plenty of protective equipment. This means intensifying your daily cleaning, potentially adding mid-day cleanings or daily UV-sanitation to eliminate any traces of the virus. Pay particular attention to common areas and high-risk surfaces such as phones and doorknobs. Provide masks and gloves to frontline workers who might interact with people outside of the office and provide alcohol based hand sanitizer wherever possible. In particular, place touch-free hand sanitizer stations at the entrances to any common areas and meeting spaces so employees can easily sanitize before interacting with each other.
You may well want to adopt additional safety protocols unique to your business and its needs. But these steps should go a long way towards ensuring that your team can get back to work safely, with minimal disruptions to your business.
Thinking Long Term
It would be nice to think that we could go back to working the way we did before the outbreak, after an initial period of caution. But the fact of the matter is that COVID-19 will have a lasting impact on how we work and do business in the future. And it is well worth your time to consider how you can adapt in the long-term to prevent your business from getting disrupted by another outbreak.
As difficult as it might sound, you may well want to rethink the physical layout of your office post-COVID-19 outbreak. While open offices have been all the rage for years, they don’t do a good job of protecting employees from sick coworkers. Many employers may end up adding space and divisions between desks, and positioning employees so that they work back-to-back rather than next-to or facing each other. You may also want to add infrastructure that facilitates remote collaboration, including videoconferencing equipment in meeting rooms and enhanced call booths for individual employees to work one-on-one with a remote employee. You should also consider making at least some social distancing protocols standard practice moving forward, along with intensive cleaning and extensive hand sanitizer stations.
Probably the biggest long-term impact that the COVID-19 outbreak will have on businesses is the expanded role of remote work. Many employers who were resistant to remote work will be much more open to the idea now that they’ve been forced to implement it. But even companies that accepted remote work will likely continue to expand it further. Whichever category you fall into, you should consider making remote work a fact of life at your company going forward. Depending on your business, you could even use it to replace the office entirely and cut your costs as well as your risk. Assuming you still see value in maintaining an office or need a physical office space, you can use remote work to augment your sick leave so that employees never come in if they are not feeling 100% well. Letting employees work from home without questioning their motives will help you avoid an office outbreak, whether it’s COVID-19 or a different illness.
Finally, employers should plan to be part of the vaccine distribution effort that keeps COVID-19 from coming back for good. Public health resources are going to be overwhelmed trying to provide both vaccines and medical care that was delayed because of the virus. You should work with your benefits broker, insurer, and providers to help your team members get the vaccine as soon as it is available. If you can get the vaccine administered in your office, even better. And don’t forget to provide the vaccine to employees’ immediate families as well.
Key Takeaways
Getting back to business after COVID-19 is a daunting task. Business owners and HR professionals are going to have to balance a wide range of considerations to ensure a safe and productive workplace. Remember these key takeaways and you will be a long way towards making sure that your team can get back to work as safely as possible:
- Listen to trusted authorities, your employees, and your gut when it comes to deciding when to open your offices back up
- Try to minimize the number of employees in the workplace, especially to start out
- Protect your employees through health screenings, social distancing guidelines and protocols, intensive cleaning, and protective equipment including hand sanitizer
- Remote work is an invaluable tool even once the quarantine is lifted
- Consider your long-term strategy to limit the risk of an outbreak, including redesigning your office and leveraging remote work and social distancing
- Develop a plan to get your employees and their families vaccinated as quickly and easily as possible as soon as a vaccine is available
Most importantly of all, don’t do it alone when it comes to developing your back-to-work plan. You should bring in experts on workplace safety, employee healthcare, and human resources to help you keep your team safe.
by Carolyn Kick | Apr 9, 2020 | Business Insurance, COVID-19 Resources
The COVID-19 outbreak presents a many challenges for business owners, executives, and HR professionals. Keeping business running smoothly amid dwindling demand, supply-line disruptions, and quarantines is no easy task. An on top of these considerations, you also have to ensure the safety of employees and put in place procedures to prevent them from becoming infected with COVID-19.
And while keeping your employees healthy is the right thing to do both morally and for long-term morale and productivity, it is also important from a compliance perspective. You don’t want to add an OSHA violation to the many concerns you’re dealing with during these challenging times. And OSHA has issued new recommendations regarding the outbreak.
That being said, there are simple steps you can take to ensure compliance and safety for all employees. You just need to follow some straightforward, common-sense best practices and implement some additional safety precautions. Let’s take a look at how you can follow OSHA guidelines to keep your team and your business safe during the COVID-19 outbreak, including:
- Categorizing staff
- Developing safety protocols
- Maintaining a safe workplace
- Educating employees on best practices
- Identifying and handling exposure
Categorizing Staff
The first step that you should take to protect employees and ensure OSHA compliance is to categorize your team members to organize your workplace safety initiatives. Essentially, you need to figure out who needs to be protected and in which ways.
First off, divide your team into remote-capable and non-remote workers. During the COVID-19 outbreak, whether your area has issued quarantine orders or not, working from home is the best workplace safety policy. It does the most effective job of minimizing employees’ risk of exposure and eliminates nearly every OSHA concern you may have. So everyone who can work from home absolutely should.
But what about those who can’t work from home? Well, here’s where it gets a little trickier. You may have to decide who among them counts as essential staff: employees who need to be working even if they cannot work from home. Your goal should be to have as few people in the workplace as you possibly can while keeping your business functioning. You can approach this in a few ways. For example, you can reduce your workforce through layoffs or furloughs.
Alternatively, you can have employees work partial schedules so someone is always holding down the fort while limiting each employee’s risk of infection. Depending on your resources, you can do this for the same or reduced pay. This method divides positions rather than employees between essential or non-essential. Identify what workforce you need in the office every day and then modify the schedule to maintain that workforce while thinning out the individual risk as much as possible.
Finally, determine the risk levels for your essential staff or positions. This will help you structure your safety precautions. For example, stockroom workers or BOH team members won’t need as much protection as those working the registers or making deliveries. Or it might be the case that your entire workforce falls under OSHA’s definition of high exposure risk or very high exposure risk, generally reserved for healthcare or morgue workers. Whether subdividing your workforce or assessing your team’s general status, it’s important to know the real level of risk so that you can adopt the appropriate safety measures.
Developing Safety Protocols
The next step is to develop your safety protocols. You need a clear plan and strategy around these protocols in order to ensure compliance. So, you should decide what your plan will be for maintaining safety standards and handling exposure as soon as possible.
We’ll explore what those plans should look like in the next couple of sections, but we can’t emphasize enough how important it is that you start planningimmediately if you haven’t done so already.
Get your department heads, especially HR, executive team, and any outside consultants involved in the planning process. Contracting an HR or compliance specialist can help you develop an effective COVID-19 workplace safety and staff management plan.
Maintaining a Safe Workplace
Once you have reduced the number of employees in the workplace to the bare minimum necessary to keep things running, you have to make sure that those team members will be able to do their job safely, with the minimum possible risk of exposure. That means formulating a plan to maintain a safe workplace.
Obviously, all preexisting OSHA standards hold and you should maintain your compliance policies. But you will have to implement several new procedures to keep your team safe.
First off, you need to keep the workplace as clean as possible to eliminate the virus if anyone brings it in. That means regularly cleaning and disinfecting all workspaces, equipment, and commonly touched areas. Kitchens and bathrooms, phones and registers, desks and board tables should all be sanitized regularly using EPA approved cleaning solutions that are proven to eliminate coronavirus. Also, provide proper sanitation materials for your employees including alcohol based hand sanitizer, especially for frontline staff.
Next, ensure that your workplace is a closed system to the best of your ability. If you have control over what comes into the workplace it will be much easier to prevent potential COVID-19 exposure. That means limiting customer and partner access to the workplace. If you run a physical shop or restaurant of any kind, take steps to minimize the number of clients who can be inside at a time and outline approved areas for them to enter. Even better, switch to a curbside pickup or delivery model. The same goes for internal movement: do your best to keep high-risk employees away from lower-risk employees. For example, cashiers shouldn’t enter the stockroom. And all employees should minimize their interactions. Meetings should be transitioned to phone calls or video chats whenever possible.
Finally, provide employees with the personal protection equipment that is appropriate for their risk level. Frontline workers should have masks and gloves but BOH may or may not need these items, depending on local guidelines and community spread within the area your team works. You should review OSHA guidelines and talk to your leadership to determine what equipment each of your employees needs, but it is important to remember that needs will vary depending on risk levels.
Educating Employees on Best Practices
One of the most nerve-wracking aspects of workplace safety and compliance is the fact that at the end of the day, your protective measures are only as good as your employees’ compliance. And with the COVID-19 outbreak, stakes are higher than ever. If employees don’t take the outbreak seriously and instead cut corners, they could put the entire workforce at risk. That, in turn, can cripple your business’s ability to function at a time when it is already on thin ice.
You cannot entirely control employee behavior. But what you can do is make sure that they know exactly what they should be doing and what the consequences will be if they fail to abide by new and existing guidelines and procedures.
That means educating them on best practices, including:
- Properly covering coughing or sneezing
- Avoiding touching their faces & washing their hands if they do
- Regular hand-washing using proper procedures (20+ seconds)
- Not touching other employees’ equipment
- Reporting any safety or health concerns, especially regarding COVID-19
This last best practice deserves some more attention. You need employees to be extremely proactive when it comes to informing you of any potential risks. That includes potential exposure outside of the workplace, coworker failure to follow procedures, and symptoms that employees notice in themselves, customers, or coworkers. The sooner you catch any risks the safer your team will be. Emphasize the importance of communicating any concerns and consider implementing policies that protect people who report any issues.
Identifying and Handling Exposure
Finally, you need to figure out how you will identify whether an employee has been exposed or infected and how you will handle the situation.
It’s a true nightmare scenario: you’ve done all you can to protect your team members but now one of them has been exposed to the virus or seems to have COVID-19. What do you do?
Unfortunately, to echo many public health officials around the world, it’s probably not a matter of if, but when. Don’t avoid creating a game plan out of self-confidence, denial, or fear. Imagine you found out that employees would start showing up to work with the virus next week. Now how do you respond?
Well, the good news is that we’ve put together a handy checklist of steps to take when you confirm an employee is positive for COVID-19 or has been exposed.
But, generally speaking, here are the steps that you should plan to take:
- Work with the employee to plan next steps: remote from work, sick leave, etc
- Find out who the employee might have infected by talking to them about their recent exposure
- Immediately complete a deep-clean of effected spaces
- Inform employees of potential exposure and reeducate them about best practices
- Monitor workforce for signs of an outbreak
- Set terms and create a plan for affected employee’s return to work-from-home
Key Takeaways
Maintaining a safe workplace and OSHA compliance amid the COVID-19 outbreak can be an intimidating task. But it also is not as difficult as it sounds, even though the stakes are so high. Just remember to:
- Determine who needs to be in the office and take steps to keep everyone else at home
- Figure out the level of risk for each employee or role and establish safety precautions for each
- Implement stringent cleaning measures to disinfect the workplace regularly, focusing on high-risk areas
- Educate employees on best practices to protect themselves and each other
- Develop policies for managing employee infection or exposure including determining who else may have been exposed, warning other team members, redoubling safety precautions, and planning for the affected employee’s transition away from the workplace and their return to the workplace
by Carolyn Kick | Mar 10, 2020 | Business Insurance
Launchways specializes in providing growing businesses with the human resources, employee benefits, and business insurance services they require to maximize profits, foster buy-in among their workforce, and build a culture of overall excellence.
Business insurance is a crucially important piece of the puzzle for any organization, but we find it’s often the part that business owners take for granted. There’s a strong preconception out there that insurance is simply “the price of doing business;” that it’s a loss you need to accept to cover your risks.
At Launchways, we take a different approach to business insurance. When you fully understand the risks and hazards inherent in whatever it is you do and work with a broker dedicated to maximizing your economies of scale, insurance becomes an opportunity to improve both the day-to-day experience and overall bottomline of your business.
In this post we’ll explore:
- How Launchways approaches business insurance offerings
- Why Launchways’ blend of consultative & management services sets us apart from the crowd
- A real-world example of Launchways’ impactful approach to insurance in action
The Launchways Approach
Launchways didn’t become a highly respected brokerage in Chicago by simply selling people policies. We got where we are by providing businesses with the knowledge, mindsets, skills, and solutions they require to take the next big step in terms of efficiency and business success.
We provide a balance of empowering consultation (to strengthen your business from within) and managed services (to support your business from the outside). Let’s dive into some of the specific ways we help businesses improve their approach to business insurance.
Our Business Insurance Consultation Services
At Launchways, we take pride in the fact that we provide personalized consultative services to each and every client with the goal of increasing awareness of and literacy in the evolving challenges of business insurance and risk management. Here’s a sampling of the consultative services we offer to help business make the most of their insurance investments:
Mock OSHA audit
We carry out a full assessment of your business and workspaces, teaching you how to think like an OSHA inspector, modernize safety practices, and work with a complete understanding of regulatory guidelines.
Existing written safety program analysis
If your business is more than a few years old, there’s a chance that nobody within the organization clearly understands what your written safety programs and policies say or mean. We help you understand what your current policies entail, whether they are sufficient, and what changes or modernizations need to be made.
Workers compensation claims analysis by type of injury
We take a look at your WC claims history and break down your claims by injury type to identify areas of need and opportunities for improved safety procedures, training, etc. with an eye towards overall WC claim reduction.
Review of 3rd party contracts for alignment with your existing insurance policies
Do all your contracts address insurance in a way that’s consistent with and fully backed by your existing coverage? As time passes from your initial purchase date and personnel change in and out, businesses can unintentionally drift away from the safety of their insurance coverage. Identifying and closing these gaps is crucial to preventing losses.
Identifying & quantifying business interruption exposures
Understanding your areas of vulnerability and exposure is critical to preventing business interruptions. We help you deepen your knowledge of your exposures, strengthen your plans to prevent or fight them, and provide a second set of eyes to help you identify potential issues you haven’t anticipated.
Risk assessment analysis and score
In order to truly understand safety and see the path toward business insurance savings, your organization needs to be great at risk assessment – there’s no way around it. Our team has ten years of experience assessing organizations’ current approach to risk assessment and making recommendations for profit-protecting improvements.
Our Business Insurance Management Services
Launchways clients don’t just get great consultative services to improve their planning and overall approach, they also get the end-to-end support of one of Chicago’s best business insurance brokerages.
Here are a few examples of some of the practical insurance management services we offer:
Claims advocacy on all open claims
Once we’ve established a relationship with a business, we do everything in our power to protect them during claims and guarantee the overall health of their organization into the future. We help businesses maintain the speed and fairness of the claims process and pick up the slack on the insurance end to enable business leaders to focus on continuous operations.
Loss trend analysis
As we get to know you better, we continually look for opportunities to strengthen your approach. One way we do that is through data study and readouts that show safety weakness areas and suggest steps to address both frequency and severity of losses.
Premium projections based on current loss trends
One of the most frustrating parts of the business insurance dance is not knowing how your costs will change until your renewal packet arrives. Launchways works hand-in-hand with our clients throughout the year to analyze ongoing losses and provide real-time projections of what to expect next year and into the future in terms of premium rate adjustments.
We serve as your risk management expert
With many years in the insurance, HR, and employee benefits space, we’ve built a strong understanding of which risk, human capital, and business insurance moves are most impactful and best support scalable growth. We are always here for our clients as their trusted advisor to share best practices that will help support their business’ growth.
Case Study: How Launchways Built Value for Spice House
After 60 years in business, specialty food giant Spice House was acquired by a private equity firm in 2017. When that ownership change occurred, the company was non-renewed by its insurance provider, who was wary of the new owners’ aggressive expansion plan.
Looking for a provider who understood their growth objectives and believed in their ability to succeed with a calculated risk, Spice House partnered with Launchways to get the business insurance they needed to continue their expansion with minimal interruptions.
Not long after, a maintenance accident by a third-party contractor resulted in a fire that damaged Spice House’s building and destroyed a tremendous amount of their product stock. The result was a massive, complex insurance claim that Spice House’s internal team simply couldn’t manage without scrapping their planned growth initiatives.
That’s when Launchways stepped up to the plate and took the lead on the entire claims management process. We handled negotiations between Spice House, their landlord’s insurance company, and the contractor’s insurer, ensuring the claim was handled with the utmost attention to detail while the Spice House team prioritized the practical side of their recovery.
Thanks to Launchways’ support, Spice House was able to turn a moment of potential catastrophe into a moment of opportunity. In the months following the fire, they rebuilt their brand and physical retail space better than ever, helping them turn into the rapidly scaling business they’d dreamt of when they first made the acquisition.
To hear the full story of how Launchways’ HR and business insurance services helped see Spice House through their time of need and build new opportunities for profit, click here!
How to Learn More
Launchways helps businesses make the most of their current approach to business insurance and plan in ways that set them up for an even brighter future. We’re proud to provide a variety of services, including:
- Mock OSHA inspections and safety/risk assessment optimization
- Review of all practices, policies, and contracts for alignment with coverage
- Assessing the efficiency and value of your current insurance coverage
- Managing your claims process
- Serving as your on-call risk management advisor
- Helping you build a more data-minded understanding of your insurance state
If you’re interested in learning more about Launchways and how we help businesses strengthen themselves from the inside out, contact us today!