☰ Navigation

1-888-643-2217 Email ABEX
Keeping you updated

Archives

Cryptocurrencies and What They Mean for Businesses

Posted on by

Technology has added efficiency and modern conveniences to daily life. Among these conveniences, computer experts have managed to apply digital traits to new, online currencies in what is called cryptocurrencies.

Simply put, cryptocurrency is digital money that operates independently of a bank and can be used similarly to cash around the world. Cryptocurrency is a relatively new way for businesses to accept and send payments to customers, vendors and suppliers. Despite concerns over cryptocurrencies, they aren’t likely to go away anytime soon as an alternative method of payment, investment or means of raising capital.

While it can be easy to get caught up in the excitement and potentially lucrative nature of cryptocurrencies, it’s important to understand how they work as well as their positives, negatives and risks.

How Do Cryptocurrencies Work?

While it may seem confusing on the surface, the way cryptocurrencies function is actually quite simple. Relying on encryption technology to make transfers, most cryptocurrencies are decentralized and work without administrators. This means that there is no central entity or authority that manages the creation and use of cryptocurrency.

Like most currencies used around the world, cryptocurrencies store value and have specific exchange rates. Cryptocurrencies are similar to commodities like gold or platinum in that they have a limited supply.

Bitcoin, one of the most popular cryptocurrencies, encourages users to participate in the system by rewarding additional bitcoins. In fact, this is the only way new bitcoins circulate.

To use cryptocurrencies, consumers and businesses must first acquire a cryptocurrency wallet account. These accounts work like a bank, but are designed specifically for individuals who want to purchase or accept cryptocurrency. Most cryptocurrency coins have an official wallet or recommended third-party wallets, and it’s important to conduct thorough research before choosing a service.

After you have acquired a wallet, you can purchase cryptocurrencies on open exchanges and use them for a variety of transactions. You can even convert cryptocurrencies to cash at a later date if you so choose.

The Positives and Negatives of Cryptocurrencies

Cryptocurrencies—and bitcoin in particular—have greatly increased in popularity over the past few years.

Japan declared bitcoin legal tender in 2017 and online services like Microsoft, Overstock and PayPal also accept the currency.

Before adopting cryptocurrency at your business, you must consider its potential benefits and drawbacks.

The Benefits of Cryptocurrencies

  • No processing fees—Unlike traditional forms of payment like credit cards, cryptocurrencies have no processing fees. This is because cryptocurrency transactions are facilitated through a decentralized ledger on what’s know as a blockchain. Transactions are recorded on the blockchain chronologically, and users can create, verify and enforce transactions without an intermediary or central authority.
  • High transaction speed—Credit and debit card payments often take two to three days to process and clear. With cryptocurrencies, transactions happen in real time and take about 10 minutes or less. As an added bonus, cryptocurrency transactions are final, which means consumers can’t dispute a charge and negate a sale.
  • Increased payment options—The more payment options you can provide as a business, the better. As such, cryptocurrency has the potential to attract a wider customer base.

The Drawbacks of Cryptocurrencies

  • Price volatility—The value of bitcoins and other cryptocurrencies can change drastically over a small period of time.
  • Anonymity—While the details of cryptocurrency users and transactions are often held in a public ledger, names and locations are encrypted. This can be an issue when complying with regulations on customer identification or fraud protection.
  • Cyber security—Cryptocurrencies exist digitally, and the proof of ownership is often limited to the private keys used to authenticate transactions. This makes cryptocurrencies a prime target for hackers, especially because many businesses aren’t aware of how to protect this new form of currency.

Should You Accept Cryptocurrency?

While global companies like Amazon and Microsoft accept cryptocurrency, that doesn’t necessarily mean it’s right for your organization, especially if you’re a small business. Before using cryptocurrency, it’s important to conduct adequate research and understand how it may impact your company. In addition, you should speak to a qualified insurance broker to determine how using cryptocurrency opens you up to new risks.

© Zywave, Inc. All rights reserved

The Overlooked Physical Exposures of a Cyber Attack

Posted on by

More than ever before, organizations are aware of the potential financial impact of a cyber attack. Many wrongfully assume that the steep, monetary burden of a cyber attack is exclusively tied to damaged digital assets, lost records, and the price of investigating and reporting a breach. While those expenses represent a considerable hit, damage to an organization’s physical assets can be just as harmful.

Cyber attacks that cause physical damage typically occur when a hacker gains access to a computer system that controls equipment in a manufacturing plant, refinery, electric generating plant or similar operation. After the hacker gains access to an organization’s machinery, they can then control that equipment to damage it or other property.

These types of events can lead to major disruptions and costly damages. To safeguard their physical assets, it’s critical that organizations understand what types of businesses and assets are exposed to these attacks.

What’s At Risk?

To better understand what kinds of physical losses can occur following a breach, it’s helpful to compare cyber attacks to a natural disaster or other industrial accident. Following these kinds of incidents, organizations often incur costs to repair and replace damaged equipment in addition to any lost revenue caused by the disruption.

Unlike natural disasters, however, cyber attacks that cause physical damage aren’t limited to a geographic location and can impact an entire network. This means that damages caused by a breach can be widespread, affecting multiple sectors of the economy depending on the target.

Because of this, cyber attacks that cause physical damage are often dynamic and extensive. When an attack on critical infrastructure occurs, it not only affects business owners and operators, but suppliers, stakeholders and customers as well.

Who’s At Risk?

Cyber attacks that cause physical damage—the targets, the assailants, the motivations and the means of the attack—are constantly evolving. Incidents can occur in a variety of ways, including phishing scams, internet exchange point attacks, breaches of unsecured and unencrypted devices, and even plots carried out by rogue employees.

When discussing these attacks, many experts cite power and energy sector organizations as the most at-risk. However, vulnerabilities also exist in utilities, telecommunications, oil and gas, petrochemicals, mining and manufacturing, and any other sectors where industrial control systems (ICSs) are used.

ICSs are open computer systems used to monitor and control physical processes as well as streamline operations and repairs. ICSs are not often designed with security as a primary consideration, which leaves them susceptible to attack. What’s more, for many automated processes, attacks don’t even need to cause physical damage to result in significant disruption and losses.

So, when it comes to the emerging risk of cyber attacks that cause physical damage, targets vary by industry and the damages can be extensive due to the interconnected nature of ICSs.

Real-world Examples

Because organizations are not always required to make cyber attacks that cause physical damage public, they largely go unreported. However, the following are a number of high-profile incidents that demonstrate how important it is to consider physical and infrastructure cyber exposures:

  • Ukrainian power grid attack—This was a multistage, multi-site attack that disconnected seven 110 kV and three 35 kV substations. Together, the attack resulted in a power outage for 80,000 people and lasted for three hours. Using only a phishing scam, the attackers were able to cause substantial, prolonged disruption to the economy and general public.
  • Saudi Arabian computer attacks—In these incidents, hackers destroyed thousands of computers across six organizations in the energy, manufacturing and aviation industries. Through a simple virus aimed at stealing data, computers were wiped and bricked. Not only did this mean critical business data was lost forever, but all of the damaged computers had to be replaced—a substantial fee for businesses of any size. This attack was similar to an attack on Saudi Aramco, the world’s largest oil company, which destroyed 35,000 computers.
  • Petrochemical plant attack—This attack targeted a Saudi Arabian petrochemical plant. The attack was unique in that it wasn’t designed to steal data, but rather sabotage operations and trigger an explosion. The only thing that prevented an explosion was a mistake in the attackers’ computer code. Had the attack been successful, the plant would likely have been destroyed and many employees could have died. Experts are concerned that similar attacks could be carried out across the globe.
  • Hospital ventilation attack—In this incident, a hacker was able to damage and control a hospital’s HVAC system using malware. This attack put the safety of staff, patients and medical supplies in jeopardy, as the hacker could control the temperature of the facilities at will.

Attacks causing physical damage will likely become increasingly common as technology advances and hackers continue to get more creative. Even more concerning is that these kind of attacks not only endanger a company’s data, reputation and finances, but human lives as well.

How Do I Protect My Organization?

Insurance coverage for cyber attacks that cause physical damage is still in its infancy, and your organization may have gaps in protection. Even if your property insurance policy includes physical or non-physical damage coverages, that does not necessarily mean you’re covered from first or third-party losses from cyber attacks.

The level of protection your company has depends largely on the structure of your policies. As such, it’s critical for businesses to do their due diligence and understand if their policies do the following:

  • Impose any limits on coverage, particularly as it relates to physical damage of tangible property
  • Cover an attack and any resulting damages
  • Provide contingent coverage for attacks that aren’t specifically targeted at the organization

While it’s important to speak with a qualified insurance broker about your cyber risk policy options, there are a number of steps businesses can take by themselves to protect their physical assets. In addition implementing a cyber risk management plan, business should consider doing the following to protect their data:

  1. Keep all software up to date.
  2. Back up files regularly.
  3. Train employees on common cyber risks and what they should do if they notice anything suspicious.
  4. Review your exposures and speak with your insurance broker to discuss policy options for transferring risk.

 

© Zywave, Inc. All rights reserved

 

 

 

 

5 Ways to Reduce Overhead Expenses

Posted on by

Overhead expenses are all costs on an income statement excluding direct labour, direct materials and direct expenses. Overhead expenses often include fees related to things like accounting, advertising, insurance, interest, rent, repairs, supplies, telephone bills, travel expenditures and utilities.

These expenses can add up quickly and have a major impact on the profitability of your business. In order to save money and improve your finances, consider the following tips for reducing overhead:

  1. Be cost-effective about travel. Travel expenses eat up a budget quickly, especially for smaller organizations. To reduce these costs, consider holding teleconferences instead of flying in off-site employees. Whenever possible, book travel months in advance in order to save.
  2. Switch your business communications programs. Internal communications services such as Skype or Google Voice can greatly reduce your phone bill. Be sure to conduct thorough research and choose the option that best fits your needs.
  3. Negotiate rents, as rent is often one of the highest costs for businesses. Thankfully, costs can be reduced by negotiating with your landlord or by moving to a less expensive building.
  4. Be mindful about utility costs. Electricity and other utility costs can add up quickly, but there are some ways to cut back. LED bulbs use 70 to 90 per cent less energy than incandescent bulbs. In addition, electronics plugged into outlets use energy even if they’re not charging. Consider plugging computers and other electronics into power strips and completely shutting them off at the end of the workday.
  5. Rent equipment. Renting reduces upfront investments and lets you upgrade equipment easily. What’s more, renting equipment can also result in maintenance and repair savings.

© Zywave, Inc. All rights reserved

Avoiding Construction Defect Claims

Posted on by

Construction defect claims are a common risk architects, engineers and contractors face with every project they take on. A construction defect claim occurs when a building system or component fails and is often the result of improper installation, design or material selection.

Not only are these claims incredibly costly to correct and defend, they can also damage your reputation and negatively impact future opportunities. To protect your firm from a construction defect claim and manage your overall risk, consider doing the following:

  • Keep up with current building codes and standards.
  • Follow manufacturer guidelines for every product you use. Be sure to examine warranties and understand the limitations of the materials you use in construction projects.
  • Pre-qualify the subcontractors you hire. Above all, ensure that the individuals and organizations you choose to partner with have the proper credentials, experience and skills to deliver a quality finished product.
  • Seek legal counsel to ensure that all of your contracts are airtight and protect you against errors committed by outside parties.
  • Document the construction process. This will ensure that you have a solid record of materials and practices used during a project, which will come in handy in the event of a claim.
  • Implement a quality assurance/quality control program (QA/QC). QA/QC programs provide a set of standards that ensure a project is built correctly or performs as designed.

In general, the best way to avoid a construction defect claim is through quality construction. Be sure to work only with architects, engineers and contractors who have good reputations and track records. In addition, plan and perform work in the correct sequence and with proper supervision.

Keeping in mind the above tips will ensure that your projects run smoothly and are completed to a high standard of quality.

© Zywave, Inc. All rights reserved

Preventing Workplace Violence

Posted on by

As with most other risks, prevention of workplace violence begins with planning. It is easier to persuade managers to focus on the problem after a violent act has taken place than it is to get them to act before anything has happened. The more difficult the decision to plan in advance, the more logical it is. Any organization, large or small, will be more able to spot potential dangers and defuse them before violence develops and will be able to manage a crisis if its executives have considered the issue beforehand and have prepared policies, practices and structures to deal with it.

Forming a Workplace Violence Strategy

In forming an effective workplace violence strategy, important principles include:

  • There must be support from the top. If a company’s senior executives are not truly committed to a preventive program, it is unlikely to be effectively implemented.
  • There is no one-size-fits-all strategy. Effective plans may share a number of features, but a good plan must be tailored to the needs, resources and circumstances of a particular employer and a particular work force.
  • A plan should be proactive, not reactive.
  • A plan should take into account the workplace culture: work atmosphere, relationships, traditional management styles, etc. If there are elements in that culture that appear to foster a toxic climate—tolerance of bullying or intimidation, lack of trust among workers or between workers and management, high levels of stress, frustration and anger, poor communication, inconsistent discipline and erratic enforcement of company policies—these should be called to the attention of top executives for remedial action.
  • Planning for and responding to workplace violence calls for expertise from a number of perspectives. A workplace violence prevention plan will be most effective if it is based on a multidisciplinary team approach.
  • Managers should take an active role in communicating the workplace violence policy to employees. They must be alert to warning signs and know the violence prevention plan and response. They must also seek advice and assistance when there are indications of a problem.
  • Practise your plan. No matter how thorough or well-conceived, preparation won’t do any good if an emergency happens and no one remembers or carries out what was planned. Training exercises must include senior executives who will be making decisions in a real incident. Exercises must be followed by careful evaluation and changes to fix whatever weaknesses have been revealed.
  • Re-evaluate, rethink and revise. Policies and practices should not be set in stone. Personnel, work environments, business conditions and society all change and evolve. A prevention program must change and evolve with them.

The components of a workplace violence prevention program can include:

  • A statement of the employer’s violence policy and complementary policies such as those regulating harassment and drug and alcohol use
  • A physical security survey and assessment of premises
  • Procedures for addressing threats and threatening behaviour
  • Designation and training of an incident response team
  • Access to outside resources, such as threat assessment professionals
  • Training of different management and employee groups
  • Crisis response measures
  • Consistent enforcement of behavioural standards, including effective disciplinary procedures.

Written Workplace Violence Policy Statement

Here an employer sets the standard for acceptable workplace behaviour. The statement should affirm the company’s commitment to a safe workplace, employees’ obligation to behave appropriately on the job and the employer’s commitment to take action on any employee’s complaint regarding harassing, threatening and violent behaviour. The statement should be in writing and distributed to employees at all levels.

In defining acts that will not be tolerated, the statement should make clear that not just physical violence but threats, bullying, harassment and possession of weapons are against company policy and are prohibited.

Preventive Practices

Preventive measures can include pre-employment screening, identifying problem situations and risk factors and security preparations:

  • Pre-employment Screening. Identifying and screening out potentially violent people before hiring is an obvious means of preventing workplace violence. Pre-employment screening practices must, however, be consistent with privacy protections and antidiscrimination laws.

A thorough background check can be expensive and time-consuming. The depth of pre-employment scrutiny will vary according to the level and sensitivity of the job being filled, the policies and resources of the prospective employer and possibly differing legal requirements in different provinces. However, as an applicant is examined, the following can raise red flags:

  • A history of drug or alcohol abuse
  • Past conflicts (especially if violence was involved) with co-workers
  • Past convictions for violent crimes

Other red flags can include a defensive, hostile attitude, a history of frequent job changes and a tendency to blame others for problems.

Identifying Problem Situations and Risk Factors of Current Employees

Problem situations—circumstances that may heighten the risk of violence—can involve a particular event or employee, or the workplace as a whole.

No “profile” or litmus test exists to indicate whether an employee might become violent. Instead, it is important for employers and employees alike to remain alert to problematic behaviour that, in combination, could point to possible violence. No one behaviour in and of itself suggests a greater potential for violence, but all must be looked at in totality.

Risk factors at times associated with potential violence include personality conflicts (between co-workers or between worker and supervisor), a mishandled termination or other disciplinary action, bringing weapons onto a work site, drug or alcohol use on the job or a grudge over a real or imagined grievance. Risks can also stem from an employee’s personal circumstances—breakup of a marriage or romantic relationship, other family conflicts, financial or legal problems or emotional disturbance.

Other problematic behaviour can include, but is not limited to:

  • Increasing belligerence
  • Ominous, specific threats
  • Hypersensitivity to criticism
  • Recent acquisition of/fascination with weapons
  • Apparent obsession with a supervisor, co-worker or employee grievance.
  • Preoccupation with violent themes
  • Interest in recently publicized violent events
  • Outbursts of anger
  • Extreme disorganization
  • Noticeable changes in behaviour
  • Homicidal/suicidal comments or threats

Though a suicide threat may not be heard as threatening to others, it is nonetheless a serious danger sign. Some extreme violent acts are in fact suicidal—wounding or killing someone else in the expectation of being killed, a phenomenon known in law enforcement as “suicide by cop.” In addition, many workplace shootings often end in suicide by the offender.

Training

Employee training on ways to respond to and report incidents of workplace violence is necessary, but not a sufficient condition for prevention of workplace violence. Training should increase awareness of workplace violence risks, emphasize the importance of adhering to protective administrative controls and encourage employees to immediately report any suspicious or threatening behaviour. While training is only one component of a successful comprehensive workplace violence prevention program, preventive adjustments by management are equally important.

© Zywave, Inc. All rights reserved

Blog

FOLLOW OUR BLOG

Receive notifications of new posts automatically.

ABEX - AFFILIATED BROKERS EXCHANGE IS ON FACEBOOK.

Like us on Facebook
Connect with us on LinkedIn

CONNECT WITH US ON LINKEDIN