E-Mail Fraud, Extortion, Social Engineering
While service professionals are generally becoming more aware of the increasing incidents of computer-related crime, such incidents continue to substantially increase in number. The dynamics of the social and entrepreneurial personalities and practices of the agent, combined with highly-sophisticated cyber-criminal operations, continue to create vulnerabilities for real estate professionals. Regular use of social media, personal communication devices, internet advertising and unprotected email and domain names (i.e., myrealestateoffice@google.com) makes agents an easy target for the intruder.

Cybercrime comes in varied forms and terminology is loosely used to describe its’ different forms: phishing, hacking and spamming are among the common terms related to fraud, extortion and social engineering. Common occurrences include:

• Extortion: Your data and/or computer operation is frozen until you pay a monetary demand to the extortionist. Typically a relatively small ransom is requested ($5,000 for example) with the bad guy hoping it will just be paid without law enforcement getting involved. Even if paid, there is no guarantee your data will be released or that they will not come back for more money now knowing you are a willing target. Contacting the FBI or other law enforcement authorities is recommended.
• Email Fraud and Social Engineering: for firms that act as custodians of other people’s money (escrow, trust, IOLTA), cyber-criminals will create complex methods to infiltrate your computer and eventually manipulate the user into wiring money to them. There are numerous precautions that can be taken to minimize this risk, including personal verification of all communications, email addresses, routing numbers and transactions.
• Data Theft: the theft of client or employee data through hacking or phishing can result in civil fines and costs related to credit card monitoring and notifications to the affected parties, forensics, data restoration, crisis response, lawsuits and more. A data breach can easily cost tens or hundreds of thousands of dollars.

There are numerous preventative strategies to help minimize the risk of cybercrime. Recognizing that the “bad guys” are sophisticated international experts, preventative methods should be taken seriously and vigorously implemented.

7 Prevention Tips

1. Implement a mobile device policy – what can and can’t be done with company devices and data
2. Require strong passwords to lock devices
3. Use Encryption on all devices
4. Implement remote wipe software for lost or stolen devices
5. Backup remote devices
6. Disallow the downloading of unauthorized software
7. Keep security up to date

Brokers and business owners who implement security methods like anti-virus software and other protective measures for the firm’s computer and email programs should mandate that agents and employees only conduct business with those approved programs – no individual google or yahoo accounts, separate websites, etc.
Some experts state that it is “when”, not “if”, a business will be compromised. Insurance products exist that will offer protection if data is lost or a wire fraud, extortion or other cybercrime event happens. Policies can be tailored to the needs of a particular business. For example, not all businesses act as custodians of funds so they may not need protection for that, but almost all businesses need some type of insurance for data breach, theft or extortion. A Business Office Liability or Errors & Omissions policy may offer some incidental coverage, though a stand-alone policy is recommended for broader protection, with premiums being generally affordable. These policies will offer coverage for notification, credit card monitoring, credit card industry fines, forensics, data restoration and more. Many also include risk management information and hotlines to help reduce the risk of a cybercrime.

Author: John Torvi

Real Estate Insurance EssentialsEssential Components of an Insurance Plan for ProfessionalsEven the most effectively run real estate practice can be victim of human error, allegations of malpractice, unhappy clients or just plain old bad luck. Protecting a business from the consequences of any of these requires an insurance program that best suits the needs of one’s particular situation. Not all businesses need all types of insurance policies, but understanding what each type of policy does will help you spend your insurance dollars more wisely as well as sleep better at night.

There are a few hints in the content of the email that might alert a client that the email was a phishing attempt like the fact that the client is not addressed by name, the Insured had never mentioned Google Docs or SecureAcess before, and the language syntax is a bit unusual. However, the e-mail address appeared legitimate, the premise seemed reasonably related to accounting matters, and the fraudster even included an Avast email signature indicating that the message came without virus or malware.

One of the Insured’s clients called the Insured to ask about the email and the Insured quickly realized that their firm had been the victim of a phishing attempt. The Insured send out an email to all of their clients advising them not to open the SecureAcess email. However, Insured’s response to the phishing scam did not conform to industry best practices after a potential data breach. Shortly after the Insured’s response to the phishing scam, the Insured was sued for violations of certain state privacy laws, consumer fraud and deceptive business practices, and negligence due to the breach of the Insured’s security system as contained in the phishing email.
Accounting professionals are required to protect confidential client information which includes Personally Identifiable Information, Sensitive Personal Information, and social security numbers. To complicate matters, taxpayer identity theft and other attempts at data breach occur regularly and are likely on the rise with the IRS paying $5.8 billion in fraudulent tax refunds for 2013. Accountants need to develop a strategy for data protection, but they also need to know what to do when their efforts fail and there is an actual or even potential data breach.
The Great American Insurance Accountants Professional Liability Insurance Policy (12 17 edition) provides for assistance after a Security Incident which is defined as “the unauthorized access to or use of data containing private or confidential information in connection with the performance of Professional Services, which results in the violation of any privacy regulation.” The Policy provides for Supplementary Payments in Section VI. As follows:

• B. Reimbursement for Security Incident The Company will reimburse the Named Insured for the following response expenses incurred by the Named Insured in responding to a Security Incident the Named Insured first discovers and reports in writing to the Company during the Policy Period. The maximum amount payable shall be $25,000 for all Security Incidents discovered and reported during the Policy Period, regardless of the number of Security Incidents or the number of Insureds. Security Incident response expenses are:
  1. reasonable fees and expenses by cyber forensic analysts to determine the extent of the Security Incident; or
  2. reasonable fees and expenses by attorneys or consultants to comply with federal, state or local privacy laws requiring that notification or credit monitoring services be provided to individuals when the security, confidentiality, or integrity of their personal information has been compromised by the Security Incident.

  by Kim DeMarinoo.

Restaurant Kitchen Fire Prevention
Here is our guide for the perfect restaurant kitchen fire prevention checklist.

Inspect solid fuel cooking appliances on a monthly basis.
Cooking with solid fuel like wood and charcoal can significantly increase the risk of a kitchen fire because of the thick, flammable residue (creosote) these fuels deposit in the exhaust system. A monthly inspection and regular cleaning ensures the thick smoke and grease from wood or charcoal cooking does not build up to dangerous levels.

Have cooking appliances in low-volume kitchens inspected quarterly.
Low-volume kitchens are typically found in places like churches and community centers where cooking takes place occasionally. These facilities still require an annual inspection to ensure all appliances pose no risk for electrical or grease fires.



Have cooking appliances in moderate-volume kitchens inspected twice a year.
Moderate-volume kitchens, such as those found in many sit-down restaurants, should have appliances inspected twice a year. The inspection agency will likely recommend strategies for keeping your kitchen clean and safe in the time between checks based on what they see.

Have cooking appliances in high-volume kitchens inspected quarterly.
High-volume and 24-hour kitchens require quarterly inspections. Kitchens operating at a high volume should be especially careful about keeping all surfaces clear of flammable grease.


Equip cooking appliances with non-combustible grease filters.
The grease filters on all exhaust hoods should be non-combustible and easy to remove for cleaning. Since grease can easily catch fire, regularly cleaning greasy surfaces goes hand in hand with routine inspections. Equipment that can be easily taken apart and put back together for maintenance purposes can improve your fire safety routine.


Place only non-combustible, easily cleaned racks, trays, spacers, and containers inside ovens.
Like grease filters, all cooking equipment used inside an oven should be non-combustible and easy to clean. Keeping oven surfaces and equipment clean reduces the amount of flammable grease exposed to the oven’s heat source. In most cases, hot water and soap are sufficient for cleaning these surfaces and chemical degreasing agents are available for more difficult grease deposits.


Vent cooking appliances to the exterior of the building.
All exhaust should vent to the exterior of your building. An inefficient ventilation system keeps greasy exhaust, which can accumulate and raise the risk of fire inside the building. Check with your local inspection requirements to see if your ventilation systems are in compliance with your area’s kitchen codes.


Empty all grease containers at least once a day.
Even in a moderate-volume kitchen, grease can accumulate quickly. Deep fryer oil should be changed at least once a day for fire safety purposes. Grease pans for stoves and other appliances should also be cleaned daily. Grease traps beneath sinks are an exception– they typically require monthly maintenance and may be emptied by a professional when due for a cleaning.


Install appliances at an adequate distance from other surfaces.
Kitchen appliances operated too closely to adjacent surfaces are at risk for overheating and causing a fire. Check your local kitchen inspection requirements for a better understanding of how far each kind of appliance should sit from walls, cabinets, and other appliances. You can also see if walls neighboring appliances like ovens and fryers need to be treated with specific fire-proofing materials.


Train all kitchen staff on the hazards of fuel-air combustion, explosive materials, and ignition sources as well as how to operate equipment properly.
All staff who comes in contact with or operates kitchen equipment should be trained to use each appliance properly. In addition to knowing the fire safety details of each appliance, staff should be taught about common fire risks, how regular cleaning and maintenance decreases these risks, and what to do in the event of a kitchen fire.


With regular maintenance, inspection, and cleaning, you can greatly reduce the risk of fire in your kitchen. As always, be sure to adhere to your local fire safety standards and follow this checklist to keep your kitchen safe.
If you follow this restaurant kitchen fire prevention checklist, you will definitely reduce your chances for a fire and be prepared if a fire does occur.

10-minute mini-lesson plansThe 10-Minute mini-lesson is a helpful strategy life safety educators can implement in a variety of settings. Worship services, gatherings at the local senior center, or service club meetings may all be potential opportunities to deliver short fire safety presentations with specific audiences. audiences.

• Calling 9-1-1 from a mobile phone (PDF) – Use this lesson at a team sports event.
• Carbon Monoxide Alarms (PDF)
  • Powerpoint slides (pptx)  Canary sound (wav)
• Cooking Fires (PDF)
• Creating a 10-minute mini-lesson (PDF, 230 KB)
• Get to Know Smoke Alarms (PDF)
• Hear the Beep Where You Sleep - WHEREVER That May Be! (PDF) - Use this lesson for audiences who may be using less traditional sleeping quarters.
• Home Fire Sprinklers (PDF)
• Importance of fire alarm systems and home fire escape planning in multi-unit dwellings (PDF)
• Plan Your Home Fire Escape (PDF)
• Preventing Carbon Monoxide Poisoning (PDF)
• Replace Smoke Alarms Every 10 Years (PDF)
• Smoke Alarms (PDF)

30-minute lesson plan
A 30-minute lesson provides the instructor an opportunity to address information related to fire safety as well as a chance to help participants develop health-enhancing attitudes around the topic. Additional time could also be used to help participants practice new skills. An increase in time does not mean you need to increase the amount of content you are covering. Remember, sometimes depth wins over breadth.

• Hear the Beep Where You Sleep (PDF)
• Smoke Alarm Basics - Rental Housing (PDF)

60-minute lesson plan60 minutes is a nice chunk of time to provide an effective fire safety lesson. An hour allows the instructor to cover content with depth as well as provide an opportunity for participants to explore helpful attitudes and practice related skills. Remember to engage learners in a different ways keep their attention for the entire lesson.   

• The Fire Challenge, A conversation with parents & caretakers (PDF)
  

NEW! Early adolescent lesson plans (Ages 10-14) 

• Careers in the Fire Service (PDF)
• Home Fire Safety — Teens Who Care for Themselves and Others in the Home (PDF)
• Making Safe & Responsible Choices (PDF)

The above lesson plans were developed by the Urban Fire and Life Safety Task Force. A small work group of members developed the core content along with NFPA staff members.
Members of the work group include:

• Olden Allen, Community Risk Reduction Officer, Atlanta Fire Rescue Department
• Larin Anttila, Public Educator, Oklahoma City Fire Department
• Dana Catts, Strategic Advisor, Seattle Fire Department
• Carlos Piedra, Assistant Fire Marshal, El Paso Fire Department
• Shelley Steele, Community Safety Officer, Calgary Fire Department