A friend of mine asked me the other day if the cyber-risk threat was a bit of flimflam designed to sell more insurance policies. When I asked him to expand on that most interesting comment he proceeded to compare cyber-risk to the Red Scare of the 1950s when families scrambled to build bomb shelters to protect them from a war that never came. The only ones who got rich back then were the contractors, he proudly concluded.
​
​I found his question incredulous given the world we live in, not to mention his peculiar analogy. But realizing he didn’t work in the commerce stream, per se, quelled my impulse to slap him around.
So I shared with him some statistics that sobered him up quickly. I explained that cyber-crime costs the global economy over $400 billion per year, according to estimates by the Center for Strategic and International Studies; and each year over 3,000 companies in the U.S. have their systems compromised by criminals. IBM reports more than 91 million security events per year. Worse yet,

Title VII interpretations on LGBT issues perplex employers.
​
PHILADELPHIA — Courts are just as confused as employers about whether federal law prohibits discrimination based on gender identity and sexual orientation.
People believe that there are federal protections for the LGBT community nationwide that really don’t exist, Victoria Nolan, risk and benefits manager for Clean Water Services in Hillsboro, Oregon, said at the Risk & Insurance Management Society Inc.’s annual conference in Philadelphia on Tuesday.  

​PHILADELPHIA — Coming soon to a workers compensation claim near you: medical marijuana.
That was the message to a roomful of risk managers at a session Tuesday on medical marijuana at the Risk & Insurance Management Society Inc.’s annual conference in Philadelphia.
As of this month, 29 states and Washington now permit the use of medical marijuana — more than half the country.

In a Social Media World, Are You Covered for Libel?
​
It is widely thought that a homeowner's insurance policy covers only incidents that physically occur in the home, which is partially correct. In fact, coverage can go beyond the home and can insure you for a personal injury claim, if the right conditions are in place. One may think of the term "personal injury" as requiring a physical injury suffered by another party. While a liability policy will likely apply to an incident of physical injury, personal injury is a broader concept. In the insurance world, personal injury can include harm caused by false arrest, detention, or imprisonment; malicious prosecution; wrongful eviction; slander; libel; and invasion of privacy. Basically, a personal injury policy can protect a homeowner and others covered under the policy against a claim for almost every injury that someone can experience without suffering any actual physical harm.
Given this broader definition of personal injury, would your policy cover a claim for accidentally saying something personally harmful on social media? It depends. Here are the most likely scenarios of what you may have:  
​

Are your Workers Employees or Independent Contractors?
The United States Department of Labor and the Internal Revenue Service have combined their efforts to help various states share resources and information that will expose worker classification violations. Employers found to be in violation could face paying back taxes, back pay to workers, missed overtime, retroactive benefits, interest, fines, staff effort charges and legal fees. With situations where there are multiple violations or willful negative intent, the penalties and fines are worse. In addition to the money a violation would cost, employers would also face the negative effects of this damaging information being made available to the public. 
The IRS has made it clear that it is not easy to classify independent contractors and employees. Every case they evaluate is different based on a wide variety of factors. To start, employers may think about whether they have control over a worker's performance and work outcomes. This is not based on whether an employer decides to exercise control. It is a matter of whether the employer actually has the legal ability to control the workers in these areas. The IRS has a set of rules called the Common Law Rules, which cover the categories of financial control, behavioral control and relationship classifications. None of these factors are individually decisive. The entire situation must be evaluated to make an accurate determination. In addition to these evaluations, employers may take the Economic Reality test from the Department of Labor. This test is based on the Fair Labor Standards Act and includes six factors that are similar to those used by the IRS.

One of the best ways to show that a worker is not an employee but an independent contractor is to show proof of that individual's ownership of a business. In addition to this, employers can show proof that the worker's tasks are not an integral part of the employer's business. Workers who are free to be hired by others or who perform freelance work are not considered employees. For every independent contractor used, businesses should keep vendor folders on file. The following paragraphs outline what information should be included in each file.

W-9 Form
Every independent contractor should complete a W-9. This is necessary for creating a 1099 tax document. If the individual does not claim exemption, employers should withhold taxes. For current tax withholding percentage information, discuss the topic with an agent. However, independent contractors should be encouraged to check the box and file their own self-employment taxes.

Invoices
Keep every invoice the contractor submits. Payment should be made based on these documents. If a worker is not an employee, he or she should not submit expense reports. Since mileage and equipment are a contractor's business expenses, contractors should not bill for these items. Make sure all invoices match 1099 forms, which must be sent to the independent contractor after the end of the year.

Proof Of Separate Business
If an independent contractor has his or her own business, keep any items that reflect proof of this. Business stationery, advertisements, brochures, business cards or any similar items are acceptable. For contractors who have their own sites on the Internet, it is important to print copies of any online pages where services are outlined.

Written Contracts
It is important to have a written contract for every independent worker. This document should clearly state the nature of the relationship between the business and the worker. In addition to this, the project's details should be outlined. A contract should include what the business expects from the contractor, the payment terms and any deadlines. Make sure the document is dated and signed by both parties. If a contractor has a tax identification number, this should be included. New contracts should be created for each project when the same contractor is hired for multiple projects.

Before classifying a worker as an independent contractor, it is important for a business owner to do his or her homework carefully. Employment laws today are very strict, so discuss any concerns with an agent.

Contact Us
Your Insurance Place
5450 Thornwood Dr. Suite O
San Jose, CA 95123​
(408) 224-4650
info@yourinsuranceplace.com

Hyok Kwon, owner of Good Neighbor Services, a janitorial company that provided services to some of San Diego’s most exclusive hotels and resorts, has pleaded yesterday to seven felonies, including premium and employment tax fraud.
Kwon was convicted of creating an elaborate scheme to avoid paying workers’ compensation insurance premiums and employment taxes. Kwon stipulated to an eight-year prison sentence and to pay restitution exceeding $5 million.

Woo Hui Kwon pleaded guilty on Dec. 6, 2016 to two counts of premium fraud and two counts of employment tax fraud. She was sentenced to four years and eight months, and restitution that totaled over $5 million to insurance carriers and Employment Development Department.

The janitorial company provided cleaning staff to major hotels across San Diego, Los Angeles and Riverside Counties, including The Hotel Del Coronado, Loews Coronado, La Costa Resort and Spa, The Grand Del Marin La Jolla, L’Auberge Del Mar, The Ritz Carlton, Four Seasons, Hilton and Hyatt hotel chains.
​
 Source:  www.insurancejournal.com

​Reports released last week by U.S. security officials and private cybersecurity researchers suggest hacking of energy facility computers is on the rise, and happens far more often than the public assumes.
The Department of Homeland Security said it received reports of 59 cyber incidents at energy facilities last year, up nearly a third from the year before.
The agency responsible for protecting the nation from cybercrime said it worked to mitigate 290 incidents last year across more than a dozen industries that rely on computer controls to run industrial sites, including manufacturing sites, power generation facilities, refineries, chemical plants and nuclear facilities.
It found more than a quarter of these intrusions originated from so-called spear phishing emails that hackers use to trick people into downloading infected attachments or clicking on virus-laden links. More than one in 10 came from network probing and scanning.
"Every year, adversaries develop increasingly sophisticated attacks against control system networks," Homeland Security's Industrial Control Systems Cyber Emergency Response Team said.
The increased number of intrusions into energy computer controls last year brings the number of such incidents in the industry to more than 400 since 2011, Homeland Security data show. Security specialists say that's likely a conservative number because energy companies aren't required to report cyberattacks to the U.S. government.
In another report, cybersecurity researchers believe computer controls at industrial facilities, including in the oil business, get infected by non-targeted malware at least 3,000 times a year.
Dragos Security, a cybersecurity firm in San Antonio, arrived at what it believes is a conservative estimate of worldwide industrial cyberattacks after studying 30,000 samples of infected control system files submitted over the past decade and a half to a publicly available database called VirusTotal, a web service owned by Google.
The findings show malware that isn't even tailored to industrial controls finds its way into critical technology far more often than the public assumes. Some of the malware can spread through these systems with ease, and some were designed many years ago.
"If you have really bad cyber hygiene and you're not paying attention to basic things, you're more likely to get impacted by a virus that was written nine years ago," said Ben Miller of Dragos.
For example, Miller found thousands of industrial files compromised by Sinowal, a Trojan horse first discovered in 2006. Even more common, though, were strains of malware that spread from computer to computer, created at least five years ago.
It's not clear how many of these industrial facilities were tied to the energy industry, because the VirusTotal data only provided the country of origin of the independently uploaded files. But it's yet another grim revelation for oil companies that rely on automated computer controls to run refineries, pipelines and offshore platforms.
Miller said these breaches could begin during the equipment upgrades that happen when power plants, refineries and other energy facilities are taken offline for repairs.
Crews of engineers, equipment contractors and information technology specialists flowing in and out of the facilities could, for example, fail to follow security protocols and accidentally plug in infected USB drives into facility systems. And they might only discover they've infected operational computers after they use the same thumb drives in corporate computers outfitted with antivirus alert systems, Miller said.

Due to the legality of recreational marijuana in California, some employers worry about how it affects the workplace.  Will your employees come to work high?  Are you required to turn a blind eye?

The truth is that California employers are not required to allow employees to use marijuana.  Lawmakers are pushing to create legal limits for marijuana impairment in the same manner as alcohol.  And although research is still ongoing for developing tools to accurately determine impairment due to marijuana, clearly-written policies that have been approved by an attorney will still help protect employers.

Understanding the hazards of impairment while performing many job duties, an employer’s handbook should include clear rules and punishments for violating company substance abuse policies.  Businesses whose employees operate heavy equipment, including vehicles, should be even more sure that the proper precautions are set in place.  Most insurers will require that driving records are checked periodically, and some may even require drug testing and background checks.  If you suspect impairment but do not have a program to test impairment, keep the employee from operating a motor vehicle or heavy equipment.
​
Follow this link for a packet from one of our carriers that will help you establish a Drug-Free Workplace Program if you don’t have one in place.
 
Zeke Corley has been a licensed insurance broker since 2003.  You can email him at zeke@yourinsuranceplace.com or call him at the San Diego office at (858) 569-8100.  Visit our agency online at www.yourinsuranceplace.com.
​