Saturday, November 21, 2009

Using Social Networking in Risk Management and Human Resources


Social Media has created many risks, but also many opportunities for businesses, if they are mindful in how they utilize it properly. One area in which social networking can provide a great tool for risk mitigation is in your human resources department. When a company decides to begin their hiring process, they are exposing themselves to a set of risks which are not easily controlled. The more people who you expose yourself to, the more people there are that can possibly take legal action against you. Asking the wrong question in the interview process could end up creating a legal problem for your company. However, making a bad choice in the hiring process, especially for a small company, can have an even greater effect on the business. No one wants to hire a partier or an antagonist. At ALC Risk Solutions we provide our clients with insurance solutions for human resources, like Employment Practices Liability Insurance which will cover your company for law suits dealing with wrongful termination, harassment and discrimination. But, we also believe that "an ounce of prevention is worth a pound of cure". Risk management is that prevention, and social networks are one of our tools.

The problem is that as an employer you are limited in regards to the personal questions you can ask a potential hire. That is where tools like Facebook, Twitter, MySpace and others become your best friend. I'll give a recent anecdote to explain. We recently finished our search to find a nanny after many weeks for our 9 month old daughter. We had been using to really great websites that are available for finding care givers, SitterCity.com; and Care.Com. They are both great website, and I highly recommend them. Care givers post their profiles, resumes, references, pictures, ect, on this site, and you can contact them and set up interviews. They even make it very simple to get comprehensive background checks through the websites. We met with a bunch of great candidates. In the end we were torn between two ladies. One was slightly older, and didn't speak English (my wife is fluent in Spanish, I'm not) and the other was a recent college graduate. The younger one really impressed us. She was going to do yoga with our 3 year old, and she was really into healthy eating and exercise, and just seemed like a lot of fun.

Later that night, I searched her email address in Facebook, and I saw many red flags that made our decision for us. It was not that she occasionally went out to bars, or anything like that, everyone is human. No, she was a proud supporter and apostle of Professor Timothy Leary and Hunter s. Thompson. These are the two individuals that are best known for their encouragement of the use of hallucinogenic drugs like LSD and Acid. Not exactly Mary Poppins.

Needless to say we hired the other lady.

Social Media needs to be used in your business's hiring process as well. Facebook allows users to control their privacy very well. However, many of the people that should keep their lives private chose not to. Twitter will give you less information, but although there are privacy settings, few people chose to utilize them. MySpace is less known to me, but from my understanding the user decides what the public can see, and what only their contacts can see.

A few do's and don'ts with using Social Networking in the Human Resources department:

  1. Don't friend a potential hire because their page is private – I don't know the legal ramifications, and they probably haven't been played out yet, but doing so, and using that information against them, could create a law suit
  2. Don't tell the candidate that they were not hired because of their facebook page, and do not tell employees they were fired because of their facebook page. Recently a teacher was fired because of pictures she posted on her facebook page. Read the Washington Post Article Here. Now they are being sued. There were no grounds to dismiss her for that, so dismiss your employees for a different reason if their private facebook page bothers you that much. Likewise, just the tell the person, "The position has been filled". End of Story.
  3. Do a Google search on the candidates. You would be surprised how much information everyone has out there. Do a Google Web search, do a Google Image Search. If they are in a regulated industry, like insurance, go to your State website, like the Florida Department of Financial Services, and make sure they are licensed like they say they are. Even do a search of your State's division of corporations. Maybe they were an officer of a previous company, maybe they still are.
  4. Do a background search on your finalist. You can use websites, but you should really hire a qualified private investigator. My go to guy is Rich Bragassa, from Rich Bragassa and Associates. He's basically an information broker and a risk avoidance specialist.
  5. Lastly, Don't forget that everyone is human, and you want to hire a human. It's ok if there are some questionable things, you just don't want full blow Category 5 Red Hurricane Flags. If someone is so boring that they've done nothing wrong, you, a half delinquent in your younger years, probably won't get along with the pious individual.

For more risk management tools and insurance, including Employment Practices Liability Insurance, contact Andrew Cohn of ALC Risk Solutions at (786) 664-RISK (7475)

Tuesday, November 17, 2009

Status Updates – Where You Are…And Where You Aren’t

Status Updates – Where You Are…And Where You Aren't


 


 

Account    Miami Business Networking


 

Going forward with my blog for ALC Risk Solutions I am going to start blogging about different things people can do to mitigate their risks and their business's risks. As an insurance agent my job is to analyze what a company is doing, and try to figure to out how to control their risks a variety of ways. The easiest way is risk transference; this is done by purchasing insurance. But, the cheapest and most effective ways are risk mitigation, and risk avoidance. You cannot simply avoid all risks, but there are a few things you may not have thought about that you can do, and can stop doing to lower your risks.

The first thing is regarding social networking. Social networks like Facebook and Twitter are great ways to communicate with friends, reconnect with old friends, and promote your business. You promote your business through status updates, and sharing notes and comments about your everyday life. The problem occurs when you start telling people where you are through these status updates. Blackberrys and iPhones have made it very easy to update everyone, but I really caution everyone to stop updating where they aren't.

For example, if you tweet, "On my way to the Miami Hurricanes game". You've told anyone that wants to know, that you are probably not going to be home for another 4 hours. A crook could use an application such as Tweet Deck to update them whenever anyone on Saturday says they are going to the game. They could then find your name, and do a search on the property appraisal's website. If you are a homeowner, they now know where you live. And thanks to your tweet, they know you aren't there.

Status updates aren't the only way to tell people where you are. Twit Pic and uploading pictures to facebook from your mobile phone can also give it away. My recommendation is to keep your tweets from divulging your location, and keep your Facebook and MySpace Pages private. I will have more Risk Mitigation tips coming soon regarding why to keep your facebook page private. You can find out more about ALC Risk Solutions at www.alcrisk.com and you can email me, Andrew Cohn at acohn@alcrisk.com or call, (786) 664-7475.

Tuesday, May 26, 2009

The Launch of ALC Risk Solutions

    Welcome to ALC Risk Solutions. ALC risk's goal and vision is to bring a new approach to the everyday purchase of insurance for families and small and medium size businesses. ALC Risk Solutions is an affiliate of JFIA Boca, Inc, an independent Nationwide Insurance agency in Boca Raton, Florida. Insurance and financial services have become a commodity. With the emergence and success of E-Surance, Geico and Progressive Direct in the insurance marketplace and the successes seen by E-trade and TD Bank, insurance and financial services have become as easy to purchase as a laptop or song from I-Tunes. Online insurance buying is easy and it is convenient, but it is not always less expensive, and if you would like service or if you have questions, online is probably not the route to go. ALC Risk Solutions is offering its clients a choice in the route they would like to go, and we are charging the same price regardless of your decision.

    If you are the type of individual who wants to do what e-surance says "quote, buy, print"; we will accommodate you. Our website will be equipped with an easy, in-depth questionnaire which our agents will review. For auto insurance we will send you quotes from 12 insurance companies within minutes. This option will be quick, convenient, and you will have the peace of mind of knowing that a skilled, licensed, insurance professional has reviewed your questionnaire and the quote. ALC Risk Solutions can replicate this process for basically all of your lines of insurance. For homeowners insurance ALC Risk Solutions has access to numerous insurance companies ready and willing to write homeowners and condominium insurance throughout Florida, including in South Florida counties of Miami-Dade, Monroe, Broward and Palm Beach. This process can be done in a similar way to the auto insurance, in which you can submit an application online, it will be reviewed and quoted by a licensed insurance professional, and you will receive your quote very quickly. We can do this for all of your personal insurance including umbrella and excess liability insurance, boat insurance, personal watercraft insurance, RV Insurance, Motorcycle Insurance, Individual Health Insurance, Life Insurance, Disability Insurance, Long Term Care Insurance, and your insurance for fine art and jewelry. ALC Risk Solutions can also provide the process for insurance procurement for most small businesses.

    Online quoting does not make ALC Risk Solutions any different from other independent insurance agencies. So what makes ALC Risk Solutions different? For the same price as the premium you pay for your personal and business insurance policies, ALC Risk Solutions will sit down with you and design you a personalized risk management plan. Andrew Cohn, the founder of ALC Risk Solutions, has experience in both financial planning with the former American Express Financial Advisors, currently Ameriprise Financial and with a large commercial insurance agency, Wilson, Washburn & Forster Insurance. ALC Risk Solutions has combined both of the processes to develop the Personal Risk Management Plan and the Business Risk Management Plan. This service is offered free of charge to any customer of ALC Risk Solutions. ALC Risk's agents will sit down with you at your office or over the phone to go through an in depth questionnaire. This questionnaire will help us to analyze your risk potential, coverage gaps and areas where we can save you more money. Large corporations do risk management planning with their insurance agents, and they even higher Chief Risk Managers to help control their risk. These large corporations understand that with planning they can save money in the long wrong. But, you do not need to hire a personal risk manager, or become the CEO of a fortune 500 company. Let ALC Risk Solutions design a personal risk management plan for you, your family and your business.

Tuesday, March 10, 2009

Cyber Terrorism

I recently had the pleasure of speaking with Jonathan Bernstein, President of Bernstein Crisis Management. Bernstein Crisis Management, Inc. is a national consultancy providing 24/7 access to its president, Jonathan Bernstein, and a network of carefully screened and highly experienced crisis management experts who are on call nationwide and in many markets overseas. Bernstein Crisis Management engages in the full spectrum of crisis management services: crisis prevention, response, planning, training and simulations. The business was created and has been operated since January 1994 on the premise that its clients' executive leadership wants direct assistance from senior-level crisis management professionals.

On the Bernstein Crisis Management website, there are numerous great articles dealing with a variety of issues related to all the realms of identity theft. These articles include crisis management and public relations, dealing with the blogospheres, and most importantly crisis prevention. The article that I am reprinting specifically deals with Cyber Terrorism. I feel that this is an issue that at first only affected the large, financial institutions. But now, as the economy crumbles around our feet, more and more cyber thieves are going to try out cyber terrorism on the middle markets and maybe even the small business of America. To protect your company, you need to speak with someone like Jonathan Bernstein, and you need to get an Internet Liability Insurance policy that covers you for Cyber Terrorism. Cyber Terrorism insurance is found in many, but not all, internet liability insurance policies. But, most companies do not have internet liability insurance policies, and they are unprotected and face serious consequences to their company, their reputation, and their clients.

This article was originally title, "ISP Thwarts Cyber-Terrorists: LinkLINE Communications Turns Crisis Into PR Success":

Editor's Note: this is another of those rare occasions when a crisis has been very public and the client is justifiably proud of its response and willing to share the results with others. As I've told linkLINE's management, their willingness to take some direction on this challenging situation reflects great credit on them; I assured them that I've known other organizations not nearly so willing to "do the right thing."

The Crisis

"We think that someone calling himself 'Mr. Zilterio' may have accessed our customer records, to include credit card numbers. He's threatening to reveal that information to our customers and the press if we don't pay him a large amount of money."

That was the initial call I received from Marc Benzakein, one of the founders of linkLINE Communications (www.linkline.com), an expanding, relatively small (15,000 subscriber) but profitable Internet service provider based in Mira Loma, California (note: in their business, "profitable" is rare).

In that phone call, and a subsequent meeting with linkLINE's management/crisis response team, I learned that:

  • According to federal authorities and information available to anyone who does a search for "Zilterio" on the Internet, the same individual may have extorted as much as $4 billion from other organizations who wanted to sweep the situation under the rug for fear of losing business.
  • linkLINE, with law enforcement direction, had been stringing Zilterio along for a little while identifying how he got past their security. In the process, they traced the bank account to which Zilterio wanted money wired through Russia (where he said he was from) to Yemen, a known hotbed of terrorism.
  • The ISP felt strongly that it was ethically and morally wrong to give in to what could clearly be construed as "cyber-terrorism."
  • linkLINE had taken the steps necessary to ensure that the security hole which Zilterio may have exploited was plugged.
  • A significant loss of customers could be devastating to linkLINE because of its still-small size.

Crisis Response Team Meets

As a crisis response team, we agreed that:

  • linkLINE's customers needed to be notified of the threat before Zilterio communicated with them. This meant that the entire "response package" needed to be in place between our Thursday afternoon meeting and the following Monday evening. We all wanted to move even more quickly, but double-checking some security preparations precluded any more haste. The team member in touch with Zilterio felt he could stall him as long as necessary.
  • The best approach, very much in keeping with linkLINE's operating philosophy, was to express compassion for the concern this might cause customers, provide them with information they would need as a consequence of the situation, while also calling for them to unite with linkLINE in combating cyber-terrorism.
  • Close coordination would need to be made with the security offices for the four major credit card companies so that (a) linkLINE customers would have the least-possible work to do regarding the possible exposure of their credit card numbers and (b) that linkLINE's relationships with the credit card companies remained sound.

Pre-Announcement Activities

During three intense days of preparation:

  • linkLINE management contacted the four credit card companies, who were very appreciative of linkLINE's proactive response, agreed to put a special watch on linkLINE customer credit card numbers to see if they were fraudulently abused, and assured linkLINE that customers would not be held liable for any such fraud.
  • A Customer Alert letter was drafted for release late in the evening of Monday, March 18. That letter has been posted for "Crisis Manager" readers at:: http://www.piersystem.com/clients/bernstein/linkline1.txt
  • A press release was drafted for distribution in the early morning of March 19. That release, as an MS-Word doc, is temporarily archived at: http://www.piersystem.com/clients/bernstein/Linkline2.doc
  • A Customer Q&A was drafted in preparation for posting on linkLINE's website. That Q&A can still be found at: http://www.linkline.com/corp/securityfaq.asp
  • A special Customer Service Response Guide was created and customer service reps trained on its use.
  • linkLINE's crisis response team identified other key stakeholders, besides customers, who might need to be called or contacted when the news was released, and prepared to make those communications.
  • Marc Benzakein was trained to be the primary spokesperson on the situation, with another member of the team as backup spokesperson.

The Announcement and Results

Zilterio did not act during the preparation period, and linkLINE was able to launch its crisis communications campaign.

  • In the late evening of March 18 and early morning of March 19, respectively, the Customer Alert went out by email and the press release by PR Newswire (California circuit only, as 95% of their customers were in-state, and knowing that even the California circuit also goes to Internet news sites and certain other key media).
  • While customer call volume did go up, it was not overwhelming; linkLINE had contingency plans for what to do if it backed up, but the Customer Alert, combined with the Customer Q&A, apparently satisfied the vast majority of customers.
  • Most of the calls and emails that DID come in were highly complimentary of linkLINE's response. Some examples:
  • "In today's world of competition and LOVE of money very few companies are up front when they have a problem that could affect their business. YOU GUYS ARE THE EXCEPTION. Thanks for letting us all know the truth. Because of people like you I feel much safer on the NET. THANKS AGAIN."
  • "I would like to commend you on your handling of the Zilterio blackmail incident. Prompt and full disclosure through email and your website is the exact way to go. This kind of professionalism makes me happy to continue with linkLINE as my ISP. Nothing is 100% secure; what separates the pros from the rest is the response to a security breach. Your response measured up in every respect."
  • There were some people who were initially very disgruntled, but linkLINE execs did a great job of communicating in a caring and informative manner that made customers more comfortable.
  • A few credit cards were voluntarily (by customers) or involuntarily (by banks, when they were also ATM cards) suspended, but even those customers were understanding. And as part of their preparation, linkLINE had made it easy to switch to another credit card (securely) or use another method of payment.

Today, two weeks later, linkLINE had no net loss in customers and has continued to enjoy its usual level of growth.

Editor's Note: Unfortunately, Zilterio hasn't stopped doing his thing -- there's a Dow Jones story out today about his attack on another company. Any organization which maintains confidential information on its Internet-accessible servers is vulnerable and would do well to (a) assess its level of vulnerability and (b) be prepared to respond if and when a security breach occurs. Not merely operationally, but in terms of legally appropriate public relations.


 

 

Friday, February 27, 2009

Time to Let Citi and AIG go Down

I'm going to preface this article by telling you that I am not an economist, nor do I fully understand the economic reasons behind our government propping up Citi Group and AIG. However, I think the world and the American people are finally ready for the fall of Citi and AIG. When AIG was first bailed out, it followed weeks of generally surprising news of collapses of Bear Sterns and Lehman Brothers, and basically the collapses of Wachovia and Washington Mutual. At that time, if two of the largest financial institutions in the world collapsed, there would have probably been near Armageddon panic.

But I think that the American people are ready for these Baby Hueys to collapse. How many people really like using Citigroup or AIG? As an insurance agent, I can speak from personal experience that I didn't like working with Travelers Insurance when they were part of Citi, and for the most part, I avoid working with AIG, with a few exceptions. The big problem with AIG is that they insure things that no one else does, or seems to want to. However, the insurance business has been profitable for AIG, so I cannot imagine that someone like a Berkshire Hathaway Company wouldn't come in, and either buy the AIG book, or even better, offer an alternative in AIG's marketplaces.

A lot of people don't really understand this part of the AIG issue. AIG insures a lot of higher risk endeavors. I can mainly only speak to Florida insurance, but here they are one of the best carriers still writing high valued homes with hurricane insurance coverage all over the State. They are also my only option to write USL&H (United States Longshore and Harbor Workers Act), as well the only market I can get to write high risk workers compensation including 24-hour emergency restoration services and Aviation industry. They are also one of the main players in a not very competitive aviation insurance industry.

That all being the case, I still think it is finally time we said good riddance to AIG and CitiGroup. No more bailouts for bad companies, the American people are ready, we know things suck now and we expect them to get worse. Let's speed it up, the faster these invalid companies crash the faster we can recover. So next time they need money, we need to count to ten, and rip off the band-aid.