Articles

PART 2 OF 3: Construction Industry Risks: Data Privacy and Cyber Security Risk Management and Risk Transfer

Data Security Risk Management Basics
The risks associated with the collection, transfer, and retention of data are real and significant. For a construction company, it is of paramount importance to identify areas of exposure and develop adequate risk management programs that address data privacy and security. To help you get started, here is a list of questions to ask yourself when developing your corporate risk management plan. These should include, but not be limited to, identifying and inventorying your corporate data.

Read more

PART 1 OF 3: Construction Industry Risks: Data Privacy and Cyber Security Basics

Rarely does a week pass when we don’t hear about another major cyber breach, computer virus, or social engineering scam. Healthcare, financial institutions, retail, and governmental networks tend to experience the highest frequency of attacks. However, that does not mean that the construction industry is immune to cyber attacks. The truth of the matter is that any business connected to the internet is a potential victim. This is the first in a three part series discussing cyber events as they relate to the construction industry. Below we discuss why contractors need to address the risks associated with cyber exposures. In part two, we will discuss cyber risk management basics: what you can do to prevent a cyber event from occurring and how you can minimize damage if and when they do occur. Finally, in part three, we will discuss risk transfer and how outsourcing, contract management, and insurance can protect your firm from loss.

Read more

Form 1095 Deadline and Penalties

As part of the ACA employer reporting requirements, certain employers must provide a Form 1095-C or 1095-B to all applicable employees by March 31, 2016. Employers subject to employer reporting requirements who fail to provide the required Form 1095s by the deadline may face penalties similar to those imposed for W-2 reporting.
Background

Read more

Proposed Revisions to SBC and Uniform Glossary

On February 22, 2016, the Departments of Labor, Treasury, and Health and Human Services (“the Departments”) released proposed updates to the Uniform Summary of Benefits and Coverage (SBC) template, instructions, and Uniform Glossary (“glossary”). The proposed documents build largely on the revisions first proposed in December 2014. However, they incorporate additional stakeholder feedback—primarily from the NAIC—and the Departments are requesting public comments through the end of March before the documents are finalized.

Read more

Does Your Firm Have a Network Breach Plan?

Your IT Department has assured the latest updates and patches are in place for your firm’s network and your technology consultants are confident the system is set to prevent a hacking attack. But, just in case, your firm has recently purchased “cyber liability” insurance. It is time to sit back and forget about those headlines of security breaches that occur for other professional services firms. Belt and suspenders have now been added to the network with insurance, right? Unfortunately, understanding the firm’s network exposure is only the beginning of the risk management process – you’re still at step 1. To complete the risk management process, professional services firms should familiarize themselves with network security procedures and insurance, ensure stakeholders are aware of the coverage purchased, and incorporate the correct consultants into a breach response plan.

Read more

Social Engineering Criminals May Be Targeting Your Organization: Are You Vulnerable?

What is social engineering fraud?
Human-based social engineering fraud (sometimes referred to as human hacking) is defined as the art of influencing people to disclose information and getting them to act inappropriately. The consequences of social engineering fraud usually manifest when an employee is intentionally misled into sending money or diverting a payment based on fraudulent information. In 2014, over 100,000 new social engineering attacks were attempted every day against businesses of all sizes. This represented a 91% increase from the previous year, and has continued to rise. Often, the attackers utilize cleverly disguised phone calls or emails based on well-researched personal and company information, available in the public domain. An attacker may even pose as a trusted vendor or spoof your internal email addresses to resemble an internal email from a co-worker.

Read more