Don’t rely on the U.S. government to protect your business from cyber threats.
That was the consensus among experts speaking about cyber programs at a risk management conference on Tuesday.
“The U.S. government hasn’t done a lot to protect cyberspace,” said Craig Guiliano, associate director of Aon’s cyber practice group, who was speaking on Tuesday at the 2017 Risk Management Summit: Unlocking Possibility.
The summit is being held at the Cosmopolitan Hotel in Las Vegas from Sunday through Thursday. The conference is hosted by Energi, a provider of risk management and insurance offerings to the energy industry.
The panel he was on, Cyber Protection Plans, was moderated by John Serbin, regional vice president of safety and loss prevention for the Northwest region of eRisk Solutions. Other panelists were: Regine Bonneau, founder and CEO of RB Advisory LLC; Nathaniel Gravel, vice president of information security and IT at GraVoc; and Anthony Howley, senior underwriter for Evolve Cyber Insurance Services.
The panelists emphasized the need for companies to protect themselves, and not to rely on the government.
Guiliano said the government’s defense focus has continued to be on defending “air, land and sea.”
“In cyberspace, they’ve kind of tiptoed around and actually have done very little comparative to other threats,” Guiliano said.
He used the U.S. government’s response to Sony Pictures and North Korea as an example
In 2014, a hacker group leaked data from Sony Pictures, which included personal information. The hack was tied to North Korea, though that nation’s leaders denied it.
The brunt of the U.S. government’s response involved launching investigations.
“Their response was very weak,” Guiliano said.
This is why, Bonneau said, that companies which are exposed are not only at risk from domestic threats from hackers, but also from such threats from abroad.
“We’re fighting a silent war,” Bonneau said.
Both she and Gravel emphasized the need to go above and beyond basic standards being set by the government to ensure a business is protected, and not simply using a government-generated check list and marking off boxes to make sure your company is compliant.
“I think compliance has been misinterpreted over the years to be a gold standard and it’s really not, it’s just a minimum standard,” Gravel said.
Howley emphasized that risk managers and those involved with cyber concerns should understand what industry the company is in and what exposures that particular industry faces.
He offered as an extreme example of a healthcare provider his firm worked with. The firm’s leadership wasn’t aware that protecting patient records was subject to HIPAA (Health Insurance Portability and Accountability Act of 1996) law.
The company lost a few thousand records, which he judged to be comparatively small, but it was slapped with nearly $2 million in fines.
“Understand your industry, understand your exposures,” Howley said.
Guiliano recommended that if a company is attacked that response efforts should include time and resouces to take an assessment of what was lost, what happened and how it happened.
This will aid recovery efforts after an attack and make the company more resilient to attacks going forward, he said.
“Understanding the effects of the attack are really important,” Guiliano added.
The best way to battle the opioid epidemic in workers’ compensation is to start looking at the mind as well as the body of recovering workers.
That’s according to Dr. Angel Garrido, chief medical officer of Concordia Care Inc.
“Pain is a biopsychosocial phenomena,” Garrido said, adding that “we need to look at the person as a whole person.”
Garrido, who was referring to a medical view that attributes pain or disease to the interaction of biological, psychological and social factors, was speaking on a panel titled The Opioid Epidemic and injured Workers.
It was moderated by Elizabeth Ward, director of vendor management for eClaims Management. The other panelists were Stacey Whidden, CEO of EZ Comp Care, and Karen Derrico, vice president of workers’ compensation and critical care for Best Doctors.
The panelists agreed that battling opioid addiction should be undertaken through a multifaceted approach, which includes mental health evaluations of injured workers, more contact by the company with injured workers and best practices that include choosing board certified and well-vetted medical providers.
Garrido used as an example the case of a 51-year-old female with multiple spinal fusions who was on morphine for 14 years without returning to work.
“14 years of doing practically nothing,” he said.
He said his firm got involved and intervened by talking with the worker and her physicians, and then got her help that ended up with her being weaned off the opioids and returning to work.
“There’s no dichotomy between brain and body,” he said. “Healthy mind, healthy body. The biopsychosocial aspect is probably the No. 1 barrier to recovery.”
Derrico advised that companies should consider creating a contract with injured employees who are taking opioids, which includes an agreement to be drug tested.
She also advised tapping in to existing drug treatment programs and other forms of assistance, but to do so with measured optimism.
“These programs can only go so far with certain individuals,” she added.
Injured workers who are suspected of abusing opioids and are having trouble returning to work often have certain characteristics to look for such as a history of mental illness, a family history of mental illness or a previous bout with addiction, Whidden said.
“These are people who typically have delayed recovery,” she said.
Whidden noted that many firms are employing cognitive processing therapy, which uses elements of cognitive behavioral therapy people recover from posttraumatic stress disorder and related conditions, to help workers in dealing with pain.
She said the therapy helps to identify and address issues like anxiety, avoidance and catastrophizing, which are things that often led to a prolonged time between an employee’s injury and their return to work.
Often anxiety or pain is due to an employee’s inability to return to work, and he or she may blame the employer or the insurer for this.
“Your website is your storefront.”
That gem is from Michael Richmond, CEO of DigDev Direct.
He was speaking on a panel on marketing. The panelists were Larry Neilson, CEO of Neilson Marketing Services, Julie Tinney, the chief marketing officer of Wells Media Group Inc., and Brian Gravel, vice president of creative technology for GraVoc.
Richmond, who was talking about the value of informative content in getting customers to a company’s website, said the site should have a call to action, such as: “Free download of our white paper with must-knows on the petroleum industry.”
The panel tackled everything from internet marketing, to website building, to SEO, to all things digital, to traditional marketing.
Neilson said social media should be viewed as an opportunity “for us to scale relationship development.”
“I think social media provides exponential communications for us all,” he said.
Tinney, who also talked about the importance of embracing social media in a company’s marketing plan, said that not only time but resources are necessary for social media marketing to be effective.
“Your organic reach on Facebook has gone down and down,” Tinney said, noting that there is so much content on the platform that it’s hard for messages to get seen. “If you want to leverage social media, put some money in it.”
Tinney also warned against requiring potential customers to input a lot of information and forcing them to fill out numerous data fields on their first visit to the website or their first digital interaction with the company.
“Resist at all costs asking for reams of data initially,” Tinney said. “You just put up a wall.”
The panelists addressed customer reviews, which they agreed could be both good and bad.
Neilson said companies should consider progressively seeking out customer reviews.
“When a customer interacts with an employee, it’s an opportunity to ask for a review,” Neilson said. “Train your employees to ask for reviews.”
Tinney offered a takeaway for the audience: good, old-fashioned marketing and customer-facing service from a human being shouldn’t get lost in the sea of technology we’re all floating around in.
“The irony of innovative marketing now is: When is the last time you’ve gotten a handwritten note?” Tinney said. “The traditional can help you through the clutter. The two should co-exist.”
Other sessions on Tuesday included a number of panels including: Claims – Litigation Briefing; Risk Management – Transportation Regulatory Update; Risk Management – DOT Audit Compliance; and Human Resources – Wellness Programs.
Wednesday kicks off with sessions titled Vehicle Technology Solutions, and How to Change for Tomorrow.