‘Tis the Season for Cyber Security

02J68283

As the holiday season draws near, so do cyber criminals.  With more and more people shopping online, the number of potential cyber breach victims increases every day.  In fact, Adobe is predicting that Black Friday 2017 will see the highest sales ever on record.

So, without completely withdrawing from the online world, how can you protect yourself and your business online?  Try applying the following tips:

Make sure that you are on the website that you think that you are on

One of the most common ways to scam your username and password or credit card information from you is to send you to a fake website that looks very similar to the website that you are expecting.  An example of this is paypal.com versus paypa1.com.  Note that the only difference is the “L” at the end of the first one and there is a “1” at the end of the second one.

To get you to these fake sites, scammers will send you an email that directs you with a bogus link.  One way to see where the link is taking you is to hover over it with your mouse.  The website address will popup.  If the link is bad, block the email sender and move the email to your “SPAM” folder to prevent receiving emails from that person in the future.

One way to confirm that you are visiting the website that you want is for you to type the website into the address bar.  This way, you know that you are not following any false links and you arrive at the correct website.

Don’t fall for holiday phishing schemes

On Black Friday 2017, retailers sent over 3 BILLION emails to consumers, advertising their best deals and sales.  This day was also filled with scammers sending out tons of emails, pretending to be a retailer.  They were taking advantage of the fact that consumers were expecting to receive these emails and may not have questioned them as much.  This is known as phishing and its main purpose is to collect as much personal information about you as possible.

Commonly, phishing emails will try to direct you to a login page or a payment page.  They want to get your information as quickly as possible without you questioning the validity of the site.

A few ways to identify phishing schemes:

  • The “From” field display name is a store or bank.  However, when you click into it to reveal the full email address, it’s an address not related to that entity.
  • The email has graphics that look “off” or “fuzzy”.  Sometimes, to make the fake email look more legitimate, a scammer will copy the graphics from a store or bank from their website, which are not a high resolution.  As a result, when they are placed into an email, they look wrong.
  • When you hover over the link that the email wants you to visit, it is not pointing to the website that it claims to be sending you to.
  • Check for spelling mistakes and bad grammar.  Legitimate companies are sticklers when it comes to spelling and grammar.  If the email sounds poorly written, there is a good chance that the email is not legitimate

Check for an SSL certificate upon checkout

When you check out online, you want to make sure that there is an SSL certificate in the address bar.  You should see that the web address starts with “https://”.  Normally, there will be a lock image next to the address or the whole bar will turn green.

An SSL is important any time that you are entering financial information or passwords.  This encrypts that information and keeps it private from anyone that may be watching your transaction.

Create a strong password (and don’t use the same one) for your customer (and business) accounts

Your customer accounts for stores and banks should be protected by a strong password.  The company can have the best security measures and encryption in place, but if your account has an easily guessed password, none of that matters.

A strong password is 12 characters or more and contains at least one of each of the following:

  • Uppercase letter
  • Lowercase letter
  • Number
  • Symbol

You also do not want to use the same password for all of your accounts.  This is because if one of the accounts is hacked, the hacker now has the login information for all of your other accounts and they WILL check this immediately.

The average American has over 60 online accounts that they have to remember, so look into a good password manager to help you maintain the information.  Not only will the password manager help you remember all of your login information, but it will help you create secure passwords.

Some highly rated password managers include KeePass, Dashlane and LastPass.  Check out this article from PC mag for more information on the top password managers of 2017: https://www.pcmag.com/article2/0,2817,2407168,00.asp

BONUS: Turn on two factor authentication where possible

Two factor authentication (TFA) is becoming more prevalent as hackers become more savvy and have access to greater computing power.  TFA uses not only your username/password, but one other means of verification before you have access to your account.

This is now commonly available with banking and credit card websites.  When you turn this on, after you sign in with your username and password, they will ask if you want to receive a text or email for secondary verification of the account.  Once you make your selection, they will send a one-time only code to the phone number or email associated with that account, which you then have to enter to gain access.

This is helpful because even if someone had your password, they would still need access to your email or phone to be able to access your account.  If TFA is available to you, INF recommends turning it on to better protect yourself.

Have a safe and secure holiday season from INF!

ShareFile Portal Perks for INF Clients – 24/7/365 Access for YOU!

As an INF client, you have access to the INF ShareFile Portal 24/7/365! This is a huge perk of working with INF. You have all of your data at your fingertips.
However, we have received multiple questions regarding the portal. We hope to clear up any confusion with this post.
Why does INF use ShareFile?
We wanted our clients to have access to their current lawyers professional liability insurance application and policy securely from anywhere at any time. We use our ShareFile portal to make that happen!
ShareFile has the following security features:

  • Third-party validated application and datacenter controls from SOC 2 and SSAE 16 audits.
  • Bank-level encryption in transit and at rest.
  • Two-factor authentication and single sign-on for added security.
  • Multiple data storage locations around the globe.
  • 99.9 percent uptime and disaster recovery centers in the United States and Europe.

In other words, ShareFile is very secure! INF is highly concerned with protecting your data.
How do I get to the portal?
Go to https://integrityfirstins.sharefile.com and you will be presented with the following screen:

SharefilePerksPic1
What username should I use?
Your username for the portal is the email address that you have on file with INF. If your email address changes, just let us know and we can change the username for you.
What if I don’t know my password?
Click on the “Forgot Password?” link on the Sign In page.

SharefilePerksPic2

This will take you to the “Forgot Password” page. It will ask you to enter your email address and to fulfill a CAPTCHA request to prove that you are human.
SharefilePerksPic3

Once you click “Send”, it will email you a “Password Reset” email from “Sharefile Support”.

SharefilePerksPic4

Click on the “Reset your password now” link. This will open a browser with the “Reset Password” instructions.

SharefilePerksPic5

Fill in the required fields and click the “Reset Password” button. This will officially reset your ShareFile password.
What is contained in the portal?
Your portal contains your current lawyers professional liability policy as well as your original application. Additionally, if you have been a customer of INF for more than one year, the portal contains all of your LPL policies and applications since 2015. You can download these pdfs whenever you would like.

I want multiple people in my office to have access to my files. Is that possible?
Yes, it is. Email sivol@integrityfirstins.biz with the person’s name and email address that you would like to add to your portal. They will be added within 48 hours. This can be done with multiple people as well.

Can I access the portal on my mobile device?
Yes, you have TWO ways to access it:
1 – You can get to the portal via the browser on your mobile device
2 – You can download the “Citrix ShareFile for iPhone and iPad” (https://itunes.apple.com/us/app/citrix-sharefile-for-ipad/id440596621?mt=8) app and sign in with your credentials. This app is also available from the Google Play Store (https://play.google.com/store/apps/details?id=com.sharefile.mobile&hl=en) and the Windows Store (http://apps.microsoft.com/windows/en-us/app/sharefile/b7940fda-b088-4af4-869b-e21a737bb26f).
You now can have a copy of your LPL insurance policy with you wherever you go!

Once I’m signed in, how do I download my policy?
Click on “Shared Folders” on the left-hand side menu to bring up your folder structure. Your folder name should contain your LPL expiration date and your firm name. Click on the folder to reveal the contents. This is where your policy is stored. To download the policy (or any document), click on the name of the document. This takes you to a preview screen, where you can see the document. It also gives you a few options on the right-hand side of the screen.

SharefilePerksPic6

You can download, copy or print the document from here.

I received an email with a ShareFile Attachment from INF. Now what?

Integrity First Corporation sends emails with encrypted ShareFile attachments for our clients’ protection.  We want to protect YOUR personally identifiable information, or PII, for short.  The email will say “This message contains attachments delivered via ShareFile” as shown below:

1-emailimageIf you receive an email from INF with an encrypted attachment from Sharefile, DON’T PANIC!  Just follow these 4 simple steps and you can retrieve the attachment in a snap:

Step 1 – The email will contain a link to the attachments that says “Download the attachments by clicking here”.  Click on the “clicking here” link.

Step 2 – This will take you to the INF ShareFile portal via your browser.  As seen in the image below, all of the attachments are selected for download by default.  Make sure that only the attachments that you want to download have a check in their checkbox.

2-downloadsimageStep 3 – Click “Download” and your browser will download the selected files into your “Downloads” folder.  Most browsers will show the download file in the bottom menu screen on the left as well.

3-downloadmenuimage

Step 4 – Open your “Downloads” folder and retrieve your attachments!

4-downloadsfileimageBonus Step 5 (If there are multiple attachments) – When there are multiple attachments, they will download as a zip file.  To open the zip file, right-click on it and select “Extract All”.

5-extractimage

This will create a pop up window, where you select “Extract”, and the individual attachments will then be available.

6-zipped

But wait!  What if I don’t know how to find my “Downloads” folder?

To find your “Downloads” folder, follow these 3 easy steps:

Step 1 – Click on the Windows “Start” button

Step 2 – In the “Search programs and files” search box, type “Downloads”

7-searchbar

Step 3 – Click on the “Downloads” folder that it finds.

8-downloadstyped

Your downloaded files will be located within that folder.

INF Attends Westmoreland County Bench Bar

INtegrity First Corporation attended the Westmoreland County Bar Association Bench Bar at Nemacolin June 8 – June 10, 2016.

Nemacolin

Don and Mark attended the Golf Event on June 8 and shot a great round!

StaceyandMarkNemacolin

Everyone attended the Vendor Fair on June 9th.  It was great to see all of our clients from Westmoreland County and the event was excellent!  It was nice to celebrate our 10th anniversary with the Westmoreland County Bar Association.

Wow!

Wow, 10 years!

It doesn’t seem possible that it was 10 years ago that we opened our doors as a start up agency with no clients, no carriers and yes no revenues.  Talk about a scary proposition.  My friends and collegues looked at me with skeptical smiles and that “really, are you sure look?”  I learned from Day 1 (about 3600 days ago) that it wasn’t going to be easy, romanticized or an instant success.  It was going to be hard work, long days that turn into long nights, stressful and at times crazy.  Crazier, I would do it all over again.

We have had many successes and some disappointments too but we are not finished building the INtegrity First dynasty!  We have many more long days and long nights ahead to get to where I/we want to be as an agency! To take a lyric from a favorite singer we want to be king of the hill, top of the heap A#1!

It has been a wild ride, I have said many times, “it is the most excited I have been and at the same time the most scared I have ever been.”  Kind of like raising children.  I have two so I know!  Something else I know; We would not be here for 10 years without the support of our clients.  I truly appreciate the loyalty, support and the encouragement that our clients have provided through the years.  Our clients have many choices when it comes to choosing a broker and the fact that they choose us and remain with us is very humbling.  My thanks go to each  of our clients past and present.  I look forward to serving them for another 10+ years.

Thanks again,

Don

Holiday balloons on blue sky background.

Reporting A Claim Under A Claims Made and Reported Policy

Most professionals know to protect themselves and their clients with the purchase of a professional liability insurance policy, commonly referred to as an E&O policy.  What most professionals don’t know or don’t care to know, is when and how to properly report a claim or potential claim to their insurance carrier.

Initially, the most important issue when reporting a claim is the timing of the notice to the carrier.  All carriers have different reporting requirements but most state that the claim or potential claim must be reported to the carrier in the policy period YOU first become aware of the claim or potential claim.  Some carriers are even more restrictive and will use the term “immediately report” or “as soon as possible after first becoming aware of the claim.”  No matter the wording in the policy, the timing of the notice to the carrier is absolutely vital to the claim being covered under the policy.  A delay in reporting the claim or potential claim to the carrier can lead to a declination of coverage due to “late reporting.”  Late reporting is a term no insured wants to hear in a claim situation.  Do not fall into the trap of thinking it will just go away, or hold off on reporting for fear that your premium will increase.  Providing professional services for others unfortunately will give rise to a claim or potential claim.  These must be dealt with immediately.

All carriers have slightly different policy wording with regard to the timing of claim reporting.  The best way to reduce the possibility of a declination due to late reporting is to report the claim as soon as you first become aware of the claim or potential claim.  Regardless of “how much time” the policy provides, immediate reporting of the issue to the carrier will be viewed as favorable by the carrier and the claims personnel.  It may even provide a good night sleep for you!

Keeping Your Information Safe In the Digital Age – Part 1

With the onslaught of data breaches that have been in the news lately (think Target or Sony), INF presents this multi-part blog series about keeping your data safe in the digital age.

Passwords

Do you pick a password and then use that for all of your accounts or do you choose short passwords that are easy to remember?  Is your password “Password” or the name of your pet?  Do you keep a word document or piece of paper with all of your passwords written down?  If so, your digital information could be in trouble.  More than 60% of people use the same password on multiple accounts.  In the digital world, this means that if I can break into one account, then I can have access to all of your accounts.  This is why when a data breach happens with one retailer, fraudulent activity among other retailers goes up as well due to usernames and passwords being the same.

Most people choose their passwords from a finite set of words, phrases and numbers (or some variant of this), which makes guessing your password a trivial task for most hackers.  They use a “Dictionary Attack” on an account, which takes commonly used words from the dictionary and puts them together with numbers and other words to create a password to try.  Bear in mind, this is not a human being doing this, so multiple attempts to guess your password can be made by the second and whole attacks can last less than one minute.  Additionally, software that does this is commercially available and thus, is very easy to implement.  Once a hacker has cracked one of your accounts, they immediately target others.  In doing this, they will touch as many accounts as they can before you are alerted that anything is wrong.

How To Choose a Strong Password

In order to combat this and become a smarter user, you must create a strong, non-trivial password for each account that you have.

Choosing a strong password becomes simple once you learn the following four rules:

  1. Choose a password that is 13+ characters long
  2. Choose a password that does not contain any words in the dictionary
  3. Choose a password that has an uppercase letter, a lowercase letter, a symbol, and a number
  4. Choose a password that does not use all obvious substitutions of symbols/numbers for letters (i.e. 5 for “S” or @ for “a”)

One recommended way to create a password is to think of a phrase from a book or song that you like and turn it into a password.  As an example, if you are a fan of “Hitchhiker’s Guide to the Galaxy” by Douglas Adams, you may turn the phrase “So long and thanks for all the fish!” into the password “S81ng&Tks4@!!f!$h!”.  Notice that none of the actual words were used and not all of the substitutions were obvious, such as “8” for ‘o’.  A simple trick to remember is – the longer the password, the stronger the password.

You may be asking, “How in the world am I going to remember all of these passwords?  I must have over 90+ accounts online, like the average American!”  There is no need to remember all of the passwords that you create.  In fact, if you can remember one very strong password, you can access all of your others by using a password management program such as KeePass, 1Password or Dashlane.

Part 2 of this series will cover setting up and using a password management program.

 

Value of Broker Services for Professional Liability Insurance

As an insurance professional for more than 25 years, It never ceases to amaze me how commoditized the professional liability insurance marketplace has become.  The coverage is not that simple but yet many professionals purchase the policy on line directly from the carrier without the assistance of a broker.  No consideration is given to policy form, prior acts coverage, limits, deductible or the many ancillary coverages available.  No value is given to the broker services.  I don’t understand this as brokers provide valuable services: policy comparisons, concise explanations, proposal/carrier options and risk management services.

As an insurance agent and the owner of a small business, I understand and can relate to cost cutting measures and getting the best “deal” possible.  I have seen clients change carriers/programs/brokers for a  $50 savings of annual premium and little or no regard to the coverage or broker services lost!  Does that make sense to you?

I don’t believe that the purchase of insurance, especially one that protects a professional’s reputation can be all about the money.  Don’t get me wrong, the money issue is very important however neglecting the coverage issue and broker services can be devastating at claim time.