News & Events

Wednesday, March 10th

Vulnerabilities with On-Premises Versions of Microsoft Exchange Server

Early last week, Microsoft revealed that suspected state-sponsored hackers from China were exploiting four previously unknown vulnerabilities being used to attack on-premises versions of Microsoft Exchange Server. This has enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments. 

Since that disclosure, other hackers have used automated programs to scan the internet, looking for companies that have yet to install the fix. Microsoft has urged IT administrators and customers to apply the security fixes immediately. However, just because fixes are applied now, this does not mean that servers have not already been compromised.

Microsoft has listed indicators of compromise here. Admins can also use this script from Microsoft to test if their environments are affected. 

For more information about these vulnerabilities and how to defend against their exploitation, see:

What Action Should You Take?

For businesses potentially impacted, we strongly advise consulting with a cybersecurity expert. For those with cyber insurance, you may have access to complimentary cybersecurity resources through your insurance provider. Please reach out to our office if you have any questions on your cyber insurance coverage or to submit a claim.  

To learn find more about cyber insurance or request a quote, please visit our website:

This material is intended for informational purposes only and is not to be construed as legal advice.


Thursday, February 18th

The Power of Multi-Factor Authentication: Passwords Aren’t Enough

P@ssw0rd123! Look familiar? It doesn’t matter if you replace your vowels with symbols, include the name of your first pet, or use a complex combination of letters and numbers – these days, passwords aren’t enough. And when you are running a business and dealing with sensitive data, you have an added responsibility to protect that information from cyber-attacks. That’s where MFA comes into play.

What is Multi Factor Authentication? (MFA)

Multi-factor authentication (MFA) is a security measure that requires two or more forms of identification to access an account. This involves a combination of:

What should my business protect with MFA?

Any account with access to critical data, applications, and systems within your business should be protected.  Here are some critical areas to address:

  1. Remote network access
  2. Privileged/administrative account access
  3. Business email
  4. Customer relationship management (CRM) system 

MFA and Cyber Insurance

Enabling MFA is a strong indicator of proactive risk management practices.  This, along with other measures can have a significant impact on the availability and affordability of coverage. Due to rising claims frequency, MFA is becoming a more common condition to qualify for coverage. MFA has the potential to prevent claims, which over the long term can result in preferential pricing and coverage terms.

MFA can block over 99.9% of
account compromise attacks.

Microsoft

How to Implement MFA

The vast majority of MFA is free and several common platforms (Gmail, Outlook, Dropbox) offer it internally. For 3rd party platforms, there are also several apps available that allow you to set up MFA free of charge.

It’s best to engage with your IT department or IT vendor to set up an implementation plan that not only establishes MFA but educates your employees on using the feature and explains the purpose and need for added security.

Contact Morris & Garritano at info@morrisgarritano.com to learn how implementing MFA can help your business or check out our Cyber Coverage Resources for more information.

Additional Resources:
MFA Explained in Under 2 minutes
How to implement Multi Factor Authentication (Microsoft)
Enable MFA in Outlook | Enable MFA in Gmail | Enable MFA for Apple ID


Friday, June 26th

WCIRB Update: Eff. July 1, 2020

Insurance Commissioner issues Order resulting in workers’ compensation premium savings for California businesses affected by COVID-19

The order adopts emergency regulatory changes developed by the Workers’ Compensation Insurance Rating Bureau of California (WCIRB) effective July 1, 2020 to be applied retroactively. The Commissioner’s action mandates workers’ compensation carriers reflect in premiums the reduced risk of loss due to “stay-at-home” orders. 

The official notice from the Department of Insurance can be viewed here

The below video links will provide an overview of the notable amendments, but you can also visit the WCIRB’s full reference page for more information.

We encourage you to consider these changes as you assess the impact of COVID-19 to your estimated annual payroll (if on recurring billing), actual payroll (if billed on a reporting basis), or recent audit if applicable.

If you have questions, concerns, or need to make an adjustment to your policy, please feel free to contact your Risk Advisor or Account Manager for further assistance.

Uniform Statistical Reporting Plan



Experience Reporting Plan

Exclusion of COVID-19 Claims from Experience Modification
Section VI, Rating Procedure, Rule 2, Actual Losses and Actual Primary (Ap) Losses, was amended to specify that all claims directly arising from a diagnosis of Coronavirus Disease 2019 (COVID-19) shall not be reflected in the computation of an experience modification.


Tuesday, June 16th

Work Comp Webinar: AB5, Who is an Employee?

Do you work with or hire Independent Contractors?

If so, you won’t want to miss this webinar offered by State Fund. The webinar is designed to help you have a better understanding of Assembly Bill 5 (AB5) and the changes that have been made in determining employee status in California.

Experts will discuss what impact it may have on you, your business, and most importantly, what you can do now to prepare for the changes that will take effect on July 1, 2020 as it relates to your workers’ compensation coverage.

Not a State Fund policyholder? Not a problem, this webinar is open to the public.

Topics to be covered include:

• The Dynamex Supreme Court Decision
• New “ABC” Test• Prior Test – Borello
• Exemptions to the “ABC” Test
• New Labor Code Section 2750.3
• Potential Impact of AB5


Register here: https://scif.zoom.us/webinar/register/WN_mkRp0TozTT22T2Utpwp2CA


Friday, March 6th

Coronavirus in the Workplace

As the coronavirus (COVID-19), as well as the media coverage surrounding it, continues to spread, we are receiving many questions from clients wondering what they can do to keep their employees safe as well as what is required of them from a liability stand point. To help, we have compiled the following information and resources.

Can coronavirus become a Work Comp claim?

Yes, if an employee contracts the virus during the scope or course of their job duties. For example, employers may be responsible in the following situations:

  • An employee travels or works overseas and contracts the illness.
  • An employee contracts the virus and infects coworkers in the office or on the job site.
  • An employee is assigned to work in a location with infected individuals and becomes infected.

In these scenarios, a Work Comp policy will typically cover lost time, permanent disability, medical expenses, and a death benefit as a result of the coronavirus.

What are my legal obligations as an employer?

Employers are obligated to maintain a safe and healthy work environment for their employees, but are also subject to a number of legal requirements protecting workers. For example, employers must comply with the Occupational Safety and Health Act (OSH Act), Americans with Disabilities Act (ADA) and Family and Medical Leave Act (FMLA) in their approach to dealing with COVID-19. (see HR Compliance Bulletin for more detailed information)

Will our benefits plan cover a coronavirus diagnosis?

While the specific coverages will be dependent on the individual’s plan benefits, most health plans will cover the care an employee would receive if diagnosed with coronavirus, unless otherwise determined by state law or regulation. However, they will still be responsible for any out-of-pocket expenses that their plan requires.

Please view our Carrier Resources for Coronavirus t o see what benefits and resources your specific carrier is providing. For many carriers, utilizing their Telemedicine services is the best first step if you are concerned about symptoms.

Steps you can take to protect and prevent

The Centers for Disease Control and Prevention (CDC) has a dedicated website providing information to businesses and employers. The following actions are recommended:

  • Encourage sick employees to stay home
  • Be more flexible with your sick leave policies
  • Educate employees on preventive measures
  • Keep a good stock of supplies such as tissues, hand sanitizer, and soap
  • Perform routine cleaning of frequently touched areas
  • Advise employees before traveling to take certain steps. If employees are required to travel for business, stay up to date on the CDC’s Traveler’s Health Notices for guidance.

Helpful Materials & Resources

OSHA Safety & Health Topics
CDC: Coronavirus Disease 2019
World Health Organization: Advice for the Public
EDD: Coronavirus 2019 (COVID-19)


Wednesday, December 21st

Important Changes to Workers’ Compensation Policies

FINAL REMINDER: AB 2883 Deadline December 31

Starting January 1, 2017, AB 2883 goes into effect, changing the parameters in which owners can be excluded from Workers’ Compensation coverage. Below is an overview of the changes to be enacted:

Corporations: In order to be eligible for exclusion from coverage, the individual must be an Officer or Director and must own 15% or more of the issued stock.
Partnerships and Limited Liability Companies: In order to be eligible for exclusion, the individual must be a general partner if the entity is a partnership; or the individual must be a managing member if the entity is a limited liability company.

Revocable Trusts: Grantors of revocable trusts are no longer eligible for exclusion.

By now you should have received an explanatory notice and waiver from your insurance carrier. These waivers must be signed and returned to your carrier by end-of-business on December 31. If a waiver is not received and accepted by December 31, 2016, any employee that had previously been exempt from coverage, must be included on the policy and will be charged premium up until the date an executed waiver is submitted to the insurer.

Please contact your Account Manager should you have any questions.

 

IMPORTANT! Changes to First Aid Claim Reporting

Effective January 1, 2017 insurers will now be required to report medical costs incurred on First Aid claims to the Workers Compensation Insurance Rating Bureau (WCIRB), regardless of who paid the medical fees.

You might be asking yourself, how does this change affect me?  If a claim fits the First Aid Criteria and you pay the medical bill directly to the provider, it will still be included on your Experience Modification worksheet. On the other hand, should you allow your carrier to pay the medical bill, they will only be charged the contracted rates, which could be substantially lower. In other words, you may find it in your best interest to think twice before paying a claim out of pocket.

If you have any questions regarding this or any other Work Comp claim reporting matter, please contact our Workers’ Compensation Claims Analyst, Mary Jean Collins, mcollins@morrisgarritano.com.