Blog - Cambridge Chamber of Commerce

The past two and half years has seen virtually every industry and company re-evaluate how they conduct business.

 

Readjusting to a post-pandemic world is at the forefront in many of their plans and strategies as they look towards operating in a different world compared to the one we had at the start of 2020.

 

But despite adjusting their operations in substantial ways, many may be using the same insurance coverage they adopted prior to the pandemic, not realizing that COVID-19 could lead to new risks and exposures for them.

 

We reached out to insurance experts Amanda Scheerer at Josslin Insurance and Shelley Sutton at Dumfries Mutual Insurance Company to share their thoughts on what businesses can do to ensure they are properly prepared.

 

 

Q. How has the pandemic changed the approach SMEs are taking when it comes to insurance coverage?

 

Amanda: Post-pandemic inflation has had a huge impact on valuation of buildings and equipment. Before the pandemic, it was common to adjust rebuild, or replacement cost every couple of years, but with current inflation rates we recommend that business owners review the rebuild or replacement costs listed on their policies at each renewal.

 

In addition to inflation, we find rebuild time after a major loss is longer. We’re seeing a few our clients increasing their indemnity period for business interruption from 12 months to 18 months. This accommodates for the extended building periods and will allow business to survive during the rebuild and keep key people from leaving for another workplace.

 

Shelley: It really depends on the type of business. Contractors, for example, are busier than ever, selling work sometimes a year out. If they have stock, they are insuring it at replacement cost to protect themselves from the unpredictability of the market in the event of a loss.

 

SMEs have to protect their assets. Insuring to limits helps to do so and the need for business interruption coverage for insured perils should be considered and weighed out. Limits are higher due to building material increases (inflation) and shortages of both materials and labour. Overall, SMEs are being more careful about understanding the coverage they have and the premiums they are paying.

 

 

Q. Does having a portion or all of staff working remotely require businesses to consider adjustments in their insurance coverage?

 

Amanda: If you have people working remotely as a business owner, you should ensure that company-owned assets like computers and other work-from-home equipment is covered under your insurance with an off-premises coverage extension. That extension was normal in certain industries even before 2020, but with so much company equipment now in people’s homes, it’s more important than ever to make sure your Business Insurance Liability policy has it now.

 

Finally, if your employees are meeting clients in their own homes, you may want to extend your liability coverage as their personal insurance will not cover them in the event a visitor is injured.

 

Shelley: With staff working from home comes more need for cyber security and cyber coverage if the storage of stock and equipment has changed you may need to update your agent or broker to ensure you are covered at other locations (office equipment, stock etc.). Companies need to insure equipment for off premises. If building(s) are unoccupied coverages could be void.  Businesses should check with their insurer.

 

 

Q. What are some new trends when it comes to insurance coverage that businesses may not be aware of?

 

Amanda: As mentioned before, many of our clients are extending the indemnity period on their business interruption coverage to account for the longer rebuild times.

 

Because of cybersecurity concerns, many businesses are now installing multi-factor authentication on any devices that connect to their systems. They are also ensuring that any personal devices their employees use for work (bring-your-own-devices) have sufficient security on them, so they don’t infect the business systems.

 

Finally, more businesses are using contractors to deliver their products and they may not be aware that they need non-owned auto coverage. If a restaurant owner employed an independent delivery driver with his own auto coverage and that driver is in an accident while working, the restaurant would also be named in the claim. Having a non-owned auto extension on the business’ commercial general liability policy with protect the owner in this situation.

 

 

Shelley: As large companies double down on their efforts to protect themselves and their clients, cyber criminals are targeting smaller businesses that do not have the resources to protect themselves. Comprehensive cyber coverage for ransomware, malware, data breaches, phishing attacks, remote desktop intrusion and more is critical for today’s business whether you are an online retailer or a contractor – protecting your own information and the information of your clients is your responsibility.

 

 

Q. What are some of the common concerns or questions you’ve been receiving from businesses regarding their insurance coverage?

 

Amanda: The biggest concern we’ve been hearing from our clients is about the cost of rebuilding. It’s a good idea to ensure that the property and equipment values on your insurance are current. Many policies include a co-insurance clause, which limits the amount paid on a partial claim. If you’re building or contents are underinsured, you may be responsible for any shortfall.

 

Shelley: Saving money is high on their radar as well as having adequate limits considering rising building costs.

 

 

Q. What advice would you offer business owners when it comes to insurance coverage during the pandemic?

 

Amanda: If your people are working from home and your building is partially or totally vacant, please notify your insurance provider as this could void some coverages you may have. The same goes for any building owners who rent to tenants. Many are experiencing challenges in finding tenants, so please let your insurance provider know if you have vacant units to ensure you remain covered.

 

Shelley: We still advise clients to purchase as much liability coverage as they can afford. It is important to read your policy and understand exclusions when day-to-day operations change if you are unsure, call your broker or agent.

 

To learn more, visit Dumfries Mutual Insurance Company or Josslin Insurance.

add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn

The threat of data breaches or ransomware attacks have become a reality for many businesses and organizations.

 

The 2020 Cyberthreat Defense Report, created by CyberEdge Group which surveyed 1,200 security IT professionals in companies from 17 countries, found that 78% of Canadian companies experienced at least one cyberattack within a 12-month period, a figure which rose in 2021 to 85.7%. That same report also determined that 72% of Canadian respondents dealt with a ransomware threat in 2020, which luckily dropped in 2021 to 61.2%.

 

Locally, Statistics Canada figures show a total of 3,298 cyberattacks in Waterloo Region per 100,000 population in 2021, which is up from 1,113 recorded in 2017.

 

Many of the larger local attacks have media headlines, including a cyber threat on a supplier company in March of this year which prompted Toyota to halt operations at 14 plants in Japan and three manufacturing facilities in Canada, including its Cambridge plant. More recently, the Waterloo Region District School Board became a victim of a cyberattack which resulted in pay disruptions for some of its employees.

 

We asked John Svazic, Founder and Principal Consultant of EliteSec Information Security Consultants Inc. in Cambridge, to share his thoughts on what businesses can do to ensure they are prepared for any potential cyber threats.

 

Q.  What are some of the misconceptions surrounding a cyberattack or data breach?

 

John: The biggest misconception is that a business believes that they are not vulnerable or a target of cyber criminals.  Sadly, that’s not true.  If you have any form of presence on the Internet, say a Facebook page or an Instagram account, then you are at risk of an attacker. 

The attacks may be different, but they will impact you regardless.  I’ve had clients who had their Facebook accounts taken over and used for advertising by a foreign company.  That can harm your reputation.  Similarly, Instagram account hijacking is also common, and unfortunately recovery of accounts is time consuming and not always possible, leading to a lot of lost customers and influence.

 

 

Q. Are there degrees, or levels, when it comes to a cyberattack?

 

John: Yes, definitely!  The types of attacks we’ve seen locally in the region are a great example.  The most recent example from the Waterloo Region School Board seems to be a ransomware attack, which is where access to your computer network is “locked out”. 

A more common occurrence is these attackers will take data from the network first, then threaten to release these details to the public if the ransom isn’t paid.  This so called “double extortion” style of ransomware is particularly devastating to a company because there is no guarantee that the attacker won’t come back and ask for more money later.  Ransomware costs vary wildly, but it’s not uncommon to see demands from between $500 per computer to a few thousand dollars per computer, plus fees for not publicly releasing information.

Instagram and Facebook account takeovers can range from a few hundred to a few thousand dollars, depending on the attacker.

 

Q.  Are there certain types of businesses that need to worry more about an attack or breach than others?

 

John: The short answer is no.  Every company that has any type of Internet presence is a potential victim, but the likelihood of a small company being expected to pay out millions of dollars is near zero. 

The major criminal groups that get into the headlines are generally targeting larger companies because they understand that they have a greater chance of getting a large payout.  But smaller companies may also face extortion costs albeit at a smaller scale.

Sadly, there are criminal elements at all sizes, much like we have in the legitimate business world, all targeting specific markets, from enterprises to SMBs.

 

Q.  What are some of the first steps a business should take to protect themselves? Or can they?

 

John: The best thing anyone can do is make sure they use some type of two-factor (also called multi-factor) authentication for your online accounts.  This is commonly done by getting a six-digit code you get from your phone via an authenticator app or text message.  You then use that code in addition to a password when logging into email, etc.  This is an easy (and free) way to better protect your online accounts because it becomes a lot harder for an attacker to take over your account.

Using a password manager is also strongly recommended.  This can help avoid the use of re-using the same password everywhere. 

A lot of people will think that their password is safe, until one of the websites they use that password on gets breached, and then anywhere else they may use that password becomes vulnerable, regardless of how secure that website may be.

For organizations that do financial transfers, there should be a protocol in place to get some type of verbal confirmation for transfers and not to rely just on an email or text message to confirm the transfer.

 

Q. Do many businesses utilize cybersecurity insurance?

 

John: I find that cyber insurance policies are often used in tech companies because they view themselves at a higher risk, but for most other companies they don’t necessarily see the need. 

The policies I have seen range from helping pay for ransomware attacks such as paying the ransom to offering assistance to get help from an incident response firm, which is a type of cybersecurity company that will help find out how these attackers got in, get them out of the network, and then make sure they can’t get back in later. 

So again, larger companies or companies dealing with other enterprise customers are the main group seeking out cyber insurance.

 

 

Q. Has the awareness around the potential for cyberattacks increased significantly for businesses?

 

John: Cyberattacks are becoming more mainstream in terms of the amount of coverage from more traditional media outlets, which is leading to a wider realization of how bad these things can be. 

However, only the “big” attacks get headlines, and a lot of the attacks that happen often never see the light of day.  I would say that a lot more organizations have had a cyber incident than they care to admit.  Reputation, pride, and fear are some of the main factors for this. 

My advice to those companies is not to bury your head in the sand, but rather seek out help to ensure it doesn’t’ happen again, even if you don’t want it to be made public.

 

 

Q. What are some mistakes businesses make when it comes to data protection?

 

John: Aside from thinking it won’t happen to them, one of the most common mistakes is giving out the keys to the kingdom to all the employees.  Using the same login to a shared computer, for example, rather than giving individual logins for each employee.  Re-using passwords, not updating software regularly, no anti-virus on computer systems, not questioning strange requests, using company email as if it was personal email, insufficient access controls for sensitive information, etc. 

There are a lot of different things that companies can do, but a lot of it is about doing what makes sense for your own specific organization.  The basics would be not re-using passwords and making use of multi-factor authentication.

The biggest thing to remember is that it’s not about building up Fort Knox for your business, but rather making sure that you are secure enough for an attacker to look for an easier target instead, i.e., you don’t need to outrun the bear, you just need to outrun the guy beside you.

 

To learn more, visit EliteSec Information Security Consultants Inc.

add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn

The fallout from the Rogers outage continues to be tallied even as Innovation, Science and Industry Minister Francois-Philippe Champagne prepares to appear before a parliamentary committee sometime this month to answer questions regarding this nationwide disruption that cost businesses thousands of dollars.

It’s been estimated, according to a recent article published by BNN Bloomberg, the Canadian economy took a $142 million hit when a major service outage July 8 affected more than 12 million Rogers’ customers.

 

The system-wide cable internet and cellular network failure, which included subsidiary brands of Rogers Wireless, Fido, Cityfone and Chatr, was blamed on a maintenance update in its core network and in some cases, repairs took several days before all services were fully restored. Rogers has agreed to compensate customers affected by the outage, but many have now been left wondering what the next outage could bring?

 

We asked two local IT experts – Five Nines IT Solutions President & CEO Douglas Grosfield and MicroAge Kitchener owner Robert Jolliffe – to share their thoughts on what businesses can do to ensure they are better prepared for the next big outage.

 

Q. What can business owners do to prepare for potential interruptions?

 

Robert: First, they should determine if they can run their business off their cell phone by hot spotting. During the Rogers outage, some people had their business internet and cell phone both with Rogers, and that left them without a back-up option.  

 

The second thing a business can do, is have two internet connections on your business premises from two different providers. If your business is at a certain size and an extra $100 (or less) a month for a backup internet connection is a negligible cost, the second connection is worthwhile investment. Even if you are not using it, you have the insurance of a back-up connection.  

 

The backup could even be the lowest, cheapest connection available, which will get you through a day or two until your main connection is back up. It’s also worth considering whether one of your connections should be wireless; Starlink is an example of wireless internet connection.  

 

Douglas: Assuming a business is using proper perimeter security devices, most industry standard firewalls will easily support having two ISP connections and will use them in many ways.  You can have them active / passive, meaning if your primary connection fails, all traffic fails over to the secondary connection with nearly zero disruption, and fails back to the primary once it again becomes available. You can also do load balancing or ‘bond’ them such that traffic with different priorities (i.e., data vs voice) uses the appropriate connection and thus has no adverse effect on the other.  Check if your cellphones support dual SIMs; many do nowadays.  You can then have a SIM from more than one cellular provider and ensure reliable communications. An alternative would be to pay for minimal ‘lines’ for key or critical users, at a secondary provider, so that a manual swap of SIMs can get them back in business quickly.  Note that these things mean a different number, but in the short term can provide connectivity and communications.

 

Q. What would be the simplest piece of advice you could offer businesses when it comes to navigating these interruptions?

 

Robert: Have a backup plan. If there's a fire in the building, you have an evacuation plan. If the if power goes out, you know what you're going to do for your business. Treat internet failure the same way.

 

Douglas: Do not allow yourself to believe you are exempt from disruptions like this. Talk to a trusted technical partner about your options and like anything else, take the first step to achieve a goal.  If as a business owner your primary goal is not to protect that business, its clients and staff, its data, and systems, and to ensure the business continues to thrive and grow, then you’re doing it wrong.

 

Q. Do you see further interruptions like these becoming more commonplace and can they be prevented?

 

Robert: They won't become more commonplace, but they will be more severe because more of our society is connected to the internet now.  

The big telecom companies are going to put in more fail-safes, so the likelihood of it happening again is low. But as time goes on and society becomes more connected to the internet the likelihood of it causing disruptions is higher. 

For example, during the Rogers outage many people couldn't pay for things. 

Another example would be grocery stores that have digital price tags on the shelves. They're using this so that they can push price changes out from their head office, electronically across all the stores. So just imagine if you needed an internet connection for that, and all the prices get set to zero and then the internet went out?

 

Douglas: Yes, these companies are in business to generate profit, no surprises there.  Their investment (in the absence of legislation or other government-mandated investments) in the backbone networks and infrastructure, and the security of same, are going to be tightly budgeted and controlled.  Add to this the fact there is little competition and low likelihood of that changing anytime soon, and the communications landscape in Canada is ripe for this sort of disruption.  Toss in external issues such as cyber-attacks, and we can see that our current highly vulnerable national communications infrastructure needs overhauling and investment.

 

Don’t get me wrong, you can protect yourself by doing the right things regardless.  Endpoint protection, firewalls, redundant Internet connections, mobile device security, VPNs, encryption, etc.  All readily available technologies, inexpensive and simple to implement and manage with expert help and advice.

 

Q. Are businesses too reliant on one telecommunications company to deliver their service?

 

Robert: I would say that, yes. If a business only has one internet connection which is connected to an almost consumer grade firewall, then they are too reliant on one company. At first, if that internet connection goes down, that business is okay to go a day without internet. Then they grow to a size where it’s not okay to go a day without internet, but they don't change anything.  There are higher end firewalls that will allow them to mesh two connections, from two providers. So, if the main internet connection goes down, the other one from the other provider kicks in seamlessly. Employees and users on the network won’t even notice a disruption.  

 

Douglas: The communications market in Canada is radically different than in the U.S., for example, where there are far more options. However, having more providers requires subscriber density, meaning how many paying customers per square mile for example, to support the infrastructure.  For example, cellular service across a large geographic area requires mostly the same infrastructure (i.e., towers, networks etc) for 10 clients as it would for thousands or tens of thousands.  Without enough subscribers, it is cost prohibitive. Relying on one provider is very risky and given the simplicity and low cost for redundancy in this space, is both a mistake and a missed opportunity for businesses.  Business as usual when your competitors are not, is a huge advantage and costs very little.  Spread out your risk, eliminate by using proven technology to do so.

 

 

add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn

 

The increasing frequency of cyber attacks is costing Canada billions of dollars a year and hindering our ability to compete in the global economy, says a new report from the Canadian Chamber of Commerce. Cyber Security in Canada: Practical Solutions to a Growing Problem finds that cybercrime is an increasing concern for businesses and proposes cooperation between government and the business community to improve security.

 

“A study from the Center for Strategic and International Studies found that Canadian businesses are losing over $3 billion a year to cybercrime,” said the Hon. Perrin Beatty, President and CEO of the Canadian Chamber of Commerce. “It’s not technology-savvy security experts committing these attacks. Anyone with a computer and an internet connection can now disrupt services or hold data for ransom. What costs a criminal $100 may end up costing a business millions in lost money, time and reputation.”

 

Small businesses are particularly susceptible to cyber attacks because they often lack the financial resources and technical expertise needed to protect themselves. “SMEs comprise 98% of the Canadian economy. Nearly half have been the victim of a cyber attack,” said Mr. Beatty. “Their focus is on recovery instead of prevention. Unfortunately, recovery is often not possible. The average cost of a data breach in Canada is $6 million. Most small businesses would not be able to survive losing a tiny percentage of that figure.”

 

The report’s release comes after the federal government’s 2017 budget included $1.37 million for the fiscal year to continue programs already in place for risk assessment of critical infrastructure but made no direct mention of cyber security. “Government can’t do everything but they need to play a leadership role in securing Canada’s digital landscape for everyone,” said Mr. Beatty. “We need a public-private approach to address this urgent challenge.”

 

The report, released at the Lockheed Martin Canada IMPACT Centre in Ottawa, lays out a path for closer collaboration between government and business on cyber security, including providing incentives for security innovations and developing programs to increase workforce digital literacy. “By creating a stronger, more resilient cyber security framework we can better protect both our businesses and our citizens,” concluded Mr. Beatty.

 

The Canadian Chamber of Commerce is the vital connection between business and the federal government. It helps shape public policy and decision-making to the benefit of businesses, communities and families across Canada with a network of over 450 chambers of commerce and boards of trade, representing 200,000 businesses of all sizes in all sectors of the economy and in all regions. Follow us on Twitter @CdnChamberofCom.

 

Guillaum W. Dubreuil
Director, Public Affairs and Media Relations
The Canadian Chamber of Commerce

add a comment
Subscribe to this Blog Like on Facebook Tweet this! Share on LinkedIn

Contributors

Blog Contributor Portrait
Brian Rodnick
123
November 21, 2022
show Brian 's posts
Blog Contributor Portrait
Greg Durocher
40
June 25, 2021
show Greg's posts
Blog Contributor Portrait
Canadian Chamber of Commerce
24
January 29, 2021
show Canadian Chamber's posts
Blog Contributor Portrait
Cambridge Chamber
2
March 27, 2020
show Cambridge 's posts

Latest Posts

Show All Recent Posts

Archive

Tags

Everything Manufacturing Cambridge Events Spectrum New Members Taxes Region of Waterloo The Chamber Property Taxes Government Waste Cambridge Chamber of Commerce Networking Success Di Pietro Ontario Chamber of Commerce Greg Durocher Scott Bridger Food Blog Canada Ontario Cambridge Memorial Hospital Business After Hours Discounts Member Benefits Affinity Program Web Development Visa, MasterCard, Debit Big Bold Ideas Politics Elections Municipal Provincial NDP Liberals PC Vote Majority Christmas Homeless Leadership Oil Sands Environment Rail Pipelines Keystone Canadian Oil Canadian Chamber of Commerce Small Business Next Generation Cyber Security Millennials Energy Trump Washington Polls US Congress Bresiteers Trade NAFTA Europe Economy Growth Export Minimum Wage 15 dollars Bill 148 Cost Burdens Loss of Jobs Investing Finance Canada Capital Gains Exemption Tax Proposal MIddle Class Member of Parliment Unfair Changes Small Business Tax Fairness COVID-19 Mental Health Self-isolation Social Distancing Ways to Wellbeing Education Conestoga College Online Training Business Owners Personal Growth Communicate Young Professionals Workplace Communication Stress Emotionally and Physically Animals Pets Lockdown CEWS Employee Relief Employee Benefit ToBigToIgnore Small Business Week Support Local Buy Local Business Support Waterloo Kitchener YouGottaShopHereWR Responsibility Culture Workplace Antiracist Inclusion Diversity Racism Federal Election Services Autonmy Professional Salary Wages CERB Workers Jobs Guidelines Health and Safety Etiquette Fun Inperson Members Golf Tournament GolfClassic Business Business Trends Home and Garden Garden Pools Home Improvements Backyarding Renos Summer Airlines Business Travel Bad Reviews Reviews Consumers Competition Bureau Dining Out Expert Advice Outdoors Economicrecovery BBQ Vaccines Community vaccinations Conferences Virtual Visitors Spinoff Screening Kits Tourism Trends Productivity Engagement Remote working EmploymentStandardsAct Employees Employers Policies Employment Contracts Legal Public Health Virtual Ceremonies SMEs Health Canada Prevention Rapid Screening Health Entrepreneurs Building social networks Storytelling Video The She-Covery Project Child Care Workplaces Contact Tracing Time Management Pre-Budget Modernization Canada Emergency Rent Subsidy (CERS) Budget Ontario’s Action Plan: Protect, Support, Recover Federal Government Hotels and Restaurants Alcohol Tax Freezethealcoholtax Canadian Destinations Travel Grow your business Sales and Marketing Digital Restructure Financing Structural Regulatory Alignment Technological Hardware Digital Modernization RAP (Recovery Activiation Program) Support business strong economy Shop Cambridge Shop Local #CanadaUnited Domestic Abuse Family Funerals Weddings Counselling Anxiety Pandemic Getting Back to Work UV disinfection systems Disinfection Systems