June 10, 2025  

Cybercriminals Are Targeting Small Businesses – Is Yours Next

Your Business Is Being Targeted—Even If You Don’t Realize It

It’s not just big corporations making headlines anymore. Small and midsize businesses are now prime targets for cybercriminals—and the numbers don’t lie.

Ransomware remains the most disruptive threat in today’s digital world. The newly released Cyber Threat Index 2025 from Coalition reveals how these attacks are happening. It shows why it’s time to take this risk seriously.

Startling Realities from the Report:

  • 58% of ransomware attacks in 2024 began with a breach of VPNs or firewalls
  • 18% involved remote desktop tools
  • 47% began with stolen or guessed login credentials
  • Email phishing and unpatched software rounded out the top attack methods

What This Means for Your Business

Think about the systems your team uses every day—remote logins, email, cloud apps. Now imagine they’re all frozen… encrypted by criminals demanding a six-figure ransom just to give you back control.

It’s not science fiction. It’s happening to businesses just like yours—some of them never recover.

The worst part? Most attacks succeed not because the defenses are complex, but because they’re familiar. Cybercriminals keep reusing the same tactics because they still work.

And while enterprise-level companies have IT teams monitoring for threats around the clock, many small and midsize businesses don’t. That’s where cyber insurance becomes more than a policy—it becomes a lifeline.

How Cyber Insurance Protects You:

A robust cyber insurance policy can help cover:

  • Ransom payments (where legal)
  • Digital forensics and IT recovery
  • Business interruption and income loss
  • Data restoration and rebuilding
  • Regulatory fines and legal defense
  • Customer notifications and credit monitoring

4 Things You Can Do Right Now:

  1. Harden remote access tools – Use multi-factor authentication (MFA) across VPNs and remote desktops
  2. Educate your team – A well-timed click on a phishing email can cost your business everything
  3. Patch and update software – Vulnerabilities in outdated tools are low-hanging fruit for attackers
  4. Review your cyber insurance – Your policy should reflect your current systems and risks

Final Thought:

Cybercriminals aren’t getting more creative—they’re just getting more persistent. And far too many businesses are still unprepared.

The good news? Cyber insurance remains one of the most affordable forms of protection available. This is especially true when compared to skyrocketing premiums you see in property or commercial auto.

If you’re not sure whether your coverage is enough, let’s have a conversation. Or if you don’t have cyber protection in place at all, let’s talk.

It could be the most important step you take for your business this year.

-JK

June 5, 2025  

Importance of Liability Clauses in Business Contracts

“Do you use your standard contract with your customers that includes a limitation of liability clause and/or hold harmless agreement?”

When applying for liability insurance, you’ll find this question on pretty much all insurance carrier applications.

If you do not use a standard contract or agreement with your customers/clients and they do not include limitation of liability clause and/or hold harmless agreement, chances are you’ll

1- Be declined by carriers
2- pay higher premiums
3- or deal with an array of coverage limitations/exclusions.

Best Practice Recommendation:

-Use written contracts consistently, especially for higher-value jobs or services.

  • Include at minimum: Limitation of liability, Indemnification/hold harmless clause, Insurance requirements for the other party.

Have contracts reviewed by a qualified business transactional attorney to ensure enforceability.

Having these measures in place not only protects your business—it also signals to insurers that you manage risk proactively.

All this can save your business from extreme financial risk. Added bonus, less insurance premium and better coverage.

-JK

January 23, 2025  

OSHA Form 300A Posting Begins February 1

Employers that had 11 or more employees in the company at any point in 2024 must post the Occupational Safety and Health Administration (OSHA) Form 300A.

This form is a Summary of Work-Related Injury and Illnesses. The posting period is from February 1 through April 30.

This requirement applies even if the company didn’t have any recordable incidents in 2024. A company executive must certify OSHA Form 300A. The form should be posted in each establishment. It must be in a conspicuous location where notices to employees are customarily posted.

Certain establishments are partially exempt from OSHA’s routine recordkeeping requirements. This includes establishments with 10 or fewer employees. It also includes those whose primary business activity is classified as low hazard according to OSHA’s guidelines.

A full list of exempt low-hazard industries, ordered by North American Industry Classification System (NAICS) codes, can be found here.

The exemption is “partial” because all employers must notify OSHA when an employee is killed on the job or suffers a work-related hospitalization, amputation, or loss of an eye.

Need help with this stuff? Give me a call or shoot me a message and we can talk.

-JK

November 18, 2024  

Important Changes to Workers’ Compensation Posting Notice in California

On July 15, California State Governor Newsom signed AB1870. This bill amends Labor Code 3550. It adds language to the workers’ compensation posting notice, DWC-7, that informs employees of their right to consult an attorney. This update takes effect 1/1/2025 and applies to any workers’ compensation policy, regardless of renewal term.

California has published the revised DWC7 which can be found HERE.

If you are are a California Workers Compensation insurance policyholder, I recommend that you:

  • Continue to report injury claims promptly
  • Educate managers, supervisors, and employees about their rights and the proper steps to take if an injury occurs
  • Supply the latest version of the DWC7 posting notice
  • Post the updated notice in a conspicuous place, where all employees have access to it (failing to post is considered a misdemeanor and can result in fines)
  • Talk with your Workers Compensation insurance provider about Back to Work options at your business

If you have questions, contact me.

-JK

November 11, 2024  

OSHA’s Top Ten Safety Violations for 2024

As OSHA unveils the 2024 list of its 10 most frequently cited safety violations, there are no surprises at the top once again. For the 14th consecutive year, Fall Protection came in at number one with 6,307 violations. It is far and away the most commonly cited standard following inspections of worksites for all industries. Hazard Communication was next at 2,888, followed by Ladders and Respiratory Protection.

OSHA’s 2024 Top 10 Safety Violations:

1- Fall Protection – General Requirements (1926.501) – 6,307 violations
2- Hazard Communication (1910.1200) – 2,888 violations
3- Ladders (1926.1053) – 2,573 violations
4- Respiratory Protection (1910.134) – 2,859 violations
5- Lockout/Tagout (1910.147) – 2,443 violations
6- Powered Industrial Trucks (1910.178) – 2,248 violations
7- Fall Protection – Training Requirements (1926.503) – 2,050 violations
8- Scaffolding (1926.451) – 1,873 violations
9- Personal Protective and Lifesaving Equipment – Eye and Face Protection (1926.102) – 1,814 violations
10- Machine Guarding (1910.212) – 1,541 violations

Do you need safe workplace resources like safety consultations, risk assessments, safety training webinars, or instructional videos? Contact me today. I have relationships with Risk Management consultants on how to be OSHA compliant.

-JK

November 4, 2024  

POV: The Incredible Anxiety of a Cyber Attack

As someone who helps businesses with the placement of their insurance policies and with risk management advice, this video from Travelers Insurance hits powerfully when I watch it.

I’ve experienced this exact situation first-hand at least several times. A client calls in terror because their computer network was breached. They are either shut down to a point where not a single employee can get on the network to function. Alternatively, a hacker breaches their network and steals hundreds of thousands of dollars from their accounts.

The incredible fear and anxiety it creates is off the charts. This video is a true personification of this very circumstance.

My biggest piece of advice is please don’t think that your business is invincible to these types of circumstances. This CAN happen to any business, large or small.

The most crucial step a business can take to avoid a cyber attack is to establish a robust cyber security culture. This culture should include consistent employee training. Educate all team members on cyber hygiene practices. Teach them to recognize phishing emails. Encourage them to use strong, unique passwords. Additionally, ensure they secure their devices. Human error is one of the leading causes of data breaches. Employees who are aware of and actively follow security best practices can significantly reduce the risk of an attack.

Whether you have an internal IT team managing your computer network, or utilize a MSP (Managed Service Provider), ensure they have the proper protocols in place. These protocols should mitigate breaches within your computer network.

Also, don’t overlook a cyber insurance policy. It can help manage the costs of a cyber attack with both “1st Party Coverage.” This coverage focuses on your own losses and expenses directly resulting from a cyber incident. It also includes “3rd Party Coverage” to focus on liability to third parties affected by the cyber incident. This includes legal and regulatory costs.

The cyber insurance market is competitive as of the date of this post. This means rates are low for the coverage offered. Underwriting is also relatively soft. It’s not difficult to secure a robust policy with a low annual premium.

If you have questions about the above, reach out today. You might want to know about a recommended MSP (Managed Service Provider) for your business. Or you may have questions about the cost and terms of a cyber insurance policy.

-JK

October 3, 2024  

How to Prepare for Your Workers Compensation Audit

Your Workers Compensation insurance policy premium is rated based on annual payroll. When your policy is first issued, an estimated annual payroll is used looking ahead at the next 12 months.

In most cases, it’s almost impossible to forecast what your exact payroll will be for the next twelve months. Especially with hourly employees where schedules constantly fluctuate and you have peak seasons and slow periods.

So, when you buy a workers compensation insurance policy for the first time, or are renewing for a new policy term, annual payroll estimates are used to calculate the policy premium. and at the end of the annual policy term, the insurance carrier must do a premium audit to find out what the official payroll amounts are for the prior 12 months.

Let’s face it, audits suck. It doesn’t matter what kind of audit….insurance, taxes, you name it. Can you think of any audit that doesn’t suck? Unfortunately, workers compensation policy audits are not optional, they’re required by any and all carriers.

So, how should you prepare for your Workers Compensation policy audit?

The best way to prepare is by keeping proper records and documentation throughout the policy period. An audit is conducted based on the review of correct, organized records.

Since your workers’ compensation policy is payroll based, the following documents are typically needed by the auditor:

  • Quarterly 941 tax documents/payroll registers
  • Employee information, including:
    -Names
    -States
    -Description of duties
    -Gross wages
  • Furloughed wages
  • Contracted labor
    -Certificates of insurance for subcontractors, if applicable
    -Description, location and dates of work performed
    -Amount paid for contracted labor

What can I expect?

Your audit will be conducted in one of the four methods:

  1. On-site physical
  2. Electronic/virtual physical (counts as physical by all state bureaus)
  3. Phone
  4. Mail

The method is determined based upon multiple factors, including premium, complexity and state regulations. An auditor will reach out to you after your policy expiration via phone, email or letter to give you more information.

Yes, audits suck, but unfortunately there’s no way around it. As long as you’re organized and prepared with this information, hopefully your next audit will be smooth and painless and you can put it behind until next year where you have the joy of doing it all over again.

Enjoy!

-JK

September 26, 2024  

Cyber Risks Lead 2024 Business Concerns in Travelers Survey

For 11 years, Travelers has posted an annual Risk Index. The Risk Index is a survey that looks at the top concerns of U.S. businesses, and how they manage them.

Their 2024 survey takes a deep dive into the top concerns of U.S. business leaders from small, medium and large businesses across a wide range of industries.

Some of these risks involve well-known issues, like rising medical costs, broad economic uncertainty, and the ability to attract and retain talent.

Cyber risks are the #1 business concern in 2024 per the survey. 62% of the 1,200 or so respondents cited cyber as a top concern.

Cyber ranked higher as a concern than medical cost inflation (59%), increasing employee benefits costs (59%), broad economic uncertainty (59%), and the ability to attract and retain talent (54%). Medical cost inflation was the highest concern last year.

I included a link to the 2024 Risk Index above but here’s the LINK again for reference.

If you have questions about cyber insurance coverage or would like to see what the cost would be for a cyber insurance policy for your company, please contact me to discuss.

-JK

September 19, 2024  

Build Your Injury and Illness Prevention Program: Easy Tool for California Employers

All California employers are required to create an Injury and Illness Prevention Program (IIPP) that’s tailored to their business and accessible to all employees.

The State Compensation Insurance Fund offers a no-cost, easy-to-use Injury and Illness Prevention Program IIPP Builder℠. Also, to make it easier for companies with Spanish-speaking employees, this is now available in Spanish too.

The tool is available to all California businesses, regardless of whether they are a State Fund policyholder. It’s easy to switch between English and Spanish, and offering a program in the preferred language of Spanish-speaking employees can help business owners create a culture of safety in their workplace, reduce the risk of injuries, and promote healthy practices.

I provided the links above, but to create an IIPP in English or Spanish, visit www.SafeAtWorkCA.com, then simply create an account and follow the prompts to build and save a customized program.

State Compensation Insurance Fund policyholders can log in to create and save their Injury and Illness Prevention Program then return to revise, update, or translate it whenever they need to.

Of course, building your own IIPP isn’t ideal for all businesses. Some are more complex and need the help of a dedicated safety consultant.

If your business needs help building a tailored Injury and Illness Prevention Program, contact me for resources and referrals to help with this. I have many.

-JK

August 28, 2024  

First Year Workers Account for 40% of Workers Compensation Claims

Workers who have been employed for less than a year are responsible for almost 40 percent of all workers’ compensation claims – according to the Workers’ Compensation Insurance Rating Bureau of California (WCIRB). This is staggering if you ask me. 40%?!!

There are many reasons that can lead to this statistic. Employee inexperience, unfamiliarity with workplace hazards and insufficient training to name a few.

The good news is, there was ways to help you ensure the safety of your new employees, preparing them properly for the workplace, preventing incidents and lowering claims.

Here are 7 proactive steps you can take to ensure the safety of your new employees. Actually, for ALL employees, but the emphasis here is the new employees who statistically show to be at higher risk:

1 – Comprehensive Onboarding and Training

Implement thorough onboarding programs that include detailed safety training. Make sure new employees are well-versed in workplace hazards, proper equipment use, and emergency procedures.

2 – Mentorship Programs

Create a supportive environment by pairing new employees with experienced mentors. These mentors can guide them through the job’s safety aspects and offer ongoing support, making them feel less isolated and more confident in their roles.

3 – Safety Culture Promotion

Foster a strong safety culture where employees feel comfortable reporting hazards and unsafe conditions without fear of retaliation

4 – Regular Safety Audits

Conduct regular safety audits and risk assessments to find and address potential hazards that affect new workers.

5 – Ergonomic Assessments

Make sure workstations and tasks are ergonomically designed to reduce strain and prevent injuries, particularly in industries like construction and restaurants where physical strain is common.

6 – Clear Communication

Keep open lines of communication about safety expectations and procedures. Encourage employees to ask questions and seek clarification on safety matters.

7- Adjust Workloads

Gradually increase the complexity and intensity of tasks assigned to new employees to allow them to build experience and confidence without overwhelming them

Proactively implementing these strategies significantly contributes to a safer work environment, reducing injuries among first-year employees and showing your commitment to their well-being.

But I want to emphasize, make sure you’re focusing on the safety and wellbeing of ALL employees. This creates a safe, positive work environment that can save a ton on operational costs by keeping your Experience Modification Rating DOWN.

I’m here to help!
if you have any questions or concerns, please contact me at jkinmartin@olsonduncan.com

Thanks for reading

-JK

« Older Posts
Newer Posts »