­Whatever your license type—life or health insurance, securities broker, registered investment advisor, property-casualty agent, or real estate broker owner—cybersecurity should top your list of risk-management concerns. As recent news has repeatedly shown, financial professionals of all stripes face increasing cyber risks. And those who continue doing business as usual are setting themselves up for potentially catastrophic outcomes.

­The good news is agents and advisors have two powerful avenues of self-defense: insurance and security best practices.

Now, if  you thought E&O insurance didn’t protect against cyberattacks, you’re not alone. Many financial professionals assume they need dedicated cyberinsurance to receive the most comprehensive protection. And they’re correct. However, you can still receive basic coverage through your E&O insurance policy. Here’s how that works:

Today’s E&O insurance policies not only protect you against the standard risks of making a mistake or failing to do something important, they now also cover you against certain cyberrisks. For example, EOforLess’s life insurance agent E&O has a client network damage and privacy claim endorsement. This means you will have protection against plaintiff lawsuits relating to an alleged electronic infection that harms a client’s network. The loss must result from you providing covered professional services to the client. In other words, if a client picks up a computer virus (and sustains a financial loss as a result) from having accessed your computer network, your E&O policy can indemnify that person or entity within the limits and definitions of your policy (and the specific wording of its network endorsement). However, it’s important to realize that standalone cyberinsurance offers much more comprehensive protection.

What about common-sense security practices? Actually, implementing a surprisingly short list of measures can go a long way toward keeping you and your clients safe. Here are some of the best measures to implement:

    1. Threat awareness. Part of having secure computers and networks is being aware of the threats you face. To this end, follow industry trade publications to stay current on the cyberattacks and breaches financial entities have suffered recently. Also, visit the Financial Services Information Sharing and Analysis Center to learn more about recent incidents.
    2. Secure passwords. Even in this day and age, a surprising number of people still have poor password hygiene. They use their names and birthdays, rely on simplistic words and phrases, and fail to lock down their passwords against prying eyes and thieving hands. By mandating the use of a password management application, you can vastly augment your firm’s cybersecurity. Such apps simply ask you and your staff to remember one master password. Then through an Internet browser extension, they automatically serve up longer, more complex passwords when you visit websites. This means you’ll no longer need to know or save potentially hundreds of passwords.
    3. Multi-factor authentication (MFA). MFA is a security approach that depends on two or more methods of authenticating a user’s identity before allowing a log-in or other transaction. It typically combines what the user knows (i.e., a password), what the user has (a security token or code), and what the user is (biometric verification as in a smartphone’s built-in fingerprint reader). Having multiple security layers makes it harder for intruders to break into a device or network, since they need to have not only your password, but also your token device and biometric data.
    4. Security best practices. A large number of cyberbreaches occur due to employees’ unsafe computing practices. For example, they often fall prey to e-mail phishing attacks in which they clink on a URL within an email. This then infects their computer with a virus or other code that can lead to unauthorized break-ins. Even worse, online criminals now use increasingly plausible approaches to dupe employees into clicking on malicious links. Solution? Constant employee training on security awareness and best defensive practices.
    5. Data encryption. Make it your business to learn how to encrypt all client data before sending it over e-mail or via other channels. This is a critical element for safeguarding business and customer data.
    6. Destroy old hardware. If you are disposing of obsolete computers or other devices, make sure to magnetically erase the equipment. Otherwise, criminals may find a way to access the data on the computers or devices and use it to perpetrate a breach to your current hardware and networks.
    7. Install  software patches (updates). As the latest cyberattacks are foiled, computer and system vendors typically update their software to fix bugs and close back doors that lead to breaches. However, if you don’t take advantage of those updates, your data will remain susceptible to attack.

The point is this: Cybersecurity is no longer the province of information technology (IT) professionals. Insurance and financial advisors need to stay abreast of the latest threats and adopt protective measures as soon as possible. By keeping informed, adopting best practices, and relying on their E&O and cyberinsurance policies as backstops, they should be well protected against potentially devastating cyberattacks. Good luck!

Would you prefer to spend time and money on growing your business or on protecting it? We thought so. And that’s because it’s human nature to focus on positive things and to avoid dealing with problems.

Yet preventing bad outcomes from harming your business can have as large a beneficial impact as launching a shiny new marketing program or buying new computer equipment or furniture.

In fact, spending money on E&O insurance may spell the difference between your company surviving a nasty client lawsuit or succumbing to it. But if you fail to buy E&O insurance and get sued, you’ll have the aggravation of hiring and paying for your own attorney and then paying for any settlements or judgments out of pocket.

So how to best avoid E&O lawsuits? By scrubbing your sales process of high-risk behaviors. This checklist shows you where to focus your mitigation efforts.

  • Only purchase sales leads from marketing firms that use compliant practices.
  • Properly identify yourself and your products in all pre-approach solicitations.
  • Conduct comprehensive fact-finding with all prospects.
  • Use a valid profiling instrument to understand your clients’ appetite for risk.
  • Only recommend suitable insurance and investment products to clients.
  • Never misrepresent the features, benefits, fees, or penalties of a recommended product.
  • Make sure clients understand what they’re buying, both at the time of sale and at policy delivery.
  • Review every client’s changing personal circumstances on an annual basis.
  • Execute all client service requests as quickly as possible.
  • Don’t disappear during times of market volatility; make yourself available to reassure nervous clients.
  • Establish reasonable expectations regarding the benefits of owning an insurance or investment product.
  • Document in writing when a client decides not to follow one of your recommendations.
  • Build a relationship with your clients’ children so they understand the nature of the work you do with their parents.
  • Memorialize in the client file all key plans and implementation steps.
  • Stay within your area of expertise; refer “outside” product sales to highly skilled third parties.
  • Do your own due diligence on product or insurance/investment firms before recommending them to clients.
  • Standardize your office policies and procedures, train your staff on them, and have printed copies on file.
  • Have a process for documenting and responding to client complaints.
  • Stay on top of regulatory and rule changes affecting your business.
  • Adopt a defense posture in every facet of your business; try to anticipate problems and eliminate risks whenever possible.

Independent Agency Owners Must Give Themselves High E&O Priority

As the owner of an independent insurance agency, you know how important it is to help your clients assess and mitigate their business risks. In fact, you’ve probably focused your entire career on meeting those dual challenges. But what about your own agency’s risks? Do you spend as much time on those as you do reducing client risks?

Granted, helping clients manage their risks is what you do for a living; it’s how you get paid, after all. But you should also find time in your schedule to reduce your own loss exposures. Not only is completing an E&O risk assessment crucial, so is the process of buying E&O insurance. Plus, once you have E&O insurance in force, it’s important to periodically re-assess your risks and to make sure your E&O insurance is still up to the task of keeping your agency safe.

In other words, independent insurance agents should not succumb to what is popularly known as “shoemaker’s children syndrome”—the tendency of successful cobblers years ago to allow their children to go shoeless. If you recognize yourself here, don’t worry . . . you’re not alone. High-performing insurance agencies and their owners clearly must focus on the tasks that generate new and renewal revenue. And with only so many hours in each day, it’s understandable they allocate the lion’s share of their time to activities that grow their businesses. For example, the best general agents have a relentless focus on client-facing activities such as:

Assessing risks by engaging in careful risk audits
• Matching risks with appropriate types of property & casualty insurance
• Helping clients select sufficient coverage limits
• Identifying stable insurance markets that understand client needs
• Securing proposals from insurance carriers
• Helping clients evaluate competing insurers and products in order to make a wise purchase decision
• Helping clients understand what they bought and keep their coverage in force
• Periodically re-assessing client risk profiles
• Securing insurance coverage for new risks and updating coverage for existing risks

Successful independent agents will perform—and excel at—the vast majority of these tasks, if not all of them. If they don’t, their clients will find someone else with whom to do business. But do they excel at performing these activities for their own business? Perhaps not. And what about you? Do you postpone this task when client work beckons? Again, if you do, that’s fine. But recognize that the longer you put off addressing your own E&O exposures, the more likely you will suffer a crippling E&O loss. Is that what you want for your business?

What’s more, don’t think for a minute that getting sued only happens to other agency owners. According to Insurance Journal’s 2016 Agency E&O Survey, 22.3 percent of general agents had an E&O insurance claim in the past five years, 10.7 percent had one six to ten years ago, and 17.8 percent had a claim more than 10 years ago. In all, more than half of all general agents (50.8 percent) had suffered an E&O claim in the past.

Fortunately, the survey also found that 83.5 percent of agency owners purchase E&O insurance to protect their firm’s assets. However, many aren’t adequately evaluating their E&O exposures before the sale, matching those exposures to a suitable E&O policy with sufficient limits, and then reassessing everything periodically in the future.

How to Defeat Cobbler’s Syndrome

If your agency suffers from “cobbler’s syndrome,” what should you do about it? Here are some ideas to consider:

First, admit you have a problem. Facing up to the fact you’ve been neglecting your financial security will be your first step toward getting your risk exposures under control. Not admitting it means you will be trapped in self-defeating behavior that jeopardizes everything you’ve worked for.

Second, don’t beat yourself up over past omissions. What’s done is done. The important thing is to get your agency’s risk factors under control as quickly as possible.

Third, recognize that dealing with client needs will always trump addressing your own needs. That’s just the nature of the beast. The solution is to manage your time more efficiently so you can address not only your clients’ problems, but also your own.

Fourth, do an action plan for E&O risk mitigation. Break down the process into its component steps, and then get those steps on the calendar. As the old truism suggests, when it comes to achieving important goals, you need to plan the work and work the plan. Once you know what needs to get done, get those steps on the calendar and focus relentlessly on completing them.

Fifth, don’t rush the process of E&O risk analysis and insurance policy selection. Be really deliberate when it comes to these decisions because making a mistake could expose your agency to potentially fatal losses.

Sixth, do your due diligence on E&O insurance policies or group certificates from several providers. A key aspect of this process: the degree to which E&O marketing/admin firms and E&O underwriters specialize in agencies such as yours, as well as their ability to quickly investigate and pay E&O claims. Obviously, the insurer solvency ratings should be solid as well—at least a B+ from A.M. Best and ideally higher.

Finally, don’t underestimate the convenience of buying E&O insurance online from a firm such as EOforLess. With your time in short supply, why waste even a minute working through traditional brokers and underwriters with their complex paper forms, multiple carrier proposals, and long wait times from application to issue? You can reallocate the time you save here to the core tasks of keeping your clients—and your agency—well protected in a dangerous world.

In short, your agency might have been like a cobbler’s child . . . lacking not shoes, but adequate E&O insurance. But past is not necessarily prologue. It’s never too late to assess your firm’s E&O insurance needs and to buy effective, comprehensive, and affordable E&O insurance online from a firm such as EOforLess. Good luck!