Ted Richmond is an insurance broker and program manager specializing in cyber liability insurance at RGS. Formed as a family business in 2007, RGS has evolved into a provider of broad cyber liability programs for various verticals servicing small businesses. In 2018, the company became part of Acrisure. In this Q&A with Ullico, Richmond talks about how cyber attacks are constantly changing and what unions can do to protect themselves from liability.

Cyber security is a field that’s always changing from one day to the next. From your perspective, what are the most recent trends? What’s happening right now?

In the past two years, there was a drastic rise in ransomware attacks, specifically against smaller and medium-size insureds. Ironically, as criminals discovered that insureds have insurance, that elevated the risk and drove up the costs. When they discover organizations have cyber insurance, they’ll see what they can get from the carrier. In some cases, they’ll pull the policy up during negotiations. So instead of asking for $5,000 or $10,000, they’ll try to get $1 million.

In the past 18 months, we’ve also seen a shift from ransomware to funds transfer fraud as the focus of claims. We think unions should put controls in place to mitigate this risk.

What risks do unions face, specifically?

I wouldn’t say unions are more targeted than any general small business. There are your high-risk classes in small business, like real estate. But a union is no better or worse than some other targets. They have the same data. If they’re transferring funds, they’re still a target.

However, unions are sometimes a prime target because they have a lot of sensitive data on their members, and they can have a lot of members. The question is, just how much of it do they have? From a Personal Identifiable Information (PII) standpoint, they have the same data that a larger enterprise will have, but not as many records.

So, criminals have a decision to make. They think, “I can breach Experian and get millions of records or go after unions and small businesses and get the same information but not as many records all at once.” Ultimately, hackers may not get as many records, but unions are potentially easier targets.

When we talk about funds transfer fraud, unions and small businesses often don’t have proper controls in place. Things can slip through the cracks more easily than they do in larger entities. They don’t have the resources to work with the banks and get the stolen money back right away. That’s why it’s crucial that unions implement risk-mitigation controls.

Speaking of controls, what are some immediate actions unions can take to protect their data and avoid wire transfer fraud?

I don’t think most controls are that difficult or costly to implement. Some are free tools. For instance, if you use Gmail as your email platform, you can use multifactor authentication (MFA) to get into your account. It’s not that difficult to set these basic controls in place. By the way, to get insurance coverage, you must have certain controls, like MFA and data back-up procedures.

To read more of these Q&As visit https://www.ullico.com/disperse-your-funds-and-other-moves-unions-can-make-to-address-cyber-risk-a-qa-with-ted-richmond/

Under some state and federal labor laws, officers and directors of labor unions can be exposed to personal liability, but must defend themselves, in certain circumstances, at their own expense. Ullico Casualty Group, LLC provides customized insurance coverage that allows union leaders to confidently perform their jobs without worrying about personal exposure. Their Union Liability policy covers the duty of fair representation, employment practices liability, financial management of the union and personal injury liability. Read the pdf below to learn more.