.nav li ul { width: 300px; }#top-menu li li a { width: 240px; }

What Business Owners Need to Know about Cybersecurity Risk During Remote Work

The COVID-19 outbreak is changing how companies operate. While it is having a profound impact on supply chains and the nature of demand, the most direct impact is the fact that most people are confined to their homes. Many companies are now working fully remote, including some that had never had remote work policies in the past.

There are many considerations around the transition to remote work. The first ones that come to most employers’ minds are generally how to maintain productivity, communication, and morale while team members are working in isolation.

But working remotely also comes with significant cybersecurity risk ramifications. Company networks are inherently spread thin and ultimately rely on employees’ home network security to keep company data safe. Many companies’ cybersecurity practices just aren’t built around remote work and they will have to adapt to keep themselves safe.

Luckily, just a few additional measures can greatly mitigate your cybersecurity risks during the COVID-19 outbreak. Let’s take a look at the risks and how to tackle them, including:

  • Why the outbreak creates openings for cyberattacks
  • How to mitigate your company’s risks
  • Protecting employees and their devices
  • Business insurance coverage for cyberattacks against remote networks

Why COVID-19 Creates Opportunities for Cyberattacks

The main reason why the COVID-19 outbreak is changing the nature of cybersecurity is that just about everyone that can is now working remotely. Instead of operating as a closed system, companies’ networks now include each employee’s home networks and devices. And a distributed network is inherently harder to protect: you can’t just throw a firewall around it. Not to mention, most existing strategies and policies are focused around protecting the company networks and do not work for distributed or bridged networks.

Employees’ home networks are the most significant gap in your cyber protections. Unfortunately, VPNs and other standard protective measures only cover communications between home devices and company networks. They do not protect the home devices themselves or home networks. That means any company data stored on the devices is much more easily compromised by cyberattacks.

But on top of the technological challenges posed by the COVID-19 outbreak, the coronavirus is also creating opportunities for successful cyberattacks that rely upon the fear, isolation, and ignorance of people amid the outbreak. Phishing attacks related to the virus have increased more than six-fold in the past month and tens of thousands of people have clicked on malicious links that used the topic of the virus as bait. As a result, the total number of hits on malicious links nearly tripled from February to March.

What this means is that your employees are simply more likely to fall victim to malware, eCommerce fraud, or other cyberattacks thanks to the COVID-19 outbreak. And when they do they may inadvertently compromise their devices and your company data.

Minimize Your Risk

Cybersecurity risk management is a multi-tiered process that starts with avoiding and defending against attacks. If that fails, then you need to mitigate the damage from successful attacks and transfer the risk away from the company. While it is always better to stop an attack from being successful in the first place, you should still have plans and processes in place to handle the situation in the case it occurs.

So, how do you stop cyberattacks from compromising your remote work operations? The first step is to implement strong endpoint protection on all employee devices that will be used for work. Endpoint protection software is a bit like antivirus software evolved and takes a more comprehensive and proactive approach to threat prevention, detection, and defense.

Next, you need to educate employees and set standards for their home networks. Employees should use networks secured by a strong and unique password. Then, you should make sure that only authorized IP addresses can access your data and networks. IP blacklists, multi-factor identification, and identity management solutions can go a long way towards protecting your data during the outbreak. Finally, make sure that all of your standard protection measures are also in place and up-to-date. This includes VPNs and firewalls that protect your company networks from any attacks.

But if these measures fail, it’s time to mitigate the damage. That means implementing effective intrusion detection to discover a breach and start addressing it as quickly as possible. Ideally, these systems will tell you not just that there has been a breach but what systems were accessed. That can help you diagnose the damage and formulate your response. Another option is a managed detection and response system that combines software with hands-on attention from security experts for added protection.

It is just as important to minimize disruption to your systems and workflow. Many attacks try to damage or destroy data not just steal it. So, regularly back up all data in multiple locations to ensure that you don’t lose anything.

Finally, transfer the risks through business insurance coverage. As we’ll explore in detail later in this post, your business insurance will likely cover the damage from a successful cyberattack even if the attack was against an employee’s device or happened while the employee was working remotely.

Protect Your Employees

As we discussed earlier, remote work is not the only driver of cybercrime during the COVID-19 outbreak. Most attacks have to do with the virus itself, using outbreak-related lures to get people to click malicious links or even taking advantage of CARES Act stimulus payments to steal information and money from susceptible businesses.

While many of these attacks will target the individuals themselves – trying to gain access to their bank accounts or vital identity information – employers should still do everything they can to protect employees from falling victim to such attacks. Not only is it the right thing to do to take care of your team members, but the attacks can also compromise employees’ work devices and present cybersecurity risks. Just because an attacker planned to go after an employee’s bank account doesn’t mean that won’t pick up some valuable company data along the way, especially if it is low-hanging fruit.

So what can you do to protect your employees? In addition to providing powerful antivirus software, you need to educate and reassure. COVID-19 cyber-attacks feed on fear, isolation, and misinformation. Providing support and correct information about both the COVID-19 outbreak and common scams is the best countermeasure once your technology solutions are all sound and in place.

Work with your IT team, business insurance broker, HR consultants, and any other stakeholders to put together resources to inform employees about how to identify possible scams or malware attacks, and what to do if they think they may have clicked a malicious link or compromised their device. And work with your HR advisor to create outbreak-related resources that will fill the COVID-19 information gap so that employees are less likely to click the links in the first place. Finally, do everything that you can to minimize fear and isolation by keeping employees connected, engaged, and healthy in mind and body during the quarantine. Not only will this help minimize cybersecurity risks, but it will help your remote team work more effectively as well.

Know Your Business Insurance Coverage

If things do go wrong, will your business insurance protect you from the damages?

By and large, the answer is yes. There are several “triggers” that will cause your business insurance to kick in and which apply in the case of a cybersecurity breach from a remote employee.

A privacy insuring agreement may cover any damages if the attack results in the following privacy triggers. First, illegal access to company information is likely covered because your company will have been the victim of a crime. Secondly, if company information is compromised due to a cyberattack on an employee’s device that may count as violating an NDA, a common privacy trigger in business insurance policies.

But a security insuring agreement will often also apply. When someone is working from home, their computer and network will generally count as the company’s computer and network and thus be covered if attacked. This is especially true if they use a company device while working from home.

Keep in mind, though, that some insurers require a formal “Bring Your Own Device” policy with employees for them to cover the damages. This policy needs to outline safety measures and proper conduct that employees have to follow when using their device. So it is a good idea to have your employees sign such an agreement now that they are working remotely.

When in doubt, ask your insurer and business insurance broker about your cyber insurance to find out the details of your coverage. But if you have the correct policies in place, there is a good chance that you will be covered if your security measures fail.

Key Takeaways

There are many considerations when it comes to protecting company data, networks, and devices during the COVID-19 outbreak. Hopefully this article has given you a solid roadmap to start formulating your defense strategy and helped you figure out the right questions to ask your IT and business insurance providers. Just remember:

  • Remote work means a distributed network for added security risks and possible entry points for attacks
  • The outbreak has many people scared and looking for help, creating opportunities for attacks
  • Educating employees about proper security measures, real information about the outbreak, and how to avoid falling victim to cybercrime goes a long way to protecting their data and the company’s data
  • IT considerations to protect against cyberattacks during the outbreak include endpoint protection, intrusion detection, regular backups, home network security, and up-to-date antivirus, firewalls, and VPNs
  • Working with your business insurance broker to ensure you have the correct cyber liability policies in place is crucial during this time

Preparing to Go Back to Work Safely after Quarantines are Lifted

At some point, the quarantine will end and companies will start getting back to business. However, it’s unlikely this return will be “business as usual,” but will instead have to factor in the new nuances COVID-19 has brought about. How we handle going back to work will have a big impact on whether we rid ourselves of COVID-19 for good or if we see the coronavirus come back for new mass infections, as the Spanish Flu did a century ago.

As employers, we have an enormous responsibility to get our team members back to work as safely as possible. Rushing head-on as if nothing has changed since before the virus reached our shores is a surefire way to end up with another quarantine and many sick employees. So you have to plan TODAY for how you are going to reopen your business.

There is no proven formula for how to go back to work safely after COVID-19 has receded. As a world, we’ve never gone through anything quite like this before. But many people are thinking about how to work safely in a post-COVID-19 world and you do not have to reinvent the wheel to keep your team safe. In this post we’ll explore some of the main ideas out there about how to get back to business responsibly, including:

  • Why it’s so important that you create a back-to-work plan today
  • How to go back to business safely
  • Long-term strategies to protect your team, business, and community

Why You Should Create a Back-to-Work Plan Today

If quarantines were lifted tomorrow and the CDC announced that the virus had been contained, do you know how you would begin bringing employees back into the office?

Given the rapidly evolving nature of the COVID-19 situation, there’s a good chance your answer is “no.” That’s why it is never too soon to start creating a back-to-work plan. You just can’t wait until things open up to create your plan: you have to be ready to hit the ground running as soon as you get the go-ahead.

But what if you didn’t put any particular plan into action? If the government says that it is safe to go back to work, what’s the risk?It’s highly unlikely the virus will be eradicated based on the current sporadic isolation orders, so there will still be people with the virus within the community. If you throw caution to the wind and jump right back into business as usual and one of those people is on your team, your entire company could potentially become infected. You can see how this could potentially snowball into another full-fledge outbreak, which would mean shutting down your office entirely once again.

For our own sake and everyone in our communities, we need to proceed cautiously and intelligently even after authorities say that it is okay to start getting back to business.

How to Go Back to Business Safely

Businesses must become an active participant in the effort to expand testing for COVID-19 and its antibodies. From looking at countries such as Singapore and South Korea that managed to control the outbreak, the key to stopping the spread of the disease once the quarantine is lifted and people go back to work is consistent and readily available testing, coupled with “contact tracing” – tracking interactions to identify people who might have been exposed. While the US is not necessarily set up to implement the kind of regimented, centralized testing and contact tracing system that Singapore used to great effect, employers can implement similar systems in their offices. Namely, through testing and keeping track of employee interactions such as meetings in order to isolate employees who may have been exposed if an employee tests positive.

There are many tests being developed and employers will have to work with their brokers and insurers to get the tests their team needs. The US is working to make testing more available, so it’s likely by the time your employees are coming back into work the tests may be much more widely available. Once you acquire the tests, you will have to decide on a testing cadence, testing your team as frequently as necessary without becoming overly burdensome. You can also use screenings such as temperature readings to identify candidates for testing. And don’t forget to test for antibodies as well as infections: it can be almost as useful to know who is already immune as it is to identify employees who might be carriers of the virus.

Another key consideration in your plan is determining how you will know when it’s time to get back to work. Currently, most organizations are in a waiting pattern to see when the quarantine will be lifted. Now is the time to be developing your return to work plan, and process which may includeleveraging recommendations from a range of trusted authorities and even employee feedback.

Once you determine that it is time to bring employees back into work, you need to make sure that they are doing it safely. This will make up the bulk of your back-to-work plan.One key best practice to keep in mind is to minimize the number of employees who are in the workplace at once. There are two main ways to do this: slowly phase employees back into the office and stagger employees’ schedules.

Instead of abruptly having everyone come back into the office, slowly have employees come back in based on how important it is that they work from the office. That way, you keep occupancy (and thus the risk of infection) down while simultaneously reducing the number of people who will get exposed if someone does come to work with the virus.

Also keep in mind that all of your employees do not have to come into the office at the same time. By staggering schedules, you can allow everyone to spend some time in the office but still keep occupancy down. For example, you can have different teams come in on alternating days so that people are in the office with their main collaborators while minimizing their risk. And staggered schedules do not just have to be by day. You can also modify employees’ daily hours, to the extent they feel comfortable with, so that everyone is not arriving to and leaving from the office at the same time.Once you decide who will be in the office and when, then it is time to establish office safety precautions.

Firstly, you should do everything in your power to prevent employees from coming into work if they are sick or have been exposed to the virus. The easiest strategy you can leverage to diminish sick individuals from coming into the office is to maintain a flexible work-from-home policy and encourage employees to stay at home whenever they feel under the weather or think that they have been exposed to the virus.

But you also cannot solely rely on your employees to self-report illness or exposure. While it might sound extreme, you should consider conducting daily health screenings before employees are allowed to start their shifts or workdays. Work with a third party vendor that provides health professionals to take employees temperatures at the door and conduct questionnaires to determine their level of risk of exposure. And if an employee seems ill, either send them home to work remotely or refer them to additional screening or treatment.

Another top priority should be to implement and enforce social distancing protocols. Just because employees can come into the office again does not mean that they shouldn’t limit their interactions. Encourage your employees to avoid close contact by issuing distancing guidelines and limiting occupancy for elevators, meeting rooms, and common areas. And if necessary, redesign your office to create distance or physical barriers between desks (the gold standard being recommended is 6-feet of space between individuals at all times).

Finally, you have to maintain a clean work environment and supply plenty of protective equipment. This means intensifying your daily cleaning, potentially adding mid-day cleanings or daily UV-sanitation to eliminate any traces of the virus. Pay particular attention to common areas and high-risk surfaces such as phones and doorknobs. Provide masks and gloves to frontline workers who might interact with people outside of the office and provide alcohol based hand sanitizer wherever possible. In particular, place touch-free hand sanitizer stations at the entrances to any common areas and meeting spaces so employees can easily sanitize before interacting with each other.

You may well want to adopt additional safety protocols unique to your business and its needs. But these steps should go a long way towards ensuring that your team can get back to work safely, with minimal disruptions to your business.

Thinking Long Term

It would be nice to think that we could go back to working the way we did before the outbreak, after an initial period of caution. But the fact of the matter is that COVID-19 will have a lasting impact on how we work and do business in the future. And it is well worth your time to consider how you can adapt in the long-term to prevent your business from getting disrupted by another outbreak.

As difficult as it might sound, you may well want to rethink the physical layout of your office post-COVID-19 outbreak. While open offices have been all the rage for years, they don’t do a good job of protecting employees from sick coworkers. Many employers may end up adding space and divisions between desks, and positioning employees so that they work back-to-back rather than next-to or facing each other. You may also want to add infrastructure that facilitates remote collaboration, including videoconferencing equipment in meeting rooms and enhanced call booths for individual employees to work one-on-one with a remote employee. You should also consider making at least some social distancing protocols standard practice moving forward, along with intensive cleaning and extensive hand sanitizer stations.

Probably the biggest long-term impact that the COVID-19 outbreak will have on businesses is the expanded role of remote work. Many employers who were resistant to remote work will be much more open to the idea now that they’ve been forced to implement it. But even companies that accepted remote work will likely continue to expand it further. Whichever category you fall into, you should consider making remote work a fact of life at your company going forward. Depending on your business, you could even use it to replace the office entirely and cut your costs as well as your risk. Assuming you still see value in maintaining an office or need a physical office space, you can use remote work to augment your sick leave so that employees never come in if they are not feeling 100% well. Letting employees work from home without questioning their motives will help you avoid an office outbreak, whether it’s COVID-19 or a different illness.

Finally, employers should plan to be part of the vaccine distribution effort that keeps COVID-19 from coming back for good. Public health resources are going to be overwhelmed trying to provide both vaccines and medical care that was delayed because of the virus. You should work with your benefits broker, insurer, and providers to help your team members get the vaccine as soon as it is available. If you can get the vaccine administered in your office, even better. And don’t forget to provide the vaccine to employees’ immediate families as well.

Key Takeaways

Getting back to business after COVID-19 is a daunting task. Business owners and HR professionals are going to have to balance a wide range of considerations to ensure a safe and productive workplace. Remember these key takeaways and you will be a long way towards making sure that your team can get back to work as safely as possible:

  • Listen to trusted authorities, your employees, and your gut when it comes to deciding when to open your offices back up
  • Try to minimize the number of employees in the workplace, especially to start out
  • Protect your employees through health screenings, social distancing guidelines and protocols, intensive cleaning, and protective equipment including hand sanitizer
  • Remote work is an invaluable tool even once the quarantine is lifted
  • Consider your long-term strategy to limit the risk of an outbreak, including redesigning your office and leveraging remote work and social distancing
  • Develop a plan to get your employees and their families vaccinated as quickly and easily as possible as soon as a vaccine is available

Most importantly of all, don’t do it alone when it comes to developing your back-to-work plan. You should bring in experts on workplace safety, employee healthcare, and human resources to help you keep your team safe.

What Employers Need to Know About OSHA and COVID-19

The COVID-19 outbreak presents a many challenges for business owners, executives, and HR professionals. Keeping business running smoothly amid dwindling demand, supply-line disruptions, and quarantines is no easy task. An on top of these considerations, you also have to ensure the safety of employees and put in place procedures to prevent them from becoming infected with COVID-19.

And while keeping your employees healthy is the right thing to do both morally and for long-term morale and productivity, it is also important from a compliance perspective. You don’t want to add an OSHA violation to the many concerns you’re dealing with during these challenging times. And OSHA has issued new recommendations regarding the outbreak.

That being said, there are simple steps you can take to ensure compliance and safety for all employees. You just need to follow some straightforward, common-sense best practices and implement some additional safety precautions. Let’s take a look at how you can follow OSHA guidelines to keep your team and your business safe during the COVID-19 outbreak, including:

  • Categorizing staff
  • Developing safety protocols
  • Maintaining a safe workplace
  • Educating employees on best practices
  • Identifying and handling exposure

Categorizing Staff

The first step that you should take to protect employees and ensure OSHA compliance is to categorize your team members to organize your workplace safety initiatives. Essentially, you need to figure out who needs to be protected and in which ways.

First off, divide your team into remote-capable and non-remote workers. During the COVID-19 outbreak, whether your area has issued quarantine orders or not, working from home is the best workplace safety policy. It does the most effective job of minimizing employees’ risk of exposure and eliminates nearly every OSHA concern you may have. So everyone who can work from home absolutely should.

But what about those who can’t work from home? Well, here’s where it gets a little trickier. You may have to decide who among them counts as essential staff: employees who need to be working even if they cannot work from home. Your goal should be to have as few people in the workplace as you possibly can while keeping your business functioning. You can approach this in a few ways. For example, you can reduce your workforce through layoffs or furloughs.

Alternatively, you can have employees work partial schedules so someone is always holding down the fort while limiting each employee’s risk of infection. Depending on your resources, you can do this for the same or reduced pay. This method divides positions rather than employees between essential or non-essential. Identify what workforce you need in the office every day and then modify the schedule to maintain that workforce while thinning out the individual risk as much as possible.

Finally, determine the risk levels for your essential staff or positions. This will help you structure your safety precautions. For example, stockroom workers or BOH team members won’t need as much protection as those working the registers or making deliveries. Or it might be the case that your entire workforce falls under OSHA’s definition of high exposure risk or very high exposure risk, generally reserved for healthcare or morgue workers. Whether subdividing your workforce or assessing your team’s general status, it’s important to know the real level of risk so that you can adopt the appropriate safety measures.

Developing Safety Protocols

The next step is to develop your safety protocols. You need a clear plan and strategy around these protocols in order to ensure compliance. So, you should decide what your plan will be for maintaining safety standards and handling exposure as soon as possible.

We’ll explore what those plans should look like in the next couple of sections, but we can’t emphasize enough how important it is that you start planningimmediately if you haven’t done so already.

Get your department heads, especially HR, executive team, and any outside consultants involved in the planning process. Contracting an HR or compliance specialist can help you develop an effective COVID-19 workplace safety and staff management plan.

Maintaining a Safe Workplace

Once you have reduced the number of employees in the workplace to the bare minimum necessary to keep things running, you have to make sure that those team members will be able to do their job safely, with the minimum possible risk of exposure. That means formulating a plan to maintain a safe workplace.

Obviously, all preexisting OSHA standards hold and you should maintain your compliance policies. But you will have to implement several new procedures to keep your team safe.

First off, you need to keep the workplace as clean as possible to eliminate the virus if anyone brings it in. That means regularly cleaning and disinfecting all workspaces, equipment, and commonly touched areas. Kitchens and bathrooms, phones and registers, desks and board tables should all be sanitized regularly using EPA approved cleaning solutions that are proven to eliminate coronavirus. Also, provide proper sanitation materials for your employees including alcohol based hand sanitizer, especially for frontline staff.

Next, ensure that your workplace is a closed system to the best of your ability. If you have control over what comes into the workplace it will be much easier to prevent potential COVID-19 exposure. That means limiting customer and partner access to the workplace. If you run a physical shop or restaurant of any kind, take steps to minimize the number of clients who can be inside at a time and outline approved areas for them to enter. Even better, switch to a curbside pickup or delivery model. The same goes for internal movement: do your best to keep high-risk employees away from lower-risk employees. For example, cashiers shouldn’t enter the stockroom. And all employees should minimize their interactions. Meetings should be transitioned to phone calls or video chats whenever possible.

Finally, provide employees with the personal protection equipment that is appropriate for their risk level. Frontline workers should have masks and gloves but BOH may or may not need these items, depending on local guidelines and community spread within the area your team works. You should review OSHA guidelines and talk to your leadership to determine what equipment each of your employees needs, but it is important to remember that needs will vary depending on risk levels.

Educating Employees on Best Practices

One of the most nerve-wracking aspects of workplace safety and compliance is the fact that at the end of the day, your protective measures are only as good as your employees’ compliance. And with the COVID-19 outbreak, stakes are higher than ever. If employees don’t take the outbreak seriously and instead cut corners, they could put the entire workforce at risk. That, in turn, can cripple your business’s ability to function at a time when it is already on thin ice.

You cannot entirely control employee behavior. But what you can do is make sure that they know exactly what they should be doing and what the consequences will be if they fail to abide by new and existing guidelines and procedures.

That means educating them on best practices, including:

  • Properly covering coughing or sneezing
  • Avoiding touching their faces & washing their hands if they do
  • Regular hand-washing using proper procedures (20+ seconds)
  • Not touching other employees’ equipment
  • Reporting any safety or health concerns, especially regarding COVID-19

This last best practice deserves some more attention. You need employees to be extremely proactive when it comes to informing you of any potential risks. That includes potential exposure outside of the workplace, coworker failure to follow procedures, and symptoms that employees notice in themselves, customers, or coworkers. The sooner you catch any risks the safer your team will be. Emphasize the importance of communicating any concerns and consider implementing policies that protect people who report any issues.

Identifying and Handling Exposure

Finally, you need to figure out how you will identify whether an employee has been exposed or infected and how you will handle the situation.

It’s a true nightmare scenario: you’ve done all you can to protect your team members but now one of them has been exposed to the virus or seems to have COVID-19. What do you do?

Unfortunately, to echo many public health officials around the world, it’s probably not a matter of if, but when. Don’t avoid creating a game plan out of self-confidence, denial, or fear. Imagine you found out that employees would start showing up to work with the virus next week. Now how do you respond?

Well, the good news is that we’ve put together a handy checklist of steps to take when you confirm an employee is positive for COVID-19 or has been exposed.

But, generally speaking, here are the steps that you should plan to take:

  • Work with the employee to plan next steps: remote from work, sick leave, etc
  • Find out who the employee might have infected by talking to them about their recent exposure
  • Immediately complete a deep-clean of effected spaces
  • Inform employees of potential exposure and reeducate them about best practices
  • Monitor workforce for signs of an outbreak
  • Set terms and create a plan for affected employee’s return to work-from-home

Key Takeaways

Maintaining a safe workplace and OSHA compliance amid the COVID-19 outbreak can be an intimidating task. But it also is not as difficult as it sounds, even though the stakes are so high. Just remember to:

  • Determine who needs to be in the office and take steps to keep everyone else at home
  • Figure out the level of risk for each employee or role and establish safety precautions for each
  • Implement stringent cleaning measures to disinfect the workplace regularly, focusing on high-risk areas
  • Educate employees on best practices to protect themselves and each other
  • Develop policies for managing employee infection or exposure including determining who else may have been exposed, warning other team members, redoubling safety precautions, and planning for the affected employee’s transition away from the workplace and their return to the workplace

Launchways Goes Above & Beyond for Business Insurance Clients

Launchways specializes in providing growing businesses with the human resources, employee benefits, and business insurance services they require to maximize profits, foster buy-in among their workforce, and build a culture of overall excellence.

Business insurance is a crucially important piece of the puzzle for any organization, but we find it’s often the part that business owners take for granted. There’s a strong preconception out there that insurance is simply “the price of doing business;” that it’s a loss you need to accept to cover your risks.

At Launchways, we take a different approach to business insurance. When you fully understand the risks and hazards inherent in whatever it is you do and work with a broker dedicated to maximizing your economies of scale, insurance becomes an opportunity to improve both the day-to-day experience and overall bottomline of your business. 

In this post we’ll explore:

  • How Launchways approaches business insurance offerings
  • Why Launchways’ blend of consultative & management services sets us apart from the crowd
  • A real-world example of Launchways’ impactful approach to insurance in action

The Launchways Approach

Launchways didn’t become a highly respected brokerage in Chicago by simply selling people policies. We got where we are by providing businesses with the knowledge, mindsets, skills, and solutions they require to take the next big step in terms of efficiency and business success.

We provide a balance of empowering consultation (to strengthen your business from within) and managed services (to support your business from the outside). Let’s dive into some of the specific ways we help businesses improve their approach to business insurance.

Our Business Insurance Consultation Services

At Launchways, we take pride in the fact that we provide personalized consultative services to each and every client with the goal of increasing awareness of and literacy in the evolving challenges of business insurance and risk management. Here’s a sampling of the consultative services we offer to help business make the most of their insurance investments:

Mock OSHA audit

We carry out a full assessment of your business and workspaces, teaching you how to think like an OSHA inspector, modernize safety practices, and work with a complete understanding of regulatory guidelines.

Existing written safety program analysis

If your business is more than a few years old, there’s a chance that nobody within the organization clearly understands what your written safety programs and policies say or mean. We help you understand what your current policies entail, whether they are sufficient, and what changes or modernizations need to be made. 

Workers compensation claims analysis by type of injury

We take a look at your WC claims history and break down your claims by injury type to identify areas of need and opportunities for improved safety procedures, training, etc. with an eye towards overall WC claim reduction.

Review of 3rd party contracts for alignment with your existing insurance policies

Do all your contracts address insurance in a way that’s consistent with and fully backed by your existing coverage? As time passes from your initial purchase date and personnel change in and out, businesses can unintentionally drift away from the safety of their insurance coverage. Identifying and closing these gaps is crucial to preventing losses.

Identifying & quantifying business interruption exposures

Understanding your areas of vulnerability and exposure is critical to preventing business interruptions. We help you deepen your knowledge of your exposures, strengthen your plans to prevent or fight them, and provide a second set of eyes to help you identify potential issues you haven’t anticipated.

Risk assessment analysis and score

In order to truly understand safety and see the path toward business insurance savings, your organization needs to be great at risk assessment – there’s no way around it. Our team has ten years of experience assessing organizations’ current approach to risk assessment and making recommendations for profit-protecting improvements.

Our Business Insurance Management Services

Launchways clients don’t just get great consultative services to improve their planning and overall approach, they also get the end-to-end support of one of Chicago’s best business insurance brokerages. 

Here are a few examples of some of the practical insurance management services we offer:


Claims advocacy on all open claims

Once we’ve established a relationship with a business, we do everything in our power to protect them during claims and guarantee the overall health of their organization into the future. We help businesses maintain the speed and fairness of the claims process and pick up the slack on the insurance end to enable business leaders to focus on continuous operations.


Loss trend analysis

As we get to know you better, we continually look for opportunities to strengthen your approach. One way we do that is through data study and readouts that show safety weakness areas and suggest steps to address both frequency and severity of losses.

Premium projections based on current loss trends

One of the most frustrating parts of the business insurance dance is not knowing how your costs will change until your renewal packet arrives. Launchways works hand-in-hand with our clients throughout the year to analyze ongoing losses and provide real-time projections of what to expect next year and into the future in terms of premium rate adjustments.


We serve as your risk management expert

With many years in the insurance, HR, and employee benefits space, we’ve built a strong understanding of which risk, human capital, and business insurance moves are most impactful and best support scalable growth. We are always here for our clients as their trusted advisor to share best practices that will help support their business’ growth.

Case Study: How Launchways Built Value for Spice House

After 60 years in business, specialty food giant Spice House was acquired by a private equity firm in 2017. When that ownership change occurred, the company was non-renewed by its insurance provider, who was wary of the new owners’ aggressive expansion plan.

Looking for a provider who understood their growth objectives and believed in their ability to succeed with a calculated risk, Spice House partnered with Launchways to get the business insurance they needed to continue their expansion with minimal interruptions. 

Not long after, a maintenance accident by a third-party contractor resulted in a fire that damaged Spice House’s building and destroyed a tremendous amount of their product stock. The result was a massive, complex insurance claim that Spice House’s internal team simply couldn’t manage without scrapping their planned growth initiatives.

That’s when Launchways stepped up to the plate and took the lead on the entire claims management process. We handled negotiations between Spice House, their landlord’s insurance company, and the contractor’s insurer, ensuring the claim was handled with the utmost attention to detail while the Spice House team prioritized the practical side of their recovery.

Thanks to Launchways’ support, Spice House was able to turn a moment of potential catastrophe into a moment of opportunity. In the months following the fire, they rebuilt their brand and physical retail space better than ever, helping them turn into the rapidly scaling business they’d dreamt of when they first made the acquisition.

To hear the full story of how Launchways’ HR and business insurance services helped see Spice House through their time of need and build new opportunities for profit, click here!

How to Learn More

Launchways helps businesses make the most of their current approach to business insurance and plan in ways that set them up for an even brighter future. We’re proud to provide a variety of services, including:

  • Mock OSHA inspections and safety/risk assessment optimization
  • Review of all practices, policies, and contracts for alignment with coverage
  • Assessing the efficiency and value of your current insurance coverage
  • Managing your claims process
  • Serving as your on-call risk management advisor
  • Helping you build a more data-minded understanding of your insurance state

If you’re interested in learning more about Launchways and how we help businesses strengthen themselves from the inside out, contact us today!

The Top 5 Myths About Captive Insurance Programs

Captive insurance programs enable businesses to reduce their insurance overspend, fully control their coverage, and turn safety initiatives into profitable returns.

Unfortunately, though, many organizations shy away from forming or joining captives because, when they start doing online research, they often run into incorrect and damaging myths about captives.

Moving forward, we’ll:

  • Identify the top five myths about captive insurance programs that are prevalent on the web
  • Debunk each myth using evidence
  • Describe the true value and possibilities of a captive insurance program.

Myth #1: You have to be a huge corporation to benefit from a captive

Why is this myth so prevalent?

When you first start researching captive insurance programs, most of the messaging on the first page of search engine results focuses on how captive programs are used by large corporations who hold multiple businesses and operate facilitates across the globe.

Why is this a myth?

It’s true that single-member captives (in which one business creates its own insurance company) are generally formed by large corporations, but that’s not the full story! Group insurance captives or “pool” captives specifically exist to bring together medium-sized businesses so they can gain the insurance negotiating power of their bigger competition.

When it comes to whether or not your business is a good candidate to join a group captive, your business’ size, headcount, or profits don’t enter into the equation at all. It’s all about the scale of your business insurance premiums.

The Bottom Line

If you pay more than $150,000 annually in premiums, you are a strong captive pool candidate. You don’t need to be a multi-national corporation or a Fortune 500 giant – just a business with a goal of doing things better.

Myth #2: Entering a group or pool captive exposes your business’ health to other people’s risks

Why is this myth so prevalent?

The idea that group insurance captives expose your money to other business’ risks is a logical fallacy. That is, it seems right on its surface when you have a cursory knowledge of the topic, but a deep dive proves it to be completely false.

When businesses hear the words “group” and “insurance” together, they incorrectly assume risk and responsibility are shared equally among the pool members for claims. They connect the dots and assume that if one pool member has a “bad year,” it damages their business allies as well.

Why is this a myth?

Pool captives are specifically structured to protect the vast majority of each member’s investment from the risks and claims of others. Over 90% of your premiums are specifically set aside for your use.

That means less than 10% of your total investment can be lost due to claims made by other members of your pool.

In fact, in Launchways’ group captive program, each member retains complete ownership of 98% of their funds. This means that with the Launchways group captive, only 2% of your investment is considered “at-risk.”

The Bottom Line

Yes, group captive membership requires the willingness to take on increased risk compared to the traditional insurance marketplace, but it’s absolutely false to say that your potential for profits is at the mercy of your pool partners.

Myth #3: When you’re in a captive, one big claim can blow up your business

Why is this myth so prevalent?

Like Myth #2, the “catastrophic claims scenario” is a logical fallacy: it sounds right, but it isn’t!  When people hear “self-insurance,” they assume that means “we’re on the hook for every dollar and cent of every potential claim.”

Unfortunately, this myth is also sometimes perpetuated by insurance providers and brokers who are hesitant to work outside the traditional marketplace. Their motivation is to protect their own interests and ease of doing work, not yours!

Why is this a myth?

One word: reinsurance. Whether you operate your own single-member captive or participate in a group or pool program, part of your investment is always in reinsurance to prevent exactly this scenario.

That reinsurance policy prevents unforeseen or much-larger-than-expected claims and issues from damaging your business’ long-term viability or standing as a strong group captive partner.

The Bottom Line

Reinsurance is a part of every captive program, and it’s there to protect you from potentially harming the health of your business.

Myth #4: We’d have to change the way we do business to form or join a captive

Why is this myth so prevalent?

The idea of creating your own insurance company sounds pretty daunting at first. Many people assume they’ll need to restructure their organization to make the captive viable or transform themselves into a more attractive group pool member.

Like so many other myths we’ve tackled, this one is at least in part in heavy circulation because many insurance package providers aren’t crazy about the idea of businesses cutting them out as middlemen.

Why is this a myth?

The whole point of a captive insurance program is that it allows your business to be itself more fully – you gain the ability to insure outside-the-box risks, gain ownership over the claims management process, and reclaim power and autonomy that traditional business insurance limits.

Captive insurance programs aren’t about changing your business, they’re about changing the circumstances under which you do business. Furthermore, in the case of group captive programs, independent managers handle pool responsibilities, meaning there’s minimal change to your day-to-day operations and responsibilities.

The Bottom Line

A captive is about supporting your business better and providing greater economy of scale. The idea that you need to significantly “whip yourself into shape” to be a captive candidate is false.

Myth #5: Captive programs used to offer great perks, but the value isn’t there anymore

Why is this myth so prevalent?

Anytime people perceive the value of a product or service has been reduced even a small fraction, there’s often an impulse to throw out the baby with the bath water.

Single-member captive programs used to offer large corporations significant benefit as tax shelters, and it is true that most of those incentives have been removed. In reactionary style, many of the big business blogs have published content claiming captives “aren’t what they used to be.”

Why is this a myth?

As we’ve established repeatedly in our myth-busting exercise, insurance captives aren’t just for the biggest companies in terms of workforce or economic power. Just because those industry leaders are upset about changing regulations, doesn’t mean you should be tricked into thinking like them.

In fact, some of those same regulatory changes that have made captives slightly less profitable for large, multinational entities have actually made it easier for medium-sized businesses to form effective pool captives. Even if captives have slightly declined in value for the biggest business, they’re still loaded with potential for mid-sized businesses.

The Bottom Line

Captive insurance programs still offer tremendous value: independence, authentic ownership of your business’ insurance and claims process, and the potential to make a dividend instead of turning overspend into loss are just three examples of why they’re still relevant and extremely useful. Don’t be scared off just because they’re not the big-money tax shelter they used to be.

Key Takeaways:

As we’ve seen, captive business insurance programs (both single-member and group or pool) allow organizations to navigate the insurance market in a more personalized, powerful manner.

Even though most entities aren’t big enough to pull off a single-member captive, medium-sized businesses are increasingly forming alliances that provide big value and the potential for profit.

There are plenty of myths out there about captives, most of them designed to make the programs seem scary and risky, but it’s important to remember:

  • You don’t need to be a gigantic corporation to qualify for a group or pool captive – you just need to pay at least $150,000 in annual premiums
  • Within a group insurance captive, over 90% of your investment is protected and sequestered for your use only
  • Reinsurance is built into captive programs to prevent catastrophic claims events
  • Captives should be about enabling you to do better, not forcing you to jump through hoops
  • Even if they’re not spectacular tax shelters anymore, there’s still immense value in the independence and negotiating power captives create

The Beginner’s Guide to Captive Insurance

Captive insurance programs have been popular among business’ largest corporations since they were first created in the 1950s. As we enter 2020, however, captives are enjoying a resurgence as a growing solution for businesses of all sizes trying to think outside the box.

Captives allow businesses to maintain direct control of their insurance programs, creating a fully personalized experience with its own unique challenges and opportunities for reward.

Even though captive insurance programs can help businesses navigate the challenges of employee benefits management, reduce costs, and build a more useful experience for employees, there’s a major lack of understanding about what they are and how they work.

Moving forward, we will:

  • Define captive insurance for beginners
  • Explain the difference between a captive and traditional commercial insurance
  • Review the main pros and cons of captive insurance
  • Provide guidelines to help determine if a captive insurance program might be right for your business

What is Captive Insurance?

A “captive” insurance company is an organization that exists only to meet the specific insurance needs of its member/owners. That means the business or businesses insured by the captive are its sole and total owners.

Captive insurance can help a business fulfill all its insurance needs, from employee benefits and general business insurance to worker’s compensation, product liability, auto insurance, and so on. That’s why captives have historically been popular with Fortune 500 companies and major corporations: they provide complete independence and allow businesses to circumvent many of the inefficiencies of the commercial insurance market.

When you have an insurance company whose only focus is the support of your business, you can achieve some pretty impressive stuff.

  • You can get your employees the benefits plans they need while controlling expense for them and the business
  • You can scale your coverage to your exact needs to minimize overspend
  • You can eliminate the offerings you don’t need while finding the best version of what you do need

In order to gain that independence, however, you must assume the possibility of greater financial risk. When you make the switch to captive insurance, you’re gambling with your own money, and no longer have your insurance provider to fall back on because you are now the provider.

Different Types of Captive Insurance

It’s important to know that there’s more than one kind of captive. Let’s take just a minute to define the main types of captive insurance programs out there.

  • Single-Parent or Pure Captive: A captive that is owned by and works exclusively for its parent company and its subsidiaries (as for a corporation)
  • Group or Association Captive: A captive insurance program created by multiple small or medium-sized companies pooling their resources and risk to access the advantages of a captive
  • Rental Captive: An existing, independent captive operated by a business entity that other organizations can opt into temporarily
  • Protected Cell Captive: A captive in which each organization’s assets and liabilities are kept separate, allowing access into the captive but minimizing the biggest possible financial gains and losses
  • Agency Captive: A captive managed by a specific agent, who is empowered to reinsure the company by contracting with traditional carriers based on their assessments

How is Captive Insurance Different from Commercial Insurance?

Now that we’ve defined “captive,” let’s explore how captive insurance is different from many of the other models you might be familiar with.

What’s the Difference Between Captive Insurance and Being Fully Insured?

In short, a captive is the complete opposite of being fully insured.

When you’re fully insured, you pay a set monthly fee to your insurance company and they assume all financial risk. Being fully insured is most useful if you don’t have the capital available to cover anticipatable risks.

A captive is only possible if your business has more than enough capital available to cover anticipatable risks or if you partner with other organizations to pool resources.

What’s the Difference Between Captive Insurance and Being Self Insured?

Captive insurance is a form of self-insurance, but the two terms are not interchangeable.

A self-insured business maintains a specific savings account for unforeseen insurance costs and uses that “rainy day fund” to cover losses or fill gaps in coverage. However, that coverage is still purchased through the traditional insurance marketplace.

A captive is far more complex than basic self-insurance because it involves an organization creating its own insurance entity, not simply socking away money to pay for insurance-related costs.

What’s the Difference Between Captive Insurance and Mutual Insurance?

In a mutual insurance company, the provider is owned by its policyholders, acts on their collective best interests, and distributes any profit through either lower rates or payouts.

That sounds pretty similar to captive at first, but there’s one key difference: a mutual company, although owned by its policyholders financially, acts as an independent entity. Policyholders buy in and then trust the provider to do good by them.

In a captive, the insurance company is part and parcel of the greater organization which it serves and is steered according to identified business needs.

Advantages of Captive Insurance

We’ve laid out a lot of information about what captive insurance programs are, how they work, and how they can transform an organization’s approach and identity. Let’s pause to reflect on the positive potential of captives.

A captive insurance program can help you:

  • Reduce insurance costs – When you own the insurance company, there’s no mark-up for services and no need to purchase any coverage you don’t want or need. Captives offer businesses the best and most granular control over their costs compared to any other insurance model.
  • Reward yourself for good planning – Captives provide the most benefit to businesses with great self-knowledge. If you understand your assets, risks, needs, and scale well, you can create a captive that protects you with minimal overspend in a bad year and generates difference-making profit in a good year.
  • Create ideal employee benefit packages – Each workforce has its own specific, identifiable healthcare and employee benefit needs. Unfortunately, even with a great broker, it’s tough to create bespoke coverage that meets everybody’s needs and saves everybody money. A captive allows businesses to get creative and find new ways to get their employees exactly what they need without having to spend a dime on things they don’t.
  • Insure outside-the-box risks – Sometimes an organization needs to take a big risk and gamble on itself to take the next step. Finding insurance to protect investors and keep the core of the business whole should one of those major strategic gambles fail is more difficult than ever on the open market. If you have a captive insurance program, however, you can create whatever coverage you need and avoid needing to “sell” a carrier on your business plan.
  • Specific tax benefits – There’s a misconception that all the tax benefits of captive programs have been eliminated over the last few years, but that’s actually not true. First of all, all premiums an organization pays to its own captives are tax deductible. Furthermore, in down years, he captive’s status as an insurance company can earn its parent organization loss reserve deductions.

Disadvantages of Captive Insurance

Of course, as we’ve seen, the captive program approach isn’t right for every business. Let’s pause briefly and reinforce the main reasons and organization would not want to create a captive.

Unfortunately, with a captive insurance program, you:

  • Assume increased risk – When you form a captive program, you are your own support system. There’s nobody else paying into the pool of funds that’s used to bail you out in a pure captive, and even in a group captive, if multiple partners have bad years, it can lead to major financial complications. If your business is risk-averse by nature, a captive might not be right for you.
  • Take on up-front expense – Establishing a captive is a time-consuming process that requires creating an insurance company from scratch.That means, as you’re planning and building your program, you’ll need to take on more hires, acquire new licenses, and bring in some consultants who are captive experts. At the same time, you need to allocate capital to underwrite your plans.
  • Create new management responsibilities – People sometimes misunderstand that a captive can be managed by a human resources department’s employee benefit expert. That’s actually not true, as the captive is a full-time, constantly operational insurance company. That means either bringing in new managers to operate the division or creating new responsibilities for other members of your core team.
  • Risk taking a step back –It’s possible that, in its initial years, your captive might not do as good of a job as a traditional provider. If you’re not comfortable taking one step back to take two steps forward, a captive probably doesn’t fit your leadership style.
  • Don’t get the tax benefits you would have in the past – While captives still deliver some tax perks, they’re definitely not the shelter and deduction powerhouses they used to be. With that said, if your main motivation for creating a captive is tax protection, you’re likely not a good candidate for a captive program in the first place.

How to Know if Captive Insurance is Right for You

In general, captive insurance is best for businesses that are:

  • Large and stable (or medium-sized and stable, backed by a group of similarly stable partners)
  • Comfortable taking risks with the potential for high reward
  • Thinking and operating in an open-ended, creative way
  • Recruiting a diverse workforce with varied medical needs and preferences
  • Dissatisfied with traditional corporate and business insurance
  • Confident in their ability to improve over time

On the other hand, businesses should keep away from captives if they are:

  • Small or in an early developmental stage
  • Risk averse or unable to raise significant capital
  • Relying exclusively on outside companies and contractors to identify and manage their insurance needs
  • Completely satisfied with the pricing and coverage they get through traditional insurers
  • Unwilling to take one step back in the short term in order to take many steps forward in the long term

Key Takeaways

Captive insurance programs are unique, complex, and create brand new challenges for the businesses who decide to leverage them.

At the same time, however, captives remain underappreciated as ways to meet all of your business’ total insurance needs while controlling costs and connecting with your ideal coverage.

There’s no “right answer” when it comes to whether captive insurance programs are effective or not; the approach’s potential for success is directly tied to an organization’s desire to think and work beyond the limitations of the traditional marketplace and commitment to getting things right.

If you’re wondering if a captive program could benefit your organization, remember:

  • Captive insurance companies support only the organizations that own them
    • A “pure” captive involves just one company or corporation
    • A “group” or “association” captive involves a group of businesses banding together to share risk and support one another
  • Starting a captive insurance program is basically the opposite of being fully insured – you assume all risk
  • Captives can help organizations build bespoke insurance plans, both for business needs and employee benefits
  • Captives aren’t for small or risk-averse businesses