Spotlight | Fall 2016 by Cowan Insurance Group

spotlight Providing insights and information on industry trends and developments.

Issue 1

Fall 2016

R I S K

Contents

Stress Check: Is it just stress, or something more?

Cyber Risk Safety: Protecting Your Business and Employees from the Inevitable

Linking Financial Wellness with Employee Productivity

Group Insurance Fraud

Vice President’s Message

Welcome to the first edition of Spotlight. Our goal in putting together this newsletter is to proactively bring you meaningful information and insights into topics and trends affecting your organization and, one of your most important assets, your employees. In this edition, you’ll find information to educate you and your team on: • How and why it’s important to protect your organization from cyber risk • Seasonal challenges that may affect employees and their families • Financial wellness and the impact of reducing your employees’ financial stress •T he impact and prevention of fraudulent claims under your group benefits insurance plans As we move forward, we will continue to share information to educate you and your employees on what’s important to the wellbeing of your team and your organization as a whole. At Cowan Insurance Group, we care about what you care about and will continue to be thought leaders in areas that affect your business. If you have comments or suggestions for topics in upcoming newsletters, please reach out to us at thenewsletter@cowangroup.ca. So, as we approach the end of 2016 and the new beginnings 2017 will bring to our organizations and teams, we present the all-new Spotlight. We hope you enjoy this first edition!

Teresa Norris-Lue Vice President, Group Benefits & Retirement Cowan Insurance Group

Stress Check I s i t j u s t s t r e ss, o r so m e th in g m o r e ?

September can be a stressful month for parents and kids alike—it’s the end of summer, back to school, and back to routines, which often means early mornings and busy schedules. This stress can make its way into the workplace, having an impact on your employees’ performance. Eventually, the new routines become the norm, stress subsides and performance returns back to normal. Unfortunately, in some cases, stress may continue for longer than the first few weeks of September, which may be masking feelings of fear and anxiety in children. Parents are often the first to identify the signs that something might be wrong, yet they can be left feeling powerless not knowing how to help their children. In this article, we take a closer look at stress and anxiety, as well as what you can do to support employees who may be struggling, themselves, or supporting a loved one through a stressful time.

Symptoms of anxiety usually present themselves in three ways: physically, emotionally and cognitively.

Stress can actually be a good thing when we benefit from being motivated to accomplish things.

Physical symptoms:

Psychological symptoms:

Cognitive symptoms:

muscular tension, high blood pressure, fatigue, headaches, ulcers, difficulty sleeping, backaches

anger, fear, feeling overwhelmed, mood swings

forgetfulness, unwanted or repetitive thoughts, difficulty concentrating

Can stress be good? How do we differentiate between normal stress and anxiety, as opposed to a potential disorder? Sometimes it can be difficult to tell. Anxiety and stress are inevitable and are a normal reaction to an identifiable event, such as a test or a client meeting. Stress can actually be a good thing when we benefit from being motivated to accomplish things. Anxiety disorders, on the other hand, can be paralyzing and interfere with daily functioning. Stress and anxiety are very similar in terms of your body’s reaction, presenting physiological symptoms like rapid breathing or a racing heart. Anxiety will usually include an additional component of fear; which stress does not have.

How will I know the difference? To help identify if your employee, or someone they love, is dealing with normal stress and anxiety or if it may be a potential illness, here are a few questions to consider:

2 3

Can they identify the cause? Normal anxiety is usually related to an identifiable source and the person will get back to their normal self when the stressor has passed. For example, if the stressor is that an employee and/or their children are adjusting to new schedules and routines at the beginning of the school year, the situation should resolve itself once everyone settles into their new routine. When it comes to an illness, however, the person will have that anxious feeling almost all the time and they won’t be able to really explain why.

What’s the impact on their life? Is your employee exhibiting symptoms of stress when they are facing a tight deadline, or do they seem to be chronically weighed down by stressors with little to no reprieve? When it comes to children, are they stressed out at the end of the semester while studying for finals, or are they feeling that way all day long for the whole semester, and even summer or winter break can’t help them shake the anxiety?

You can help your employees manage their own stress more effectively by creating a work environment that encourages healthy living habits.

Making a difference Even though it might not always feel that way, most children are highly influenced by their parents’ behaviour and how their parents deal with stress. You can help your employees manage their own stress more effectively by creating a work environment that encourages healthy living habits, such as: • Exercising regularly • Getting enough sleep • Avoiding caffeine and colas • Identifying personal stressors and noting their reactions • Trying yoga or meditation If you have employees who are concerned about their own or their children's stress level or anxiety, encourage them to look into the Employee and Family Assistance Program (EFAP). In the case of childhood stress and anxiety, most schools will also have resources that are adapted to their children's needs. Specialists can help identify the source of the symptoms and help develop tools and coping skills to better manage reactions to stress and anxiety— something that will benefit and help employees and their children for the rest of their lives.

Has there been a change in behaviour? Have you noticed changes in your employee’s behaviour? Has your employee noticed changes in their children's behaviour? Is the employee or child more reclusive, avoidant, overly sensitive to criticism, restless or irritable? Can they still have fun with family, friends or colleagues? Or are they isolating themselves and avoiding social situations? A change in behaviour is usually a red flag and is worth investigating to determine if there is more to it.

To learn more about Employee and Family Assistance Programs, please contact:

Amelie Meilleur

Practice Lead, VP of Health & Disability 1-888-509-7797 ext. 52322 | amelie.meilleur@cowangroup.ca

R I S K S

Protecting Your Business and Employees from the Inevitable

How many times have you received an email from someone telling you that you’ve recently “come into some money”? All you have to do is respond with your bank account information and they’ll transfer the funds immediately. Or someone impersonating your IT department asking you to open an attached file to upgrade your email account. Or what about the email from a “close friend” who is out of cash in a foreign country and needs money to get home safely.

Knowledge Platform; Eldon Sprickerhoff, Founder and Chief Security Strategist of eSentire, the creator of an award-winning cybersecurity platform for mid-sized organizations; and Leon Punambolam, Technology Industry Leader at Cowan Insurance Group, one of Canada’s Best Managed Companies, we discussed how cyber risk affects companies today and what we can do to protect ourselves, our employees and our businesses from these potentially severe crimes.

These are just a few common examples of cybercriminals trying to gain access to your company data or finances through malware.

Cyber risk comes in a variety of forms from phishing attacks to social engineering to ransomware and beyond. Cyber risk is real. Cyber risk is serious. Cyber risk affects every business, big or small. It’s not a matter of if it will happen to your business; it’s a matter of when.

In a recent interview with Carol Leaman, President and CEO of Axonify, the creator of the world’s first Employee

What is Cyber Risk? According to Eldon Sprickerhoff, “any threat that affects the confidentiality, the integrity or the availability of electronic information, is a cyber risk to your business.” Arguably, the most devastating form of cyber risk to a business is ransomware. This involves a cybercriminal gaining access to your company files through malware and often requires your company to pay thousands, if not hundreds of thousands or millions of dollars to get those files back. This can be incredibly detrimental to those industries housing personal, financial or other uniquely valuable electronic information.

A recent survey sponsored by Malwarebytes and conducted by Osterman Research found that Canadian companies are more likely to pay ransom demands than those in Germany, the U.S. and the U.K.—the other regions included in the survey. More than 82% of the Canadian companies surveyed, affected by ransomware, lost company files if they didn’t pay the ransom; 43% lost revenue; 25% experienced an interruption in business.1 Fortunately, there are varieties of prevention strategies your business can exercise to protect itself and its employees from the damaging effects of a cyber breach.

It Can Happen (Where and) When You Least Expect So, what is the true threat to your business’s cybersecurity? It’s technology, right? Wrong. It’s your people. People are the gateway to your business’s data. They have passwords and access to your business’s backend information, they’re receiving the infected emails, and they’re clicking the links to open the door to the cybercriminals. If you’ve grown your business beyond the 10-employee mark, you’ve likely outgrown your security processes and need to reevaluate where your threats lie. The family atmosphere and personal trust often found in small, closeknit businesses can remain, however, that doesn’t mean everyone needs access to your backend information if their job description doesn’t warrant it. What about the less obvious cyber risks? The ones you’d never think could happen to your business: insider threats. Employees experiencing hardships—financial, health related or otherwise—can be susceptible to taking part in these insider cybercrimes. If they’re the ones who have access to your data, you may want to consider how you’re protecting your business from this risk too.

ura Ins

rity

cu CYBER DEFENCE

Education

Any threat that affects the confidentiality, the integrity or the availability of electronic information, is a cyber risk to your business.

Empowering Employees through Education

Just as you would train your employees on the dangers of chemicals and their appropriate use, the same considerations apply to cyber use. Since employees are your greatest risk when it comes to a cyber breach, employee education on the subject should be included in your new employee training and education programs and, as ongoing training initiatives for existing employees. If your employees are aware of the dangers of cyber threats, how they can be targeted, what to look for, and how to respond (or not respond), your business is one-step closer to cybersecurity. It’s likely your new employee training is a one- or two-day training session where loads of information is piled on new employees and they’re expected to remember it all six months down the road. Your employees won’t absorb this information and recall it days, weeks or months from now when they encounter one of those malicious emails they’re guaranteed to receive. “A typical human being will remember 5-10% of what they learned 30 days earlier,” says Carol Leaman. “All the effort put into those one-day employee training sessions goes to waste because the brain is incapable of moving all information from short-term memory to long-term memory effectively.” It takes ongoing training to ingrain that information in your employees’ memories. Using learning techniques like delivering small chunks of training several times per week, querying employees on their knowledge repeatedly over time, and allowing them to play games while they learn, will engage your employees and help them retain that information long term. Then, when they receive one of those malicious emails, they’ll know not to open it, click on any links or respond to the sender with confidential information. It’s important to remember that employee education will reduce the risk of a cyber breach; however, it doesn’t stop the criminals from trying. Providing ongoing education and training to employees, revamping the information, altering how you deliver it, and staying up to date on prevention strategies are effective ways to protect your employees in the fight against cybercriminals. continued...

Protecting Your Business from the Ground Up Now that you know the risk to your business when it comes to cybercrime, along with the systematic and human resource mitigation tactics, how are you going to further protect your business assets? You insure your house from a fire, your car from an accident and your life from illness—your business needs protection from its threats too. Since cyber risk has only recently become a common theme at the Executive table, not everyone is aware of the risk protection and liability coverage available. And those who are aware often think they don’t need the insurance because a cybercrime will never happen to their business. “Surprisingly, many company executives and business owners in Canada aren’t seriously considering the impending threat from cybercriminals,” says Leon Punambolam. “In reality, it’s much easier than you think for the ‘bad guys’ to target your business and damage what you’ve worked so hard to achieve—including your positive corporate reputation.” What would happen to that reputation and the trust that your clients place in your business if it were to experience a cyber breach? The longer you wait to protect your assets, the more time and opportunity you’re giving these criminals to hone their skills and hit your business. A medium-sized organization can receive upwards of 10,000 emails to their spam filters per day. If a failure in technology or process were to occur and one of those emails were to cause a cyber breach, the impact on the business could result in: significant financial costs, damaged reputation, decreased public trust, fines or sanctions for regulatory non-compliance, loss of business or competitive edge, and loss of productivity.

Just as you would train your employees on the dangers of chemicals and their appropriate use, the same considerations apply to cyber use.

In addition to understanding the impact on your business and insuring your assets from the ground-up, it’s important to consider your risk tolerance. Risk management is about identifying risks, mitigating risks and transferring risks— which is where insurance comes into play. Knowing what assets are most at risk in your business (when it comes to cyber) and how much risk your business is willing to take, will help you identify your insurance needs. Working with a broker who is well versed in cyber risk will help your organization understand its overall threat of cyber, address insufficiencies to mitigate the risks, and leverage insurance coverage for the balance of the risk to your business. Additionally, your broker can identify and help you create a plan to implement proactive process controls to further minimize the impact of a breach. At the end of the day, it’s about protecting your business from the inevitable. Cybercrime is a risk to all businesses. The armour you use to protect your business, from cybersecurity to employee education to business insurance, will make it harder for cyber risk to damage your business and your bottom line. For more information on your business’s cybersecurity, employee education or cyber risk management needs, reach out to eSentire, Axonify or Cowan Insurance Group today.

For more information on cyber risk management, please contact:

Leon Punambolam

Industry Leader, Technology 1-866-912-6926 ext. 41388 | leon.punambolam@cowangroup.ca

1. http://www.insuranceinstitute.ca/en/ cipsociety/Articles/Items/2016/08/04/ Canadian%20companies%20likely%20 to%20pay%20ransomware%20 demands%20among%20highest%20 for%20lost%20revenue%20and%20 business%20interruption%20international%20study%20finds.aspx

1. Manulife Financial, The power of financially secure employees, 2015 2. J. Kim, and E.T. Garmen, “Financial Stress, Pay Satisfaction, and Workplace Performance,” Compensations and Benefits Review, pp. 69-76, 2004

Financial literacy and financial wellness have been hot topics in organizations lately. This is because research has demonstrated a strong connection between an employee’s financial wellness, their overall health and their productivity at work. According to Manulife Financials’ research, employees stressed by their finances were 16% less productive on the job. In addition, those struggling with their finances take roughly 25% more sick days than those who are financially secure1. Other research has found that employees with more financial distress displayed less commitment to their organization and less satisfaction with their pay, regardless of the amount of money they made2. Further research continues to demonstrate the link between financial wellness, employee engagement and productivity. It is no surprise that every employer wants a fully engaged, highly productive workforce; as a result, many organizations are incorporating financial wellness programs as part of their regular training and education programs. The good news is that you can help increase your employees’ financial wellbeing, and therefore their productivity, with little impact to your company budget. Here are a few tips to assist you:

•B e consistent – Make financial education a constant in the workplace and take every opportunity to clearly communicate financial information. As an employer, you can play a key role in not only increasing your productivity and employee engagement, but you can also assist employees on an individual level while contributing to the strength of the overall Canadian economy.

Linking Financial Wellness with Employee Productivity

•S tart with the basics – Build core skills and focus on a basic understanding of money first. •L everage free tools and resources – Leverage tools and resources, such as your consultant/advisor or carrier website, to help employees learn more at their own level of financial understanding. Find out what your EFAP provider has to offer. Also, there are many websites geared towards helping employees increase their financial literacy and, in turn, have better success with their financial plans. Here are a couple of examples of Canadian websites focused on money issues: - Getsmarteraboutmoney.ca: Information and tools on all money related items, including investments, debt, spending and lifestyle. It’s run by the Investor Education Fund, an arm of the Ontario Securities Commission.

-M oneysense.ca: Articles and tools on how to manage all aspects of money.

•M ake financial literacy a wellness issue – Include financial literacy as a topic for wellness fairs, communications and training. Reach out to your pension plan carrier or your consultant/advisor to see if they can provide information. Basic financial education can promote mental health and overall wellness.

For more information on financial literacy, please contact:

Lani Lehtonen

Senior Consultant 1-866-912-6926 ext. 51402 lani.lehtonen@cowangroup.ca

Paul Webber

Director & Principal Consultant 1-800-268-2628 ext. 51654 paul.webber@cowangroup.ca

Group Insurance Group insurance fraud has become an unfortunate fact in the industry. Insurers are building and bettering their antifraud processes regularly in order to keep up with the trends to protect their clients’ group plans. Why, you ask? Because fraud can represent anywhere from 2% to 10% of a plan’s total claims experience; and every type of plan is vulnerable1. Fraud schemes can be defined not only by the financial impact and complexity but also by the structure of the fraud. Fraud schemes come in many shapes and forms and often change in order to try to bypass new detection processes. Fraudsters watch trends, too! One recent example involved the investigation of 600 TTC employees and fraudulent healthbenefits claims of more than $5.1M2.

member submits an A electronic claim for a knee brace. He has a prescription from the doctor for a simple knee brace. The member remembers trying on knee braces in the store for over $1,500 but bought the one that best fit his needs. His brace cost $495. He submits the electronic claim, however, he added a “1” to the beginning of the total amount. Instead of claiming the $495 brace, he claims $1,495.

member submits $1,500 A of physiotherapy services under her plan. She submits receipts with the provider’s letterhead and a breakdown of the services by date and amount charged. Turns out, the member actually stole the identity of the physiotherapist. She has never even been to this physiotherapist. Instead, she went to his website, copied and pasted the logo, and created a series of receipts in a Word document.

Perpetrators of these scenarios

have been caught!

“ Mr. Smith” opens a multipractice clinic offering massage, physiotherapy and chiropractic services. The clinic bills a number of insurers for hundreds of thousands of dollars in services every week. In reality, no one works at the clinic. Willing plan members have teamed up with the clinic’s owner and have handed over their group insurance information so the clinic can bill the plans for fake services. This is called “collusion”. The clinic owner has stolen the identities of legitimate providers – registered physiotherapists, chiropractors and massage therapists – and submits claims and splits the refunds with the members.

F r a u d How do we know about these types of frauds? The perpetrators of these scenarios have been caught! Fraud detection and prevention processes need to be flexible, creative and ever-changing in order to: a) keep up with fraudsters, and b) stay ahead of fraudsters. Anti-fraud departments can use fundamental detection processes such as: • random/targeted audits where certain claims are selected for validation, • data-mining of big data for pattern detection, • comparisons against peers, • and advanced predictive analytics that identify potential fraudsters before they even submit their first claim, based on certain characteristics and relationships.

The consequences For employees caught defrauding their employer’s insurance plan, it usually means termination of employment and a requirement to repay the stolen funds. For providers, it can mean anything from being delisted by insurers to being arrested and charged.

Can an employer help the insurers in the fight against fraud? Most definitely! Communicating with employees about protecting their group benefits from fraud, is a deterrent. Sharing simple tips such as, “Never sign a blank claim form or share your benefits I.D. and password with anyone”, or “If someone approaches you about making ‘easy money’ from your group benefits, please let your employer know” are simple and clear messages that let employees know their employer is involved. After all, the employer will receive a report if a confirmed alleged fraud occurs on their plan. Also, a common theme that we’ve heard from employees who have been caught defrauding their group benefits plan is that they thought they were just stealing money from a big insurance company – not from their own employer. At Cowan, our Third Party Administration (TPA) area is dedicated to protecting our clients’ group benefits plans from fraud and abuse through our committed Prevention & Detection Unit. We are an active corporate member of the anti-fraud community in the insurance industry; we consistently communicate anti-fraud updates; and we frequently work with our clients to design effective anti-fraud communications for their members. Prevention is the best medicine in protecting your business and your employees against insurance fraud. Communicating with employees about active fraud prevention and detection efforts, and working cooperatively with your insurer will show your employees you’re engaged, which may deter someone from committing fraud against your group benefits plan. We can all do our part to protect ourselves from insurance fraud. Are you doing your part?

For more information on fraud prevention, please contact:

Deana Maric

Director, Claims 1-888-509-7797 ext. 52320 deana.maric@cowangroup.ca

1. http://www.benefitscanada.com/benefits/ health-benefits/the-impact-of-technology-onbenefits-fraud-68235 2. http://www.benefitscanada.com/ uncategorized/600-ttc-employees-involved-inbenefits-fraud-77624

Spotlight was created to provide meaningful information and insights into industry trends and developments. To help us deliver the information you need, we would appreciate your comments and suggestions. Please provide us with your feedback by completing a three-minute survey you will find here: www.cowangroup.ca/newsletter

We care about what you care about.

For more information or to learn more about Cowan's customized, flexible and innovative approach to group benefits, retirement and wellness programs contact: Cowan Insurance Group 705 Fountain Street North Cambridge, ON N1R 5T2 @CowanInsurance

Phone: 519-650-6360 Email: cambridge@cowangroup.ca Toll-Free: 1-866-91COWAN

Legal Information Spotlight is provided for general information purposed only. Cowan Insurance Group and its affiliates make no representations or warranties to its accuracy or completeness. Readers should be aware that the content of this publication should not be regarded as legal, tax, accounting, investment, financial or other professional advice nor is it intended for such use.