A Negative Customer Review Could Cost You Your House or Business!

hate-yelp

We have all had at least one unsatisfactory experience with a company or contractor. When emotions are high and you have reached your boiling point it is hard to refrain from sticking-it-to-‘em with a negative review on sights like Yelp or Angie’s List.

Letting others know about your bad experience is good, but be careful how you word your next Yelp review. It could land you a lawsuit! “Most people don’t know the legal nuances of how to write negative reviews without making defamatory statements,” says Eric Goldman, director of the High Tech Law Institute at Santa Clara University Law School in California. “Every time people post negative online reviews, they are betting their houses – in the sense that the criticized business can sue them and try to take their house.”

With more than 30 million user reviews posted to Yelp.com, businesses are starting to use the law to fight defamation, lost reputation, and lost business due to slanderous customer reviews.

Perez Vs. Dietz

This all started in Virginia when homeowner Jane Perez posted a negative customer review against contractor Christopher Dietz in the fall of 2012. Perez’s comments accused Dietz of stealing her jewelry and charging her for work that was never done. Dietz filed a lawsuit accusing Perez of defamation/slander.

Thomas Fortkort, the judge in the case, ruled that portions of the Perez’s review had to be removed from the web.

This case went to the Virginia Supreme Court. Judge Fortkort’s injunctions were overturned, with the court saying it was “not justified.” The Supreme Court sided with Perez that her negative customer review fell under, the First Amendment freedom of speech rights. This ruling has the case going back to Judge Thomas Fortkort who can set a trial in the case.

These litigations are important because they can determine the fate of discussions on the internet including if a contractor or company has a right to protection against slanderous reviews or if customers have a right to use their Freedom of Speech. 

23784

How to Protect Business

One of the best ways to protect your business from negative reviews is to do your due diligence. Protect your business by making sure you are covered for personal injury in your General Liability or Professional Liability Insurance Policies. 

Other ways to elude even getting a negative review is to create a work environment tailored to customer satisfaction, ask the customer what you can improve on, and settle conflicts diplomatically with witnesses and paper work showing both parties agreements. 

If you do get a negative review, respond to it in a private message or phone call. Most of the time the reviewer will be surprised you contacted them, embarrassed that they were so harsh, and understanding and even forgiving of any lapses in your businesses customer satisfaction. Most of those providing negative reviews just want to be heard, give an apology, and an offer to fix problem.

How to Protect Yourself

If you find yourself wanting to write a negative review follow these tips to protect yourself from being sued;

* Focus on the Facts
* Share Personal experiences
* Stay away from overarching broad statements
* Be specific (bad customer service, too expensive, bad finished product)

An example of a defamatory review:

Everyone at Blank’s Business is an incompetent, blubbering, fool! It took them a week to do one simple task and then when they were finally finished it was done WRONG! To top it off they charged me Extra! Do not go to these guys they are horrible!
An Example of a Correctly Written Review:

I was not pleased with the customer service or price of Blank’s Business. It took a week for my project to be completed where I have had this type of project completed in less than two days at Competitor’s Business. I was also surprised by the cost, it cost $ more at Blank’s Business to do the same project as Competitor’s Business.

An Example of a Business Response to a Negative Review:

I am sorry Unhappy Customer. We understand that our completion of your project did take longer than normal because of the Holidays with our staff taking vacations and the increase in work flow. We apologize for inconveniencing you. I also wanted to address our cost. We have to charge more for our services because we use special ink that does not run and special paper that never crinkles to give our customers the best finished project possible. We are giving you a $ coupon off your next project as a way to say sorry. We appreciate your business. Thank You, Blank Business

Source: Insurance Journal, Consumers Posting Negative Reviews Could Face Legal Issues, by Mitch Lipka, January 7, 2013

1 vote, 3.00 avg. rating (70% score)
Categories: Personal / Advertising Injury

SC Department of Revenue Hacking: A Second Look

http://www.dreamstime.com/-image13309768

Since SC Taxpayers’ information has been hacked by criminals, what can businesses do to protect themselves from hackers?  While most organizations have network security with firewalls, firewalls may no longer be enough. It is easy enough for an experienced hacker to break through a firewall. More security can help, as well as knowing who is vulnerable to hacking and how the hackers operate.

If you are hacked, timing is critical.  The sooner you discover that you may have been hacked, the better. The SC incident points out that the time from the actual hacking to the notification was due in part to a lack on the part of SC’s ability to discover the hacking themselves—the Secret Service made the discovery.  

What can you do to beef up your security to protect against these crimes?

First, businesses need to be scrupulous about monitoring their internet security, remembering that compliance is NOT synonymous with actual security.  Just because you may be in compliance with requirements for security measures, you may not have any real security in place.  Most organized crime hackers are ahead of companies.  These criminals target business and government, both of which are vulnerable to being hacked, especially since the criminals make hacking into business and government their priority.

 Second, all computer information needs to be closely monitored to keep the hackers from using employees (through emails, social networks, etc.) to access private information.

What to do? Some ways to protect your business are:

  • Improved security (internal and physical security: cloud servers, vendors, and the company’s own sites)
  • Planned defense measures in the event of a hack
  • Rapid detection  (SC’s delay in discovery and notification was detrimental)
  • Careful monitoring (of employees and systems)
  • A security provider (hiring one is a good idea for small companies)

Spending money on beefing up security is worth the expense.  Having someone onsite who is in charge is imperative for protection from hackers.

While nothing in cyberspace is foolproof, taking certain measures to improve company security can make a difference in the constant battle to protect secure, sensitive information from hackers.

Of course, Cyber Risk Insurance is a critical part of the equation to protecting the governmental entity or private business against cyber crime.

Source: Protect Data from Lurkers and Hackers COLUMBIABUSINESSMONTHLY.COM, December 2012.

1 vote, 5.00 avg. rating (90% score)
Categories: Breach Of Security, Cyber Liability, Identity Theft

Massive Hacking of SC Department of Revenue Database

A foreign hacker stole confidential S.C. tax records of 4.25 million individuals and businesses. Anyone who filed a state tax return since 1998 is subject to theft of all information contained on their tax returns including Social Security numbers, bank account numbers, and credit card numbers. Approximately 387,000 credit card numbers were stolen of which 16,000 were unencrypted.

The state of South Carolina has responded with the following plan of action:

All tax return data is now being encrypted and they are considering not holding tax data for such a long period of time.

SC taxpayers and their children who were victims of the data breach will receive a year of free credit monitoring and up to $2M in insurance and free lifetime credit fraud resolution through Experian. The cost of a lifetime fraud resolution through Experian is $12 million. The annual cost of credit monitoring to the state of S.C. is $8.00 a person, or $28.8 million if all 3.6 million taxpayers affected sign up for the service.

After the one year of free credit monitoring expires, taxpayers may be able to renew at a cost of $160 to $240 per year.

Credit monitoring will not prevent ID theft but will alert taxpayers sooner if ID theft has occurred. Credit monitoring will inform taxpayers of newly opened accounts, credit inquiries, and bill delinquencies at all three of the major credit reporting agencies: Experian, Equifax, and TransUnion.

An IT consulting firm, Mandiant, has been hired a cost of $125,000 to repair data-technology gaps and to install additional security measures.

The law firm, Nelson Mullins, has been hired to assess liability issues.

In the meantime, an attorney has filed a class action lawsuit on behalf of all affected taxpayers asking for $1000 per taxpayer alleging negligence in failure to timely notify taxpayers of the breach and in failing to secure the confidential data.

Apparently, like many states, the SC Department of revenue did not encrypt the confidential information. According to sources, the hacker “got into the conversation” on the communication system used by revenue department officers across the state and was able to obtain a user name and password. The data breach occurred in September but was not reported for some time as the department attempted to catch the crook and close the security breach.

Just another example of why business and governmental entities should carry Cyber Liability insurance.

Source: The State newspaper, Columbia, South Carolina, October 31 and November 3, 2012

1 vote, 5.00 avg. rating (90% score)
Categories: Breach Of Security, Crime, Cyber Liability

Smart Phones and Tablets at Major Risk for Corporate Data Breach

 

Many cyber criminals have recently turned their attention away from corporate networks and towards more vulnerable smartphones and tablets. Smartphones and tablets frequently hold client information such as phone numbers, mailing addresses, email addresses, confidential documents, and past emails exchanged. This information itself is prized by cyber criminals but can also assist into breaking into corporate networks. Spy software can also be implanted onto these devices, which will allow hackers to program them to send confidential information back to hacker control websites.

“Bring your own device” (BYOD) corporate policies have resulted in personally owned smartphones and tablets being connected to corporate networks. These policies have resulted in a number of vulnerabilities that resulted in the unintended release of confidential information. Blackberries have always had strong enterprise-level security features. However, their use has diminished as they are being replaced by iPhones, iPads and Androids, which are not as secure. Androids have been especially susceptible.

In addition, the lower tech incidents of lost or stolen smartphones result in many data breaches.

The following risk management techniques can be implemented:

Encrypt Data — Most android phones don’t have native data encryption and as a result third-party applications must be relied upon.

Improve Password Strength — Many mobile devices do not activate password protection features or they are too weak. 

Use Remote Wipe Capabilities — Most smart phones have the capability to wipe the data clean in the event of disappearance of theft.

Use Network Intrusion Software — Logs should be regularly checked to detect unauthorized intrusions.

In addition to the implementation of risk management techniques, Cyber Liability insurance should be purchased. The cost for cyber liability insurance is expected to rapidly decrease for smaller businesses as Cyber Liability endorsements may be added to Business Owners Policies at greatly reduced rates.

Source: The Spy Who Robbed Me, Insurance Journal, October 8, 2012

1 vote, 4.00 avg. rating (80% score)
Categories: In The News

Survey: Small Businesses Lax on Computer Security, Need Cyber Liability Insurance

 

According to a survey taken by TrendMicro and Ponemon Institute in 2012:

62% don’t routinely backup data

65% don’t use encryption for sensitive data

52% store sensitive data on laptop or mobile device

72% leave their computers unattended

This survey indicates that small businesses are in serious need of Cyber Liability insurance. Stand alone Cyber Liability policies often have minimum premiums in the $2500 range and have a host of risk management requirements to protect the confidentiality of information. However, more recently, carriers have begun to add Cyber Liability endorsements to General Liability policies with premiums starting in the $350 range and with very few risk management requirements.

Source: Travelers Select Accounts, marketing emails, October, 2012

1 vote, 3.00 avg. rating (70% score)
Categories: In The News

Study Pegs Embezzler Profile

According to a 2011 study from Marquet, an investigative and litigation support firm, here is the typical embezzler profile of employees from a cross section of private and public organizations:

Past Criminal Background:  Almost all embezzlers had no prior criminal background.

Position:  Over 70% worked in accounting, finance, or bookkeeping departments.

Duration Of Theft:  The average duration of theft was about five years.

Technique:  The most common embezzlement techniques involved the use of forged or unauthorized checks.

Motivation:  Paying off gambling debts was a leading cause of 20%, but most just wanted to live a more lavish lifestyle.

Gender:  64% were women.

Average Age Embezzlement Began:  Age 42.

Embezzlement succeeds so often due to inadequate financial controls where there is no segregation of duties.

See prior blog post on Crime Insurance needs for a tech company: Click here

Here are the top three risk management controls to prevent embezzlement:

1. Require a countersignature on all checks or checks over a certain amount.
2. Require bank statement reconciliation by someone who is not authorized to deposit or withdraw.
3. If you allow the use of credit or debit cards, make sure that the monthly statements are reviewed by someone who is not authorized to use the card.

1 vote, 3.00 avg. rating (70% score)
Categories: Crime