Commercial Insurance Managers
8170 Lark Brown Road, Ste 203
Elkridge, MD 21075


Fax: 410-799-3057


Commercial Insurance Managers Blog in Baltimore, MD and Washington, DC

Protecting your brand against adverse social media

By Susan Kim, Staff Writer

Monday March 23, 2015

Thought Leadership on Property & Casualty/Risk & Insurance Management presented by Commercial Insurance Managers.
What happens to your brand when social media turns toxic?
Over one billion people worldwide use at least one form of social media on a daily basis. Most businesses realize that social media is a useful way to build a brand and reach customers where they are—online.
It’s easy to interact with customers via social media if your company has a positive image. But what if one of your employees posts a customer’s private information on Twitter or uploads a video to YouTube of another employee smoking marijuana in the break room? Without the proper crisis response plan in place, your positive brand awareness and goodwill could evaporate. Do you have a crisis response plan?
  1. Be prepared.
The key is being ready before the toxic social media event occurs. Form a social media crisis response team comprised of employees from all departments. Discuss threats to your social media presence, such as a customer having a negative experience with one of your employees or with your product in general.
With potential threats identified, create a crisis response flowchart. The flowchart lets employees know what they can respond to themselves and what might need to be run up the ladder for a more formal corporate response.
The flowchart asks basic YES or NO questions to determine the proper action to take. Benefits of the flowchart include:
  • Ease of implementation. The flowchart should indicate exactly who is in charge of what if a crisis arises in order to get a response out as soon as possible.
  • Consistency. If all employees are following the same plan, your message will have a clear, unified voice.
  • Speed. The flowchart offers a clear way to handle the issue quickly. In addition, set up Google® Alerts or a similar service to keep track of what people are saying about your brand in real-time. That way, you can be on top of a crisis before it turns unpleasant.
  1. Act quickly.
Twenty-four hours in social media time is an eternity. Time is of the essence, and your customers will expect a quick response should you face a social media crisis.
Realize that social media never sleeps—it lives on well after normal business hours. Several members of your crisis response team should keep their eyes on your social media outlets after business hours in case something comes up. Taking too long to respond shows your customers that you’re either not listening or you don’t care, which can lead to more incidents. The longer you wait to respond to issues, the more time people have to tell their friends and spread negative sentiment toward your company.
Using the right medium to respond to a crisis can be a useful line of defense. If the crisis begins as a negative video posted on YouTube, post a video in response. If it begins with a negative comment on your Facebook page, respond there first. If you can contain the problem to one media source, you have a much better chance of limiting the damage.
  1. Tone matters.
Perhaps a useful way to engage your customers is to incorporate a little humor into your social media messages. However, this might not be the best course of action when dealing with a crisis. If done correctly, your tone can ease customers’ minds and help boost the company back into a positive light.
No matter how angry a customer is with your company or its products, do not reply with anger. If a person is intentionally attacking your company, invite them to contact you directly to deal with their issue. If the comment is full of derogatory language or attacks specific employees, delete the comment. However, if the comment is vague and doesn’t attack anyone in particular (i.e., ‘Your company stinks’), deleting it may encourage others to post similar things.
Other tone-related tips include the following:
  • Always be polite and thank customers for their input.
  • Politely correct customers posting inaccurate information, even if it is on another site that you don’t directly control.
  • Be authentic. If you are making an apology, don’t copy and paste the same bland jargon to every comment—customers will see that as being lazy and careless.
  • Humor isn’t always warranted, but it can have a powerful impact to turn your image around. Your customers will realize that people sometimes make mistakes, and a humorous message about how you plan to fix the problem can go a long way.
  1. Follow through.
Just because you have a crisis response plan in place doesn’t mean you’ll be experts when the time comes to execute it. Have quarterly “fire drills” to keep the plan fresh in employees’ minds. The better your employees know the plan, the quicker you can respond.
If a crisis occurs, let customers know you’re taking steps to correct the issue and share your plan. They will appreciate the honesty and you should be in the good graces of your customers again in no time.
Gordon M Mumpower Jr, CPCU, MBA is President of Commercial Insurance Managers Inc, specializing in risk management and transfer of risks to insurance products and services. If you are interested in additional risk management and employee benefit services, call 410-799-2146 or email Gordon at

Click here for more Thought Leadership from Commercial Insurance Managers.

None of my employees would sue me!

Monday, November 10, 2014


You can read the article here.


Protect Against Employment Liabilities

Thursday, November 6, 2014

Employment practices liability (EPL) insurance is a policy used to cover your risks due to some of the most common employment-related lawsuits, including:

  • Wrongful termination – The discharge of an employee for invalid reasons.
  • Discrimination – The denial of equal treatment to employees who are members of a protected class.
  • Sexual harassment – Subjecting an employee to unwelcome sexual advances, obscene or offensive remarks, or the failure to stop such behavior.

EPL works to provide the necessary resources to defend your company against a lawsuit or to pay for a claim. To best understand how to cover your EPL risks, it’s important to know the potential sources:

  • Recruitment practices
  • Employment applications
  • Employment offers
  • Employee orientation process
  • Annual conduct reviews
  • Enforcing performance policies
  • Termination (or improper documentation of the items listed here)

Employment law is complex and varies depending on the jurisdiction.

Well-organized and credible employment documents can demonstrate fair treatment, deter litigation, ensure employee honestly, and, should litigation occur, demonstrate the employee’s actions.

Evidence of desirable employment practices and policies may be required for an EPL policy, and will certainly help defend against a suit (even for a small, home-based business with only a few employees). The underwriter may require a copy of the following policies to show that you are taking steps to reduce your risks:

  • Sexual harassment
  • Equal opportunity
  • Grievances
  • Termination
  • Internet usage/employee privacy
  • Internal job postings
  • Alternative dispute
  • Employment at-will
  • Discrimination
  • Disabled employees and accommodations
  • Employee discipline
  • Performance evaluations
  • Pregnancy leave
  • Hiring and interviewing
  • Resolution/arbitration
  • Employment application forms



Cyber Security for Small Businesses

Thursday November 6, 2014

High-profile cyber attacks on companies such as Target and Sears have raised awareness of the growing threat of cyber crime. Recent surveys conducted by the Small Business Authority, Symantec and the National Cybersecurity Alliance suggest that many small business owners are still operating under a false sense of cyber security.

The statistics of these studies are grim: The vast majority of U.S. small businesses lack a formal Internet security policy for employees, and only about half have even rudimentary cybersecurity measures in place. Furthermore, only about a quarter of small business owners have had an outside party test their computer systems to ensure they are hacker proof, and nearly 40 percent do not have their data backed up in more than one location.

Don’t Equate Small with Safe

Despite significant cybersecurity exposures, 85 percent of small business owners believe their company is safe from hackers, viruses, malware or a data breach. This disconnect is largely due to the widespread, albeit mistaken, belief that small businesses are unlikely targets for cyberattacks. In reality, data thieves are simply looking for the path of least resistance. Symantec’s study found that 40 percent of attacks are against organizations with fewer than 500 employees.

Outside sources like hackers aren’t the only way your company can be attacked—often, smaller companies have a family-like atmosphere and put too much trust in their employees. This can lead to complacency, which is exactly what a disgruntled or recently fired employee needs to execute an attack on the business.

Attacks Could Destroy Your Business

As large companies continue to get serious about data security, small businesses are becoming increasingly attractive targets—and the results are often devastating for small business owners.

According to Symantec, the average annual cost of cyberattacks to small and medium-sized businesses was nearly $200,000 in 2010. Most small businesses don’t have that kind of money lying around, and as a result, nearly 60 percent of the small businesses victimized by a cyber attack close permanently within six months of the attack. Many of these businesses put off making necessary improvements to their cyber security protocols until it was too late because they feared the costs would be prohibitive.

10 Ways to Prevent Cyber Attacks

Even if you don’t currently have the resources to bring in an outside expert to test your computer systems and make security recommendations, there are simple, economical steps you can take to reduce your risk of falling victim to a costly cyber attack.

  1. Train employees in cyber security principles.
  2. Install, use and regularly update antivirus and antispyware software on every computer used in your business.
  3. Use a firewall for your Internet connection.
  4. Download and install software updates for your operating systems and applications as they become available.
  5. Make backup copies of important business data and information.
  6. Control physical access to your computers and network components.
  7. Secure your Wi-Fi networks. If you have a Wi-Fi network for your workplace make sure it is secure

Courtesy of Commercial Insurance Managers, Inc.


What Is a Wellness Program?

Saturday, October 25, 2014

A wellness program is an organized program intended to assist employees and family members in making voluntary behavior changes that reduce their health risks and enhance their individual productivity. Wellness programs vary widely in design and may offer opportunities or incentives for improving health and wellness, such as increasing fitness, losing weight, managing chronic health conditions or quitting smoking.

Why Offer a Wellness Program?
Investing in a wellness program may save money over time by reducing health care costs. Plan sponsors will have to determine whether the value expected to be derived from offering a wellness program is worth the cost. Depending on the scope of the program, it can be a relatively low-cost way to encourage healthy behaviors among participants.

What Legal Issues Are Involved With a Wellness Program?
Wellness programs must be carefully structured to comply with both state and federal law. The Americans with Disabilities Act (ADA), the Health Insurance Portability and Accountability Act (HIPAA) (as amended by the Affordable Care Act), the Genetic Information Nondiscrimination Act (GINA), and state discrimination laws will all impact the design of a wellness program. How state and federal laws apply to an employer’s wellness program is highly fact-specific and depends on the structure of each wellness program. Because of the potential risks of noncompliance, employers should have their legal counsel review wellness programs before the programs are introduced to employees.

Sample Wellness Plan Design
The following is a sample plan provision regarding a wellness program.

A. Wellness

Subject to the participant annual maximum benefit limit of [insert the annual maximum benefit limit], Family Service Foundation will pay benefits for fees incurred by you and your spouse who is a participant, for participation in any of the below-described health and wellness programs that are sponsored by a hospital or a covered organization as defined in (1) and (2) below.

1. A fitness facility or health club will be considered a covered organization by the claim administrator if the claim administrator, at its sole option, determines that the fitness facility or health club meets all of the following requirements:
• Each fitness instructor is certified in cardiopulmonary resuscitation (CPR), and a staff person certified in CPR is on the premises at all times of operation;
• Written procedures exist for medical emergencies with all staff trained in these procedures;
• Liability waivers are maintained on file for each participant by the fitness facility or health club;
• The fitness facility or health club employs at least one full-time staff person with a minimum of a four-year degree in either health education, wellness education, physical education, exercise physiology, physical therapy or public health or employs a full-time physician’s assistant, registered nurse or physician;
• An individual performs and evaluates a review or assessment of medical and physical health for each participant;
• Membership fees are paid by or receipted to each participant on a quarterly or more frequent basis;
• There is a designated manager or director of the fitness facility or health club; and
• The fitness facility or health club has an accepted current wellness services provider application on file with the claim administrator as of the date fees are to be paid by the participant.

2. Other health agencies, post-secondary schools, clinics, fitness facilities or other organizations offering educational programs will be considered covered organizations by the claim administrator if the claim administrator, at its sole option, determines that program meets all of the following requirements:
• The organization employs at least one full-time staff person with a minimum of a four-year degree in either health education, wellness education, physical education, exercise physiology, physical therapy or public health or employs a registered dietitian, registered nurse, physician’s assistant, nurse practitioner, physician, psychologist, psychiatrist or a social worker with a master’s degree;
• The program instructor has appropriate training and experience and consults with a professional practicing in a field directly related to the program topic;
• The program provides each participant with the opportunity to evaluate program content and the instructors;
• The fees are to be paid by the participant on a per-session or per-course basis; and
• The organization has an accepted current wellness services provider application on file with the claim administrator as of the date fees are to be paid by the participant.

3. Subject to the participant annual maximum benefit limit, Family Service Foundation will pay benefits at 90 percent of the fees charged for the following programs sponsored by a covered organization as described above:
• Accident prevention and safety skills education classes;
• Healthy back education classes, including back pain prevention classes;
• Biofeedback education classes;
• Hypertension screening and treatment education classes;
• Nutrition and/or diet instruction including weight control and management classes, including necessary laboratory charges as part of the program, not including any food items or diet supplements;
• Educational classes for alcohol and drug misuse/abuse training and/or understanding;
• Parenting skills education classes (does not include prenatal, Lamaze or birthing education or training);
• Stress management educational classes;
• Smoking cessation programs;
• Classes for wellness concepts; and
• Classes and assessment of lifestyle health risk factors including initial evaluations for admittance to an exercise program.

4. Subject to the participant annual maximum benefit limit, Family Service Foundation will pay benefits at 60 percent of the fees charged for the following programs sponsored by a covered organization as defined above:
• Any continuous three month or more frequent membership fees for aerobic fitness conditioning programs of a qualified fitness facility, health club or other covered organization as defined above, including court fees, circuit weight training and weight lifting that enhances aerobic training (does not include swimming lessons, initiation fees, tanning fees or sauna fees and similar charges);
• CPR classes and instruction on first aid (does not include instructor training courses); and
• Prenatal classes, Lamaze classes and birthing instruction courses.

5. Subject to the participant annual maximum benefit limit, Family Service Foundation will pay benefits at 30 percent of the fees charged for the following programs sponsored by a covered organization as defined above:
• Biomechanical assessment which includes flexibility, body and muscle strength and/or percent body fat measurements;
• Relaxation skills and techniques educational classes;
• Retirement planning and educational classes; and
• Time management instruction and educational classes.

If you or your spouse who is a participant is eligible to receive payment for a fee under more than one of the above paragraphs, Family Service Foundation will pay only the benefit for that program which provides the higher payment to you or your spouse who is a participant.

B. Health Risk Assessment

Family Service Foundation will pay benefits for charges incurred by you and your spouse who is a participant, from the facility currently contracted by us to provide this service and associated with the completion of the personal health risk assessment. You (or your spouse) will be required to provide authorization before completing the assessment.
The completed forms will be submitted to the facility at the address provided on the form. Confidential return of the evaluation will be directly to you or your spouse who is a participant. Family Service Foundation does not receive any individually identifiable health information. Family Service Foundation does not require you to complete a health risk assessment.

C. Additional Wellness Information

Family Service Foundation will provide plan participants with a health and wellness newsletter on a regular basis, as well as periodic pamphlets and brochures on health and wellness topics.
Family Service Foundation will have DVD programs on health and wellness subjects available for loan to plan participants. Such programs are subject to change, and availability will be on a first call basis.

Commercial Insurance Managers, Inc. welcomes the opportunity to help your organization implement a new wellness program, or make changes to an existing wellness program.

This copy of Plan Designs is not meant to be provided as legal advice. Readers seeking legal advice should contact an attorney. © 2007-2012, 2014 Zywave, Inc. All rights reserved.


Cyber Insurance

By Gordon M. Mumpower, Jr. President,
Commercial Insurance Managers

Friday, October 24, 2014

Security systems are installed to prevent hackers from unauthorized access into computer networks.  Hacking is prevalent by individuals who are employed within or outside companies, groups from around the world, teenage amateurs, sophisticated techies, and your spouse late at night. You purchase the best technology from the smartest and innovative vendors to protect your company and clients from data breach, unauthorized access, theft of digital assets, human error, cyber extortion and malicious digital infection protection. What am I talking about! You have everything you need except what the hacker is doing tomorrow. What else do you need?

CyberSecurity Liability coverage is marketed by several insurers which recognized that even the best digital system is still vulnerable. You need not only protection for your clients but also protection from destruction of your digital systems and loss of income while the hacker’s damage is being repaired. Cyber Extortion is also a threat. A US Based information technology company contracted with an overseas software vendor. The vendor left universal “administrator” defaults installed on the server and a hacker was paid $20,000 to exploit the vulnerability. The hacker threatened to post the record of millions of registered users on a blog. The extortion expenses exceeded $2,000,000. Cyber coverage can combine third party and first party coverages worldwide. Direct loss and legal liability with consequential loss from Cybersecurity breaches are covered. Third party coverage includes lawsuits arising from intellectual property, trademark and copyright infringement.

Disclosure, content reputational, conduit and impaired-access injury are also covered. First party cyber crime expense is optionally covered protecting you from privacy notification expenses, crisis management and reward expenses, e-business interruption, e-theft and e-communication loss, e-threat and e-vandalism expense.

Some of the cyber policies are comprehensive and worldwide. The cost might pleasantly surprise you.


I Was Attacked by the Keylogger Malware!

By Gordon M. Mumpower, Jr. President,
Commercial Insurance Managers

Friday, October 24, 2014

It started like any other day at home waiting for the laptop to acquire the internet! I was receiving unexpected advertising pop-ups. I called a computer tech friend and he found out that I had 141 viruses, which he had to remove. He also told me about the Keylogger malware he also found.

The Keylogger records every key stroke of the computer to acquire passwords and other personal information. I had to change every password to any websites, checking accounts, and online store accounts. That’s a lot of password.

I am just a small businessman. I am not Social Security, Target, Home Deport or other organizations that domestic or foreign hackers are trying to invade. I don’t carry around customer names and addresses, social security numbers, Medicare numbers, bank account numbers, or other third party information. What would have happened if someone stole my identity using the Keylogger malware? They would be able to steal information and assets from my personal and business checking accounts, order merchandise using my credit card accounts and do a lot of mischief with my credit rating. This is only from my personal and business accounts being hacked.

What about my customer information? I do have a link into my office server so that I can work remotely. I had to change my remote password to my office server.

Employee records? I take pride in being paperless in our office. I have their confidential information saved on my server.

What if a hack entered my office server and accessed all of this information. I would have to let all of my customers know they had been compromised. My employees would have to be notified. My computer server, desktops, and laptops would need to be updated and protected.

How long would I be out of business and how much would it cost me to get back into business? Business interruption and additional cyber expense is not covered under my office insurance policy. I know I have to purchase e-business interruption insurance from specialty insurance companies.

What have I forgotten? MY MOBILE PHONE! Did I leave it in the car or at the restaurant? It has direct access to my checking account, savings, Visa , and American Express applications and passwords? Did the Keylogger get into my cellphone too? With or without cyber insurance, you should have a Mobile Device policy, keep the devices updated with the most current software and antivirus programs, back up content on a regular basis, and choose your passwords carefully.


Introducing our New Blog

Friday, September 26, 2014

Welcome to our new blog. Check back soon for the latest news, updates and information that you need.