7 Ways to Minimize Small-Business Risks

If you’re a small-business owner, you’re by definition a risk-taker. The danger, however, of being comfortable with taking leaps of faith is that you can sometimes overlook smart and simple ways to minimize the damage if your leap ends in a fall. 7 ways to minimize small-business risks”. 21 August 2009.  Bankrate.com. 21 August 2009. <http://www.bankrate.com/finance/money-guides/7-ways-to-minimize-small-business-risks-2.aspx>

Here are seven ways to do just that.

1. Be cash-conscious

“The number-one risk for most small businesses is improper cash-flow management,” says Scott Lovingood, CEO of The Wealth Squad Inc., a small-business consultancy in Riceville, Tenn. “Calculate every month how much money you have on hand and how long it will last if your income dries up. Also evaluate monthly your total accounts payable and the number of days accounts are outstanding because a slowdown in accounts payable will lead to cash-flow crunches.”Avoid those crunches by creating a contingency plan and setting aside three to six months of operating costs in reserves. “In the contingency plan, ask where your business would be three to six months from now if you lost your biggest client,” explains Lovingood. “Which expenses could you cut? Which would you have to keep paying? That number of three to six months is variable because you could have cash-flow problems for various reasons. Losing a key customer could take away 50 percent of your revenue, but it might also take away 50 percent of your expenses.”

2. Insure against your specific risks

It’s not enough to purchase standard insurance policies. You must know the specific risks your business faces and insure against them. “There are a lot of key risks that business owners don’t realize they’re not covered for,” explains Andrew Cohn, president of ALC Risk Solutions Inc., an insurance agency in Boca Raton, Fla. “Today I met with the owner of an air-conditioning company. He didn’t have coverage for his equipment if his tools or air-conditioning units were stolen during an installation. He also didn’t have coverage for customers’ property in his workers’ care and control. If his workers moved an armoire, and it was damaged or injured someone, he wasn’t covered.”If your business includes an online component, determine how effectively your policies cover that aspect of your business. “Assume you have a shoe store,” explains Jonathan Ezor, a law professor at Touro Law Center in Central Islip, N.Y. and special counsel to The Lustigman Firm, a New York City law firm. “You probably have coverage for inventory, along with business-interruption insurance. But does the business-interruption insurance cover you if your Web hosting company goes out of business and your online business is down for two months? Probably not. You may also host an online forum where customers can talk about shoes. If someone posts child pornography or a computer virus there, is that covered by liability insurance meant for slips and falls on the sales floor? Probably not.”

3. If your business changes, your insurance should, too

Meet annually with a trusted insurance broker to determine whether your business has changed in significant ways that require modifying or adding coverage. “Go through a checklist of coverages and have a discussion,” advises David Kirkup, a partner at Atlanta-based B2B CFO, which provides part-time chief financial officers to small- and mid-sized firms. “What new things have you done in the last year? Have you acquired a company, introduced a new product, begun to do business in a new state or country, hired different people — all those things might trigger a new risk.”

4. Insure key people

If key staffers leave or can’t perform their duties, your entire business could fail. “You’ve got to have key-person insurance on anyone who’s mission-critical to your business,” says Lovingood. “If you already have key-person insurance, review your policy quarterly because it may be outdated if your business has grown dramatically.”

5. Use contractual indemnification clauses

Seek indemnification for potential damages caused by other businesses and people your business relies on regularly. “Let’s say you distribute a piece of software to your customers,” explains Ezor. “It turns out the provider didn’t have the rights to the software, and you get sued. That’s where indemnification comes in. But it’s only as good as the finances of the other party. If you’re worried the finances on the other side of the contract aren’t sufficient for the possible risk, you can contractually require the other company to maintain insurance.”

6. Give yourself an out

If you launch a new venture or enter into a new contract, you need to be able to cut your losses if it goes bust. “Your contract should cover how you can end the relationship,” says Ezor, “and what happens when you do.”

7. Create separate entities

Any time you take on a new risk, consider creating a new legal entity. “If a new risk involves the same market but a different set of customers, you probably don’t need a new entity,” says Lovingood. “But if it adds additional risks from a monetary, lawsuit or partnership standpoint, you need a separate entity. Any time you cross state lines, add partners, or add legal risks your current business doesn’t already deal with and that you’re not insured for, look at separate legal structures.”Also use separate entities to prevent the loss of your assets. “Whenever significant long-term assets exist, consider a separate holding entity,” explains Kirkup. “Real estate is the prime example. Put property into a separate entity, and rent it back to the business. Another example could be patents for your products.”

Don’t shy away from creating new entities because of the cost. “In most states, setting up a corporation or limited liability company costs $400 to $600, and your accountant may charge you to do an extra tax return,” says Lovingood. “You may pay only $1,000 a year for additional risk and asset protection.”

The key to minimizing risks is foreseeing and preparing for them. “Small-business owners can get off track by falling into the prediction trap,” explains Randy Park, a Toronto-based author and speaker on small-businesses. “You assume that what happened yesterday is going to happen tomorrow. But you need to be really clear on the risks affecting your business model.”

Filisko, G.M. “7 Ways to Minimize Small-Business Risks”. 21 August 2009. Bankrate.com. 21 August 2009.  <http://www.bankrate.com/finance/money-guides/7-ways-to-minimize-small-business-risks-1.aspx>.

Information Security: Why Cybercriminals are Smiling.

Hardly a week goes by without some new internet security snafu being reported. And with web usage exploding, expect to hear about a lot more. According to a new analysis from Forrester Research, the number of Internet users is forecast to grow 45% globally over the next four years, reaching 2.2 billion by 2013. More people online, more data to hack — it’s a cybercriminal’s paradise.

Many people don’t yet fully understand the enormity of the threat — to individuals, their families and the companies that they work for, warns Andrea M. Matwyshyn, professor of legal studies and business ethics at Wharton. A frequent public commentator on the topic, Matwyshyn is the editor of a forthcoming book titled, Harboring Data: Information Security, Law and the Corporation.

In an interview with Knowledge@Wharton, Matwyshyn is joined by two of the book’s contributors, Diana Slaughter-Defoe, professor of urban education at University of Pennsylvania, and Cem Paya, a data security expert at Google, who discuss the major risk management gaps that are leaving valuable data assets unprotected not only in the office, but also at home, while also sharing a number of measures that everyone — from parents to CEOs — can take to avoid Internet security disasters.

An edited transcript of the conversation follows.

Knowledge@Wharton: Your forthcoming book says that otherwise sophisticated business entities regularly fail to secure key information assets and that many companies are struggling with incorporating information security practices into their operations. Why is that the case?

Andrea M. Matwyshyn: It’s not apparent to me exactly why this is. But there seems to be a process-based failure under way. It’s in companies’ interests, internally and externally, to secure their information assets. Internally, when a company experiences a data breach, it is potentially compromising trade-secret protection on key intangible assets. Externally, it is going to get bad publicity and trust will diminish among customers, business partners and even its own employees. So securing information assets is a win/win.

[Our speculation] about what may be driving the failure to secure assets [is] partially based on historical … facts. Information security [has been] generally viewed as the province of IT departments, and at one point that may have made sense. But at this point, IT security needs to have a process approach, [coming] from the top layers of a company and a culture of security [should be] filtered through the company’s lower layers.

Security breaches can happen not only in a company’s servers, but also as a result of an employee inserting a CD, [as was] the case of a Sony rootkit problem that arose a few years ago [when its CDs automatically downloaded digital rights management tools on to computers]. [Similarly,] an employee can insert a CD into a PC at work to listen to some music and the vulnerability that arises because of, for example, some digital rights management software on that CD can lead to an employer’s network being compromised. Employee education and [a] top-down [approach to] security information assets are an organizational priority, which is something that hasn’t necessarily permeated corporate culture.

Knowledge@Wharton: It sounds like a company pays a steep price when it fails to do all the things that you suggest. Could you give any examples of companies that have faced problems as a result of not having secured their information assets?

Matwyshyn: The recent example that comes to mind is The TJX Companies. TJX had an extensive database of consumer information because it’s a retailer. [In 1996] a hacker sitting in a car in the parking lot of a Minnesota store with relatively primitive tools accessed its network, compromised it and stole millions of records, subsequently resulting in banks needing to reissue TJX credit cards. There may be incidents of identity theft associated with that activity as well. TJX paid a high price in the press and the banks filed a class-action lawsuit against it.

The costs imposed on other entities because of security breaches [at a company] are starting to result in court cases, and at entities that are forced to reissue cards and absorb the costs [are] finding it unacceptable to pay the price for other people’s security practices.

Part of this stems from the nature of information assets. When a company possesses sensitive information, each subsequent sharing of that information creates another dependency, another point of risk. A compromise anywhere in the chain of possession … is the equivalent of a compromise along every point. So the banks in the TJX case were not pleased, the customers who had data compromised were not pleased and TJX had regulatory action [launched] against it because of that breach.

Knowledge@Wharton: Are there any causes at the macro or social level that have led to information security failures?

Matwyshyn: There are some technological causes, structural causes and legal deficiencies that exacerbate the problem. Information security has become more prominent in part because broadband access is so prevalent. People are using the Internet more, which is a good thing. But such information sharing is leading to additional points of vulnerability. Twenty years ago, there weren’t databases full of such rich consumer information as we have today. The ease of sharing information through the Internet generates targets for information criminals. At this point, the identity-theft economy is on par with or surpassing the [illegal] drug economy.

So when you have a financial incentive driving criminals, dissuading them [from perpetrating a breach] is very difficult and they’re going to innovate to stay one step ahead of information-security experts….

[As for those of us who] think about the legal issues, we haven’t resolved the fundamental holes in our legal structures, which might stop some of this from arising. For example, with extradition treaties, we might expect that if we [in the U.S.] prosecuted an individual cyber criminal somewhere in an Eastern European country who hacks into a U.S. database, [one would think that] we would simply work with the other country to execute the extradition. Alas, it’s not that straightforward in part because to get the extradition, the act that was committed must also be illegal in the other country. In many countries where cyber criminals live, the acts that they’re engaging in aren’t illegal, and their governments are not going to extradite these individuals…. On top of that is the lack of a reciprocal regime for recognizing judgments in other countries, which predates the Internet…. We just never resolved the convention on jurisdiction and judgments to allow us to have our judgments in our courts efficiently enforced in other countries.

Now with the rise of international information crime, these problems are highlighted yet again and we need to take a step back legally and work through some of the gaps….

Knowledge@Wharton: What’s the solution? Do we need more international coordination among legal entities?

Matwyshyn: Absolutely. We need to get some harmonization in cyber crime and the opinion of the international community as to what is acceptable computer conduct. In an economic downturn in particular, this problem reaches a new level because with the ease of information crime and the lack of … job opportunities, it is expected to get even worse.

Knowledge@Wharton: The fascinating thing about your book is the examples of the techniques that cybercriminals use, such as phishing and zombies. Could you describe some of those techniques?

Matwyshyn: Phishing takes the form of an email arriving in an unsuspecting user’s email inbox. The user sees an email from what is assumed a trusted service provider. The email contains a link. The individual follows the link and is asked to provide information, maybe a log in, password or the last four digits of a Social Security number. The information is used by the criminal, sometimes in connection with other information the criminal has purchased online on the black market or even from a legitimate source, which may not have been careful in vetting [who is buying] the information….

The other possibility of a phishing attack is that by following an unsafe link, a person’s computer becomes part of a zombie “botnet,” meaning that someone remotely takes control of the machine … [which is then] used to attack targets, generate spam or engage in other types of [unwanted] activities. We’ve had instances of power grids being threatened by zombie botnets. And there’s speculation that zombie botnets are being used by some countries as a form of cyber war against countries they don’t [want] to prosper.

Knowledge@Wharton: What happened at the job website Monster.com?

Matwyshyn: There was a particular incident at Monster that I mentioned in the book, but since then it has had at least two more. Despite it alleging that it has been trying to improve its security, the bad guys are still getting in.

What happened [in the case mentioned in the book] was that some individuals posed as employers and by using Monster resources, they mined information about job seekers and consequently sent them emails containing malicious code, which [the job seekers] downloaded, with their security being compromised….

One of the controversies arising [from subsequent failures] involves data breach notification legislation [requiring companies to tell customers if their information has been put at risk]. Data breach notification legislation now exists in [45 U.S. states], the District of Columbia, Puerto Rico [and the Virgin Islands], and there’ll be probably a few more [states complying] by the end of the year. There’s talk of harmonization, but we’re uncertain when that’s coming. But Monster, not necessarily violating the timeframes stated in the legislation, didn’t notify its customers as promptly as it could have, so the argument goes. If you looked at the website of its information security service provider, you [found out] that it had an information security problem sooner than you did from the Monster website, which led to some criticism, as you might imagine, that only an elite group of people knew [first] about the compromise rather than the individuals who may have been most impacted, the users of Monster.

After Monster’s latest breach, [there was] a posting on its website informing users about [it]. It was posted, I believe, on January 20th, without much fanfare. It is still working through its security problems. That case [involved] individuals with legitimate credentials. Where they got those credentials we’re not sure. It may have been through a different attack before their interactions with Monster. A series of compromised firms may have led to the attacks [in] the Monster database of consumers who had posted their resumes [online]. Of course, with unemployment rates skyrocketing, targets such as Monster will only become more attractive to information thieves. And thinking about the amount of information that an individual puts on his or her resume, a lot of very sensitive, personally identifiable information can let someone pose as you very efficiently.

Knowledge@Wharton: People tend to disclose all kinds of things about themselves in [social] networks like Facebook and LinkedIn as well. Does that affect information security?

Matwyshyn: Very much so. First, as you mentioned … individuals voluntarily disclose a significant amount of information. But if you ask them, they’ll say they’re very concerned about their privacy. When [such] contradictory behavior [is combined] with difficulty in using privacy settings on websites, [people] sometimes don’t realize how much information is readily available to the public.

There was an incident last year [involving] consumer purchasing on other websites linked to … profiles on Facebook because Facebook had a piece of code, the beacon, that would post information found in its profiles about consumers’ purchases on other websites. Although this was within the [usage] terms [that consumers] had agreed to when they signed up for Facebook, there was an … instinctive reaction of shock on the part of many users that [such] information was pushed [out]…. That was perceived by many users to be too invasive…. Facebook recognized that the beacon plan was a little [too] aggressive for consumer tastes … and it consequently made the privacy settings easier to maneuver. But there is a bit of a contradiction between users’ behavior and users’ stated preferences on privacy.

A corollary concern for information security, as a result of social networks such as Facebook, is that platforms on those networks enable developers to generate interesting, fun, new applications for users to interact. There’s really no information security vetting of those applications by the central platform provider, Facebook in this case. The applications request information on a users’ entire portfolio of friends and then all of those people have data that is possessed by the application provider. What the application provider is using that data for and the extent of secure storage that [it] uses are unknown [to users] and Facebook or another social networking site is not going to [publicize] it. It’s not in their interest to do so because they’d rather not be associated with that relationship. They just want to provide the platform. But most users don’t realize or don’t analyze the extent of information sharing that happens through, for example, the applications….

Knowledge@Wharton: When it comes to financial data, do security breaches have a different root cause than other kinds of information?

Paya: [All] security breaches are ultimately caused by a failure in a process or implementation of a security policy. But the damage [from financial information breaches] does have a unique, unusual root cause [in] that financial information cannot at once both be distributed to thousands of entities and be so valuable that mere knowledge or access to it is enough to cause monetary losses. We can’t have it both ways.

It’s not so much that the breaches are surprising. It’s that when a breach occurs, the fact that there is no damage control and containment are impossible is a function of how we … use financial information.

Knowledge@Wharton: So financial information is unique in the sense that it is both confidential and widely disseminated?

Paya: Exactly, that’s the paradox.

Knowledge@Wharton: How can a balance be maintained to allow online commerce to proceed? Clearly online commerce is growing, but we need to figure out a way to balance those two things.

Paya: Since we are not going to put the genie back in the bottle, the only option is to reduce the secrecy requirement and ask, “What happens if my financial information is no longer that secret? What if my credit card number is known by other people? Is that a situation we can deal with?” And surprisingly, for that particular type of information, the answer [to the latter] turns out to be, “Yes.” The credit card networks realize that they can absorb the cost of fraud entirely. They can still say to customers, “Continue to shop freely, you can disclose your credit card number to anybody you like. Continue typing in that number. If there’s any fraud, the system will absorb the losses and you don’t have to worry about it.” And they found that that risk management actually works, that the profits made by the credit card networks more than outweighs absorbing fraud losses.

Unfortunately that’s not the case for other things. Social Security numbers, which have become essentially financial information … because of their use in credit reporting, aren’t at that stage yet. But for credit cards, we have [achieved a balance]….

Knowledge@Wharton: The paradox that you talk about also applies to financial information generally. For example, a company about to merge with another … [will keep] information about that event confidential [during negotiations]…. But once the announcement is made it is, of course, expected to be widely and publicly disclosed. Are there any lessons from the offline world about how you manage this paradox of confidentiality versus the public nature of financial information that can be applicable to this space?

Paya: In the example you’ve mentioned, the shelf life of the secret is limited. If the merger talks are going on for three months, all you have to do is keep it secret for three months…. Best practice is to make sure that your secrets have short shelf lives and can be frequently renewed. That’s not something generally followed with consumer data. Credit cards have multi-year expiration periods and Social Security numbers are indefinite [since] you have one for life.

The lesson from the offline world is … acknowledging the fact that the longer a secret exists, the greater the probability of a breach of confidentiality. So try to limit that window of time. That’s a lesson that hasn’t quite carried over to the consumer financial data, because much of [it] has a very long shelf life.

Knowledge@Wharton: What is the legacy design problem you refer to in the book and how does it affect financial information security?

Paya: The legacy design problem … is the assumption built into many systems and processes we have today that the way transactions will be carried out is by a disclosure of secrets. In other words, to buy something on the Web, I must disclose my credit card number to the merchant. To obtain credit, I must disclose my Social Security number…. To sign up for a cell phone service, I have to disclose my Social Security number.

[What] if we were to say, “Let’s stop doing that and come up with a better way for consumers to, for example, authorize payment or run background checks?” And then say, “Here’s this brand new, far more secure, better designed system.” We’re still stuck with all the processes … that only understand credit card or Social Security numbers. Even if magically … we could deploy something better that gave consumers more control over their data and wouldn’t require them to disclose secrets as part of everyday transactions, there would be a huge and slow migration effort to make a dent in the problem. We’re not starting from scratch, but from the assumption that it’s okay to disclose secrets and that’s how many transactions work.

Knowledge@Wharton: Could you discuss some of the biggest mistakes companies make while trying to protect the privacy of their financial information?

Paya: The biggest mistake … is not having a clear handle on where the information lives. The design of large systems calls for a lot of redundancy. Data is copied, duplicated, backed up, sometimes sent to different partners, data warehouses, shipped off site in case some catastrophic event destroys your data center. So data has a tendency to replicate itself. And one of the big challenges is when companies lose track of where the information is. It’s very hard to point to a particular computer or a particular rack and say, “This is where all the credit cards live.” …. The problem is that the more spread out they are, the more points of failure you have to worry about…. The first challenge [arises by] not having an inventory of what you’re collecting, even if you know where you collect it, not knowing where exactly you put it.

Matwyshyn: [Cem’s] commentary is borne out by PricewaterhouseCoopers, which did a survey of chief information officers, chief security officers, high-ranking … decision makers…. One of the startling [findings] is that a large number, approximately 30%, of the respondents could not provide information about where all of their information assets were stored and this is self-reported. A significant number, similarly, could not identify what the major threats were that the company faced in terms of information security. And many of the individuals stated their organizations did not have a comprehensive information security policy.

There’s a broader lack of planning in many enterprises. In their defense, this field is relatively new. However, the downside of not securing information assets is so severe that it’s important that companies start to focus on process-based, top-down initiatives to incorporate information security at every level of their enterprise. Really the neglect is reaching the point that … an argument could be made that the lack of planning that’s prevalent in U.S. companies may give rise to cause a breach of fiduciary duty. That’s serious. We’ve reached a turning point. This is when it really needs to be addressed aggressively in a process-based approach throughout enterprises.

Slaughter-Defoe: A lot of the people [running companies] are parents, and if this is how they’re functioning at their workplace, you can imagine what they must not be doing at home.

Knowledge@Wharton: If in this room with us right now there were the CEO and the CIO of a company who heard everything you said and they want each of you to give one piece of advice of how they can do better job protecting their information assets, what would that advice be?

Matwyshyn: The first piece would be to set up a top-down process and a culture of security. Have every employee go through mandatory information security training regularly. Have every employee know what to do in the case of an information security breach. One of the key mistakes that many companies make, and I talk about this a little bit in my chapter, is that people from the outside [of a company] will report a security breach and employees simply won’t know what to do with the information. They won’t know who to contact internally to stop the bleeding. Each individual in an organization needs to recognize the importance of the team effort in keeping information secure. And the tone really needs to come from the top.

Slaughter-Defoe: This problem, based on what I’ve heard today and at other conferences, has reached a point where attention needs to be called to the nation’s Department of Homeland Security. They need to get this book. They need to look this over…. They need to think about this in terms of future directions of the nation. There was one comment [today at the conference] from a gentleman about how his state … [is] at least ensuring that there is appropriate communication between people who were engaged in rescue operations. In a manner of speaking, if you project the next 20 years or the next generation, that’s what we’re talking about here. We’re talking about at the state level, resources will be coordinated to protect families and where people work, now that the genie is out of the bottle. I don’t think anybody, say, 20 or 30 years ago thought this was a serious issue that they would have to address. But it’s very much with us. And it puts us in a new era.

Matwyshyn, Andrea. Interview with Knowledge@Wharton. Knowledge@Wharton. August 2009. 20 August 2009. <http://knowledge.wharton.upenn.edu/article.cfm?articleid=2317>.

Uninsured Drivers Racing at Own Risk

Tim McCreadie of Watertown, N.Y., capped his return to dirt late model racing last August with a victory in the Topless 100 at Batesville Motor Speedway. He added a couple more major victories in the closing months of the season, but his 2009 began with disaster.

In January, he returned to Tulsa for the Chili Bowl, the nation’s top midget racing event where McCreadie had stunned a field of NASCAR and open-wheel drivers to win in 2006.

The last thing he remembers is leading a B-Main qualifier when his car began vibrating.

A problem in the rear axle of his midget car was the reason for vibration, and the crash that followed was spectacular. It immediately became You-Tube fodder, the images of his car bouncing and barrel-rolling over the catch fence at the indoor facility.

When McCreadie awoke, he had two problems: His back was broken, and he didn’t have health insurance.

An estimated 25,000 drivers like McCreadie compete on more than 800 dirt racetracks in the United States, according to an Associated Press story last month. No one keeps count of how many have insurance, but people in the racing and insurance businesses say as many as 80 percent of drivers do not carry coverage.

A handful of Arkansans race on dirt professionally, most of whom will compete at the 17th annual Comp Cams Topless 100 this weekend at Batesville Motor Speedway. They all struggle with the financial burden of health insurance, which is a considerably higher cost because of their jobs.
“I’ve got some,” said Batesville’s Wendell Wallace, the 1998 Topless winner. “But a race-car driver is considered a high-risk, like an airplane pilot or something like that. Our insurance is just real high.” Batesville’s Billy Moyer, a member of the Dirt Late Model Hall of Fame who is a four-time Topless winner, discovered how much red tape was involved when he mangled his thumb in a racing accident during a Hav-A-Tampa Dirt Late Model Series national event at Little Rock’s I-30 Speedway in 1997.

“I found out if you have better insurance than the racetrack has, you’re better off not to have any insurance,” he said. “I had 17 pins put in that thumb … a pretty major deal. My insurance ended up paying for more than the racetrack would. The racetrack insurance was a secondary thing.” The insurance carried by tracks has improved over the years in many cases, although policies still vary. Most pay either a percentage of the amount or a set amount, usually up to around $10,000. I-30 Speedway’s policy also includes a $1 million payment upon death.

Dennis Huth, president of American Speed Association, estimates that a typical track’s policy offers $20,000 to $30,000 in medical coverage for injured participants. “But there are tracks out there that carry $5,000 in medical insurance,” Huth told The Associated Press.

Many drivers avoid the high costs by deception, not mentioning that they drive race cars on their insurance paperwork. One driver, who wished to remain anonymous, said that after breaking his arm in a racing accident he took painkillers and went home. The next day, he told emergency room personnel and his insurance company the injury happened on his farm.

“When they get to the racetrack, they really don’t think about” it, Laura Hauenstein, president of WSIB Motorsports Insurance, told The Associated Press. “And when you bug them and say, `Hey, we need to do this,’ it’s like the last thing that they’re thinking about.” Greenbrier’s Bill Frye said he can’t afford to carry insurance that will cover him while he’s in his race car.

“Insurance is a double-edged sword for me,” said Frye, the 1996 Topless winner. “It’s sold on the fact of fear. That’s the only reason people have it.

“I feel safer on the racetrack than I feel going down the road every day. But you’re going to get hurt racing sometimes. You’re going to break a hand. There’s a chance you’ll die out there or break your back.” The only medical coverage for McCreadie at the Chili Bowl was through a small policy bought by the event promoters.

McCreadie bought insurance when he briefly drove for Richard Childress Racing in NASCAR’s Nationwide Series last season. But when RCR let him go, McCreadie let the policy lapse. That’s when he got hurt.

McCreadie is back racing – after months of rehab and a few fundraisers to help pay his medical bills – and is expected to be among the favorites when he returns to defend his Topless title this weekend.

Now, however, he’s insured again.

“The bills are coming. I’d be happy if I could almost break even when it’s all over with,” he said. “I wish I could go back and change it, but only good can come out of this if all of a sudden everybody goes out and gets insurance. If people get hurt, at least they’re covered.”

Written by: Rodgers, Steve. “Uninsured Drivers Racing at Own Risk”. Arkansas Democrat-Gazette. 14 August 2009, pg. 21+25.

"Sunshine Insurance"-Don't Vacation Without It

Planning a vacation but worried that bad weather may spoil your trip? No worries–companies now offer “sunshine insurance” to protect vacationers against poor weather.

The insurance policy, offered by French travel agencies Pierre et Vacances and FranceLoc, will reimburse travelers for a portion of their holiday expenses if they suffer at least four days of rain in a given week. Clients can purchase coverage for up to 400 euros ($571).

To calculate whether or not consumers should receive compensation, Pierre et Vacances will study satellite photos from the French weather service. If it’s determined that a holiday was rained-out, a reimbursement check will be mailed to their home address.

In a trial run last year, 10% of clients saw sufficient rainfall to receive money back.

Lufthansa, one of the largest airlines in Europe, is offering “sunshine insurance” too. On flights to selected destinations, passengers will receive 20 euros ($28) for each day with 5 millimeters or greater of rainfall, up to 10 days.

Written by: Robert Lewis, August 13, 2009, www.blog.insweb.com, <http://blog.insweb.com/2009/08/sunshine_insurance_-_dont_vaca.html>

“Orlando: Home of the So-Called ‘Happiest Place on Earth’” A Cleveland Fan’s first hand account from Game 6 in Orlando

My roommate and I, both females in our mid twenties have been dubbed Cleveland Cavaliers “superfans” by many of our friends especially this past season. It was no surprise to anyone that we flew to Orlando on a whim to watch the Cavs vs the Magic in game 6 this past Saturday. We went into it expecting being greatly outnumbered by many intense fans, but we had no idea what was in store for us.

Before arriving at Amway Arena (we got there about 45 minutes before game time) we decided in the taxi that we would take the “high road” approach toward the fans. Obviously, in any sporting event, especially the playoffs, you’d expect the hometown fans to be intense; we figured it’d be safest for the two of us to just take the comments in strides, wish the opposing fans good luck, and refrain from making any cocky or rude remarks in return.

We hadn’t even been there 30 seconds, and a group of men started yelling in our faces and booing us as we walked towards the Magic Fanfest area. At this point, we thought it was funny.. and just wished them good luck. A little further my roommate and I were greeted with a group of young men who attempted to spit on us, tear up the posters I was holding and eventually grabbed my jersey and was pulling on it. I had to actually yell at them to “quit touching me”. Again I repeat, we were just WALKING outside, not saying a word.

As we finally get shuffled into the arena before the game like a herd of cattle, the woman taking tickets decides to scold my roommate because her ticket is folded saying “I don’t have time for this… do you see how many people are waiting in this line”. We didn’t realize this would be foreshadowing for how we would be treated by ALL workers inside the arena. We decide to get beer before we make it back to our seats, and instead of being asked what we wanted the people behind the counter laugh at us, and say they can’t serve us. After about 3 minutes (this isn’t exaggeration) of laughing at us, they finally ask what we want… we say “Miller Lite”… they then make fun of us saying “of course you want Miller Lite, you’re from Ohio”. Great service so far, right?

Finally we make it to our seats, and proudly raise the posters we made during the pre game warm ups. An elderly woman (I’d say she’s about 80 years old) who is sitting 6 rows behind me starts screaming at me and telling me to sit down because she can’t see. There is absolutely NO WAY possible I was obstructing her view. But being the polite person I am, I just sat down, no need to draw any more attention to us. So the game starts and my roommate and I are the types of fans to cheer…a lot. Every time we said anything, every man or woman in the vicinity of us stared or yelled directly at us. One guy who had been giving us a really hard time actually ID d us saying “if you’re actually from Cleveland I will respect you”. We literally had to take our ID’s out for some guy from Orlando just to be left alone for 10 minutes. Again I repeat we did and said NOTHING negative, at this point we knew better!

We decided to chance running to the bathroom, which ended up being not as bad as expected, and upon our return someone in the rows behind us spilled their entire drink under our feet. We had asked someone in the arena to help us mop it up, but of course nothing happened. The mess was only cleaned once a Magic fan so politely asked for me. (Another example of fantastic service at the Amway Arena). As the second half went underway, my roommate and I did what we have done all season, remained positive even when we could see the game slipping through our fingers. Anytime anyone would even score a basket we cheered as normal and the fans continually screamed in our faces. As the game neared about the 2:30 mark and shouts of “MVP” for Dwight Howard were being chanted, one of the classiest fans in the stands decided to take his keys and shake them 2 inches from our faces. This being the only time I actually broke down and said anything screaming to the guy to leave me alone. The only reason he left us alone eventually is because an older gentlemen (fellow Magic fan) said we didn’t do anything to him, and asked to leave us alone.

As we hit the 1 minute mark my roommate and I decided to sneak out of the arena and try and figure out how we were ever going to find our cab driver. On our way out fans were booing and yelling at us, meanwhile all we did was wish them good luck in the finals. (at this point I’m choking back tears of frustration with the fans and disappointment in my team.. we couldn’t get out of there fast enough!) We rush to the Marriott nearby thinking we could find our cab driver there; unfortunately he said he couldn’t get us for another 35 minutes. At this point, I am actually questioning our safety and concerned about where we can hang out for 35 minutes. As we say something to the girls working the desk at the Marriott they tell us, “why don’t you just take off your jerseys”. Well excuse me, but I thought I had the right to like my own team without being completely harassed. So at this point, like lost puppies we walk the sidewalks trying to figure out where to find our driver, can’t find him so we wait in a corridor of the entrance of the hotel. We aren’t speaking or even looking at anyone else, meanwhile the absolute hatred kept coming our way. Finally our driver is on the way, and at some point walking in the sidewalks the security and police directing traffic ended up even laughing at us and making rude remarks. Pretty incredible.

Our cab driver finally comes to save us (I now refer to him as my savior) and decides that we need to stop at a gas station to get beer so we can go to our hotel and drink (since obviously we can’t be in public). At the 7/11 we were at the woman behind the counter starts screaming at us across the room “you catch that game? SUPERMAN! You see that mvp SUPERMAN blahblah blah”screaming at us while we are trying to pay for the things we were purchasing.  Again we just responded with yep, good luck in the finals. All we were doing was buying a 12 pack of beer, and we couldn’t even skate by that without being harassed.

I am sure there are more accounts of complete harassment and inhumane treatment we received that I’m not even mentioning in this statement. After reflecting on all of it, I can say I have personally never been treated more poorly just for wearing a jersey. I have been to countless Browns games where fans for both teams completely taunt eachother, but for fans who aren’t saying or doing anything negative to be treated so poorly that they are actually scared is absolutely absurd. After my two days in Orlando it is safe to say that I will NEVER cheer on a team that houses such poor sports and horrible fans. I usually would cheer on our conference, last year I even mustered up the strength to cheer on the Celtics as they advanced to the finals. You can be certain that’s not the case this year.

The only bonus in all of it was meeting Daniel Gibson in the airport on our flight back to Cleveland. In talking to him, he genuinely apologized for the team’s loss, appreciated that we came all the way to cheer them on, as well as apologized for the horrible treatment we received from Orlando’s fans. I can only hope that I never see the day Cleveland fans treat any opposing team the way we were treated in Orlando.

The Lights are on but No One's Home

I moved from my apartment on April 30th. I called the Illuminating Co. to have my service turned off as of April 30th. Mid-May I received a bill from them for the apartment for the month of May. Confused, I called them to explain that I canceled service on April 30th and I should not be charged for any activity in May. The customer service person explained “well, you name is on the account. You called back on May 1st to have it reinstated”. I most certainly did not. I have come to find out that the woman that rented my apartment after me lost her job the day after she forced us out of our apartment early. She called the Illuminating Co. and had it put back into my name. I proceeded to ask the customer service person how it is possible that someone else can call and put service in someone else’s name?! After speaking with her manager, she said that all charges would be taken off my bill and I would be refunded the overpayment. Last week I received another bill, the same amount, with April dates on it. The fight continues…

Insurance Ignorance

After having my insurance with the same agent for 12 years, we were robbed. When I called the agent for assistance he laughed and said ‘gee, I don’t think you’re covered for that” and advised me to read my policy . We had to call the carrier and handle the whole claim ourselves. Needless to say he is no longer our agent.

If you can't Fix it…Replace it

Despite purchasing the “extended warranty” on my washer from Sears, and 8 repair visits in a year my washer STILL is not working properly. Why did they put over $1,200 in parts and labor into it when they could have given me a brand new washer for LESS!

Rudeness in Retail

Checking out at TJ Maxx, the cashier was on a personal phone call throughout the entire transaction. She never spoke to me, and after placing my purchase in a bag, she literally threw the bag at me. After fuming about it overnight, I returned everything the next day and told them the reason for the return was due to the horrible service I received. I also told them I will never shop at TJ Maxx again but will spend my money at stores that treat me like a human being.

Presenting Jim Carrey as "The Cable Guy"

Wonderful experience from our cable company. Two problems:

1: Wiped out full e-mail account when switching us over to the wireless connection. When we complained, they said oops, that is not supposed to to happen. There is nothing we can do to restore it.

2. When we switched our phone service over to them, they did it again, and even shut down the e-mail account. Again, we were told, I don’t know why that happened.

Result, move e-mail to a more reliable provider. Wish we had other options to move the cable because we would have done that too!