Protecting Your Business: Restaurant & Bar Premises Liability

December 12, 2017

By Colorado Restaurant Insurance —

Winter Months are Approaching. How To Prevent Slips, Trips & Falls

It’s true! More than 3 million food service employees and over 1 million guests are injured annually as a result of restaurant slips and falls. Food, water, ice, snow, dirt, sand, and more, can prove to be recipes for disaster; not only for employees, but also for customers and vendors, alike. Many of these injuries are serious, including broken bones, head injuries, twisted ankles and knees, muscle strains and cuts. According to the National Floor Safety Institute, the hospitality industry spends over $2 billion on such injuries each year and these injuries are increasing at a rate of about 10% annually.

Not only can the potential injury from a slip, trip or fall result in pain and suffering for the injured customer, these accidents reflect adversely on your business. In addition, they also impact your insurance claims experience and insurability as a business owner. Your employees should have the knowledge and authority to take corrective action when unsafe conditions or unsafe acts are observed. The safety and well-being of your customers and employees should be front and center within your day-to-day operations. While not every accident is preventable, restaurants and bars should keep safety a top-priority by creating and maintaining a safe environment for their employees and guests by implementing customary industry standards and procedures.

 

Consider implementing recommended safe work practices within your restaurant, including:

  • Provide non-slip matting in areas that tend to be wet.
  • Alert workers/customers to step-ups and step-downs by using hazard tape or other warning signs.
  • Provide adequate lighting, especially in serving and preparation areas.
  • Use portable signage warning of “WET SURFACES” to alert customers of the slippery conditions.
  • Frequently check all critical flooring; aisles, waiting areas & restrooms during business hours to make sure they are dry, clean and free of hazards.
  • All staircases should have proper treads, a sturdy handrails on each side of the stairs and adequate lighting on every flight of stairs
  • Provide mirrors for blind corners.
  • Keep passageways and walkways free of clutter and crowding.

 

Do your safety part outside your restaurant, including:

  • Parking lots and sidewalks should be clean and level.
  • Provide adequate lighting for nighttime use.
  • Redirect any downspouts that empty water onto sidewalks and parking lots.
  • Remove snow and ice as soon as possible after each storm.
  • Have sand and ice melting chemicals available to spread on ice that might form as melting and re-freezing occur.
  • Exterior stairs should be well lit, handrails on each side, and snow and ice removal is extremely important.

Employers have a primary responsibility for protecting the safety and health of their workers and customers. However, employees are responsible for following the Safe Work Practices of their employers. In summary, successful control of the hazards associated with these exposures will result in a safer restaurant environment and reduce injury frequency and severity.

 

Consult Colorado Restaurant Insurance at coinsurance@corestaurant.org or call 303-880-2806 to learn more about how to manage your restaurant risks.

The Restaurant Industry’s Reckoning…

November 8, 2017

By Jason VanGotten, Colorado Restaurant Insurance —

In the wake of Josh Besh, a New Orleans chef who recently stepped down from his role amidst allegations of sexual harassment, the industry grapples with how to deal with the issue. According to an eight-month long investigation by the Times-Picayune, 25 current and former employees of the Besh Restaurant Group claimed to be victims of sexual harassment while on the job. Two have actually filed official claims in recent months with the EEOC. Up until last month the company, which employs approximately 1200 people, had no director of human resources and multiple women said that their complaints were ignored when they attempted to report them.

 

According to the EEOC, only seven percent of American women work in the restaurant industry, yet roughly 37 percent of the sexual harassment claims that the commission processes come from restaurant staff.

 

Even more alarming, approximately three out of four employees who experience workplace harassment never report this behavior due to fears of not being believed, being ignored, or experiencing social or professional retaliation.

 

4 Action Items Restaurant Owners Can Do to Keep Their Employees Safe…

 

  • Train your managers – Offer training courses that will enable managers to more readily identify potential problems and to determine what the appropriate actions might be to prevent harassment before it occurs.
  • Have a clear process – Have a written anti-harassment policy that guides employees on what types of behaviors are inappropriate for your employees, customers, and even third party vendors. The policy should be included in your employee handbook and signed by each employee indicating that they understand the policy guidelines. Consider establishing at least two employee advocates, if your restaurant does not have a HR department, where employees can approach with complaints without any type of retaliation.
  • Educate employees – Employers must also insure that these policies are followed, enforced, trained and discussed on an ongoing basis. In-person training is much more effective. Make sure your employees know what is appropriate and how to respond when harassed and remove the risk of retaliation, such as loss of their job, inconvenient shifts, or fewer tables.
  • Respond quickly to issues – Restaurant customers are not exempt from harassment. Have a reporting system in place when a customer is out of line. Make sure management is trained in handling a customer that crosses the line.

 

Anthony Bourdain was recently interviewed by Refinery29 and stated, “Despite some skepticism from industry insiders, the restaurant world is next up for a public reckoning.”

 

If you do get sued because of some kind of harassment case, it has the possibility of costing you more than a half a million dollars. To help pay those high costs you may want to consider Employment Practices Liability Insurance, also called EPLI.  This insurance can protect your business from any type of potential employee related lawsuits. Consult Colorado Restaurant Insurance at coinsurance@corestaurant.org or call 303-880-2806 and speak with Jason VanGotten to learn more about how to manage your restaurant risks.

Mistakes Restaurant Owners Make Related to Cyber Liability

October 25, 2017

By Jason VanGotten, Colorado Restaurant Insurance

Even with all the recent news headlines related to data breaches and cyber attacks, the likes of which have never been seen before, cyber liability is a relatively new area of risk that restaurant owners now face. As customer data continues to be obtained and stored by restaurants, the risk of a data breach inside or outside the restaurant continues to increase year over year. Malicious hackers typically steal credit card data from restaurants that accept cards by hacking into point-of-sale systems remotely and seeding those systems with malicious software that can copy account data stored on a card’s magnetic strip. Thieves then use that data to clone the cards and use the counterfeits to purchase high-priced merchandise, or put them up for sale in a so-called theft bazaar such as Joker’s Stash prior to the card-issuing banks cancelling them.

 

In the midst of this are some very dangerous misconceptions held by restaurant owners. These misconceptions keep them from taking necessary steps to better understand their cyber risk and coverage related to such vulnerabilities.

 

Consider these 4 Common Mistakes a Restaurant Owner Can Make in this area of risk management.

 

My general liability insurance protects me in the event of a data breach or cyberattack. Most restaurant owners purchase a general liability or businessowners policy believing their insurance agent has placed this as an optional coverage on the policy. But for now that is very rare. Even if it that were the case, the policy will only provide defense coverage for the insured, typically up to $25,000 to $50,000. Your general liability coverage lacks the breadth needed to properly protect the restaurant owner from the cyber liability losses. A stand-alone cyber policy provides the broadest coverage a restaurant owner needs for third party costs, data breach response, PCI fines levied from card services, notification resources, legal fee’s and forensic costs. Not investigating this closely is akin to leaving your restaurant door open when you leave at night, not a great strategy for ensuring the safety of your restaurant.

 

A stand-alone cyber policy will be unaffordable. Depending on your restaurant size and gross revenues, a typical restaurant owner can expect to pay between $900 to $3,000 annually for a stand-alone cyber policy. However, the risks of loss may be too great to ignore this protection, in particular your brand image after a data breach or cyberattack.

 

My IT company and firewalls installed will protect me. These entities have a service level agreement (SLA) with your restaurant. When was the last time you reveiwed your SLA? Many times these agreements do not protect you, the restaurant owner, instead it protects them from any involvment related to a data breach or cyberattack. Make sure you check your SLA and have a conversation with your IT company to see what they will do for you in the event of a data breach or cyberattack. Many times your employees pose huge risks to the safety of your cyber data, from opening suspicous emails, downloading malware or even losing smartphones with connections or memorized passwords. Remember that a data breach can also occur with employee records that are not well protected or disposed of properly.

 

My merchant services are protection enough. Again, there is a service level agreement between you and your merchant servicing company. While this may give a restaurant owner hope, chances are that you will ultimately be responsible for protecting your customer’s data as it passes through your IT systems. Therefore, you should consider the costs to your restaurant if your merchant services vendor does not agree, or points the finger in your direction for who is responsible.

 

A cyber criminal can strike with little to no warning, leaving the restaurant owner with tremendous clean up cost; from data recovery to rebuilding your restaurant’s brand reputation. An owner or manager can only do so much. The people that deal in the day-to-day operations of the restaurant also need to be aware of what to do and why to do it. As a restaurant owner you owe it to yourself and your employees to investigate this protection and risk before you decide not to worry about it. A restaurant owner must be deliberate and careful in purchasing cyber coverage. Specific risks must be understood and the appropriate coverage identified.

For more information pertaining to cyber liability coverage, please contact Jason VanGotten at jvangotten@corestaurant.org

Understanding How to Become PCI Compliant

September 1, 2017

By Jason VanGotten, Colorado Restaurant Insurance —

 

Have you heard of the PCI DSS (Payment Card Industry Data Security Standard)? If not, they provide the standards for all merchants that store, process, or transmit cardholder data. If you are processing credit cards in your restaurants, you are responsible to comply with this standard. Click here for the details.

 

Nearly every restaurant owner has heard of it, but it remains a source of confusion as to what is required of small businesses. However, the good news is that PCI DSS compliance does not have to be confusing. Before we dive into what it takes to become PCI DSS compliant, let’s talk about the challenges restaurants face.

 

The big piece to the PCI DSS compliance pie is limiting employee access to data. Keep in mind the number of servers on a given shift who run credit card transactions, this means multiple machines and multiple staff members with access to physical credit cards. To help ensure you are in compliance, it is imperative that you use unique employee IDs and properly encrypted systems. An outdated point-of-sale (POS) system or credit card terminal typically will not encrypt the data that is processed through them. If your POS software or credit card terminals are outdated, you can contact your merchant processor to see what they offer as an upgrade to provide data encryption and if your systems require an upgrade.

 

The National Restaurant Association states that, typically, restaurants that run the highest risk of a data breach use unsecured Internet-accessible networks, like DSL, cable modem, or wireless technology. They may also be using non-compliant POS software that stores credit card data improperly.

 

There are six categories of PCI DSS compliance (refer to the link above for detailed information) requirements, which are:

 

  1. Maintaining a secure network
  2. Protecting cardholder data
  3. Protecting your systems against malware/spyware
  4. Putting strong access control measures in place
  5. Monitoring and testing your networks
  6. Creating an Information Security Policy

 

You may be thinking after looking at these six categories, “How can they expect small businesses to manage these six categories to stay compliant?” The keys to PCI DSS compliance include proper network security, careful handling of customer cardholder data and the use of only the PA-DSS-validated (Payment Application Data Security Standard) POS and payment processing systems. You can find a list of PA-DSS- validated POS providers HERE.

 

You are also required to complete a “self-assessment questionnaire” (SAQ) on an annual basis. The basic SAQ generally takes about 15 minutes to complete and provides the restauranteur with an opportunity to review their business policies and practices related to credit card transactions and data storage.

 

The bottom line is that PCI DSS compliance is required and this process helps your restaurant from data breaches and the fines and penalties that come with them. Card data theft is costly. Therefore, familiarizing yourself with the policies, and properly training your staff will end up saving you time and money while also protecting your customers and restaurant from a data breach.

 

For more information pertaining to PCI DSS compliance, please contact Jason VanGotten at jvangotten@corestaurant.org

 

Sources:
Clinard Insurance – Restaurant Blog 2016

Safety Corner – Prevent restaurant theft from happening to you!

February 1, 2017

By Sean Pechan, Colorado Restaurant Insurance

We have been hearing from our clients about a recent uptick in burglaries within the Denver Metro area. Crimes against restaurants are typically crimes of opportunity, and these recent reports have definitely fallen into that category. Most often these burglaries happen after the restaurant has closed, however, in several instances a burglary has occurred during business hours. In almost every instance, the burglar has entered a back door (sometimes even during dinner rush). The perpetrator often takes cash and/or inventory food and liquor, then slips back out the back door of the restaurant.

We believe that implementation of some simple risk management steps can reduce your exposure to these types of loss. Besides costing your establishment potentially thousands of dollars, the loss of ‘peace of mind’ for you, your employees, and at times your customers is immeasurable.

Here are some examples of how we can work with you to help improve security and reduce your risk. Consider updating your security procedures and training all staff – including cleaning staff – so they understand their importance and follow the procedures. Develop practical policies in managing the risk of the backdoor of your restaurant (when it is acceptable to be open and how it should be respected). Limit the access of nonessential vendors and staff to back-of-house operations, especially the office where checks and cash on hand is managed. Keep inventory locked even during normal operations. Mark expensive equipment with ID numbers and keep detailed records of all inventory, and store the information off-premises for ease in reporting after the fact.

Contact your local police department for a business safety assessment. The CRI can also provide additional risk management techniques to reduce exposure to loss. We are available to offer guidance to protect your assets. Call us anytime at (303) 830-2972.