Tag Archives: snyder

‘Slice’ Your Way to Mediation Success

One of my favorite methods for resolving workers’ compensation cases in mediation is slicing. Slicing a dispute into its separate issues allows parties to reach early partial agreement, paving the way for complete resolution.

Parties sometimes want to put one number on the table without specifying how much of that number may represent permanent disability (PD), future medical care or any other issue in dispute. There are pluses and minuses to this approach.

Benefits of Slicing

A typical workers’ compensation mediation requires resolution of multiple issues, each of which is subject to a separate evaluation calculation. Often there are sub-issues. For example, in calculating PD, not only is the disability percentage up for discussion, but perhaps also the average weekly wage or dates when compensation should or should not have been paid as temporary disability (TD).

See also: Tips on Mediation in Workers’ Comp  

Drilling down to the reason for disagreement on each issue can be enlightening. One side may have an “Aha!” moment when they finally catch on to why the parties have been at odds. Before mediation, they may have negotiated without understanding the other’s motivation.

When negotiations are stalled, slicing can shift the parties’ focus. Slicing can produce forward movement when negotiations are stalled.

Focusing on individual issues may resolve some issues while allowing parties to litigate only the remaining disputed issues. Sometimes resolution of a single issue, such as which medical treatment will be authorized, leads to parties adjourning the mediation to test the good faith of the adversary as well as the mediation process. After this initial hurdle, parties can return to mediation.

The Benefit of the Single Number Offer/Demand

Presenting a single number allows a negotiator to “log roll.” When evaluating for settlement, a negotiator can borrow from one column where the argument is strong to shore up the evaluation of another issue where success is not so certain. By presenting a single number, the negotiator minimizes argument about a single issue and leaves it up to the offer recipient to parse the figure among the issues.

See also: How to Know When a Claim Should Settle  

Addressing Evolving Cyber Threats

In 2015, an accountant looking at the balance sheets of a U.S. tech company noticed a $39 million hole in the figures. The accountant would have been even more dismayed to know where it had gone – a member of the financial team in an overseas subsidiary had transferred it directly to the thief. All the thief had to do was pretend to be a CEO.

It’s a kind of attack known as a CEO email attack, and just one of a broad range of hostile tactics known as social engineering attacks. These are attacks that exploit the natural weaknesses of human beings – our credulity, our naiveté, our propensity to help strangers and, sometimes, in the case of phishing attacks, just our greed – to get around security systems.

To put it in the language of 21st century cyber security: Social engineering operates on the idea that, just like any computer system, human beings can be hacked. In fact, a lot of the time they’re much easier to hack than computers. Understanding this fact, and the forms that social engineering can take, is essential to formulating a robust defense strategy. These strategies are even more important now, as the lines between the physical and digital worlds continue to blur and the assets at risk continue to multiply, thanks to the proliferation of connected technologies.

In Depth

From the serpent in the Garden of Eden, to the fake phishing emails that promise fortunes if only you’d just part with your bank details and Social Security number, social engineers have been with us for a while. But few epitomize their arcane arts quite like Frank Abagnale, whose exploits between the ages of 15 and 21 were immortalized in the Steven Spielberg film Catch Me If You Can. During those years, Abagnale posed as a doctor, a lawyer and an airline pilot and has become one of recent history’s most legendary social engineers. He now runs a consultancy, Abagnale and Associates, that aims to educate others – including government agencies such as the FBI, and numerous businesses – on how to catch people like him, as social engineering methods shift.

Abagnale asserts: “Some people used to say that I’m the father of social engineering. That’s because, when I was 16 years old, I found out everything I needed to know – I knew who to call, and I knew the right questions to ask – but I only had the use of a phone. People are doing the same things today 50 years later, only they’re using the phone, they’re using the mail system, they’re using the internet, email, cloud. There’s all this other stuff, but they’re still just doing social engineering.”

We live in an overwhelmingly digital world, and the projected 50 billion Internet of Things (IoT) devices due to be hooked up to the internet by 2020 means the already broad frontier of digital risk will only continue to grow. “I taught at the FBI for decades. There is no technology today that cannot be defeated by social engineering,,”Abagnale says. Making sure the human links that sit between this expanding set of digital nodes remain secure lies at the heart of securing the whole system; one increasingly tied up with physical as well as digital assets.

New Risks

In 2010, the Stuxnet worm, a virus believed to have been developed jointly by the U.S. and Israeli military, managed to cause substantial damage to centrifuge generators being used by the Iranian nuclear program. The virus was designed to attack the computer systems that controlled the speed that components operated in industrial machinery. By alternately speeding up and slowly down the centrifuges, the virus generated vibrations that caused irreparable mechanical damage. It was a new breed of digital weapon: one designed to not only attack digital systems, but physical systems as well.

It was physical in another way. To target this system, the virus had to be physically introduced via an infected USB flash drive. Getting that flash drive into a port, or into the hands of someone who could, required human beings to intervene. In this case, anonymous USB devices were left unattended around a facility and were then accidentally inserted by unwitting technicians.

See also: It’s Time for the Cyber 101 Discussion  

The Stuxnet worm highlights the extreme end of the dangers that lie at the overlap between digital technology, physical assets and human beings, but the risks extend well beyond that. More prosaic, for instance, are email scams that work by tricking the receiver into sharing vital information – remember the notorious “Nigerian prince” emails, where a fraudster would promise a willing helper untold riches in return for money to be released from jail?

Some of these scammers have elaborate networks that crossed countries and continents and can be worth more than $60 million. Move the concept into the organization now: Imagine receiving an email from someone purporting to be your boss, asking in an official and insistent tone for a crucial keyword or a transfer of funds. Could a typical employee be relied on to deny that request? What about a phone call? This was hacker Kevin Mitnick’s strategy. In a way, a Frank Abagnale of the digital age, Mitnick managed to make a range of high-profile attacks on key digital assets by just phoning up and asking for passwords.

IoT: The Convergence of the Physical and Cyber Worlds

“Humans are the weakest link in any security program,” says Dennis Distler, director, cyber resilience, Stroz Friedberg, an Aon company. In fact, it’s us, rather than computer systems’ weaknesses or failures, that lie at the heart of around 90% of cyber breaches. Social engineering attacks can come in various forms, and the risk from them will never be fully mitigated. But while full mitigation is impossible, you can limit your exposure – that strategy begins at the individual level. Humans are the targets, so the first line of defense has to be from humans. “You certainly remind people that you have to be smarter, whether you’re a consumer or CEO. You have to think a little smarter, be proactive, not reactive,” Abagnale says.

While social engineering has a focus on financial loss, the focus of cyber risk is shifting to tangible loss with the potential for property damage or bodily injury arising out of IoT devices. Historically, cyber risk has been associated with breaches of private information, such as credit cards, healthcare and personally identifiable information (PII). More and more, however, the IoT – the web of connected devices and individuals – will pose an increased risk to physical property as breaches in network security begin to affect the physical world. Having a better understanding of vulnerabilities and entry points – both at the individual as well as device level – will be critical for organizations in 2017 and beyond.

Organizational Mitigation

While security awareness training and, to a lesser extent, technology can prevent successful attacks – whether IoT-related, human error or stemming from actual social engineering – the risk from them will never be fully mitigated. Organizations can take a number of steps to protect themselves. Distler of Stroz Friedberg, highlights a number of key steps a company can take to minimize exposure to social engineering risk:

  • Identify what and where your organization’s crown jewels are. A better understanding of your most valuable and vulnerable assets is an essential first step in their protection.
  • Create a threat model to understand the types of attacks your organization will face and the likelihood of them being exploited. From email phishing to physical breaches, the threat model can help teams prioritize and prepare how to best respond.
  • Create organization-specific security awareness training addressing what types of attacks individual employees could expect, how to detect them and what the protocols for managing and reporting them are. Consider instituting a rewards program for reporting suspected attacks to further encourage vigilance.
  • Provide longer and more detailed training for high-valued or vulnerable targets, such as members of the C-suite and their executive support staff, or members of IT, finance, HR or any other employee with access to particularly sensitive information. This training could vary from account managers to mechanical engineers working on major operational projects. These enhanced training procedures could include red-teaming exercises, which test the ability of selected staff to respond to these breaches in real time.
  • Create well-defined procedures for handling sensitive information and provide routine training on these procedures for employees who handle sensitive information.
  • Conduct routine tests (recommended quarterly at a minimum) for the most likely social engineering attacks.

Preparing for Tomorrow’s Breaches

The term “cyber threat” is becoming more and more complex. No longer is it a threat posed to digital assets by viruses and malware or a financial threat posed to individuals and financial institutions. Now, cyber risk encompasses a broad range of risks with the potential to harm assets, from property to brand and reputation.

And at the center of all of these interactions are people. Almost every breach begins with a human being. By understanding how such threats can manifest, and how to deal with them when they do, risks can be mitigated ahead of time. Bringing together various functional groups within an organization will be crucial as teams prepare for the more multifaceted risks of our increasingly connected future.

Tips on Mediation in Workers’ Comp

The way mediations start is important. A bad start can result in a lot of wasted time getting to the place you should have been at the beginning.

The First Move

The best way to start is to start. Don’t be afraid to make the first offer to settle. Setting a settlement floor or ceiling tells your negotiating opponent where you are. Silence can falsely communicate that you are in the same ballpark.

Even if your offers did not get a response before, making a new offer now re-defines the settlement ballpark. An offer made “in light of new information” (even if that is simply a reconsideration) is not bidding against yourself.

See also: ‘Twas the Night Before Mediation  

Start Very Big or Very Small

Think about how your negotiating opponent will react to your opening. Your initial offer should not be so ridiculous that your opponent will walk out. On the other hand, research tells us that an extreme number can lead to a final result closer to the speaker’s expectation than does a more moderate opener.

Pick the Tiny Issue

Seldom does a workers’ comp settlement turn on only one issue.  Plan to start with the issue where the parties have the smallest evaluation difference and continue on as the challenge size increases. You may have to skip and come back to the thorniest issues regardless of size. Isolating issues and knocking them down one by one is an effective way to reach agreement.

3 Reasons to Talk With Injured Workers

Near the start of every mediation, once each side is in their own caucus room, I spend time talking directly with the injured worker. There are at least three reasons to do so.

1. I want to build trust in the mediation process.

The injured worker needs to feel part of and emotionally invested in the mediation process. The injured worker is probably unfamiliar with the mediation process and may be apprehensive. The parties may distrust each other. Empathy is one of the traits of a good mediator. I assure the injured worker that nothing will happen that the injured worker does not agree to. When the injured worker trusts the mediator and the mediation process to be fair, the likelihood of settlement increases.

See also: A Better Reality for Injured Workers  

2. Catharsis is part of the settlement process.

The mediation may be the closest the injured worker will get to a day in court. Telling the story is a prerequisite to accepting settlement. I want to make sure the injured worker gets the chance to tell the story in a neutral setting. Letting out emotions is good, and crying not uncommon. Occasionally an attorney will intercede and take the place of the client to tell the story from the client’s viewpoint. This is a mistake.

3. Sometimes the injured worker’s concerns are not being addressed.

At one mediation, when it looked like the attorneys had wrapped up all the issues, the injured worker asked me, “When will I be able to go back to work?” A return to work was not part of the attorneys’ deal, and I had to rewind the process to make sure the injured worker’s concerns were addressed. When the injured worker feels able to speak directly to the mediator, this type of omission– which could lead to problems for all participants later– is less likely to occur.

See also: Time to Focus on Injured Workers  

I participated in many workers compensation mediations before I became a mediator. I never saw a mediator take the time to talk to the injured worker. Instead, I saw mediators create a barrier between themselves and the injured workers that made settlement more difficult. I work hard to make sure no communication barriers exist.

WC’s Version of ‘Room Where It Happens’

“Hamilton,” the ground-breaking musical about our colonial forefathers, is finally coming to Los Angeles in August. But maybe you’ve been experiencing a version of that story.

Like Aaron Burr, injured workers want to be in the room where it happens [sorry if you encounter an ad at this link].  Instead, they are frequently shut out of discussions and proceedings about their claim.

Ignorance breeds resentment

Go to any WCAB location, and you will see a waiting room full of injured workers. Many more injured workers with claims on the calendar are not in attendance. Settlement discussions may occur in courtrooms, cafeterias and even hallways. Injured workers are usually not included in these discussions.

No injured worker should waste time traveling to a Board when nothing will happen. On the other hand, injured workers want to sit in on their attorneys’ negotiations. If the injured worker is already at the Board, shutting out that person can foster mistrust.

The Best Place for Settlement Discussions

Mediation provides a forum for the injured worker to listen and participate. Including the injured worker conveys respect and can help avoid a problem later.

See also: How to Settle Tough WC Cases 

Likewise, the presence of a representative from the employer’s side shows a seriousness of purpose. That representative will get a better picture of the negotiation by being in the room where it happens.

Regardless of which side an attorney represents, counsel will want to prepare the client for mediation. That includes a preview of how mediation works. Counsel may want to coach clients to be temperate in their comments. In joint session or when the mediator is present, client or counsel can ask for time for a private discussion with each other at any point.

Multiple Rooms

Typically, there are at least two rooms where it happens, because each side is in its own caucus. As mediator, I shuttle between the rooms to speak with lawyers and their clients. Sometimes I speak only with the attorneys (often in the hall), and attorneys can request to speak privately with the mediator or with the mediator and opposing counsel. When counsel returns to caucus, the client can provide immediate feedback — assuming the client is in the room where it happens.