The holidays are notorious for an uptick in seasonal scams and cyber phishing schemes. It’s time we addressed a cyber security issue that’s a big deal in all of our industries right now: Social Engineering.

What is social engineering?

Social Engineering Fraud is described as when an employee is intentionally misled into sending money or diverting a payment based on fraudulent information that is provided to them in a written or verbal communication such as an email, fax, letter or phone call. A social engineering attack is typically very complex because it relies on psychological manipulation to get people to share confidential information.

Here’s why you need to take steps to protect your business from social engineering:

1. Businesses of all sizes are affected.

2. One in two small businesses and five in six large businesses were targeted at least once within the past year.

3. Attacks on businesses have risen 91% in the last year.

4. $1 billion was stolen from businesses over two years via an international spear phishing scheme that targeted bank employees.

5. Many insurance policies do NOT cover this. If they do, there are many steps involved to activate the coverage, which the customer is unaware of.

6. Social engineering is not just an email issue. It can occur via a fax or a letter as well as over the phone.

7. In a recent survey of the security industry, IT security experts listed social engineering as the number one hacking method.

How can you protect your business from social engineering?

For starters, educate your employees with regular training and put policies in place for everyone in your company.

Here are a few tips you can share with them right away:

• Never click on any strange links.
• Never give away confidential information to strangers.
• Always check the recipient of an email and the source of the message.
• Call the party (i.e., the customer) to verify the information in the email, fax or letter.
• If someone is calling the office directly, ask for a call back number and hang up. Never give into demands to give confidential information, including usernames and passwords, over the phone on the spot.   
• Only install software from trusted sources. Your IT company may be able to help with this by creating administrative passwords that must be entered before anyone can install software.

You should also work with an IT company that can monitor your systems regularly. To keep up with new scams, your technology needs to be monitored and updated frequently.

For more information on Social Engineering and insurance policies, please give us a call at (305) 666-6636.

References:

Ashford, W. (2016, February 11). Social engineering is top hacking method, survey shows. Retrieved October 14, 2016, from http://www.computerweekly.com/news/4500272941/Social-engineering-is-top-hacking-method-survey-shows

2016 Internet Security Threat Report. (n.d.). Retrieved October 14, 2016, from https://www.symantec.com/security-center/threat-report

Social Engineering Fraud Endorsement. (n.d.) Retrieved October 14, 2016. 

Zaharia, A. (2016, May 12). 10 Alarming Cyber Security Facts that Threaten Your Data [Updated]. Retrieved October 14, 2016, from https://heimdalsecurity.com/blog/10-surprising-cyber-security-facts-that-may-affect-your-online-safety/

Travelers Insurance, Social Engineering Fraud Endorsement, Coverage Highlights for Financial Institution Bonds, February 2016