Social engineering fraud is one of the most common email scams that cause huge financial losses to businesses. In fact, most business owners find themselves exposed to such risks with no safety net to cover their losses. Although many insurance carriers provide commercial cyber liability insurance or crime insurance policy – they typically exclude coverage for social engineering scams. These insurance policies primarily cover losses that are as a direct result of fraudulent money transfers, or the typical hacking of a company’s servers.
Due to the fact that social engineering crimes are as a result of an employee falling victim to cyber predators, company funds lost in the process may not be covered by standard liability policies. Unless social engineering coverage is explicitly stated, businesses shouldn’t expect coverage.
To protect clients against such risks, insurance providers should review client’s
existing insurance policies and determine if they are adequately covered. In case there are loopholes or gaps, social engineering fraud can be included as part of the broader crime policy coverage.
Densmore Insurance Strategies recommends educating businesses about the threats of social engineering scams and the measures to reduce the risk. Also, with the cooperation of your clients, you can review their current systems and procedures, and subsequently offer the best practices for protection.
Steps to reduce risks of exposure
As a business CEO or executive, the only way to strengthen your cyber defenses, is to first identify vulnerabilities within, and take proactive measures to prevent social engineering cyber attacks. This is even more crucial for companies prone to phishing attempts.
Here are eight steps to consider:
- Create awareness in the company and educate employees on email scams.
- Rather than expose yourself with free web-based email accounts, establish a company domain name.
- Keep track of the information shared on social media and external company websites.
- Remind employees to remain cautious when dealing with unusual email requests.
- Put in place financial security protocols that include a two-step verification procedure for money transfers. This can be a digital signature or fingerprint requirement for huge transactions.
- Train employees to avoid opening suspicious emails, attachments or clicking links from unknown email addresses.
- For business email, avoid using the “reply” option for responses, and instead type then select the email address to forward to.
- In all corporate email accounts, consider incorporating two-factor authentication, so that one needs more than a password for identification.
Considering social engineering fraud is based on wire transfers, Densmore Insurance Strategies suggests that businesses apply the following practices:
- Implement a verification call requirement in all money wire transfers.
- Regularly review email addresses to ensure they are real and legitimate.
- Establish and implement thorough internal controls.
- Choose a second party to analyze all wire transfers.
- Update employees on the latest schemes and scamming tricks, as and when they arise.
- Keep the number of company vendors at a minimum.
No matter how rigorous your protocols are, email scams and other social engineering crimes are still a potential risk. Insurance brokers need to inform and educate their clients about such scams, and ensure they provide the appropriate insurance coverage
The information presented above was provided by Mark Densmore for
Densmore Insurance Strategies – 515.967.3390 or 1.844.364.3381