hiddenheader
Web Content Viewer (JSR 286)
Customized coverage backed by 100 years of business insurance expertise
From the Experts
We are committed to providing tools and information valuable to you and your clients. Subscribe to have communications relevant to your business' success delivered to your inbox monthly.
SUBSCRIBE

CNA EXPERTS

Share this content via email or social networks
Published Wednesday, May 30, 2018
By

How to Protect Your Business from the Latest Social Engineering Scams

Cyber security is a critical challenge for businesses in any industry and of any size. Even the biggest companies and brands can be victimized by cyberattacks. In today's technical operating environment, hackers are getting smarter and increasing the scope and method used to commit cybercrime, particularly through a method known as social engineering.

Social engineering fraud occurs when an outside party attempts to gain the trust of an employee, eventually manipulating him or her into breaking normal security procedures. If an employee falls for the scheme, he or she divulges confidential information, sends payments or assists the third party in ways that provide access to a company computer system.

Fraudsters will use a variety of media — telephone, email and the web — to get what they want. Unlike other methods of cybercrime, social engineering fraud leverages human psychology rather than technical techniques to extract and exploit information — and therefore is more dangerous and more difficult for companies to police and detect.

Ways to reduce your risk exposure
Businesses can strengthen their cyber protections by identifying internal vulnerabilities and taking proactive measures to prevent a data compromise. Businesses of any type must strengthen defenses against social engineering cyberattacks. Here are eight tips:
 

  • Increase companywide awareness and understanding of phishing scams.
     
  • Create a company domain name instead of using free, web-based email accounts.
     
  • Carefully monitor information posted on social media and external-facing company websites.
     
  • Train employees to be cautious of urgent or secretive email requests.
     
  • Implement IT and financial security procedures that include a two-step verification process for all money transfers, such as a telephone call to verify significant transactions, or a digital signature requirement.
     
  • Teach employees to avoid opening unusual email or attachments or clicking on emailed links.
     
  • Consider refraining from using the "reply" option when responding to business email and instead forward the message by typing or selecting the correct email from an address book.
     
  • Implement two-factor authentication (TFA) for all corporate email accounts, which requires a user to verify identity beyond a password, such as through fingerprints or hardware token.
     

The right insurance coverage for your business
Because social engineering crimes can involve the release of company funds by a person within your company, standard liability policies may not cover your losses. Your policy must explicitly state coverage for social engineering — and if it doesn't, your claim likely isn't covered.

With your insurance agent or broker, review current controls, procedures and best practices for reducing social engineering risks. In addition, ask your agent or broker to analyze your existing policies to determine coverage gaps. Once those are discovered, review insurance options, such as a specific social engineering endorsement, to enhance Crime coverage.

Even a business with thorough preventative protocols can fall victim to social engineering fraud. To help protect your company against this scam, talk with your agent or broker to ensure that your business has the right insurance coverage available for this exposure.
 

One or more of the CNA companies provide the products and/or services described. The information is intended to present a general overview for illustrative purposes only. Read CNA’s General Disclaimer.
SUBSCRIBE

We are committed to providing tools and information valuable to you and your clients.

Subscribe to have communications relevant to your business' success delivered to your inbox monthly.

SUBSCRIBE
One or more of the CNA companies provide the products and/or services described. The information is intended to present a general overview for illustrative purposes only. Read CNA’s General Disclaimer.
Facebook
Twitter
LinkedIn
Email