Skip to main content
Web Content Viewer (JSR 286)
CNA Blog — From the Experts
From insurance trends to risk control to corporate social responsibility, CNA’s leaders know their business and are proud to use their expertise to help organizations succeed.

CNA Blog — From the Experts

Share this content via email or social networks
Published Wednesday, May 30, 2018

How to Protect Your Business from the Latest Social Engineering Scams

Cyber security is a critical challenge for businesses in any industry and of any size. Even the biggest companies and brands can be victimized by cyberattacks. In today's technical operating environment, hackers are getting smarter and increasing the scope and method used to commit cybercrime, particularly through a method known as social engineering.

Social engineering fraud occurs when an outside party attempts to gain the trust of an employee, eventually manipulating him or her into breaking normal security procedures. If an employee falls for the scheme, he or she divulges confidential information, sends payments or assists the third party in ways that provide access to a company computer system.

Fraudsters will use a variety of media — telephone, email and the web — to get what they want. Unlike other methods of cybercrime, social engineering fraud leverages human psychology rather than technical techniques to extract and exploit information — and therefore is more dangerous and more difficult for companies to police and detect.

Ways to reduce your risk exposure
Businesses can strengthen their cyber protections by identifying internal vulnerabilities and taking proactive measures to prevent a data compromise. Businesses of any type must strengthen defenses against social engineering cyberattacks. Here are eight tips:

  • Increase companywide awareness and understanding of phishing scams.
  • Create a company domain name instead of using free, web-based email accounts.
  • Carefully monitor information posted on social media and external-facing company websites.
  • Train employees to be cautious of urgent or secretive email requests.
  • Implement IT and financial security procedures that include a two-step verification process for all money transfers, such as a telephone call to verify significant transactions, or a digital signature requirement.
  • Teach employees to avoid opening unusual email or attachments or clicking on emailed links.
  • Consider refraining from using the "reply" option when responding to business email and instead forward the message by typing or selecting the correct email from an address book.
  • Implement two-factor authentication (TFA) for all corporate email accounts, which requires a user to verify identity beyond a password, such as through fingerprints or hardware token.

The right insurance coverage for your business
Because social engineering crimes can involve the release of company funds by a person within your company, standard liability policies may not cover your losses. Your policy must explicitly state coverage for social engineering — and if it doesn't, your claim likely isn't covered.

With your insurance agent or broker, review current controls, procedures and best practices for reducing social engineering risks. In addition, ask your agent or broker to analyze your existing policies to determine coverage gaps. Once those are discovered, review insurance options, such as a specific social engineering endorsement, to enhance Crime coverage.

Even a business with thorough preventative protocols can fall victim to social engineering fraud. To help protect your company against this scam, talk with your agent or broker to ensure that your business has the right insurance coverage available for this exposure.

One or more of the CNA companies provide the products and/or services described. The information is intended to present a general overview for illustrative purposes only. Read CNA’s General Disclaimer.
One or more of the CNA companies provide the products and/or services described. The information is intended to present a general overview for illustrative purposes only. Read CNA’s General Disclaimer.

By visiting our web site,you accept the terms and conditions as described in our Terms of Use.

Privacy Center | Conflict of Interest | Licensing Disclosure | General Disclaimer | Sitemap

"CNA" is a service mark registered by CNA Financial Corporation with the United States Patent and Trademark Office. Certain CNA Financial Corporation subsidiaries use the "CNA" service mark in connection with insurance underwriting and claims activities. Copyright © 2022 CNA. All rights reserved.

/web/guest/cna/from-the-experts/authorbio/blogdetails Protect Your Business from Social Engineering Scams | CNA Z6_40KKTL4U2REB90AH8FND8R00T6 /CNA /ListofAuthors /AuthorDetails /IndividualBlogDetails