Social Engineering Fraud, also called email piracy or Business Email Compromise (BEC), is hard to prevent because it is based on deception (see here and here). While comprehensive protection is available within some Cyber Risk Insurance policies (also called Data Breach, Privacy and Network Security insurance coverage), a strong prevention program is also important. Here are a few prevention tips along with the sources:
From our prior post, Tips for Preventing Email Piracy:
- Be suspicious of requests for secrecy or quick action
- Utilize a two-step verification process
- Know your customers & vendors
From Chubb’s Guide to Preventing Social Engineering Fraud:
- It is essential that employees across an entire organization be educated and trained on how to detect and prevent this type of fraud.
- Social engineers also exploit a person’s natural tendency to avoid doing something wrong or getting in trouble.
- Never release confidential or sensitive information to someone you don’t know.
- Verify incoming checks and ensure clearance prior to transferring any money by wire.
- Guard against unauthorized physical access.
From Trend Micro, Security 101: Business Email Compromise (BEC) Schemes:
- Carefully scrutinize all emails.
- Verify any changes in vendor payment location by using a secondary sign-off by company personnel.
- Confirm requests for transfer of funds…using known familiar numbers, not the details provided in the email requests.
From Security Intelligence, Social Engineering and BEC Scams: Walking the Wire:
- Companies double-check requests and triple-check their numbers before issuing any payments. However, scammers know what to expect and have adapted social engineering tricks to compensate.
- Flag any email addresses that mimic corporate naming conventions.
From The Gowrie Risk Report:
- Keep employees informed on the type of scams being perpetrated.
- Use strong password tactics and good password hygiene.
- Keep cyber security software up to date.
In addition, make sure your Cyber Risk Insurance includes coverage for Social Engineering Fraud (email piracy or BEC). Cyber Risk Insurance is an essential coverage for all types of organizations for protection from both employee error and criminal attacks such as BEC – it should not be optional. Coverages vary widely and can be tailored to cover the cost of breaches, forensics, business interruption, PCI assessments and crisis management. As noted, a few Cyber Risk Insurance forms include coverage for loss of money from cyber crime, including Social Engineering Fraud.
Tennant Risk Services is a specialty wholesale broker and underwriting manager, and delivers expertise, markets and exemplary services to our retail insurance agent clients in the placement of professional liability insurance (E&O, D&O, EPL, Cyber). We excel at hard to place accounts.