Is your business protected against the growing threat of social engineering fraud?
The weakest link for a business when it comes to social engineering fraud can be its staff, says Managing Director Bryan Banbury, as he describes the threat and outlines tips on how to protect against attacks of this kind.
In an age of cyber attacks and digital identity theft, many businesses are focusing their cyber security approach solely on implementing technical protection and cyber insurance – but with ever advancing forms of cyber protection on offer, it can be people who are the weak link rather than technology.
Social engineering fraud is the latest and most concerning threat for businesses, from SMEs to major corporations. In a nutshell, it is when an employee receives a fraudulent call or email from a criminal masquerading as a senior boss or MD, asking them to transfer a sum of money in a tight time frame, or the deal will fall through.
You may think you wouldn’t be fooled by such a ruse – but these fraudsters are clever and have done their research, so their approaches don’t seem fraudulent at all. Many employees have genuinely believed the request has come from their boss, given the language, knowledge, format, tone etc of the communication. For example, criminals using one particular social engineering attack – sending out emails asking employees to change the bank account details to which certain payments are made – resulted in average losses of over £100,000 per incident across 90 different countries, according to Trend Micro research.
So what should you do to protect your business from attacks such as this? Insurance is the most straightforward and sensible way of mitigating the risk, but it is very important you understand what type of insurance is required.
Some businesses think that if they have been tricked by an email and made an electronic payment, that this is purely cyber crime – but cyber insurance does not, ordinarily, cover social engineering. What you need in order to be protected against this type of attack is crime insurance.
It is interesting that while crime insurance is relatively inexpensive, many businesses don’t bother taking it out. They install CCTV, intruder alarms, window bars and such for physical security as well as taking out contents insurance as a back-up, yet when it comes to social engineering fraud they don’t have the back-up of crime insurance.
Modern crime insurance policies are very broad and cover financial loss rather than a specific crime or crimes. So, your business is likely to be covered by a crime insurance policy even if an employee is tricked using social engineering into sending money or even handing goods over to fraudsters voluntarily.
If you feel your business could do with an insurance audit in relation to the threat of social engineering, then please get in touch with one of our team who will be happy to have an informal chat about your needs.