Social Engineering: A Growing Cyber Threat
Social Engineering: A Growing Threat to Your Cyber Security
These days, pretty much everyone is aware that cyber security attacks are happening more frequently to businesses both small and large across the nation. Most people’s thoughts turn to hackers breaking through your firewall and stealing your data, but in reality, human error is one of the leading causes of security breaches today. Social engineering attacks have become one of the sneakiest yet easiest ways an outsider can gain access to your electronic data.
What is Social Engineering?
Insurance Risk Management Inc. (IRMI) defines social engineering as “the act of deceiving people to cause them to divulge confidential information.” This is commonly done through methods such as phishing, spearing, or whaling, and can result in seemingly minor crimes such as theft of a password, or more serious crimes like funds transfer fraud. These crimes are often committed by someone posing as someone with authority:
- Someone posing as a member of the C-Suite and/or management team by sending an email requesting sensitive information to be provided. For example, someone posing as the HR Director requests a list of all employees’ names, dates of birth, and social security numbers
- Someone posing as the CFO requests a funds transfer to pay an invoice.
But beware! The email and sender may appear to be legit at a quick glance, but if you look closely, you may notice a slight difference from the person’s actual email address. Because these fraudulent emails typically appear to come from someone with authority, the requests are often handled quickly and with little forethought – after all, you don’t want to upset the CFO! Usually, by the time someone realizes it was a fraudulent request, a cyber breach has already occurred.
Desert Mountain Insurance is experienced in both Cyber Liability and Crime policies.
How can you protect your business from social engineering scams?
Corporate culture is at the front lines of preventing these types of social engineering attacks.
- According to T.C Doyle, Senior Content Director of Channel Brands at Penton Technology, 9 out of 10 cyber security breaches are a result of lack of education and training of people.
- Employees are the first line of defense to prevent a social engineering scam from succeeding.
- Education and training are fairly simple: think before you open an attachment, click on a link, or transfer funds to an outside bank account. It could be a social engineering trap!
A Cyber Liability policy is a good start to protect your business in the unfortunate event of a social engineering scam, but not all cyber policies are created equal.
Policies are usually individually crafted by each carrier, so there can be coverage differences from one policy to the next.
- Only a few Cyber Liability policies actually include coverage for social engineering claims, and it’s typically only included by endorsement and upon request.
- Additional coverage through a separate Crime policy is often needed for a carrier to respond to a social engineering claim and have insurance protection from social engineering schemes.
Working with a trusted insurance broker is a great place to start. Desert Mountain Insurance is experienced in both Cyber Liability and Crime policies, and our goal is to make sure you have adequate coverage for your business, especially when social engineering is involved. Contact us today for a free evaluation of what types of coverage may benefit your company!