Skip to main content
Business Insurance

Social Engineering: Definition and Risk Management – Part 2

By January 20, 2020 January 24th, 2020 No Comments

In case you missed it, check out Part One here.

Several insurance companies have coverage available to pay for money that is lost when someone transfers funds from your account(s), whether the funds were transferred by the criminal or someone within your organization is prompted by a criminal to transfer funds.

The cost for the coverage is relatively minimal given the likelihood of a hacking or social engineering incident. These types of situations have proliferated because of the numerous ways to communicate without face to face contact. The more information that the criminal can attain the easier it will be for them to impersonate another individual.

The insurance companies do not provide the coverage as a stand-alone product. The coverage is normally added to a package of other crime coverages. If you currently have crime coverage we may be able to simply add the fraud coverage to your current policy. If you do not currently carry crime coverage, we can easily put a package together that meets your needs.

In addition to insurance coverage, it is highly recommended that you employ the following items depending upon your circumstances:

  1. Verify any requests for:
    • Log-in credentials
    • Personal or confidential information about yourself, co-workers, management or other information about the company that may not be appropriate for public disclosure
    • Changes to customer or vendor banking or address information
    • Electronic wire transfers of money
    • Incoming checks for clearance at the bank prior to transferring money by wire
  2. Provide training for employees:
    • When, where, why, how sensitive information should be handled
    • Security protocols for each specific position
  3. Identify which employees should have access to what types of information
  4. Do not input unauthenticated software or flash drives into the computer system
  5. Be wary of suspicious unsolicited emails, especially with links and attachments
  6. Identify what information is sensitive and determine its exposure to social engineering and breakdowns in security
  7. Screen company social media posts
  8. Document shredding
  9. Use waste management services that lock dumpsters
  10. Perform periodic random test of security systems and procedures
  11. Establish security protocols, policies, and procedures for handling sensitive information
Tod Bergen, CPCU, CIC, CRM

Author Tod Bergen, CPCU, CIC, CRM

Business Insurance Executive
tbergen@ekmcconkey.com
717-505-3165

More posts by Tod Bergen, CPCU, CIC, CRM