Reduce the risk of social engineering fraud

July 8, 2016 | SOS: Business risks that aren't on your radar but should be Juli Jenkins, LMC Insurance & Risk Management,

A cyberattack is an expensive threat that all companies, regardless of size or industry, need to take seriously. One common way hackers attempt to gain access to a company’s servers, bank information and other important data is through social engineering. Criminals will attempt to trick individuals into giving up important information or impersonate someone within the company to gain access. There are multiple ways for companies to protect against social engineering fraud.

Require multiple people to sign off on all wire transfers, making sure that more than one set of eyes reviews any potential suspicious activity. Once this policy is established, make sure that it is regularly enforced and that all employees handling funds are reminded of the policy and educated about common warning signs. Look out for a change in account numbers, expedited requests and requests for unusual amounts.

Implement a policy that requires different forms of authentication. If a request is received by email, a phone call should be required to verify the transaction. Make sure that phone number is one that was previously established, such as those from a corporate directory — not one listed in an email from the requester.

Company websites and social media websites may offer thieves more intelligence than you think. Be cautious with what is posted in terms of job duties or descriptions, hierarchical information and out-of-office details. Scammers look for these details to create more targeted messages. Additionally, if criminals know you are out and not checking emails, they could take advantage of this and pretend they are you.

Test your employees. Experts can create phishing emails to determine how good employees are at rooting out these schemes and how well they are following procedures. These exercises can boost employee education and preparation when they are reviewed in depth afterward, highlighting the methods used and their efficacy on your employees, and can be used to further tailor training to the vulnerabilities of the workplace.

Review your insurance options and have a discussion regarding coverages/safeguards.