Risk & Business Magazine Capri Insurance Spring 2016 | Seite 6

The Rising Cost of Social Engineering And the Risks Associated With It BY: DARLENE GLANVILLE, FCIP, CAIB, COMMERCIAL ACCOUNT EXECUTIVE, CAPRI INSURANCE L et’s face it, the world is becoming more and more connected every day. While at first glance, this appears to be a benefit, there is a byproduct to this connectivity in that people and relationships get lost in the shuffle. In the past, smaller organizations typically had employees who knew everyone on staff. Now it is the norm to have employees located across the country or in other parts of the world. Social engineering fraud is a consequence of this situation and is becoming increasingly more common. Social Engineering fraud occurs when employees or business partners, acting in good faith, comply with instructions to send a payment by way of a written or verbal communication. The request for payment comes from a fraudulent source and mimics legitimate correspondence. More than likely, the individual committing the fraud poses as a trusted vendor, an employee, a company executive or a new client. This type of fraud relies on people taking others at face value and can cost a firm hundreds of thousands (if not millions) of dollars. As an example as to how this can play out, lets look at the case of ABC Manufacturing. One of their employees receives an email from a long-standing vendor stating that they have recently changed banks and are providing new wiring instructions. The employee updates the file. Months later, the vendor advises ABC’s accounts payable department that three payments have been missed and they are over $100,000 in arrears. It turns out that the email with the wire change instructions was fraudulent. The police are called and the wire information leads them to a bank in Asia. No proceeds are recovered. Risk management is extremely important in preventing these types of losses. Here are some guidelines that can assist you in preventing social engineering fraud: 6 SPRING 2016 • Assess data classification, identifying who has access to what information and their potential risk. • Avoid the release of sensitive information to anyone who doesn’t need to have it or who is unknown to the organization. • Verify checks and clearance before making any wire transfers. As attacks increase in size and frequency, it is likely that the coverage will become more readily available with higher limits being offered. If you want to know more, or would like an overview of your current practices in terms of risk management and exposure, we would love to hear from you. You can reach us at 1.800.670.1877. • Establish regular call-back protocols for both vendors and clients. • Train your employees regularly on security programs and update them on security threats Unfortunately, even the best training does not always prevent a loss and part of your risk management policy may involve the purchase of appropriate insurance coverage. Social engineering coverage is an emerging crime coverage that is available by endorsement to a stand alone crime policy. To date, only a few carriers have responded by providing the coverage and limits are typically available up to $250,000. Darlene has worked in the insurance industry in BC for over 20 years and has held positions on both Broker and Insurance company side. Prior to joining Capri, Darlene worked at ICBC and provided product and professional training to Insurance brokers across the province.