Social Engineering Fraud is on the rise: Hackers are only an email away!
Anton Hilton • March 13, 2017
‘Social engineering attacks’ can take advantage of IT security by encouraging employees to download malicious software that is also known as malware. In short this can allow them access to a business’ IT systems.
Common methods include emailing employees to reveal confidential information such as company bank details and passwords or other insider details that will then assist them in seeming more credible for the next planned attack.
Along with cyber attacks, social engineering attacks are a global issue and one which is a growing threat for companies of all sizes, from SMEs to national businesses.
It has been noted by industry specialists that past criminals have focussed on committing fraud through IT systems, but as a result of technology becoming more sophisticated, staff have found themselves increasingly targeted.
When you think about it, employees are only one email away from a fraudster and successful scams are becoming increasingly commonplace, despite robust controls and procedures.
Like other types of cyber-attacks, the risk of falling victim to an email scam cannot be completely eliminated. Even if your business has robust systems and controls in place, it is still extremely difficult to prevent such attacks. To reduce the risk of your business being caught you should:
- Review IT security and controls to make sure they are as robust as possible
- Beware of any emails asking for personal information. ‘Phishing’ emails generally come from someone pretending to be in a position of authority and often convey a sense of urgency.
- Make sure that your employees know what forms email scams can take and who to contact if an email looks suspicious.
Crowded places are – and will remain – attractive targets for international and “home-grown” terrorists and so an important element of any counter-terrorist strategy is to create safer places and buildings that are less vulnerable to a terrorist attack. This is especially so for leisure, hospitality, retail industries. Cost of terrorism Companies still significantly underestimate their potential exposure to the related risks and losses, especially to the increasing indirect risks from terrorism elsewhere. For example, the Paris attacks in November 2015 paralysed Brussels’ tourism and retail sectors some 320 kilometres away and had a lasting impact on the city’s commerce. Many UK companies are unaware – or have underestimated – the financial losses that could occur if a key supplier or business partner (in the UK or internationally) were unable to operate for a significant period of time. The human and financial cost of terrorism is growing rapidly. The Institute of Economics and Peace has estimated that the direct cost of terrorism to the global economy in 2014 was $52.9 billion – a ten-fold increase since 2000 – and the indirect costs at $105 billion. Practical steps Companies can’t predict all possible threats to their business. However, by working through a range of potential scenarios and consequences it is possible to make informed judgements and set appropriate priorities. The following process is an effective way for companies to think about improving the management of these risks: Step one: identify the threats. Understanding terrorists’ intentions and capabilities, what they might do and how they might act, is a crucial first step to assessing potential threats. Step two: decide what you need to do to. Priorities should fall under the following categories: people, physical assets, information and process (supply chains and the operational process required to support the business). Step three: identify measures to reduce risk. Companies should introduce new proportionate measures that: deter would-be terrorists;
aid detection of intrusion; and
delay any attempts at intrusion. Step four: continually review your security measures. Security and contingency plans should be rehearsed and reviewed on a regular basis to ensure they remain accurate, workable and up-to-date. Terrorism Insurance Since the IRA attack on the Baltic Exchange in London in 1993, the UK established a mutual government reinsurer, Pool Re, to provide a backstop to insurers that offer terrorism cover on business property and business interruption policies. This has worked well and despite £600 million of claims from 13 separate incidents there has been no use of public money. However, the increasingly interconnected nature of global commerce means that UK organisations are not only exposed to events in the domestic market but many also have international exposures through the global reach of their business activities. Companies can also be impacted via a change in consumer behaviour in the aftermath of a terrorist attack. New threats and new risks require new insurance solutions and one insurer is now offering a contingent Loss of Attraction cover, for example. As always if you have any questions regarding your business insurance please contact Forum Insurance on 020 8909 2899
Here are some of the measures IT professionals believe are essential for protecting against cyber crime: Install anti-virus, web filtering and firewalls. The best way to secure against a cyber attack is to prevent an attacker entering your system in the first place. Implementing anti-virus, web filtering and firewalls are a must – and ensuring they are always up-to-date. Keep software updates up to date! Before you start shopping with any online retailers look for the security information in the address bar to ensure you see the letters “https:” to indicate that it’s a secure site. You might also see a little padlock symbol in the same line. Consider using an alternative form of payment that protects you a little more. An online payment service like PayPal has strong safeguards in place, and can serve as a go-between for you and the retailer – you can even use your regular credit card as a payment method within PayPal. In order to shop on any online retailer’s web site, you will most likely be required to create an account. When you do establish an account, it’s important to choose a strong password that has a combination of letters, numbers, and symbols, and don’t forget to throw in a mixture of upper and lower case. It is also recommended to create unique passwords, meaning you don’t use the same password for multiple websites. Check your credit cards routinely during the coming weeks to make sure there is no unauthorised activity, and remember to alert your bank if you have reason to believe that your identity has been compromised. If you have a business, keep your employees trained to be careful what they click on if receiving deals! They may not be from the well known brand they appear to be from – and this could spread a virus throughout your company’s system.
Amish joins the family business after successfully managing the business through a change period, structuring the team to serve it’s core markets. Mamtora studied at Aston University prior to joining the family business some 4 years ago. In his new role he will be responsible for growing the business in both existing and unchartered sectors. Managing Director Barry Mamtora said, “I am delighted Amish has chosen to join the family business and take it to the next stage. We have celebrated 25 years in business and I have every confidence Amish will maximise insurer partnerships and leverage our buying power to deliver the best risk management solutions for our clients.” A number of key achievements have driven Forum’s growth in the past few years including the expansion into petrol forecourts where they have gained significant market share. This appointment hails the next phase of growth for Forum Insurance. Amish Mamtora said, “I am delighted to be appointed director at such an exciting time. The opportunity to continue Forum’s success story and utilise technology to our advantage is key to my plans for the future. It is an exciting time for independent broking.” Forum Insurance are developing an ongoing client consultation programme, ensuring our diverse client base are best placed to understand the individual risks to their business. Amish continued, “As a family business we share a common passion for excellent customer service and look forward to working even closer with our clients, delivering traditional personal service. This opens up some very exciting opportunities for our employees."