Cyber Crime Insurance.jpeg

How to prevent Cyber Crime? Your weakest business link

by Get Indemnity ™

 

Small to medium sized businesses should be aware of their weaknesses and simple measures they can adopt to guard against cyber crime.

Sophisticated criminal networks don’t discriminate against company size or industry. However, if you make regular and large payments to third parties then you have a significant exposure and are increasingly more likely to become the target of fraud.

Cyber crime security can often seem complex and time consuming, however with well-funded criminals testing your defences for weaknesses, you can ill afford not to maintain adequate protection.

With the right guidance, businesses can focus their attention on cost-effective measures that can significantly improve their resilience. The Cyber Essentials initiative from the UK government identifies that small to medium sized companies should: 

1.    Maintain a firewall;
2.    Choose the most secure settings for devices;
3.    Control who has access to data and services;
4.    Protect against viruses/malware; and 
5.    Regularly update security patches.

However, far too many businesses focus on electronic cyber crime security, without giving sufficient consideration to how their employees can potentially impact their defences. 

Employee mistakes, their deliberate actions or their manipulation, can easily negate your security measures. Increasingly sophisticated criminals are focusing their attention on a combination of electronic and human interactions to achieve their objectives.


Employee cyber crime training

Educating your employees is critical to guard against cyber crime. If they understand the vulnerabilities and threats to the business, it can significantly improve your ability to identify and respond effectively.

Being able to spot fake emails, payment or information requests can save your business significant time and cost. The threat of cyber crime is continually evolving however the two main objectives of a fraudster remain the same: 

1)    theft of money; and 
2)    theft of data.

Sophisticated criminals tend to use a multiple touch points to solicit enough information they can seem plausible. Social engineering fraud will seek to manipulate your employees into believing that it is in their interest to assist them.


Procedures to guard against cyber crime

There are a number of measures that businesses can adopt that will improve their ability to identify and manage cyber crime. Below we’ve taken a look at three which have been shown to reduce the likelihood and impact of an attempted theft of money:

1.    Segregation of duties
No one employee should be able to initiate, authorise and reconcile a transaction from start to finish. This separation of duties ensures that anyone seeking to initiate fraudulent behaviour will be quickly identified.

2.    Dual authorisation
No one employee should be able to make an electronic transfer without authorisation from another. Limits on the amount of money transferred should be set that require senior management agreement.

3.    Call back procedure
Any request to amend banking details of existing customers or make large electronic transfers should require a call back procedure to a previously established contact number. Impersonation fraud can occur under many different guises.

Each business is different and how you choose to implement procedures that will guard against cyber crime will depend upon your specific circumstance, however the principles remain the same.


Control access to sensitive data

Employees need to be aware of their responsibilities when using a computer on the company network. There should be clear guidelines for electronic data and physical security of devices, that includes a disciplinary process for employees found to have been in serious breach.

A consistent message to all employees is required to create the right culture that seeks to protect the data your business controls. Good cyber crime practices should ensure that sensitive information is only be available to employees that require access.

With increased regulation under GDPR that provides for fines, notification to the affected individuals, not to mention the reputational damage. Businesses should ensure their compliance when operating in an increasingly digital world.

Embedding effective procedures within your business and ensuring that employees are sufficiently trained will reduce your cyber crime risk. Time and time again failures occur as a result of employee intervention that could have been avoided.

 
     

Cyber Insurance Security, Risk & Liability 

Crime Insurance Business Fraud Cover

Social Enginneering Fraud Explained

Types of Cyber Crime



Originally posted by Get Indemnity

This guide is for information purposes and based on sources we believe are reliable, the general risk management and insurance information is not intended to be taken as advice with respect to any individual circumstance and cannot be relied upon as such.