All businesses should be aware of the simple measures they can prevent cybercrime and how cyber insurance can help
Sophisticated criminals don’t discriminate against company size or industry. However, if you make regular and significant payments to third parties, you are increasingly more likely to become the target of cybercrime.
Cybercrime security can often seem complex and time consuming, however with well-funded criminals testing your defences for weaknesses, you can ill afford not to maintain adequate cyber insurance protection.
How to prevent cybercrime?
Before considering cyber insurance, businesses should be applying cost-effective measures that can significantly improve their resilience to cybercrime.
The UK government Cyber Essentials initiative identifies that small to medium sized companies should:
1.) Maintain a firewall;
2.) Choose the most secure settings for devices;
3.) Control who has access to data and services;
4.) Protect against viruses/malware; and
5.) Regularly update security patches; to mitigate the risk of cybercrime.
However, far too many businesses focus on electronic cybercrime security, without giving sufficient consideration to how their employees can potentially impact their defences.
Employee mistakes, their deliberate actions or their manipulation, can easily negate your cybercrime security measures. Increasingly sophisticated criminals are focusing their attention on a combination of electronic and human interactions to achieve their criminal objectives.
Employee cybercrime training
Educating your employees is critical to guard against cybercrime. If they understand the vulnerabilities and threats to the business, it can significantly improve your ability to identify and respond effectively.
Being able to spot fake emails, payment or information requests can save your business significant cost. The threat of cybercrime is continually evolving however the two main objectives of a fraudster remain the same: 1) theft of money; and 2) theft of data
Sophisticated criminals tend to use a multiple touch points to solicit enough information they can seem plausible. Social engineering fraud
will seek to manipulate your employees into believing that it is in their interest to assist them and is fast becoming the most dangerous type of cybercrime.
Procedures to protect against cybercrime
There are a number of measures that businesses can adopt that will improve their ability to identify and manage cybercrime. Below we’ve taken a look at three which have been shown to reduce the likelihood and impact of an attempted theft of money:
Segregation of duties
No one employee should be able to initiate, authorise and reconcile a transaction from start to finish. This separation of duties ensures that anyone seeking to initiate fraudulent cybercrime behaviour will be quickly identified.
No one employee should be able to make an electronic transfer without authorisation from another. Limits on the amount of money transferred should be set that require senior management agreement is an effective cybercrime prevention process.
Call back procedure
Any request to amend banking details of existing customers or make large electronic transfers should require a call back procedure to a previously established contact number. Impersonation cybercrime fraud can occur under many different guises.
Each business is different and how you choose to implement procedures that will guard against cybercrime will depend upon your specific circumstance, however the principles remain the same.
Management of cybercrime risk
Employees need to be aware of their cybercrime responsibilities when using a computer on the company network. There should be clear guidelines for electronic data and physical security of devices, that includes a disciplinary process for employees found to have been in serious breach.
A consistent message to all employees is required to create the right culture that seeks to protect the data your business controls. Good cybercrime practices should ensure that sensitive information is only be available to employees that require access. We've produced a useful guide: What is cyber insurance? Explained 1O1.
With increased regulation under GDPR
that provides for fines, notification to the affected individuals, not to mention the reputational damage. Businesses should ensure their compliance when operating in an increasingly digital world.
Embedding effective procedures within your business and ensuring that employees are sufficiently trained will reduce your cybercrime risk. Time and time again failures occur as a result of employee intervention that could have been avoided.
Originally posted by Get Indemnity
This guide is for information purposes and based on sources we believe are reliable, the general risk management and insurance information is not intended to be taken as advice with respect to any individual circumstance and cannot be relied upon as such.