Social Engineering Cyberattacks: What to Know and How to Mitigate Risk
There’s no time to waste. Online manipulation is happening now and it could be happening to your company. Increasingly complex techniques, including social engineering, can have very negative effects on businesses. Unfortunately, these scams are on the rise. Having strong cybersecurity, and a comprehensive insurance plan that covers online breaches, is very important for companies today.
We are all exposed to social engineering, which is a form of psychological manipulation used by bad actors to make people take an action they otherwise would not have done. That could be sending money or sharing sensitive information. Because people do not know they are actively being manipulated, their normal defenses aren’t up, and they fall prey to the scam. Common social engineering scams include phishing, when cybercriminals trick people over email into giving private information, and baiting, when criminals get someone to click a malicious link to download a file containing malware.
As we wrote in March, remote workforces, which have become much more common during the COVID-19 pandemic, pose a higher risk for cyberattacks. Our friends at Beazley confirmed our fear: “The number of incidents involving ransomware reported to Beazley Breach Response (BBR) Services in the first quarter of 2020 increased by 25% compared to Q4 2019.” BBR also noticed that a large number of social engineering attempts capitalized on COVID-19 fears, coming in the form of messages resembling those sent from authoritative sources like the Center for Disease Control and Prevention or the World Health Organization.
In the past, we’ve written about a few key cybersecurity threats, with information to help you address each one. Those threats are:
- Business email compromises
- Targeting of IT vendors by cyber criminals
- Banking Trojans, a type of computer program
- Fileless non-malware attacks
- Wire transfer fraud
When it comes to general cybersecurity and protecting your business against social engineering, there are steps you can take. First and foremost, education is key. By teaching your staff how to recognize a phishing or baiting scheme, they will be much less likely to click malicious links. It’s also important to create a virtual private network (VPN) for your remote workforce so your corporate network protections extend to connections from home. In addition, you can require multi-factor authentication to make fraudulent logins more unlikely and easier to spot.
Even with these best practices, accidents happen. Because it’s difficult, even impossible, to completely protect against the rapidly changing cyberattacks, it’s essential that businesses have a risk management plan in the event of a breach. Often, companies unknowingly lack insurance coverage for social engineering, according to Insurance Business Magazine. Social engineering loss might not be covered under crime/fidelity coverage if no direct fraud took place — that is, if an employee gives accidental consent to the breach by clicking a link or responding to an email. Exclusions in standard crime coverage plans could pose issues when trying to recoup loss after a cyberattack.
To assure you are protected against social engineering, be sure to ask your broker about endorsements to your crime/fidelity coverage. Your Rose and Kiernan, Inc. agent will help you determine what the appropriate cybersecurity coverage is for your business.