Cyber crime is not only one of the hottest topics in insurance right now, it’s also grabbing the attention of more regular, everyday folks. High profile hacks on corporate giants continue to occur - and garner attention from the mainstream media - and increasing numbers of small and family businesses are now being successfully targeted by hackers.
While you may think it safe to assume that the elevated profile of cyber crime would make people more vigilant to cyber scams - and thus make things more difficult for hackers - that is not necessarily the case.
Jeremy Barnett, senior vice president of marketing at NAS Insurance, told Insurance Business that he has witnessed “a sharp uptick in cyber crime in 2018.”
In particular, increasingly sophisticated email phishing scams are proving to be successful for hackers. Targets will receive an email purporting to be from a senior leader in their organization asking them to send funds to a particular bank account. Unbeknownst to them, the email is from a cyber criminal who has hacked the company.
“Criminals are no longer just getting the email credentials of a person in the company, they are now monitoring their email and communication style in order to send a phishing email that is hard to detect as being fraudulent,” Barnett says. “The criminal knows who to make the transfer request to, and from, and what type of amount to ask for so as not to arouse suspicion.”
It’s clearly an issue that needs to be addressed but how can companies - and brokers and agents - mitigate their cyber exposures? Criminals are continuously improving their strategies and the feeling that hackers are one step ahead of authorities remains. Educating staff at all levels about what to look out for is a good place to start.
“There should be efforts to build awareness so that people know not to conduct any transaction without confirmation and to review every request thoroughly before executing,” Barnett says. “People have to know that these kinds of emails are coming, to expect them, and be more vigilant.”
Barnett also recommends implementing procedures that prevent individuals from completing an errant payment, whether it be by check or wire transfer.
“There has to be some kind of in-person supervisory system, like in the nuclear industry, where there has to be two keys, so you can’t do anything too dangerous on your own,” he says. “That’s another safeguard to ensure that no transaction is executed without in-person confirmation.”