Get A Quote Contact Us Home Page

Technology has improved efficiencies, added convenience and helped many companies grow at an incredible pace. Even with advancements in technology, human interaction and error-prevention still play a critical role in protecting our assets.

Computer fraud called social engineering entails manipulating and deliberately deceiving a person and exploiting human weakness to obtain confidential information or assets such as cash.

This manipulation could include:

  • Phishing – An email appears to come from a bank, an associate, friend or family member, causing the victim to trust the source. This request could contain a hyperlink or an attachment with malware that allows the attacker to access the victim’s computer, email account, contacts or social network accounts so that attacks can expand to other computers. While phishing is an email sent out to hundreds or thousands of target recipients, spear phishing is an email sent to one specific recipient and is a common means of social engineering.
  • Fraud – An email appears to come from a trusted source – usually a superior in the workplace – directing the recipient to issue a check or initiate a wire transfer of money to an overseas account. These scams work because the sender has created and uses an email address similar to that of the actual superior. For example, john@acmecorp.com may be presented with an extra “r” as in john@acmecorrp.com, tricking the recipient into believing the request is truly from a superior.

These incidents can be costly, resulting in theft of:

  • account numbers and personal identification numbers (PINs)
  • personally identifying information
  • confidential customer information such as Social Security numbers, dates of birth or addresses
  • usernames and passwords

Consequences include:

  • unauthorized funds transfers and credit card charges
  • identity theft
  • jeopardized company reputation
  • compromised trade secrets and intellectual property

Consider these tips to minimize your risk of being the next victim:

  • Implement strict policies and practices for accounting, bookkeeping and fiscal management. This should include daily activity reports by management to quickly detect unauthorized charge activity. Contact the financial institution promptly; don’t delay.
  • Never proceed with an email request to transfer a large sum of money without dual control practices. One individual performs the requested transaction and a second individual approves and authorizes the change on a different trusted device.
  • Always require at least two key people to authorize a financial transaction over a set amount or to a new vendor or bank account.
  • Keep your anti-virus and firewall software up to date.
  • Use a token if it is provided by the bank. Require strong passwords with a minimum of eight characters incorporating uppercase, lowercase and wildcard characters, and change them regularly. Using this practice makes your password 1.7 million times harder to crack than a 4-digit password.
  • Run random phishing tests to see if any of your employees are too easily fooled, then train them in correct practices.
  • Carefully read any email address or website you encounter, checking for misspellings as described above.
  • Always verify and confirm the target of any hyperlink in an email or on a website.

There are literally thousands of variations of social engineering attacks, and more are being developed daily. The weakest link in any security strategy is the employee who becomes complacent and fails to follow protocols put in place to protect your network and assets. Be vigilant, and remind every employee with access to your systems to be aware of and alert for these techniques.

Posted 6:21 AM  View Comments

Share |


No Comments


Post a Comment
Name
Required
E-Mail
Required (Not Displayed)
Comment
Required


All comments are moderated and stripped of HTML.
Submission Validation
Required
CAPTCHA
Change the CAPTCHA codeSpeak the CAPTCHA code
 
Enter the Validation Code from above.
NOTICE: This blog and website are made available by the publisher for educational and informational purposes only. It is not be used as a substitute for competent insurance, legal, or tax advice from a licensed professional in your state. By using this blog site you understand that there is no broker client relationship between you and the blog and website publisher.
Blog Archive


View Mobile Version
   
Social Media
HELPFUL LINKS: Home About Us Get A Quote Blog Contact Us Honest – Knowledge – Service.
© Copyright Clark Insurance Group. All rights reserved. Powered by Insurance Website Builder
Automobile Insurance Homeowners Insurance Business Insurance Life & Health Insurance
Find Us on Facebook Follow Us on Twitter Connect With Us On LinkedIn RSS