As many employees are working remotely for the short term, “normal” communication among teams has changed dramatically, almost overnight. This can result in deviation from established protocols in all areas of organizations. Not surprisingly, cyber criminals are aware of, and working to take advantage of, increased vulnerabilities. At a time when cash is critical, the risk of a successful cybercrime hit on organizations has never been higher.
The good news is that there are a handful of critical risk management procedures that can be implemented that are almost always successful in preventing losses. The following are strategies recommended by the top cybercrime claims adjustors based on losses over the last year:
- If you have established rules for managing funds, be vigilant and make NO EXCEPTIONS to your rules. If workarounds are required because of remote working conditions, quickly determine how you will perform duties while maintaining security and train your team accordingly. Make this high priority and reinforce regularly.
- Create human firewalls – cyber criminals are cons and must rely on human interactions to lure people into providing confidential information or to voluntarily turn over funds. If we create human barriers, we can shut them down. Avoid email and text as much as possible when discussing anticipated electronic funds transfers and other vulnerable transactions.
- Call back verification – This is the number one most effective way to avoid funds landing into the wrong hands. Picking up the phone to verify information in the following scenarios will prevent loss:
- If you receive an internal email or text request to transfer funds, call the source on the phone to verify it is a legitimate request.
- Be very, very wary of any vendor who notifies you via email of a change in account number. Call your bank contact as soon as you receive any emails. Do not call a phone number from the request to change – this is often a false number set up by the cybercriminals.
- Many companies are initiating wire transfers for the first time as a result of the COVID-19 crisis. If you must do this, be very careful with the logistics, avoid email and work with your banker to endure security with a vendor (this is common right now due to remote working).
- Slow down and think through what you are doing. Now, more than ever, we are working in an anxious and stressed state. Hackers thrive in this environment – targeting our flustered and distracted state and pressuring us into taking action. It’s time to listen to our guts and if something feels off, pay attention to the details. Leadership must provide reinforcement to their teams communicating that it is OK for them to take time with sensitive transactions and that it is imperative to verify verbally the information, no matter how long it takes.
Note that crime insurance coverage will not cover losses for “voluntary parting” of funds without a special endorsement typically referred to as “social engineering fraud”. The coverage must be added to the policy while most agents have been working over the last few years to discuss with clients, there are many policies still missing this critical coverage . Please take a moment to reach out to your insurance agent to understand your crime insurance policy and protect yourself against cybercrime.
Gretchen Hopp Doyle, CRM, CIC
Baker-Hopp & Associates (insurance and risk management)