Cyber Criminals Can Be Stopped with Enhanced Cyber Security
Cyber criminals are becoming more sophisticated in their efforts to scam businesses of confidential information and even money. myBusinessBar preferred vendor Sean England, Risk Consultant with Moreton & Company shares more about phishing scams and provides a way companies can protect themselves from a breach in their security.
Tax season is upon us, and a dangerous phishing scam has recently evolved. While it used to mainly target for-profit entities and those that had large employee counts, it has now evolved to target schools, hospitals, non-profits, and for-profits of all sizes and industries. These scams were widely seen in 2016 and are now more common in 2017 (especially during tax season).
Last year our first issued an alert in response to an increased number of phishing and social engineering attacks. Most cases involved tens of thousands, but in some severe cases, several million dollars were lost. These scams involve convincing an employee to wire for what the victim believed to be a routine business request or a confidential demand made by a senior level executive. Where requests for money were common, they are now adapting to requests for W-2s or other confidential information.
This new scam involves cyber criminals using various techniques and what seem to be legitimate business requests. For example, the criminals may send an email to someone in the HR or Payroll department appearing to be from a high-level executive. The email address is very close or masked to trick the user into thinking that it was sent from the appropriate source. This email requests a list of all employees and their W-2 forms. Cyber criminals use this information to file fraudulent tax returns and commit other crimes. In some cases, the same companies that have mistakenly sent some information are additionally tricked into wiring money prior to being discovered. Not only losing confidential data but large sums of money too.
Fortunately, this scams can be avoided! If your organization does fall prey, steps can be taken to limit the damage to employees and the company. Certain insurance policies such as crime and cyber liability can also provide protection for these events. These policies may provide a small sub-limit for crisis management or other public relations expense. Coverage varies greatly and evolves regularly. In addition, education and awareness continue to be critical components of protecting your firm.
Here are some key steps your organization can take to enhance your cyber security:
— Work with your insurance broker to explore insurance options for the above exposures
— Educate employees about these scams and to question all confidential information requests
— Enforce an independent call back verification of all confidential requests to ensure validity without replying to the original request
— Never allow the urgency of a message to influence your careful assessment for requests for confidential information
— Evaluate controls and procedures regarding personal and confidential information
If you would like to learn more about cyber security, you can contact Sean England, Risk Consultant with Moreton & Company at 801.715.7145.