Scarier Than Hackers for Your Business: The Social Engineer

social engineer

What is scarier than a skillful hacker with bad intentions who has accessed personally identifiable information by infiltrating a company’s network of computer systems? How about a smooth-talking con-artist intent on getting your firm’s employees to just hand over a company’s money… potentially big money!

Organizations should not sleep on the power of social influences that can leave your company just as vulnerable to a severe loss as a hacking incident.

Today, as a society, and rightfully so, we are conditioned to always be enhancing firewalls, strengthening passwords, limiting online access to confidential information, and developing robust cyber breach response plans to deal with the inevitable hacking of our computer systems. All are “clear-and-present-danger” risk management techniques for businesses in 2015 and beyond.

But organizations should not sleep on the power of social influences which cross over into psychological manipulation and can leave your company just as vulnerable to a severe loss as a hacking incident.

Sounds dramatic right? Well, just think about the type of person almost any employee (at any level) would look to bend over backwards for in order to please: how about the boss? or the boss’ boss? or a large client? or a large prospective client?

Also, think about how the use of email and the internet by employees has become so second nature that a mundane request from a vendor to change the bank to which payments should be sent would almost certainly be executed in minutes, with only a few key strokes.  In either scenario, if the person making the request (either verbally or via email) turns out to be an impersonator, then the question becomes: how much of the farm did we just give away?

Scary stuff, no doubt. But clearly a fidelity bond (crime policy) covers that type of fraud right? It’s clearly a first-party direct loss, the loss is almost certainly money, it’s certainly a crime, and undoubtedly there is intent. So what’s the issue? Well, it may not be that simple. If an employee was part of, or purportedly part of, the fraud, then an unendorsed fidelity bond/crime policy may offer some protection. But if the impersonation is of a client or of a vendor, then there may be no coverage at all without a proper endorsement to the policy.

The good news? A specialized insurance advisor can walk clients through the issues, offer advice on risk-management procedures, and, of course, request robust coverage for the full range of “social engineering” fraud losses, including:

  • Vendor or supplier impersonation
  • Executive impersonation
  • Client impersonation

So ask your agent or broker today: Do you have a dedicated team that focuses exclusively on fidelity and crime coverage and has sat with the leading insurance underwriters to help develop solutions to this evolving risk?

At the end of the day, that expert advice on fidelity coverage could be the difference between that awful feeling of getting duped and that really awful feeling of getting duped and having no protection at all.

About Andrew Doherty

Andrew J. Doherty is Willis Towers Watson’s Head of Thought & Product Leadership (TPL) / Middle Market Segmen…
Categories: Cyber Risk

Leave a Reply

Your email address will not be published. Required fields are marked *