Leading Insurer Adds Optional Cover for Social Engineering

Social Engineering

Social Engineering

Optional Cover for Social Engineering

Cyber specialist Emergence Insurance has enhanced its policy wording to cover social engineering.

Emergence has developed a new, optional section, Criminal Financial Loss, which offers cover for socially engineered thefts and cryptojacking. The new covers are in addition to cyber theft and telephone phreaking, which have long been part of Emergence’s offer.

Jeff Gonlin, Emergence’s Head of Underwriting and Product Development, says traditional cyber thefts target IT systems, but social engineering threats target individuals.

“Hacking humans is now big criminal business. People are the weakest link in the security chain,” he said.

Social engineering exploits people who are tricked into divulging sensitive information, transferring money to hackers’ accounts, or even providing access to corporate IT systems.

What is Social Engineering

Examples include business email compromise (BEC), phishing (using electronic communications to fraudulently obtain sensitive information) and baiting (using free offers to surrender login credentials). Fake invoices are another ploy, through which criminals insert themselves into the middle of transactions.

“A supplier’s invoice may look genuine and even represent a legitimate bill a victim is expecting, but doctored bank details mean the funds go to crooks instead of the intended recipient,” Jeff said. “We are seeing the dark side of psychology meeting technology.”

Jeff advocates a holistic approach to cyber security. “It’s not just about your IT, or your employees, it’s both, and how the two interact.”

Internal controls and cyber security training are part of the solution. “But even well-trained employees make innocent mistakes that can be costly,” Jeff said. “That’s where insurance comes into play.”

Brokers and their clients had sought the additional coverage because of the rise of social engineering attacks. The Australian Competition and Consumer Commission’s (ACCC) Scamwatch data shows BEC scam incidents increased 33% in 2018 and BEC accounted for 63% of business losses reported to ACCC.

The rapid rise of social engineering attacks has prompted ACCC to encourage businesses to immediately review processes for verifying and paying invoices.

“Social engineering scams can be sophisticated and many businesses only realise they’ve been caught when it’s too late,” Jeff said.

Digital currencies have spawned cryptojacking, where crooks hijack computers to mine digital currency. Those affected may experience substantial loss of computer performance, reduced battery power, and increased electricity costs. Emergence insureds can now protect themselves against the financial impact.

“Cryptojacking demonstrates the dynamic nature of cyber risks,” Jeff said. “It’s important for businesses to choose a cyber insurer whose cover keeps pace with the evolving threat landscape.”

Ways to Reduce the risk of Social Engineering

Risk management was the best weapon to protect against criminal financial fraud. Jeff said businesses should:
• Use two-factor authentication to secure all online accounts
• Consider the source – treat unsolicited emails with scepticism
• Slow down – consider procedures to deal with what appear to be urgent requests
• Train all staff in security awareness
• Set strong passwords for all devices and accounts
• Review processes, procedures and separation of duties for financial transfers
• Review, refine and test incident management and phishing reporting systems
• Patch frequently and install antivirus software.

While a cyber policy was part of every successful business’s risk management framework, it was not the first line of defence.

“Cyber insurance is designed to protect a business when its IT security, policies and procedures fail to stop an attack,” Jeff said. “But no amount of risk management can get you out of the sights of a determined cyber attacker.”

Emergence is a pioneer of cyber cover in Australia and provides protection for SMEs through to ASX-listed entities.

Source: Emergence Insurance

Compare Cyber Insurance

Cyber Insurance Comparison

 

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

 

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on the inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

No business too small to face cyber attack risk

cyber attack risk

No business too small to face cyber attack risk

Your a small business owner and may not consider yourselves prime targets for cyber attacks.

You may assume big companies have more information to steal and more profits to siphon off, so they’re targeted most often by criminals online. In reality, the opposite is often true.

Everyone can be a cybercrime target – even SMEs – and the onus is on SME owners to stand up to the cybercrime epidemic, spread awareness and do their part to prevent incidents. That process begins with simply admitting the problem exists.

If your hit by cybercriminals, it can be costly.

Research has shown 60% of hacked SMEs are out of business in six months. That’s no surprise, given how devastating attacks can be, and illustrates the need for business leaders to be open and honest about the dangers.

Protect Your Data

• Are all software licenses up to date and antivirus updates enabled? Outdated software can expose businesses to potential attacks and trigger loss of clients’ personal information, leading to brand damage and rectification costs.

• Do you regularly review information stored internally? If old files are saved on local machines, ensure sensitive information, such as payment processing data or confidential trade secrets, is secure.

• Plan ahead. No one likes to think about a cyber attack hitting their business but, if and when it does, you need to be ready. You need to know how to sustain operations even if data access is disrupted and act quickly to prevent distressed customers or lost revenue after an attack.

• Do you involve all the workforce? No business leader can prevent cybercrime incidents alone. It’s a team effort. If someone is left out of the cybersecurity planning process, that weak link might leave the organisation vulnerable. Your employees are the last line of defense. The most successful companies at preventing cyber losses lead from the top and educate their employees.

Find the insurance coverage they need

A cyber insurance policy is part of every successful business’s risk management framework. Cyber insurance is not the first line of defense; it is designed to protect a business when its IT security, policies, and procedures fail to stop an attack.

Protection becomes more important as Australia introduces the new notifiable data breaches scheme, which starts on 22 February 2018.

Gerry Power, National Head of Sales at Emergence Insurance, says cyber insurance is designed to support businesses by providing an incident response team to help clients who suffer cyber events.

 

Compare Cyber Insurance

Cyber Insurance Comparison

 

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

 

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on the inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

 

Five tips to protect against ransomware attacks

Ransomware attacks are one of the most common forms of cyber attack in Australia. How can you protect your business?

Ransomware hackers steal businesses’ files and demand ransom payments to get them back. The attacks can be devastating financially for companies that are not prepared.

For example, the WannaCry attack hit 200,000 victims in 150 countries.

If you run a business, follow these five tips to safeguard yourself and your business against such attacks.

1. Update your software

Pay close attention to the software you use. Emergence Insurance recommends you alway accepting options to update or patch your operating system and other key applications immediately updates are available. Updates are often designed to strengthen cyber security.

2. Install antivirus software

Regular software updates alone do not ensure your systems are protected. Viruses are still a threat because they constantly evolve. Guard against them by running a reputable antivirus tool and remember to update your software immediately when updates are available.

3. Use common sense on the internet

Be smart about not exposing yourself to cyber attacks. Think before you click on unfamiliar links and don’t open strange email attachments. Delete all emails that look suspicious.

4. Backup your files often 

Create backups of all your files often. It’s a simple, effective way to ensure that if ransomware thieves steal your files and hold them hostage, the thieves have no leverage against you.

5. Develop a cyber security plan

Develop a long-term plan to strengthen your business’s cyber security. It should include educating your employees; upgrading hardware and software; building a business continuity plan; and buying cyber insurance protection to safeguard your business financially in the event of a cyber attack.

 

Source

Emergence Insurance

Emergence Insurance is here to protect all businesses – large and small – against cyber risks. In fact, that’s all we do, so we’re the specialists in the field.

 

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

Compare Australian Cyber Insurers

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs