8 Tips You Need to Know About How to Protect Your Business from the Latest Social Engineering Scams

By Denis Panariti | Published November 13, 2018

Cyber security is a critical challenge for businesses in any industry and of any size. Even the biggest companies and brands can be victimized by cyberattacks. In today's technical operating environment, hackers are getting smarter and increasing the scope and method used to commit cybercrime, particularly through a method known as social engineering.

Social engineering fraud occurs when an outside party attempts to gain the trust of an employee, eventually manipulating him or her into breaking normal security procedures. If an employee falls for the scheme, he or she divulges confidential information, sends payments or assists the third party in ways that provide access to a company computer system.

Fraudsters will use a variety of media — telephone, email and the web — to get what they want. Unlike other methods of cybercrime, social engineering fraud leverages human psychology rather than technical techniques to extract and exploit information — and therefore is more dangerous and more difficult for companies to police and detect.

Ways to reduce your risk exposure 
Businesses can strengthen their cyber protections by identifying internal vulnerabilities and taking proactive measures to prevent a data compromise. Businesses of any type must strengthen defences against social engineering cyberattacks. Here are eight tips:

  1. Increase companywide awareness and understanding of phishing scams.
  2. Create a company domain name instead of using free, web-based email accounts.
  3. Carefully monitor information posted on social media and external-facing company websites. 
  4. Train employees to be cautious of urgent or secretive email requests.
  5. Implement IT and financial security procedures that include a two-step verification process for all money transfers, such as a telephone call to verify significant transactions, or a digital signature requirement.
  6. Teach employees to avoid opening unusual email or attachments or clicking on emailed links.
  7. Consider refraining from using the "reply" option when responding to business email and instead forward the message by typing or selecting the correct email from an address book. 
  8. Implement two-factor authentication (TFA) for all corporate email accounts, which requires a user to verify identity beyond a password, such as through fingerprints or hardware token.  

The right insurance coverage for your business
Because social engineering crimes can involve the release of company funds by a person within your company, standard liability policies may not cover your losses. Your policy must explicitly state coverage for social engineering — and if it doesn't, your claim likely isn't covered.

With your insurance broker, review current controls, procedures and best practices for reducing social engineering risks. In addition, ask your broker to analyze your existing policies to determine coverage gaps. Once those are discovered, review insurance options, such as a specific social engineering endorsement, to enhance your Crime or Cyber policy.

Even a business with thorough preventative protocols can fall victim to social engineering fraud. To help protect your company against this scam, talk with your broker to ensure that your business has the right insurance coverage available for this exposure.

Blog created for Canada. Reference: Senese. D. (2018, May 30). How to Protect Your Business from the Latest Social Engineering Scam

In Canada, products and/or services described are provided by Continental Casualty Company, a CNA property/casualty insurance company. The information is intended to present a general overview for illustrative purposes only. Read CNA’s General Disclaimer.

Denis Panariti
AVP, Management Liability and Financial Institutions

Denis Panariti is the AVP, Management Liability and Financial Institutions for CNA Canada. Denis is responsible for the management of the Canadian underwriting team as well as the growth and profitability of this portfolio in Canada. Prior to joining CNA in November 2017, Denis was a lead underwriter for a complex book of management liability placements for AIG Canada. He brings tremendous experience amongst different industry groups, and specializes in insureds that are publicly listed in both the US and Canada.

Denis is a graduate of Ryerson University in Toronto, and holds the Canadian Risk Management designation (CRM).