At one time, protecting a business against outside threats meant safeguarding and insuring the brick and mortar building and tangible assets of the organization. Burglar & fire alarms, and perhaps maybe even sophisticated surveillance equipment were the mainstays of the safeguarding efforts, while the purchase of building and business personal property insurance were the tools employed by companies to provide financial protection and peace of mind in the event those efforts failed.
And while they all remain valid strategies against intruders intent on penetrating physical perimeters, the digital and technical world we now live in has fostered a whole new breed of criminal and threat.
As an insurance professional of 25 years, the approach to assessing client’s exposures has shifted accordingly and now requires anticipating threats that have yet to be fully understood even by the law enforcement agencies charged with investigating what I’ll refer to in general as Cyber Crimes. If this sounds obscure and farfetched, it isn’t. This week alone my agency has had three different clients targeted by various scams seeking to defraud them out of hundreds of thousands of dollars!
Today, I’d like to focus on a specific type of cybercrime sweeping the business world called Business Email Compromise (BEC). According to the FBI’s new Internet Crime Complaint Center (IC3), this scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds. Most victims report using wire transfers as a common method of transferring funds for business purposes, however some victims report using checks as a common method of payment. The fraudsters will use the method most commonly associated with their victim’s normal business practices.
IC3 reports that “this crime continues to grow, evolve and target businesses of all sizes. Since January 2015, there has been a 1,300% increase in identified exposed losses. Although it is largely unknown how victims are selected, the subjects appear to monitor and study their selected victims using social engineering techniques prior to initiating the BEC scam. The subjects are able to accurately identify the individuals and protocols necessary to perform transfers within a specific business environment.”
It is truly unsettling to hear firsthand the level of planning and sophistication behind this type of attack, as well as the ease with which the fraudsters are able to deceive even the most astute of victims. If you think it can’t happen to you, think again…100,000 attacks like this are launched every day against unsuspecting businesses, most of whom do not have insurance in place to protect them. Cyber insurance, like the crime itself is a complex and often misunderstood area, but in both cases easily remedied when armed with proper understanding.
Of course, the best form of protection is to prevent this type of attack in the first place, by being aware and knowing what to look for. My goal in writing this piece is to make sure that business owners and their key employees are able to recognize when they have been targeted in the hopes that they will avoid falling victim. I’m also including some additional resources below that elaborate on the specifics of these schemes as well as some suggestions for protection and best practices. Please share this article with anyone you know that owns a business or is employed in a CFO or accounting role within their organization.
Wendy Adams, President
Partner Agency Insurance Services, Inc. – Brea, CA
Federal Bureau of Investigation – Public Service Announcement, June 14, 2016