Skip to content Accessibility info

Southern Insurance Associates Blog

All You Ever Wanted to Know About Insurance

"Social Engineering"...The New Way Criminals Are Stealing Employer Data

While 64 percent of payment fraud still occurs the old-fashioned way involving paper checks, cyber crime is on the upswing and more serious loss per occurrence is the result. According to a survey by the Association for Financial Professionals, 73 percent of organizations were targets of payment fraud in 2009.

Firewalls and anti-virus packages may protect employers from outside cyber threats. However, they not do offer protection from hackers who use deceptive practices designed to infiltrate network systems by targeting employees.

One area where cyber criminals are gaining access is social networking sites.

In one case, a credit union employee was browsing Facebook at work. He received a popup message from "Jeremy" reading, "eVry (sic) interesting: is it really you on this clpi (sic)?", whereupon the employee clicked the web link.

Clicking the link triggered the installation of a program that within four hours completed four automated clearing house payments worth $1.6 million. The money was transferred to Texas, and much of it was wired to the cyber criminals by the time authorities intercepted the funds. Larisa Brass, "Employees Innocently Enable Electronic Theft," (July 4, 2011).

In order to prevent social engineering attacks on employees, employers should create a multi-tiered line of defense against cyber criminals. First, antiviral software and firewalls are a must. An internal or third party assessment of your workplace's network security threats is another good first step in creating a line of defense to cyber threats.

Next, implement safety measures specific to your industry. These may include stricter authentication for accessing sensitive information or reserving one workstation for all financial transactions. Furthermore, make sure your social networking and overall computer usage policies address restrictions on use, confidentiality requirements and ramifications should an employee violate your policies.

Finally, train your employees. Educate those employees using social networking sites on the latest social engineering scams and how to avoid them. Then routinely monitor their usage and consistently discipline employees who violate your policies.

With the proliferation of cloud computing which allows virtual business environments, hackers will only get more enterprising in their attempts to obtain sensitive data. Here are a few guidelines to keep in mind to protect your organization from cyber criminals:

  • Make sure your policies designate who may use social networking sites at work, when and for what purposes.
  • Prohibit the uploading of any unknown attachment, even from known persons, including social networking sites, until IT clears the attachment.
  • Make certain that the policy eliminates any expectation of privacy by your employees.
  • Train all supervisors to enforce the policy.
  • Follow your policy and procedures and thoroughly investigate any complaints or reports of improper use.
  • Periodically conduct random reviews of how employees are adhering to the policy.
  • Consistently enforce your computer usage policy.
  • Develop a computer usage policy that prohibits participation in pornographic activities, email theft, cyber stalking, discrimination and all other illegal behavior.
  • Report any knowledge of participation in illegal behavior to the appropriate authorities.

Contact Southern Insurance Associates at 706-996-8788 or Info [at] SouthernInsuranceAssociates [dot] com to review your current insurance and to discuss available coverage options to protect your business from Cyber Liability and Data Breach.

We look forward to hearing from you and how we can help.