March 13, 2020
Tigers eat better in loud jungles, it’s easier for them to sneak up on you! Today our financial and legal jungle is noisy. It’s filled with a cacophony of information & stress.
Here are three things you can do to stay safe.
Know this, the tigers are out and they’re hunting. Specifically I’m referring to the uptick in cyber crime that typically correlates with major market events and natural or man-made disasters. I saw this first-hand during my years in Venezuela where I was stationed during 9-11 and through the market crash in October 2000 and again during my time in the Philippines in the wake of Typhoon Haiyan in late 2013. The threat is particularly devastating to small and closely held businesses that may lack robust cyber insurance and who are increasingly preferred targets of some of the most elaborate attacks.
Best practice number one. Understand your fraud insurance and what kinds and limitations apply. Insureds are surprised to learn that most fraud policies exclude cyber crimes or that in most cases they can be denied for being at fault for clicking a risky email or falling prey to the scam. Educate yourself on the dangers of cyber crimes and know the limitations of your insurance coverage.
Recently media giant Nikkei lost $29 million after an employee transferred the money to scammers pretending to be a Nikkei executive by emailing the employee with private company and executive information from the executive’s personal email address. This sort of scam is called a Business Email Compromise scam and worldwide accounts for about $300 Million in theft per month according to the US Treasury Office. If you think you’re people are too smart to be fooled think again. These scams trick smart people like you every day.
Best practice number two. Educate your staff. Make sure they are trained to know that emails that appear to come from a trusted address but that direct payments or other actions that are different than your verified, approved procedures, such as asking the employee to transfer to an unverified account or location, deserve a major red flag and mandatory quarantine and verification requirements.
Small businesses are favorite targets of BEC scams. And the worst part is that insurance claims for such scams are almost always difficult to collect because of the role the employee plays in acting. Most policies won’t pay you if you got fooled and transferred funds to the wrong account. In the mind of your provider, that’s different than having your account information hacked and funds stolen independent of your or your staff’s own actions.
The industries hardest hit last year were construction and manufacturing, accounting for about a quarter of all BEC scams, with shopping centers, entertainment facilities and lodging seeing significant increases (US Treasury report, 2019). Last year I worked with a small, family owned manufacturing business doing under $2 million in revenue that got taken for over $60,000 while the owner was on vacation with his wife. That’s a major hit to cash. And the insurance company had denied their claim.
Finally, protect information. Most scammers stalk you and your business by first gathering information on you and your employees. They probe for weaknesses. And there is an abundance of information available through social media alone, making a scammer’s typical reconnaissance process much easier. Don’t make their job even easier by being careless with the way you store and gather information about your employees and accounts. There are a host of cyber security and risk management organizations and best practices out there but the right ones for your business will depend on your unique circumstances.