Do you have the protocols in place to safeguard your small firm?
Manipulation Impersonation Exposure or Social Engineering Fraud is the latest global cyber threat. Anyone can be a target, with the stakes ranging from a loss of several hundred dollars to millions in cash or inventory. Fraudsters reach out to unwitting employees posing as CEOs, vendors and customers, research their behavior and benignly hack into emails. One small law firm involved in a real estate loan received an email from someone posing to be a client and transferred $240,000 by wire – money that will never be recovered.
- Develop procedures to authenticate the transfer of funds
- Apply similar procedures to verify the authenticity of customers and vendors
- Determine who within your firm has the authority to move funds on request
- Implement an encryption system for emails
- Change passwords every 60 – 90 days
- Determine types of exception protocols and put controls in place
- Understand lessons learned from past loss and claims experience
- Train employees (especially executives who are primary targets) in appropriate policies and procedures
Remember to check the next time someone internally or externally asks to transfer funds. Call the person to confirm the transaction – and remember that a phone call is the best practice to avoid social engineering fraud.
This valuable information has been specially developed by Protexure, a highly-rated, low-cost professional liability insurance program specializing in small firm risk protection. Find out more about our risk management program, and our policyholder hotline, at www.protexure.com.