Protecting Against Phishing Scams with Insurance

In the last post we discussed using employee education to protect against phishing scams and cyber crimes. This post is about using cyber liability insurance and business interruption insurance to protect against cyber crimes. Crime policies, included with general business policies, use to cover losses from most criminal scams. However, the insurance industry has changed in recent years and now businesses are expected to carry cyber liability insurance to protect against cyber crimes.

To explain the difference between a scam covered by a crime policy versus a cyber liability policy we can use the mail. If a scammer tricks an employee into wiring money using snail mail then the crime policy will cover the losses. If the same scam is executed but email is used instead of snail mail then the crime policy excludes the loss.

Businesses are more accessible today than ever before for scammers. This accessibility allows scammers to take advantage of software to attack businesses constantly with little human power required. The scammers are trying to gain access to data so that they can trick a human into wiring money or encrypt the data and hold the business hostage.

Cyber liability insurance is designed to cover the losses from things like ransomware attacks, phishing scams, social engineering scams and other online attacks. Business owners can use comprehensive cyber liability coverage with a business interruption policy to ensure that when an attack happens they are covered for both the losses and the downtime the business suffers as a result of the attack.

Most insurance carriers include some sort of cyber coverage, but like anything they are not all the same. Business owners should work with their insurance agent and IT support company to find a policy that works for them. Every business is different so the risks are different and the amount of coverage needed varies. Working to identify and quantify these risks will allow the business to locate and purchase the insurance that will keep it safe when an attack occurs.

Free IT Support Consultation

We are happy to provide a free consultation for any IT support needs for businesses located in South Carolina. Contact us today to learn more about how we can help you reduce your IT support overhead and streamline your IT systems.

e-vos Logo

109 Wappoo Creek Drive
Suite 2B
Charleston, SC 29412

(843) 410-0050

info@e-vos.com

Educate Employees to Protect Against Phishing Scams

COVID 19 is causing an increase in phishing scams as employees and businesses learn to work from home. Everyone should pay close attention to their emails and confirm the sender. Many of the email scams we see for businesses we provide IT support are in the form of fake invoices. These invoice emails request payment and provide alternative instructions for how to make payment claiming COVID caused the change.

The payment change will route the payment to the scammers bank account rather than the company. Payment reaches the first bank, is then sent again and eventually converts to cryptocurrency. The authorities have little time to stop the transactions and banks are unable to reverse them. For business owners one the most important steps is to educate employees.

Employee Education

Employee education is often the most difficult, but also the most valuable aspect of cyber defense. Employees are the last line of defense when determining whether or not to transfer funds or respond to an email. Teaching employees to slow down, ask for help and confirm requests for payments is vital. Red flags include a request for a payment or payment method that is out of the ordinary, broken English and incorrect sender information. The manager and employee should contact the person they believe is sending the email by phone. This will allow confirmation of the payment and instructions.

Confirm the sender is valid by reviewing the properties of the email. Inside of Outlook a user can click on the arrow at the bottom of the Tags section and review the email header information. The header information provides all of the sender details and the true email address of the sender. Users with questions about the validity of the email sender should escalate the concern to their manager for review. All emails with broken English need to escalate for review regardless of the content.

Business owners can help their employees safeguard the business by teaching when to escalate an email for review. Software can test employee knowledge and provide further training if necessary.

Free IT Support Consultation

We are happy to provide a free consultation for any IT support needs for businesses located in South Carolina. Contact us today to learn more about how we can help you reduce your IT support overhead and streamline your IT systems.

e-vos Logo

109 Wappoo Creek Drive
Suite 2B
Charleston, SC 29412

(843) 410-0050

info@e-vos.com