News

5 Tips to Protect Your Company Against Social Engineering Scams

You say “It will never happen to me”.   You may think your business isn’t a target.  But we want to make sure you know that Social Engineering claims do not have a target audience!  At Walsh Duffield, we have seen both small and large businesses alike fall victim to this new emerging trend.

What is social engineering?

Picture this. Your office receives an email or phone call:

  • Requesting payment be issued. They may say that they recently changed banks and provide you with updated banking information.
  • Requesting money be transferred or wired. They may say that they are a CEO, and need the money to close a deal.
  • Requesting payroll information or social security numbers and tax ID information. They may say they are with the IRS or an auditing firm, etc.

The request seems legitimate.  It comes from a CEO, CFO, President, Finance Dept, or from a vendor or customer to whom you have done business with.  There seems to be nothing abnormal about the request and nothing to make you believe it is not real.

But after further examination, you notice a misspelled word, a letter off in the email address or even poor English.  You may not notice anything at all, but someone has gained access to the “requestor’s” email address and is pretending to be them.

5 tips to protect your company

There are numerous procedures to have in place to safeguard your company against social engineering scams, including:

1) Manually call the person who appears to be making the request. 
Use the phone number you have on file to investigate the request.  Do not use the number the requestor provides.

2) Send an email to the person making the request.
Do not reply to the request, but send a new message manually typing in the correct email address to confirm the ask.

3) Check with management. 
Did the CEO or President really email you the request?  Employees may be hesitant to question an email from upper management, so determine a go-to person that employees can ask for unusual requests.  It is better to be safe than sorry!

4) Don’t click on links …
Check the email out first.  Links can lead to a virus that can manipulate your computer system and hold it for Ransom. This manipulation could shut down your entire computer system, affecting your entire office.  Just by clicking on an unknown link, you could be putting your client’s information, your employee’s information, and any records you keep in jeopardy.

5) Ask your insurance agent how to obtain protection against cyber attacks.
These types of claims are happening more frequently, so you don’t want to get caught without coverage!  At Walsh Duffield, we can help you determine the right plan to make sure your office is covered.  Contact us to learn more.

Charmaine Derenda 
Claims Account Executive – Commercial Insurance Division
cderenda@walshins.com