Risk Management Tip
Keep your company safe from Social Engineering
Financial fraud, in which company employees are tricked into sending payments or securities through email, telephone, letter or other method, is an increasingly common and sophisticated act. It’s easy for a thief to pose as a vendor or executive at another company in order to request payments or a transfer of money. This type of crime, also known as social engineering, is becoming more prevalent thanks to the ease of acquiring company information, including social media accounts. Organizations can take a number of steps to avoid fraud, including:
- Educate finance and accounting employees about the risk. Let them know about common fraud schemes and encourage them to have healthy skepticism and be vigilant.
- Never give out any confidential information about your company unless you can first verify the identity of the person asking and the need for that person to have that information.Ensure staffers calling a vendor to verify information on an invoice or email request use a telephone number on file for that vendor, not a number appearing on a potentially fraudulent invoice or email.
- Make good use of your shredder and dispose of your digital data properly. Use different logins for each service and secure your passwords.
- Consider insurance. Insurance for Social Engineering Fraud losses may be available as an extension to commercial crime policyholders, so check with your insurance advisor about whether such an extension is available or appropriate.