The Escalating Threat of Social Engineering Fraud
When it comes to cyber security, the weakest link for a business when it comes to social engineering fraud is often its staff. Our Sales & Marketing Director, Mike Dickinson, describes the threat and outlines tips on how to protect against attacks of this kind.
As of 2019, cyber attacks and digital identify theft have reached a record level in the UK. Many businesses are now choosing to direct their cyber security approach to implementing technical protection and cyber insurance. However, with forms of cyber protection advancing, it can often be people who are the weak link rather than technology.
Social engineering fraud is an escalating threat for businesses, from SMEs to major corporations. In a nutshell, social engineering fraud is when a victim is manipulated into giving up confidential information or unknowingly performing a fraudulent act themselves, such as carrying out an unauthorised payment. According to a recent survey from IDnow, social engineering now accounts for 73% of recent fraud attempts.
Social engineering has many different faces. Most commonly social engineering takes place in the form of phishing, a way of gathering personal and sensitive information through persuasive and convincing emails. Often accompanied with baiting, these emails can promise something in return for the information. In a society where voice activation is on the rise, some fraudsters have taken to vishing, the act of making fraudulent telephone conversations with the intention of recording the victims voice to later use to get through security.
Phishing is currently the most common form of social engineering fraud, accounting for 93% of social attacks, 28% of which were specifically targeted according to the Verizon Data Breach Investigation Report.
This type of fraud can cost businesses thousands and leave important confidential information exposed. From bank accounts to personal emails or client information, these clever fraudsters have done their research to ensure their approaches don’t seem fraudulent at all.
So what should you be doing to protect your business from attacks such as this? Insurance is a straightforward and sensible way of mitigating the risk, but there are other things you can do to ensure both your business and staff members stay protected.
Make your staff aware of the threat
Ensure your staff are aware of the escalating social engineering threat to businesses and how it can impact them. By educating your organisation on how to look out for signs of being a target, could save you thousands. By taking your time and slowing down, you can stay vigilant to anything out of the ordinary.
Be on guard for anything unusual
Whether you are a business owner or a member of staff, it is crucial you remain aware of what is going on within the organisation. Key dates and important deals are easy targets for identity thieves. Stay aware of any unusual activity on your account.
Choose your links wisely
An easy way for fraudsters to target your business is via email, using links that usually ask for personal or account details. When receiving emails, attachments or external links, be wary of any that might look unfamiliar. A staggering 91% of cyber-attacks start with a phishing email – according to Willis Tower Watson. To add an extra level of security to your computer, businesses should also consider installing a protective software.
Beware of fake phone calls
Having carried out extensive research, social engineering fraud can be easily done over the phone. Despite many feeling as if they wouldn’t fall for something so obvious, it is important to be aware of who is calling and what it is they are asking. If you can, avoid giving out confidential information to someone you are unfamiliar with.
Privacy is key
In an age where social media is so important, it’s key to remember that the more you share online, the more vulnerable you become. Leaving yourself exposed on social media can open you up to risk of fraud. Be careful what you choose to share and keep a close eye on your security settings.
Not only should you be taking precautions to educate yourself and your staff on how to avoid falling victim to social engineering fraud, it’s also important that you ensure your business has the correct insurance to protect against any potential cyber attacks. By taking out the correct policies, you can avoid unnecessary costs and damage in the future.
If you feel your business could do with an insurance audit in relation to the threat of social engineering, then please get in touch with one of our team who will be happy to have an informal chat about your needs.