Fallout from Computer Fraud and Funds Transfer Fraud

Two huge reasons why crime insurance is needed

Computer FraudTravelers Insurance put out an excellent bulletin that describes the financial threats posed by funds transfer fraud and computer fraud, and the need for specialized Crime Insurance Coverage.  The Travelers coverage version, wrap +, includes coverage for both electronic funds transfer and computer fraud.

Eye-opening facts

  • According to a survey by Computer Security Institute, the average financial loss due to computer fraud was $289,000.  The average loss due to funds transfer fraud was $500,000.
  • Pfishing scams, Trojans, key loggers and other techniques allow hackers to gain control of online banking transactions and to circumvent normal online authentication controls.
  • Internal controls such as antivirus software, firewalls, and employee training are critical, but not enough for 100 percent protection.
  • Specialized Financial Insurance coverages should be purchased to protect against this risk.

Examples of Electronic Funds Transfer Fraud Claims

  • The bank of a victim company allegedly sent a letter explaining a new security program.  A company received an email that appeared to be from the bank explaining a new security program. An employee opened the email, allowing a Trojan virus access and read keystrokes from the company’s computer. The perpetrator then obtained banking and password information.  A fraudulent electronic wire transfer was initiated and the company lost $683,000.
  • The finance director of a company opened an attached zip file in an email that contained a virus.  The user ID and password to the company’s bank  account was obtained through code inserted by the virus.  A fraudulent electronic wire transfer totaling $147,000 was initiated by criminals from the company’s bank account to an unknown bank account in Arizona.   The immediate withdrawal was unrecoverable.
  • A payroll supervisor logged on to the payroll account for the company and noted that three payments totaling $704,632 had been wired from the account. The transactions were reported to the bank as unauthorized and the account was shut down.  Unfortunately, $238,781 of the loss was not recovered.

Examples of Computer Fraud Claims

  • An employee of a customer  hacked into a company’s website and changed the bank routing and account numbers to her own.  When the company paid her employer for services rendered, she fraudulently received the funds in her account.
  • A former employee used his supervisor’s password to enter the insured’s unlocked building and gained access to use the supervisor’s computer.  Using the bank routing number, he activated transactions to receive fake reimbursements allegedly made to the company’s customers.

Source: Travelers Bond & Financial Products, Bulletin, 11-09

2.00 avg. rating (51% score) - 2 votes
Categories: Breach Of Security, Crime, Risk Management, Technology
Crime Insurance

Increased Need for Crime Insurance for Small Businesses

Diligence is the key to preventing losses

Since the 2008 economic decline, there has been a sharp rise in crimes by employees and third parties. Fueled by the fear of unemployment, workers are fighting back against their employers. They’re more likely to take what they feel they deserve because of the work they’ve done for their company over the years. Not surprisingly, many companies are taking a closer look at risk controls to cut unnecessary costs and uncovering theft issues that may have been undetected in the past.

The majority of people who commit these crimes are not professional criminals. Rather, they’re in a financial  bind and tend to rationalize such behavior as borrowing the money until they can pay it back.

Small businesses must take all necessary precautions to prevent employee theft and fraud. To this, they must address the fraud risks or their policy limits to adjust for the related losses. Only one in four private companies buys crime insurance. Stand alone crime policies are better than crime coverage added to Business Owners Policies (BOPs).

One way to determine an appropriate crime limit is to assume 5 percent of the company’s revenue will be the cost of fraud, and include that amount in the limit. Another way is to use organizations like Advisen that can evaluate a client’s cash flow, number of employees and business locations, employee turnover rates, and effectiveness to its internal risk controls.

Risk controls to minimize employee fraud:

  • Use prenumbered checks typed or numbers written in permanent ink
  • Be aware of employees who object strongly to new policies concerning financial, inventory, or supply matters
  • Employees with duties that  include check preparation or distribution should not reconcile the bank checking account
  • Improve background checks of job applicants
  • Separate receiving, store keeping, and shipping functions. Complete physical inventories annually and assign them to an individual who is not responsible for inventory records.
  • Be aware of employees who exhibit signs of compulsive gambling, persistent borrowing, or repeated requests for salary advances.
  • Separate mail opening and posting functions
  • Record checks and cash in appropriate registers and stamp checks for deposit only
  • Be aware of employees who suddenly want to work late

Source: Russ Banham, Independent Agent

5.00 avg. rating (87% score) - 1 vote
Categories: Crime, Risk Management, Small Business, Technology, Theft

Escalating threats from digital exposure

Vigilance required to combat ever-emerging risks

News broke of what is currently the biggest collection of stolen digital information to date. As more and more industries and businesses become more information-based, the information value and ease with which it is transmitted creates new risks. Criminals apparently never lack for creative ways to turn stolen data into profits, finding increasingly sophisticated ways to collect personal and proprietary information from corporate networks.

Fallout from stolen information

Failure to adequately protect sensitive information can result not only in lost sales and customers, but in claims and lawsuits for the losses sustained by customers and the general public. Fears about privacy and identity theft have resulted in state and federal legislation regarding the collection, management and protection of sensitive data. These new regulations have had a significant impact on businesses, which now face heavy fines and lawsuits in the event of security failures. Businesses also risk damage to their reputations because of laws requiring require them to publicize such breaches.

Realize the value of your information

Criminals look at corporate websites as gateways to massive information from which they can profit. While businesses spend billions of dollars to strengthen their security, criminals stay one step ahead, developing new methods of attack. Companies spend years, or even decades, gathering data. This data is an extremely valuable asset that must be protected. Businesses can no longer depend on traditional insurance policies to protect against technology risks. Most insurers exclude electronic theft from their standard policy forms. To deal with these risks, businesses need coverages specifically aimed at the inherent risks of our digital economy.

In upcoming articles I will discusses the vulnerable areas that require diligent attention by business owners, tips for improving security, and what the insurance industry is doing to help protect against these ever-evolving risks.

If you would like assistance in assessing coverage to protect your business or have questions regarding your current coverage, please call us at 800-622-7370

0.00 avg. rating (0% score) - 0 votes
Categories: Breach Of Security, Crime, Loss Control, Risk Management, Theft

Are Third-Party Apps a Threat to Your Business?

Not all apps are created equal

More and more businesses have been allowing employees to use their personal mobile devices as a primary means of communication in the workplace.  The increased usage of employee-owned smartphones, though convenient, can also pose a 3rd Party App risksserious risk to security; questions may also arise concerning the control and ownership of company data.   It is important for your business to establish strict guidelines for the use of personal mobile devices in the workplace. For example, there should be a clause in company policy allowing for the remote wiping of mobile devices upon termination of employment. Further, company data should be kept separate from personal data, and the use of third-party applications should be kept to a minimum.

 Third-Party Threat

With the recent phenomenon of mobile mass storage devices, keeping your company’s confidential information private has become increasingly difficult. Where there was once an established perimeter protecting businesses from outside threats, there is now increased exposure. This is the price we pay for on-demand data access.How can you limit your exposure? As stated above, by establishing guidelines.It has been estimated that in 2013 alone, over 70 billion apps will be downloaded, and with them, the potential for malware and tracking software. For this reason, it is important that your employees be aware the effect their personal data habits have on the company information stored on their phones.

The Blacklist

Not all apps are created equal, and some are potentially more dangerous than others. Fiberlink Communications is a mobile device management firm that manages over 2 million devices for businesses around the world. Using their vast wealth of experience, they have compiled the top 10 blacklisted apps for both iOS and Android devices.

iOS

  • Angry Birds
  • Facebook
  • Google Drive
  • Dropbox
  • SugarSync
  • Pandora
  • SkyDrive
  • HOCCER
  • BoxNet

Android

  • Facebook
  • Netflix
  • DropBox
  • Angry Birds
  • SugarSync
  • Google+
  • Google Play Movies & TV
  • Google Play Books
  • Google Play Music
  • Google+ Hangouts

Source – Judy Greenwald: Personal Mobile Devices Raise Security Concerns Among Employers

5.00 avg. rating (87% score) - 1 vote
Categories: Cyber Liability, Identity Theft, Risk Management

Are You Covered If Your Customers Info. Gets into The Wrong Hands?

Are you protected?

If your company collects any of the personally identifiable information or personal health The Need of Cyber Risk Security Breach Insuranceinformation listed below and you haven’t purchased Data Breach insurance, then you are jeopardizing your business’s future.

  • name
  • credit card information
  • address
  • banking information
  • date of birth
  • medical records
  • social security number

A data breach can be financially devastating and it happens to more and more businesses every year. It doesn’t matter how large or small your company is; a data breach can happen to any business. Unfortunately, your General Liability, Commercial Property, or Commercial Crime policies do not provide the adequate coverage to protect your business in the event of a data breach.

Hacking isn’t the only cause of data breaches

A data breach is the unintentional release of your customer’s private information which is then distributed or used by an unauthorized individual. A data breach in your company’s data base can take place in many different ways. We normally think of data breaches being caused by a computer hacker, but data can be leaked from incorrect delivery or disposal of paper files, theft or loss of a laptop or smart phone, or illegal access to your customer database by a disgruntled or former employee.

Because these types of incident are happening more and more often, a stand-alone insurance policy has been created to help business owners survive a data breach. Recovering from a corporate data breach is not cheap. Companies that have experienced a breach may incur civil liabilities, governmental fines, data restoration expenses, notification expenses, and credit monitoring expenses.

This new e-Commerce or cyber insurance covers a wide range of Internet-based risks that all businesses face daily:

Website Media Liability covers for errors or misleading statements posted on a website that may infringe on another’s copyright, trademark, or service mark, libel, and invasion of privacy.

Security Breach covers the costs associated with a data breach, some of which are;

  • alerting affected customers of the breach
  • performing a criminal examination to determine the data accessed
  • launching a call center to handle customers’ breach-related questions
  • implementing credit monitoring services for affected customers
  • employing a public relations firm to help restore your company’s brand and business reputation
  • paying charges estimated by governmental agencies.

Programming Errors and Omissions covers your business if a computer system transmits a virus to your customers, as well as negligence if performing tech services for others.

Repair Electronic Data covers the cost of replacing any data or computer programs damaged by a virus or virtual attack.

Lost Business Income covers any income that is lost due to your website or other computer systems being down.

If you do not have data breach coverage added to your commercial business policy then you could be setting yourself up for financial ruin. Keeping your customers’ private information confidential should be priority. Make sure that your business is protected, too! Don’t be one of the thousands of unprotected businesses being hacked each year.  Learn more about Cyber Insurance by calling Sadler insurance at 800-622-7370.

Source: ISO Products Perspective, An Agent’s Primer For Data Breaches, by Shawn E. Dougherty.

2.00 avg. rating (57% score) - 1 vote
Categories: Cyber Liability, Risk Management

Is your Smart Phone a Financial Business Risk?

Managing the risks of using a mobile device for work makes you smart

We use our smart phones more than ever these days. We virtually run our companies from them, play games, watch movies, take security breachpictures, and even make phone calls with them. It’s no surprise that the versatility and conveniences of these handy devices have opened up new avenues for cyber criminals to exploit our personal information.

Financial risks

Having confidential information stolen from your smart phone is a serious risk.  It can lead to breaches in your social network, bank accounts, and client information. Not only is this bad for individuals, but for a business it can be expensive to repair the damage. It is costly to notify contacts of the breach then rebuild the company’s image to regain customer trust. Below are tips we offer to protect the information on your smart phone.

Protecting your business phone is easy

Always make sure you are downloading apps from a reputable source. Apps found online and in the Android marketplace have not been screened for malware and can open the door to cyber thieves.

Review the customer reviews before downloading any app onto your phone. It sounds basic but could save you time and money in the long run.

Be aware when an app asks for permissions during the uploading process. Now we know this one is getting harder to avoid with every app wanting to connect to social platforms or asking for access to your phone’s hard drive. If you follow the key points above you should be safe but there are no guarantees.

Safe phone browsing habits

These next points are  good to remember when browsing from your laptop or your phone. It might be a good idea to go over a few of these principles with employees to make sure the phones they are using for work don’t expose your company to hackers.

  • SMS or VM Phishing: If you get a questionable text message or voice mail, call the company back directly and verify with them before handing over important information.
  • Password Guard: If your smart phone is stolen or lost, it’s easy for someone to get access to your social media logins or even bank information. Keep your phone password protected.
  • VPN Entree: If you’re using your smart phone to access a corporate network, use SSL VPN to connectito secure the session. This keeps the corporate information safe from prying eyes.
  • Wi-Fi Hotspot Security:  Never connect to any password-protected sites such as social media, banks, or PayPals while using an unsecured or free Wi-Fi hotspot. Doing so is just asking for your personal information to be stolen.
  • Utilize Security Apps: Think of the software you download to protect your computer, there are similar options for your phone. Use them to keep your phone safer.
  • Update: It seems simple, but update your apps and keep your software current.

Now that you know how to better protect your personal information on your smart phone, pass it on. Share this with your employees and colleagues to make sure they are also protected against cellular cyber theft.

Source: “The Art of Securing Mobile Devices,” by Troy Gill, GPEN, Rough Notes, Pg. 44,46
5.00 avg. rating (87% score) - 1 vote
Categories: Breach Of Security, Cyber Liability, Identity Theft, Risk Management