Employee training key strategy in social engineering risks
Reprints
Businesses need to tighten up their processes and procedures to prevent crime losses as the pandemic brings new ways of working, experts say.
Business processes are changing such that the control environment is inherently strained, said Christopher Arehart, Chicago-based senior vice president, crime insurance product manager, financial lines at Chubb North America.
For example, an employee who previously sat outside the CFO’s office and did the books is no longer there. “They are doing it from the comfort of their home but have all the same access that they did before,” he said.
Educating employees to spot fake emails and regularly testing and monitoring are basic steps that companies can take to mitigate social engineering fraud, said Reid Eanes, Los Angeles-based senior vice president and financial services practice leader at Lockton Cos. LLC.
Training employees to incorporate basic controls into their daily workflow, such as verifying written instructions via a phone call, is critical, he said.
“That human-to-human connection can mitigate a ton of risk around change in banking instructions, change in payroll instructions, requests for emergency wire transactions to be sent,” Mr. Eanes said.
Email communication is not enough, Mr. Arehart said.
“You have to start with the supposition that the party sending an email has had their email compromised, and it happens every day because vendors, suppliers have not turned on multi-factor authentication,” he said.
In the work-from-home environment, new technology can be leveraged, such as verifying information in person via a video conference call, Mr. Arehart said.
Read Next
-
Pandemic ushers in remote work cyber threats
Embezzlement, fraud and theft crimes are a persistent threat to businesses, and the shift to remote working during the COVID-19 pandemic has heightened these risks, experts say.
