If you think that you are immune from Cyber Intrusion because you are not the size of K-Mart, BlueCross BlueShield or the University of Maryland, you are sadly mistaken.
We are seeing small to mid-size companies being infiltrated by “hacking” third parties at an alarming rate.
Here is the ploy: Requests are made to the CFO and/or Controller to transfer monies to a specific vendor under the URL of either the business owner or senior executives. Transfers are being requested for anywhere between $5,000 to $200,000. These requests are exceptionally well worded and structured whereas to relieve suspicion by the CFO or Controller as to whether or not this is a legitimate request for transfer. An example of this can be seen here: Cyber Intrusion Email Chain Outlook Conversation .
So, what do you do?
- You should educate all personnel that confirmation should be required via a call back or in person when monies are requested through your company email system.
- There should be dollar limitations as to transfer of money without a telephone or face-to-face confirmation.
- You can purchase Funds Transfer coverage under your Commercial Crime policy which would insure against such losses.
- You can carry Cyber Liability coverages that would extend into loss of private information as well as a funds transfer type loss.
You can reduce the risks of this type of loss from occurring within your organization by making a review of your internal systems. Talk to your CPA and Banker. Educate and train your employees on the proper controls and requirements.
Bear in mind, we are paying claims for such transfer request under Funds Transfer coverage and are receiving more and more notices of requests for the transfer of funds such as the attached.
Please give us a call to review and answer any questions that you may have in this area so that a loss such as described will not affect you at 301-948-5800.