What is social engineering?
Published
Written by
Read time
Written by Nikki Hookway - Commercial Manager
Your broker has probably mentioned cyber insurance to you in recent years and I’m going to guess that your answer is always the same: ‘I’m a small business owner, we don’t hold many, if any, customer records online’ and/or ‘we have a handful of computers that are no use to anyone outside of the company, so we really don’t feel this is necessary for us.’
But if I were to ask you if you personally use online and mobile banking, I’m going to guess the answer is ‘yes.’ Therefore, I’m also going to assume the answer is the same in respect of paying supplier invoices, and customers paying you for the services and products from your business. After all, online banking is quick, easy, and efficient – just what you need.
This is where a specific cyber policy is most important to small business owners and/or the manufacturing, construction, and wholesaling industries and I’ll explain why…
Many people assume cyber insurance is only crucial for tech companies and other businesses heavily reliant on networks and servers to operate. This is likely because when these incidents do happen, they’re large, cause widescale disruption, and usually end up in the news. However, the type of claims made on a cyber policy in the small business owners’ world are rarely a data breach or large system outage, but we see enormous quantities of cyber-crime claims for many of the more small-scale incidents.
When a supplier emails to say they’ve changed their bank details – how many times have you in all honesty followed this up with a phone call to confirm it’s authentic? I’m going to bet not often. But what if that email was a hacker who’s been monitoring your emails for months and waited for the perfect moment to manipulate said invoice to an account not related to your supplier at all?
Fast-forward to weeks later and you get a chaser for payment. You confirm you sent the payment on the invoice date to the new bank details and what follows next is probably first silence then confusion…
Both you and your supplier know something has gone horribly wrong. You contact the bank, they can’t help, but they may mention that you have been a victim of theft. So, who is responsible? Your supplier is waiting on payment, but you don’t want to, or possibly can’t, pay potentially thousands of pounds twice.
Let’s flip this on its head - if this was a customer you’d certainly be requesting that they find alternative means of payment. After all, this is not your fault, and you have bills to pay. You can see the supplier’s predicament, but this causes delays in either payments or products and services.
So not only do we have a loss of funds, but we also have supplier and customer relationships affected when blame is passed from one to the next. This is never good for business and can have lasting effects on how people see and deal with your company.
Furthermore, it’s not just money we see going awry… we know of incidents of theft of expensive stock. The thieves achieve this by changing addresses and then waiting at the other end to collect their free goods with manipulated documents on your supplier’s company letterhead. To the unsuspecting delivery driver, everything looks legitimate.
It’s only after the fact do you realise you’ve been engineered, controlled, manipulated... whatever you want to call it. Similarly, it is only after that you realise how much of your business is online and should be covered by a robust cyber insurance policy.
These types of attacks are a complete violation of everything you’ve worked hard to build and protect – your livelihood is put at stake. We’re so used to locking the doors and setting the alarm at night, but when we have an intangible risk, one we cannot see, it becomes hard to relate. The sad thing is, it’s so easy for theft of money and goods to occur in the cyber world and your typical commercial combined or package policy will not assist in a loss like this. The world is changing, and thieves – even the invisible ones – are keeping up with how we do business.
If you want to discuss the benefits and covers of a cyber policy and how it can be tailored to your business needs, please call us for a chat.