The digital revolution that has occurred since the invention of personal computers and mobile devices has led to numerous benefits for individuals and organizations seeking to maximize their efficiency and output, while reaching the most possible consumers for their businesses; however, the advancements made also have businesses struggling to keep up with the ever-growing risks of cyber crime and social engineering fraud.
Cyber crime refers to criminal activity that uses and/or targets personal computers, mobile devices, or the networks connecting to these devices. Some examples of cyber threats include malware, ransomware, and spoofing, but this is by no means an exhaustive list. The prevalence of cyber crime requires businesses to be vigilant in preventing cyber threats. Consequences of failing to protect against cyber threats include privacy and data breaches, network loss and damage, and even property damage. These consequences also all come with significant monetary cost. Failing to protect the personal information that businesses accumulate and store about their consumers can also attract regulatory liability and penalties, depending on the governing legislation for the protection of personal information and privacy.
Social Engineering Fraud is the art of influencing people to disclose or to give access to information they otherwise would not provide. This fraud is distinct from cyber crime because it relies on human interaction, rather than hacking a network or connected device. Social engineering fraud is dependent on the social networks we now use through personal computers and mobile devices. Specifically, criminals will learn about individuals through social networks, before targeting them through various scams (much like cyber crime). These scams include phishing, smishing, and piggybacking. All of these frauds rely on our natural tendency to trust each other, and to believe that information is credible, rather than questionable.
The most important way for individuals and organizations to guard against the risks of cyber crime and social engineering fraud is through education. While the use of anti-virus software, password protections, and other technical safeguards are all necessary and important, businesses must recognize that these safeguards can only do so much if their officers and employees are not educated about the risks of cyber crime and social engineering fraud, as well as how to guard against these risks.
Individuals and organizations should adopt and implement
policies and procedures designed to educate everyone involved in
day-to-day operations about cyber crime and social engineering
fraud. At minimum, these policies and procedures should include a
plan for regular and recurring training, detailed steps for
responding to a potential cyber threat or fraud, and clear
identification of the roles and responsibilities of individuals who
will be primarily responsible for responding to cyber threats and
frauds. On this point, it should be emphasized that provincial and
federal legislation imposes requirements on private-sector
businesses to protect the personal
information of consumers in their possession. Therefore, all policies and procedures designed to guard against cyber crime and social engineering fraud must be drafted in compliance with and cognizant of the provincial and federal legislative framework governing the protection of personal information.
Beyond having a strong set of organizational policies and
procedures to guard against cyber crime and social engineering
fraud, businesses may also look to additional means of protection,
including cyber insurance. Cyber insurance, like other forms of
insurance, is designed to compensate individuals and organizations
where they have suffered a loss due to a cyber attack, data breach,
or fraud event. Of course, like any insurance, the coverage offered
under cyber insurance policies can differ. Eligibility for coverage
in the event a claim may also be dependent on the safeguards a
business has put in place before a claim materializes. Therefore,
when obtaining the cyber insurance policy, businesses should ensure
that they understand not only the extent of coverage available
under a cyber insurance policy, but that the insurer will expect
the organization to minimize the potential of a
claim before issuing such a policy.
This discussion is only a primer on protecting against cyber crime and social engineering fraud. As always, you should consult a lawyer for advice where necessary.
Originally Published by Industry West
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.