Category Archives: Emerging Risk

Игроки всегда ценят удобный и стабильный доступ к играм. Для этого идеально подходит зеркало Вавады, которое позволяет обходить любые ограничения, обеспечивая доступ ко всем бонусам и слотам.

Beware of Coverage Gaps for Social Engineering Losses

Posted on by

Social engineering is the latest cyberrisk giving companies fits and large financial losses. A social engineering loss is accomplished by tricking an employee of a company into transferring funds to a fraudster. The fraudster sends an email impersonating a vendor, client, or supervisor of the company and advises that banking information for the vendor/client has changed or company funds immediately need to be wired at the “supervisor’s” direction.

buy prelone online blackmenheal.org/wp-content/uploads/2023/10/jpg/prelone.html no prescription pharmacy

The email looks authentic because it has the right logos and company information and only careful study of the email will reveal that the funds are being sent to the fraudster’s account. Unsuspecting and trusting employees unwittingly have cost their companies millions of dollars in connection with social engineering claims.

But when companies look to their traditional insurance program, they are usually met with the unhappy surprise that they do not have coverage for such a loss.

buy ventolin online blackmenheal.org/wp-content/uploads/2023/10/jpg/ventolin.html no prescription pharmacy

Most assume that the loss will be covered by the crime/fidelity policy that nearly all companies have. Insurers, however, have denied coverage for social engineering claims under those policies, claiming that the loss did not result from “direct” fraud. Insurers contend that the crime policy applies only if a hacker penetrates the company’s computer system and illegally takes money out of company coffers. In the case of a social engineering claim, company funds have been released with the knowledge and “consent” of an employee, albeit the employee has been induced by fraud to release the funds. Policyholders and insurers are currently litigating the scope of coverage under traditional crime policies nationally with mixed results.

Some crime policies also contain exclusions that may pose specific barriers to social engineering claims. For example, many traditional crime policies contain a “voluntary parting” exclusion that bars coverage for losses that arise out of anyone acting with authority who voluntarily gives up title to, or possession of, company property. In addition, some insurers have put overly broad exclusions on crime policies that are directed toward eliminating coverage for many cyber risks, including social engineering claims.

Given the prevalence of social engineering claims and the clear market for companies looking to insure against such risks, some insurers have begun to offer an endorsement that provides coverage for social engineering claims.
buy flagyl online https://galenapharm.com/pharmacy/flagyl.html no prescription

The coverage may be subject to a sublimit and may include coverage for some, but not all, social engineering risks. The coverage also might be subject to additional exclusions.

buy robaxin online blackmenheal.org/wp-content/uploads/2023/10/jpg/robaxin.html no prescription pharmacy

Like all insurance policies, the precise words of the endorsement matter and, therefore, should be carefully reviewed.

Finally, and most important of all, social engineering coverage will not automatically be added to a company’s policy and not all insurers will provide such coverage. Therefore, companies should review their current insurance program with their insurance professionals and experienced coverage counsel to determine whether they have appropriate coverage that is in line with the market for social engineering claims.

Check out “6 Tips to Minimize the Risks of Social Engineering Fraud” from Risk Management.

Switzerland, Norway Rank Highest in Supply Chain Resilience

Posted on by

Plummeting oil prices, natural catastrophes and political disruption in a borderless business environment are some of the threats to the resilience of countries that can impact supply chains, according to the 2016 FM Global Resilience Index, which aggregates data to help companies identify their key supply chain risks. The Index ranked the resilience of 130 countries to supply chain disruption based on drivers in three categories: economic, risk quality and supply chain factors.

This year’s top-rated country, Switzerland, traded places with Norway—a reflection of Norway’s drop in oil revenue at a time of falling crude oil prices. Rounding out the top 10 in the Index, in descending order, are Ireland, Germany, Luxembourg, the Netherlands, the central United States, Canada, Australia and Denmark.

The lowest-ranked country in 2016 is Venezuela (ranked 130) for the second year in a row. It is followed in ascending order by the Dominican Republic, Kyrgyz Republic, Nicaragua, Mauritania, Ukraine, Egypt, Algeria, Jamaica and Honduras.

For the second consecutive year, Ukraine (ranked 125, down from 107) was among the countries with the biggest drop, reflecting the high degree of tension the remains within the country as well as with Russia (ranked 75).

FM Global also noted:

Venezuela’s position at the bottom reflects its exposure to the natural hazards of wind and earthquake, perceptions of its lack of control of corruption and poor infrastructure and its ill-perceived local supplier quality.

France (ranked 19) and the United Kingdom (ranked 20) retained their positions from last year, while Germany (ranked 4) rose by two places.

The United States is segmented into three regions to reflect disparate natural hazards exposure:

Region 1, encompassing much of the East Coast, is ranked 11 in the Index.

Region 2, primarily the Western United States, is ranked 21.

Region 3, which includes most of the central portion of the country, is ranked 7 in the Index.
FM Global-infographic

How Phishing Emails Can Threaten Your Company

Posted on by

Impostor emails, dubbed “business email compromise” by the FBI, are increasing and targeting companies of every size, in every part of the world. Unfortunately, victims often do not realize they have been had until it’s too late. There are no security tool alarms and there is no ransom note. But because systems appear to be running as normal, everything seems like business as usual. And that is the point, according to Proofpoint’s study, “The Imposter in the Machine.”
PP1

From New Zealand to Belgium, companies from every industry have suffered losses, the study found. Here is a small sampling of recent impostor attacks during the last year:

  • A Hong Kong subsidiary at Ubiquiti Networks Inc. discovered that it had made more than $45 million in payments over an extended period to attackers using impostor emails to pose as a supplier.
  • Crelan, a Belgian bank recently lost more than $70 million due to impostor emails, discovering the fraud only after the company conducted an internal audit.
  • In New Zealand, a higher education provider, TWoA, lost more than $100,000 when their CFO fell victim to an impostor email, believing the payment request came from the organization’s president.
  • Luminant Corp., an electric utility company in Dallas, Texas sent a little over $98,000 in response to an email request that they thought was coming from a company executive. Later it was learned that attackers sent an impostor email from a domain name with just two letters transposed.

PP2

Most often, company executives are targeted, with two common angles. In one case, the always-traveling executive is studied by attackers, who use every resource available to understand the target’s schedule, familiar language, peers and direct reports. Because the executive is frequently on the road, direct reports who routinely process payments can easily be victimized.

Another ploy involves suppliers and how they invoice.

online pharmacy vibramycin with best prices today in the USA

For example, the supplier’s language, forms and procedures are used to change bank account information for an upcoming payment. If the attackers are successful, a company may find that they have been making payments to them for months without knowing it.

online pharmacy augmentin with best prices today in the USA

PP3

For more about the risks of phishing, check out “The Devil in the Details” and “6 Tips to Reduce the Risk of Social Engineering Fraud” from Risk Management.

Zika and the Olympics: Business Travel Risks

Posted on by

Zika
The Zika virus, and its presumed association with serious birth defects and a paralytic neurological disorder, poses an unusual problem for business leaders and risk managers. While the virus is not currently being spread by mosquitoes in the U.S., Brazil is an important destination for many U.S. business travelers, which will only increase in the build-up to this summer’s Olympic Games. For many companies, health and safety concerns are top priorities, but travel to Brazil may be a business necessity. Before making decisions around these two opposing drives, it is vital that risk managers and business leaders weigh the facts around Zika.

The Risk to Employees

Brazil ranks in the top 10 in the business travel global rankings, making it one of the world’s largest corporate travel markets. With the Olympics, business travel to Brazil is expected to increase considerably this year, yet many Americans are worried about the threats of the virus. Consider the results of a recent survey conducted by my company, On Call International: 64% of Americans and 69% of all women surveyed, said they would cancel their travel plans because of Zika. There is, however, a disparity between these widespread concerns and the ways businesses have actually responded to the virus. A survey by the Overseas Security Advisory Council found that of the 321 businesses that responded, less than 40% are allowing female employees to defer travel to affected countries, and only a fifth are allowing men to opt out. The majority of respondents are only taking steps to inform their employees about the virus.

Should more employers allow their employees to defer travel? In considering this question, business leaders need to turn to authoritative travel health sources such as the World Health Organization (WHO) and the Centers for Disease Control and Prevention (CDC) to help make informed choices around employee health and safety concerns.

Furthermore, women currently account for nearly half of all business travelers. The virus’s risks around pregnancy-related issues like miscarriages and birth defects will be top of mind for many businesswomen with travel plans to Brazil. Are employee concerns enough reason for businesses to stop travel to Brazil? Turning to authorities such as the CDC—and its recent travel advisory urging women who are pregnant or thinking of becoming pregnant to avoid travel to places like Brazil—provides a compelling reason for business leaders to consider more flexibility.

While women’s apprehensions around Zika seem obvious, the rising concern of the virus being transmitted sexually means that men with pregnant partners, or partners who may become pregnant, also have reason for concern. Notably, the CDC has issued warnings specifically for men traveling to locations like Brazil, which is another reason for businesses to give deferral of travel by men further consideration.

Duty of Care

As part of a company’s Duty of Care—the legal obligation to protect your employees from any reasonably foreseeable harm—your employees’ concerns around the Zika virus should be taken seriously. The virus is a new obstacle for businesses, and its risks require new approaches before any business travel to Zika-affected areas. Through proactive education, there are appropriate and responsible ways organizations can consider responding to the virus that are aligned with their legal and ethical responsibilities to their employees and their business. Organizations should consider meetings with all employees to discuss the virus and the health risks the virus imposes for travel.

If Travel is Necessary

While the symptoms of the virus – which are generally mild – are not immediately life-endangering, it is a good precaution to ensure employees are aware of resources such as doctors or hospitals in the areas where they are traveling. With special events like the Olympics, business leaders can also look into potential resources that are developed to help provide backup services for Rio during the Games. In preparation, Brazil is expected to invest $3.7 million in projects that include improving the medical infrastructure. These are investments that can benefit business travelers, if they have are made aware of them.

As there is no vaccine for the virus, organizations should share protection methods, including:

  • Avoid mosquitos and limit outdoor activities, especially from dawn until dusk when the Aedes aegypti mosquito is most active
  • Stay in accommodations with properly air-conditioned rooms. Netting for beds can also go a long way in protecting against the virus
  • Avoid unnecessary skin exposure by wearing long sleeves and pants
  • Purchase the correct insect spray—specifically those that contain DEET, picaridin, oil of lemon eucalyptus or IR3535

Embracing Flexibility

A sound approach includes weighing the risks and rewards of travel to Brazil and other Zika-affected areas. Where possible, be flexibile. For example, if your organization has employees based permanently in Brazil, or local partners, leverage them for any work that needs to be done in person to reduce the risks of sending additional employees to Zika-affected areas. There are also easy, technology-driven solutions, such as video chats or teleconferences. Be creative in your travel risk management solutions and identify which methods work best for your organization. Building your risk management program from a solid base of proactive education helps empower employees to make informed decisions regarding their travel plans to locations affected by Zika.

For more on this topic, check out our May feature in Risk Management Magazine.