In the Fall 2018 Pooling Matters newsletter, VML Insurance Programs highlighted two new endorsements and tips for protecting your entity’s funds. Additionally, we announced additional cyber defense tools through our cyber reinsurer, Beazley.
Beazley recently published their 2019 Beazley Breach Briefing. They report a 133% increase in business email compromise incidents from 2017-2018. Below is a list of precautions they provided for consideration:
- Implement multi-factor authentication for remote access;
- Provide regular anti-fraud training for employees;
- Set up pre-determined codes to confirm requests for employees authorized to request fund transfers; and
- Limit the number of employees who can authorize wire transfers.
Apply the following checks if a vendor requests changes to its account details:
- Confirm all requests by a direct call;
- Use pre-agreed phone numbers;
- Review all requests by a next-level approver before making any changes; and
- Check that the address or bank account are the same as for previous payments.
Vendor requests for payments are a particular area of vulnerability. The frequency of these incidents is growing, and local governments and public bodies in Virginia are not immune. The best advice for making vendor payments electronically:
Verbally verify the request to confirm authenticity from a known number which may be different than one on the form of communication.
VMLIP members have the most robust cyber security coverages, trainings and resources available. We provide access to training, sample documentation and policies, resources and consulting via Cyber Risk Analytics’ YourCISO and Beazley’s cyber portal. If your organization is interested in a cyber security presentation, please let us know.
For more cyber security resources, visit the VMLIP Cyber page here.