CYBER – IT’S RISKY BUSINESS – So Don’t Risk Losing Money by not following these simple procedures

Anita Kiehne – Vice President Claims

For the last two years, MUSIC has included Cyber coverage for all members as part of the regular assessment.  This year, the policy included a sublimit of coverage for “social engineering” that is new to this policy and those prior policies placed on an individual basis.

The limit is for $250,000 of coverage and applies to a loss when a criminal or fraudster uses a deceptive practice to get money or access information from a district or college.  In most cases, the criminal purports to be an employee, vendor or contractor of the school or college and issues fraudulent information and instructions for you to transfer money to an account that the district or college does not control.  It is a tactic used to get you (a designated employee) to send funds to an otherwise legitimate recipient, but instead to a fraudulent account using email, telephone requests or by fraudulent invoices.  The act requires the participation of an insured to act upon the request, as opposed to the account of the member being hacked by an outside third party.

The best way to prevent social engineering is to have a policy and or procedure to validate the request upon first receipt.

The Cyber carrier providing our social engineering coverage has an endorsement that actually REQUIRES ALL MEMBERS validate the source of any wire transfer request before acting on it for the first time.  The authenticity MUST be verified through a known source outside of the email or phone/invoice request.

The process is simple and REQUIRES  that every member have a written procedure within your district or college requiring the recipient of a wire transfer use an authentication procedure of the request by contacting a “known source” of the vendor at a phone or email address outside of the actual request.

This process will ensure you will have coverage in the event you do transfer funds, but can verify you attempted to authenticate the request.  It is critical in triggering your insurance coverage for this particular area of Cyber coverage.  Most importantly, you will need to document the procedure was in place and followed in the event of a loss to be able to obtain coverage.

We want all members to be aware of this important element of coverage so we eliminate any potential for coverage declinations.  Once you establish your protocol, please take the appropriate steps to share it with any staff who are involved with disbursements for the district or college.

Additional Cyber Resources

CyberRiskConnect.com.

Complete the New User Registration section including your access code. Your access code is 10448.