Computer Fraud and Insurance Coverage: How To Make Sure Your Business Stays ProtectedBusiness Advice & Research
Table of Contents
Do you start your workday by turning on your computer or checking emails on your phone? Whatever your line of business is, you probably conduct at least a part of your operations online, like sending or receiving contracts or payments.
That being said, in this day and age, your business definitely needs computer fraud coverage.
In 1986, Congress enacted the Computer Fraud and Abuse Act (CFAA) to address issues of hacking and cyber attacks. The Act prohibits intentional, unauthorized computer access, and later modifications and amendments added more computer-related incidents, such as identity theft.
The CFAA protects the victims of computer fraud and prescribes severe penalties for the offenders. The problem is that it can be extremely complicated to identify the perpetrators as hacking attacks become increasingly sophisticated. Anonymity is the name of the game.
That’s where insurance comes to the rescue. If you purchase the right computer fraud coverage, your business will have a financial safety net that will help you overcome the consequences of a potentially devastating incident.
Before we look into the insurance policies you should consider obtaining for your company, let’s first see what computer fraud is and what you can do today to protect your organization.
What Is Computer Fraud?
Computer fraud, as a term, includes all types of frauds that require the use of a computer. Most of these fraudulent deeds happen through some kind of a cyberattack, where cyber criminals gain access to their victims’ networks and perpetrate their crimes.
One common way to gain access to a company’s computers or network is through a hacking attack. If a company’s cybersecurity system is vulnerable, hackers will find a way to compromise it with malware and take control of the infected network of computers.
If the attack is more sophisticated and involves manipulating the victim into granting the attackers access to their accounts, we’re talking about social engineering and phishing attacks. These attacks usually require a lot of planning and background work to pick the perfect victim to trick into giving away sensitive information.
By presenting themselves as a company executive or someone an employee trusts but doesn’t have much interaction with, the attackers trick the victims into using their credentials to supposedly help them solve a problem but end up giving away confidential information. Criminals also like to create a sense of urgency and don’t leave much time for their victims to think before acting.
Attackers also create fake log-in pages and, posing as one of an authoritative company or service (think Apple, Microsoft, or LinkedIn), they ask people to take urgent action to “fix a problem with their account.” By using their credentials on these fake websites, your employees allow the criminal to steal their login information.
Not every computer fraud needs to be a product of an online attack, though. The old-fashioned computer theft or a planted USB drive infected with malware are still the methods criminals use when they want to breach their victim’s network.
Once criminals have access to your or your employees’ accounts, they use them to steal confidential information or transfer funds into their accounts. These computer frauds can sometimes take days to discover, and the criminals might inflict immense damage to your business by then.
The Difference Between Computer Fraud and Funds Transfer Fraud
Most funds transfer frauds start with a computer, too. The times when wire transfers were done mainly by phone or personal requests in banks are long behind us. Now that companies usually transfer their funds via online transactions, cybercriminals have found their way into funds transfer frauds, too.
Tricking the victims into transferring funds to bogus accounts usually starts with an elaborate social engineering scheme. Attackers pose as company executives and demand their employees transfer money to their bank accounts which are, in fact, the accounts criminals use to steal from you.
Attackers could also gain access to their victim’s banking credentials through a hacking attack and send fraudulent transfer requests to financial institutions on behalf of their victims. By the time your company has realized what was going on, the money is long gone.
As you can see, funds transfer fraud involves fraudulent financial transfers to the attacker’s account. Computer frauds cover more fraudulent activities than funds transferring.
Suppose cybercriminals steal your data in a data breach or another type of hacking event and later offer it on the black market or ask for ransom from your company. We are again talking about computer fraud. Any action that results in cybercriminals accessing your systems and fraudulently transferring your assets is also a form of computer fraud.
Altering electronic data and creating fake websites where people leave their credentials thinking they are legitimate websites also leads to data theft and therefore qualifies as computer fraud. Even sending spammy emails with fraudulent links to awards or auctions to trick people into giving their personal information falls into the same category.
Companies fall victim to these frauds either because of their weak cybersecurity measures or because they didn’t provide adequate education for their staff. Even if your cybersecurity is solid, a single mistake from one of your employees could wreak havoc on your computer and networks.
How to Protect Your Business?
There are certain steps you can take to protect your business from computer fraud:
- Purchase antivirus and firewall software and keep it updated. The market is full of options, and you should have no trouble finding the best solution for your business.
- Provide education for your employees. Have your cybersecurity experts conduct training on how to recognize and report phishing scams and hacking attacks.
- Implement a secure password policy. You can do this by purchasing a password management system that would help your employees create robust passwords and keep them safe in its vault.
- Set email spam filters to maximum protection. Cybersecurity experts know best practices when it comes to spam filtering, so you should have them set up your system accordingly.
- Keep track of financial transfer authorization. Have at least two people looking into and authorizing financial transfers, especially if the invoice comes through an email request.
- Use data backups and remote cloud storage. Having your data stored safely on multiple cloud servers and ensuring you make regular backups can help you recover from a data breach faster.
- Buy recommended insurance coverage for your business. Insurance doesn’t protect you from computer fraud, but it helps you deal with consequences. It provides financial support when dealing with potential fallouts.
Computer Fraud Coverage: What Do You Need?
Computer fraud crimes are pretty specific, so you need to tailor your insurance coverage to meet your particular needs and ensure it covers all your exposures. Apart from the primary insurance policies that every business with employees should consider purchasing, two policies are particularly significant when talking about computer fraud.
Commercial crime and cyber liability insurance are the two coverages that would best respond to computer fraud and its consequences on your business. Let’s see what each policy covers and how it will help you deal with computer fraud.
Commercial Crime Insurance
A commercial crime insurance policy covers the loss of money or other assets resulting from dishonest actions by your employees or third parties. It protects your business from the consequences of robbery, burglary, theft, forgery, fraud, and more.
Commercial crime coverage has evolved with the business world. It now covers some aspects of digital crime, including business data theft, fraudulent money transfers, or other types of digital asset theft.
You should note that the commercial crime policy covers only specific computer-related risks, and they are not always included in a default policy. You would need to seek additional coverage from your broker to ensure your chosen policy covers those risks.
Crime insurance should cover losses inflicted by employees or third-party hackers who committed fraud or theft by using computers. It wouldn’t respond to losses your company suffered as a result of a data breach or social engineering attack.
If your company conducts digital funds transactions or stores sensitive digital information, you should strongly consider purchasing the commercial crime policy for your business.
Cyber Liability Insurance
Cyber liability insurance is the best computer fraud coverage you can get for your company. This coverage responds to many events related to a network security failure, covering your direct losses and the costs of defending liability claims.
It responds to incidents such as malware attacks (including ransomware), data breaches, and business account and email compromises.
A cyber liability policy would help you recover or recreate your stolen data, and it would cover your direct revenue losses due to the cyber incident.
If the cyberattack exposed your clients’ sensitive data, or the attackers used it to inflict damage upon them, a robust cyber insurance policy would cover the costs of notifying and monitoring the victims’ credit. It would also assist with investigating the incident and any liability claims and reputational damage that might follow.
A cyber liability policy would help you deal with the consequences of computer fraud by covering your financial losses. A preferred policy would also help with designing cost-effective and robust security and data encryption protocol that would help prevent future incidents.
If you still haven’t purchased these policies for your business, now may be the right time to do precisely that. Sign up to Embroker’s digital platform and get your online quotes in a matter of minutes.