According to reports from multiple media outlets, including USA Today, the Milwaukee Bucks are the most recent victims of a trend we’ve been following called phishing / social engineering scams.
In late April, a scammer under the guise of team president Peter Feigin sent an email to an employee of the Bucks asking for copies of personal employee information, including W-2s, Social Security Numbers, names, addresses, and more. The employee, convinced that the email was in fact from the team president, voluntarily sent the files to the scammer. The Bucks became aware of the incident early this week and immediately took steps to notify players and team employees, launch a forensic IT investigation, and provide credit monitoring and identity restoration services.
WHY SHOULD I CARE?
This unfortunate situation gives us all a chance to review risk management practices for preventing such a breach, as well as a few key points regarding crime and cyber liability insurance policies.
It’s important to remember that while having strong firewalls and anti-virus software (with regular updates!) is crucial, human error is a leading cause of data breaches. No firewall would have prevented this from occurring.
ACTION STEPS
- Give your employees hands-on-training to raise awareness of scams
- Put a call-back procedure in place. This requires any employee who receives a request, to transfer either funds or sensitive information, to verbally confirm this request with the requestor.
- Encourage employees to ask one simple question: “Does this seem normal?” It may not be every day that an employee gets an email from the team president with an urgent request; that should have been a red-flag.
YOUR LAST LINE OF DEFENSE
Have the right insurance protection in place. While you can receive an endorsement to your commercial crime policy that covers social engineering, the crime policy would only respond to a loss of funds.
CYBER LIABILITY POLICY
Since the Bucks transferred private data, not funds, they would need a cyber liability policy in place to look for insurance protection. A cyber policy would step in and pay for any costs to notify affected parties, conduct a forensic IT investigation, manage public relations, provide credit-monitoring services, and defend/pay legal claims and regulatory expenses.
Most importantly, a good cyber policy provides the services of a breach coach who will orchestrate these services on your behalf.
MORE INFORMATION
Your consultants here at Hausmann-Johnson Insurance are happy to discuss any questions or concerns you may have regarding protecting your private data.
Let us know how we can help you.
COMMENTS