Are you fraud-proof? The right insurance softens the pain somewhat!
Regrettably, again this week there was a news report of a company that was the victim of fraud. The bad news is that none of us are immune to it. The good news is that there is an affordable insurance against it!
It is the harsh reality: the people in your organisation with great responsibilities in accounting or finance, are also very often in the position to set up well-concealed constructions and to bypass control. They do it to enrich themselves and/or to damage you. You can limit this risk by applying simple rules such as the “four-eyes principle”, which demands e.g. that every invoice must be approved by two people, independently of each other, in accordance with some well-defined instructions.
Where fraud by an employee starts from within your company, the risk is ever greater when third parties break into your IT-system from outside, to steal funds (= cybercrime) or to steal or damage data, to make your data inaccessible or even to destroy them completely (= Cyber risks).
Today, both risks, fraud by employees (either in co-operation with third parties or on their own) and the loss of data (including cybercrime) can now be covered by insurance. This means you will be protected from the financial loss, and, moreover, you will receive practical support from specialists in the research of the cause, in blocking the systematics of it, in restoring safety, as well as in the communication with third parties and dealing with liability claims.
Today, the cyber risk is at nr.1 of the top 10 risks that threaten the continuity of a company. Nearly 4 out of 10 Belgian companies have indicated that they have been hacked in the last year. The other 6 probably have been as well, but they just don’t know it yet. Therefore, insurance is not an unnecessary luxury, but an absolute necessity. Luckily, these insurance covers are not only affordable, but they offer 24/7 assistance, by the right specialist for your particular problem.
The table below points out 5 measures you can take to protect yourself from these risks:
|ICT risks||Fraud risks|
Make sure you have a watertight back-up system.
This implies a certain quality and frequency of back- ups.Regardless of the fact whether your data are stored in the cloud or in your server room, you should better keep a back-up on an external carrier at all times, and that is completely unconnected to your IT-system.
Write down your policy and enforce:
- rules and standards of behaviour
- the four-eyes principle
- control mechanisms
- a sanctions policy
|Protect your systems with a good (and up-to-date) firewall||Write a specific policy for the acceptance of suppliers and the management of supplier's data.|
|Install high-quality anti-malware and keep it up to date||Nourish an open company culture in which fraud is an item of discussion and any attempt to commit fraud is reported immediately|
|Update your software regularly; older versions are easier to access by criminals||Always set a good example as manager|
Last but not least: raise your employees' conscience as to the risks, by setting clear rules of conduct, by frequently checking they are followed, and by constantly reminding them of their importance
Carry out a careful staffing policy (from the beginning of the employment contract to its conclusion)
React quickly and adequately with each incident
These measures make you less attractive to criminals yet do not provide complete protection. Should you still suffer an attack, it is vital that you react fast and adequately. With ADD’s “ICT-care insurance policy”, you will benefit from good basic cover for only €500.
Do you have questions? Would you like a tailor-made offer? Contact our specialist in the matter, Paul Caekebeke, or contact your own trusted ADD contact person.
damage, destruction, unavailability and/or theft of company and/ or personal data because of a break-in into your IT systems or because of a system failure, with the purpose of selling or damaging them.
a break-in by criminals into your IT systems in order to steal from you by transferring your money from your IT system to their accounts.
your company voluntarily transfers money to a third party on the basis of a fraudulent instruction or action. This could be instigated by an employee who wishes to gain from it or to cause you damage, or by a third party who has sent a fraudulent confidential mail in your name to an employee, ordering him/her to transfer a certain amount into a bank account.
Back to Paul Poll