RS Risk Solutions Favicon

CYBER-RISKS AND LIABILITIES

July/ August 2023

Tips for Avoiding Vishing Scams

Cyber-criminals are constantly developing new techniques to target and attack unsuspecting victims. One of these more recent methods is voice phishing, more commonly known as “vishing.” With these attacks, scammers will use fraudulent phone numbers to impersonate institutions and people of authority – such as financial establishments, government organisations, corporate executives or technical support personnel – to convince victims to share personal and sensitive information, such as National Insurance numbers, credit card information or account passwords.

It is critical for organisations and their employees to understand how to avoid falling victim to these types of scams because they could result in company information being stolen. Share the following cyber-security tips with employees to help them detect and avoid vishing scams:

Be suspicious of callers requesting private information. Instruct employees to never give out personal information such as usernames, passwords or banking details. Even if they are reasonably certain of the legitimacy of the caller, they should double-check by asking for a name and contacting the organisation using an official channel, such as the phone number listed on its website.

Practice cautions when receiving calls from unknown numbers. Employees should be hesitant to answer calls from unknown numbers. Instead, they should let these calls go to voicemail.

Understand scare tactics. Vishing scammers will often use fear to get victims to react. For example, they may say an account has been hacked and a password is needed to verify their identity. Inform employees of these tricks so they can avoid falling victim to them.

Listen for audio quality. One way to notice a spam caller is by paying attention to the audio quality. If the caller’s tone is robotic or has an unnatural speech pattern, encourage employees to hang up.

Use spam protection features. Many use phone brands and network providers offer built-in anti-spam features that can filter, block and report unwanted calls. Employees can look into setting up this protection on their personal devices.
Employees often have access to sensitive data, making them vulnerable to vishing. However, ensuring they know how to take the proper precautions can help keep information secure.

Protect your organisation against Malware

One of the most prevalent types of cyber-crimes comes from malicious software, more commonly known as malware. Malware can exist in many forms, such as ransomware, spyware and viruses. Once malware infiltrates a device or system, cyber-criminals can gain access to critical information. For instance, Royal Mail fell victim to a ransomware attack in January 2023 after hackers encrypted Royal Mails international export systems and demanded a huge ransom payment in exchange for decryption key. The attack resulted in severe disruption to international export services and significant consumer delays.

To avoid similar fate, protecting your organisation against malware is Vital. Consider the following tips for doing so:
• Frequently back up data and devices.
• Utilise antivirus, anti-malware and anti-phishing software.
• Use a firewall on company devices.
• Keep company software up to date.
• Train employees to be cautious about downloading any files or attachments.
• Use an ad blocker.
• Try to avoid using public WI-FI when travelling.
• Turn off WI-FI, GPS and Bluetooth settings when they are not being used.
• Be wary of emails and text messages containing links.
• Never share personal information, such as any security question answers, that hackers could use to access accounts.
• Purchase robust cyber-liability insurance to cover the cost of malware attacks or other losses incurred from breaches.
Contact us today for further guidance and insurance solutions.

Managing supply chain risks

Its common to rely on multiple service providers to do business. However, a complex supply chain can substantially increase cyber-risk. Specifically, just one vulnerability within a supply chain could allow a cyber-criminal to gain access to a whole host of organisations. In fact, thousands of organisations- including British Airways, healthcare company Boots and the BBC- suffered a data breach after a file transfer system within their supply chain was compromised in June 2023. Yet on 13% of businesses review the risks posed by their immediate suppliers, and even less (8%) scrutinise their wider supply chain, according to the government’s 2023 Cyber Security Breaches Survey.

To help address this gap, the National Cyber Security Centre (NCSC) has released two free e-learning packages relating to supply chain management, as follows:
• Module 1: Mapping your supply chain risk – This e-learning module explores what, why and how of supply chain mapping to help organisations improve their cyber-security

• Module 2: Gaining confidence in your supply chain – This e-learning module describes the practical steps that organisations can take as they review their supply chain.
For further information, visit the NCSC website.

Legal Specific Disclaimer:
The following information is not exhaustive, nor does it apply to specific circumstances. The content therefore should not be regarded as constituting legal or regulatory advice and not be relied upon as such. Readers should contact a legal or regulatory professional for appropriate advice. Further, the law may have changed since the first publication of this information.

Add to my favourites

Speak to us

RS Risk Solutions Logo

Related Articles

SUBSCRIBE TO OUR NEWSLETTER

Registered office: 2 Windsor Mews, Crown Drive, Heathfield, East Sussex, TN21 8FP. Registered in England and Wales, No. 11899365.

RS Risk Solutions Limited is authorised and regulated by the Financial Conduct Authority. FRN 843988

We are an independent insurance broker regulated by the Financial Conduct Authority and operate in the UK, predominantly in London and the South East, Surrey, Kent, East Sussex, West Sussex.

Quick Links

Policies

Get Support

RS Risk Solutions Logo

Request a callback

By providing the above information you consent to RS Risk Solutions Limited contacting you by any of the methods that you have provided details for. We will process this information in accordance with our privacy notice.

RS Risk Solutions uses cookies to monitor the performance of this website and improve user experience. To find out more about cookies, what they are and how we use them, please see our privacy notice, which also provides information on how to delete cookies from your hard drive.