Viewpoint
For your business
Viewpoint Summer
- News-in-brief
- Travel disruption - your rights
- MoJ reforms for personal injury claims
- Flood and Water Management Act 2010
- Government decision on pleural plaques
- Insurance and risk
- Taking the fall - the real cost of slips, trips and falls
- Are you losing money to toll fraud?
- Market News
- Time for change?
- Life begins at 40.....
- 40th anniversary - part II
- Industry focus
- Empty threats - are your unoccupied buildings at risk?
Are you losing money to toll fraud?
For many years, companies have recognised the threat posed by hackers to their computer networks, forcing them to invest heavily in improved systems security. Despite this additional protection, cybercrime is still on the increase. A 2009 report found that just under 50% of UK businesses experienced an IT-related security incident and 25% had experienced a serious breach.
Most experts believe reported incidents are only the tip of the iceberg and that cybercrime is more prevalent than most individuals and businesses realise.
Phone system hacking is one of the many forms of cyber crime that has seen an increase. Also known as ‘toll fraud’ and ‘call phreaking’, telephone systems are hacked into and used to make calls, often to premium rate or international numbers.
The gangs involved hijack phone systems to provide call capacity, with the call time sold on through small outlets such as internet cafes.
The perpetrators are highly skilled with expert knowledge of phone security systems. There may also be an insider involved; employees may bypass LAN security and IP fire walls by connecting their laptop or PC modems to unsecured phone lines.
No company or organisation is immune, high profile victims include the Department of Homeland Security and Scotland Yard.
How can you protect your business?
A range of phone companies offer advice and practical suggestions for improving system security:
• restrict certain numbers or destinations e.g. premium rate, international calls
• analyse PBX call logs and reports for anomalies, out of hours calls, etc
• change voicemail passwords on a regular basis and avoid obvious combinations e.g. 1234 or the extension number
• lock surplus mailboxes and de-activate all unnecessary system functionality
• use smart cards or tokens if remote access ports are used
• restrict access to equipment e.g. comms room
• safeguard internal directories, call logs reports, etc to prevent unauthorised access
• review procedures for leavers and for vetting new recruits
• review and update system security, with action plans for any weak areas identified.
But what do you do if your business is attacked? What cover will your insurance provide?
Many managers focus on protecting their businesses against conventional contingencies (fire, break-ins, malicious damage) and rely upon their IT security protocols to take care of the other exposures.
It is advisable to review your insurance programmes in light of emerging cyber risks. Once the risks have been identified and a management programme is in place, those that remain can be quantified and their consequences measured against the ability of the current insurance programme to respond.
Cyber fraud will often be covered under a crime policy, along with theft from the company, or customers, committed by an employee. However, many standard insurance programmes will not cover telephone fraud, with some crime policies being silent on the matter and others completely excluding it. A few provide an element of cover as standard, but only for an 'inner limit' and also only if certain security procedures are in place. However, insurers can often be persuaded to include it for a nominal additional premium.
Associate Director, Chris Ball says,
"A modern business's insurance programme needs to keep pace with modern threats, both from within the UK and overseas. Without specific attention being paid to the electronic/cyber threats, it is unlikely that a conventional insurance programme will be adequate."
Next steps
To discuss the issues raised in this article of for further information, please speak to your usual Perkins Slade contact. Alternatively, you can call 0121 698 8000 and ask to speak to a member of the corporate team or email corporate@perkins-slade.com
