The Telcom team remains committed to protecting your business from all sides, guarding against cyber attacks as well as safety threats on-site. We’ve included some helpful articles in this month’s newsletter, with tips to protect your crew against a variety of threats, from scams to scrapes – and everything in between! Read on to learn more.
Scam Central: Keeping Cyberattackers Out of Your Inbox

This informative article – courtesy of Anthony Dolce, The Hartford’s Head of Professional Liability and Cyber – contains great tips and tools for protecting your business against email scams. Take a look, and if you have any questions, don’t hesitate to reach out!

According to the FBI’s Internet Crime Report, business email compromise (BEC) is one of the most financially damaging online crimes. In 2022, there were nearly 22,000 related complaints, and businesses lost more than $2.7 billion to these scams. BEC is a scam that targets businesses rather than individuals — although there are similar types of consumer-focused scams called email account compromises.

While BEC always involves taking over or imitating a business email account, the scheme can play out in several ways. For example, the scammer might take over or imitate an email from an executive. They might then reach out to an employee on the finance team with an urgent request for a money transfer and have funds sent directly to the scammer’s account. Or the fake executive might ask an employee to buy and send them gift cards, which they can quickly cash out or resell.

In some BEC schemes, the criminals attack from a different angle. For example, rather than targeting a business directly, they could compromise a vendor’s email account and monitor the email account activity. After the vendor sends a legitimate invoice, the scammer quickly follows up as the vendor, apologizes for a mistake in the payment information and asks for the payment to be sent to a different account.

BEC is not always about the money transfers though. Some BEC attackers might be after employees’ personal information or data about the company, which they can then sell on the dark web or use as the basis for a different attack in the future.

What could happen if a business is targeted?
Unlike the scam emails that get sent to thousands of people at a time, the criminals running BEC schemes often conduct well-researched and coordinated attacks. For instance, the scammer might spend days learning about the company and monitoring its social media activity. They might even wait until the business is at a conference before springing into action and can use the trip as the basis for an urgent request. They might pose as the business owner for example and send an email with an urgent wire transfer request because a merger or acquisition was just made and there’s a need for the money right away. If an employee responds, the business might be out tens of thousands of dollars.

Scammers are also quick to test new methods just as successful businesses pivot to address changing circumstances. In February 2022, the FBI warned about the rise of BEC schemes involving virtual meeting platforms during the previous three years. The scammers send a meeting request as the CEO or CFO of a company, use deep fake audio to replicate the executive’s voice, and then request a funds transfer during the meeting or in a follow-up email.

How does phishing play a role?
In most instances of BEC, as well as other cyberattacks, phishing plays a part in the fraud. However, even when phishing is not the leading cause of an attack, it’s often used by cybercriminals in preparation for the actual attack. To protect against phishing, BEC and other cyber threats, businesses should be cyber risk aware. Training employees and implementing email security protocols can help prevent these types of attacks and reduce losses.
To learn more about these steps, click the Read More button below!
What to do if the company falls victim to a BEC attack?
After a BEC attack, the business should immediately contact the financial institution to see if it can reverse the transfers or payments. Companies can also work with their IT team to make sure devices and accounts are secure, which may involve changing passwords and updating security measures. Additionally, the business should report the incident to the FBI’s Internet Crime Complaint Center and include as many details as possible because the report can help the FBI track and stop these types of crimes.

From phishing attacks to ransomware, businesses of all sizes and individuals face many cyber risks. That’s why it’s important to partner with an experienced insurer that can help protect business operations. Cyber insurance should be an important part of any company’s incident response plan with a holistic approach that provides coverages encompassing data breaches, ransomware and business interruption.

Threats to cybersecurity should be taken seriously for the safety, security and stability of business operations and industry success. Companies must prepare and have tactics ready to go in case of an incident because it is likely that any business can be attacked.

Anthony Dolce is Head of Professional Liability and Cyber at The Hartford. He frequently speaks at cyber-related events around the country, authors thought leadership pieces and serves on several insurance industry groups. He holds the Certified Information Privacy Professional (CIPP/US) and the Registered Professional Liability Underwriter (RPLU) designations.
Tackling the Task at Hand: Proper Glove Use

Gloves are an essential piece of personal protective equipment (PPE), relied upon daily by our technicians, OS (outside) personnel, and contractors. Each faces a unique set of hazards, from cuts, scrapes, and burns to illnesses like COVID and the flu. Gloves can help guard against injury and prevent the spread of sickness – so we recommend checking that your team’s hands are properly protected!

Keep in mind that not all gloves are created equally, requiring you to consider specific hazards before making a selection. To ensure the most informed decision, the contractor should conduct hazard assessments with these tips in mind:
For more details on OSHA’s recommendations, please refer to the following:
29 CFR 1910.128 (a) General requirements. Employers shall select and require employees to use appropriate hand protection when employees’ hands are exposed to hazards such as those from skin absorption of harmful substances; severe cuts or lacerations; severe abrasions; punctures; chemical burns; thermal burns; and harmful temperature extremes.

(b) Selection. Employers shall base the selection of the appropriate hand protection on an evaluation of the performance characteristics of the hand protection relative to the task(s) to be performed, conditions present, duration of use, and the hazards and potential hazards identified.

And as always, our team is here to help! To learn more about protecting your team on the job site, contact us today!