Page 30 - Independent Schools Magazine
P. 30

High-pro le phishing attacks underline the need to be prepared
The risks posed by cyber criminals were highlighted again recently, following the news that two high-pro le tech companies fell victim to prolonged phishing attacks. If major corporations can fall for this type of attack, what chance do smaller companies have?
Beaming, cybercrime – of which phishing is the most common form of attack – cost UK businesses GBP29.1 billion in 2016. Phishing is a type of social engineering fraud in which fraudsters obtain the personal details of a victim by email for use in fraudulent activities.
Like other types of cyber-attacks, the risk
of falling victim to a phishing scam can never be completely eliminated; however,
by working proactively to establish robust systems and controls and create awareness among colleagues, you can reduce the risk of your business being caught out.
You can protect your company from phishing and other types of social engineering attacks by taking the following actions:
• Be cautious with links – If you get an email or noti cation that you  nd suspicious, don’t click on its links.
• Do an online search – If you get a noti cation about something that seems
The ransomware cyber-attack that hit hospitals, government agencies, and tens of thousands of computers on 12 May was unprecedented in how quickly and widely it has spread.
If your organisation has been impacted directly or indirectly through a customer or supplier, you should act quickly to contain the outbreak and collect information you may need to  le a claim.
In the critical period after a cyber breach, businesses should:
• Stopthedamage.FollowtheguidancefromtheGovernment’sNational Cyber Security Centre. If you have not been able to contain the outbreak — or you are not sure whether you have contained it — you may need to contact a technology vendor. A cyber insurance policy may cover this expense, but it might require prior approval.
• Managetheinitialresponse.Communicatetheissuewithinyour organisation to stem the spread of the attack and assist in tracking your cyber response team’s claim-related activity.
• Document the timeline of events. Tracking what occurred from the time of the breach through full recovery will assist in estimating the “period of recovery” for the loss.
• Establishaprotocolforidentifyingandproperlycategorisingclaim- related costs. This will facilitate potential recovery against relevant insurance policies.
• Provideanalysis.Catalogueallbusinessinterruption,extraexpense,or other  nancial impacts, even those not easily captured.
Marsh Ltd is authorised and regulated by the Financial Conduct Authority Copyright © 2017 Marsh Ltd All rights reserved
30 Finance
Free places for local pupils
suspicious, do an online search on the topic. If it’s a scam, there are probably people online complaining about it, and you will be able to  nd more information.
• Watch out for typos – Phishing scams are infamous for having typos. If you receive an email or noti cation from a reputable company, it should not contain typos. Typically, they are a sign that an email is fake.
• Have strong security software –
Computer security software is a necessary tool to prevent malware from installing if you get caught in an attack.
Taking steps such as these can help mitigate the risk of an attack from happening; however, it can almost never be eliminated entirely. Taking out appropriate crime insurance may protect you from the  nancial consequences of social engineering fraud. It is not always clear whether traditional crime insurance covers losses from a phishing scam
attack. In order to make sure you are covered, you should make sure your policy includes:
• An “all-risks” de nition of fraud/crime to encompass social engineering loss.
• A robust proof-of-loss provision.
• No continuing condition precedents or
systems of checks for coverage to apply.
• Af rmative cover for veri cation costs following a fraud.
• No “voluntary transfer” exclusion Phishing scams can lead to large  nancial
losses for a company. However, having the right controls in place, combined with the appropriate insurance, can help prevent or mitigate devastating losses.
To keep up-to-date with the latest trends in risk management for independent schools join, the Marsh UK Education Forum on LinkedIn or visit
Avenue House School, London, is looking for two new Year 1 pupils to be awarded up to a 100% discount on tuition fees, starting in September, and worth more than £11,000 a year per child.
The school’s bursary scheme opened for applications this month (June) and is aimed at attracting parents who believe their child will bene t from an education at the school but are prevented from joining for  nancial reasons.
School proprietor David Immanuel says: “I wish to broaden access
to the school by offering eligible parents means-tested  nancial support with the payment of fees. Children here are taught in small classes where they can develop an excellent work ethic and achieve
high standards in academic and non-academic subjects.”
Mr Immanuel added: “We wish to ensure that  nancial assistance
will be offered to those children who show the potential not only
to bene t from an Avenue House education but also to contribute positively to school life academically and perhaps with other talents – in sports, music, art or drama – in order to further enrich the school community.”
All bursary applications for children will be processed by an external specialist bursary company who will report their  ndings to the Governors. Places at the school and the level of  nancial support to be provided are awarded at the discretion of the Governors.

   28   29   30   31   32