ACH transactions are electronic money transfers made between banks and credit unions across the Automated Clearing House (ACH) network. While convenient and sometimes appropriate, you should NEVER fulfill a request to wire money from an email alone. Below are some examples of language vetted by a cyber law firm that can be helpful to include in your email signature as notice of your organization’s best cyber practices on this topic:
- [CLIENT] will never send an email requesting that wiring, ACH, or other payment instructions be changed or altered. if you receive a similar request from anyone, you should always confirm billing or payment instructions with a known contact in person or, if not possible, over the phone, so that you can confirm the identity of the sender. If you ever receive or have received a request from [client] regarding payment instructions via email only, please reach out to a known contact at [CLIENT] in person or by phone. Always contact our main number and do not utilize the phone number in the email you receive.
- Never wire transfer money based on an email request from our office without calling this office and speaking with someone personally to confirm wire information. When calling, do not use the phone number from the e-mail signature line. Even if an email looks like it has come from this office, or someone involved in your transaction, do not accept emailed wire instructions from anyone without voice verification. You will never be instructed to wire money related to a payment without verbal consent.
In this issue of News & Notes, our monthly newsletter, we cover the following topics: wind and hail claims, handling food allergies, sharing recent sprinkler system webinar, notice about new version of Insurance Summary, sharing new event planning self-guided presentation, and a cyber webinar.
Over the past several years, the United States has been plagued by property-related catastrophes, including, but not limited to, hurricanes, floods, tornadoes, convective storms, frigid temperatures, excessive snowstorms, hailstorms and wildfires. The sorority houses insured under the MJ Sorority Insurance Program have not been immune to these unfortunate events with a tornado significantly damaging two sorority chapter houses in 2022 and forty-four freeze claims in December 24-25, 2022.
Due to billions of dollars in paid insurance claims, all insurance carriers are struggling with how to handle the situation. Regardless of your current deductible, MJ Sorority appreciates your claims submissions, even if they will not meet your deductible. This information helps us provide historical data to our carrier, ensuring that we can communicate accurately the impact that these changing weather patterns, especially in wind and hail, have had on the program’s insured properties.
If your property suffers wind and hail damage, please be sure to contact us.
Sorority Program Claims
Example 1
The insured received a fraudulent email they thought was from their contractor providing a new account number to send a payment to. Using the new account number, the insured sent an ACH payment of approximately $800,000. The contractor contacted the insured when they didn’t receive the payment. The payment had cleared from the insured’s account which led both parties to realize the funds had been misrouted.
The initial payment was issued on a Friday. It cleared the insured’s account on the following Monday. The insured and contractor figured out the funds were sent to a fraudulent account on Tuesday and the bank was immediately notified. Luckily the bank was able to recover the funds since the were notified so quickly.
Example 2
The insured was emailing with a vendor on mailing their payment to a PO Box vs the vendor’s street address as road constructing was delaying delivery. Shortly after agreeing to mail the payment to a PO Box, the insured received another email asking the insured to instead wire to money to speed up the process. The email asking for a wire was fraudulent. The string of emails between the vendor and our insured was somehow infiltrated. One letter in the email address of the vendor was changed and the insured did not catch it. The payment in question was almost $300,000.
It took several months, but the bank was able to recover the funds.
No industry or business is immune to a cyber-attack. Your organization, knowingly or not, has likely experienced some brush with a cyber breach, potential breach, or near miss. Cyber threats emerge and evolve quickly, making them both difficult to predict and potentially volatile to manage.
The Greek community in particular is ripe for attack due to the volume and breadth of members’ personal identifiable information (PII) that is collected and stored by organizations. A breach of this information causes not only tangible and quantifiable harm, but also reputational harm, which can take years to rebuild, and in some cases, is lost forever.
Proactive risk management can make all the difference in the event of a cyber threat or breach. With that in mind, MJ Sorority has assembled a Cyber Toolkit to help your organization engage with key leadership, employees, and members to keep your operations safe and prevent business disruption due to cyber related incidents.
Here’s a peek into what’s included:
- An overview of free and discounted services offered to CHUBB cyber clients (that’s you!), including a breach response plan builder and external vulnerability monitoring
- An overview of MJ’s Cyber Resilience Program, designed to address pre- and post-loss strategies, including a cybersecurity risk assessment, leadership education, employee training and coverage analysis with MJ Cyber Lead, Carol Scully (for a fee);
- Resources on identifying and preventing deep fakes, phishing, and other types of cybercrime on the rise;
- Overview of simulations services your team can engage with to prepare for a cyber event;
- And additional resources on best practices to prevent and respond effectively to cyber incidents.
This kit equips your team to respond efficiently and effectively in the event of a breach or cyber-attack. We hope that you use the opportunities outlined in this communication to gain valuable insights about your current cyber security and make updates where you may be vulnerable. While this kit is not comprehensive, it can certainly help inform your next steps in creating and maintaining a secure environment for your employees, members, and other stakeholders.
Through education and proactive measures, we can mitigate the risks posed by malicious actors and safeguard sensitive information in an increasingly interconnected world.
If you have any questions about the programs and resources provided by MJ Sorority and our partners, please reach out to Kit Clark Moorman at kit.moorman@mjsorority.com.
Deepfakes
With new artificial intelligence (AI) technologies emerging every day, the threat of deep fakes is becoming more prominent and more dangerous, fooling even the keenest of eyes. A deepfake is a fabricated, extremely realistic image or video that has been digitally altered to impersonate someone else. They are typically used to spread false information or trick individuals into complying with the requests of a cybercriminal.
With the ability to convincingly impersonate real people, cyber criminals are able to orchestrate highly effective phishing scams, identity theft operations, and other cyber crimes that can have huge impact on your business operations and the safety of your personally identifiable information (PII).
Learn more about the threat of deepfakes and how your organization can get ahead of cyber criminals using this technology for malicious purposes here.
Complimentary and Discounted Cyber Services for Clients
Through your CHUBB policy, clients have access to a selection of essential mitigation tools and advisory resources that can help reduce your exposure. From cyber incident response solutions to education and training, CHUBB has compiled a group of experts to offer their services at a significant discount, sometimes even free of charge.
You can check out a full list of offerings here and learn more through CHUBB’s eRisk Hub. In addition, we have pulled a few FAQs and basic, complimentary services that you can learn more about in this loss mitigation article.
If you have questions about setting up or logging into your eRisk account, please contact your client executive.
Malware Response
Malware, short for malicious software, refers to intrusive and harmful programs or files developed by cybercriminals to steal, damage, or destroy data. Typically hidden in files, images, malware is usually distributed through malicious websites, emails and software.
We are all vulnerable to clicking on a link or attachment that contains malware, usually inadvertently. This article helps outline the important and immediate steps you and your organization should take in the event of a malware infection.
Managing Cyber Risk
Over the last decade, cyber security has evolved from a niche concern of IT professionals to a major priority for CEOs and Boards of Directors. Company leaders are now charged with managing cyber risk with the same urgency that they have treated tradition business risk in the past.
This paper explains the different forms of cyber risk and shows how the threat level has risen in recent years. It provides a basic framework for managing cyber risk. It also poses five key questions that business leaders should ask themselves to ensure their cyber risk stance is sufficiently robust and resilient to meet evolving threats.
The MJ Companies Cyber Practice
The MJ Companies has a specific cyber insurance practice, which has also developed several resources and services for your benefit. Please see the links below to engage with some of MJ’s free resources and for information on reviewing and assessing your organization’s cyber resilience with our team of experts.
- Cyber Quick Response: Drafting Your Team (free webinar) – Drafting your cyber expert teams before an event is one of the most important steps you can take. Where do you start, who are the experts you need to connect with, how do you evaluate them, and how can you be sure they are aligned with your carrier providers?
- Reducing Reputational Risk (free webinar) – Don’t let a cyber breach devastate your organization’s finances and reputation. On average, organizations take around 277 days to fully identify and contain a cyber-attack, leaving them vulnerable to lasting damage.
- Cyber Resilience Planning – MJ service offered for a fee
Phishing
A common form of social engineering, phishing, occurs when a bad actor communicates via email, phone or text, requesting that a recipient take action, such as click on a link or provide account information. The collected information is then used to gain unauthorized access to protected PII or other data that isn’t meant to be shared.
See this article for examples of phishing attacks. The examples provided cost the victim-companies millions of dollars, with bad actors using a combination of phishing scams and business email compromise to manipulate people into sharing PII and in turn using that information to collect funds.
Phishing attacks can be particularly problematic as hackers use our own instincts against us, gaining access to PII by a victim’s own hand. KnowBe4, a partner of The MJ Companies and CHUBB, offers phishing simulations to help train employees to be wary of this kind of attack, discounted for MJ clients. To learn more, please reach out to Kit Clark Moorman at kit.moorman@mjsorority.com.
Business Email Compromise
In today’s digital world, the growing impact of cyber-attacks have become an ever-pressing concern for businesses of all sizes and across industries. While ransom events tend to capture the brunt of media attention, Business Email Compromise (BEC)—a type of cyber-attack where hackers gain access to a business email account and trick employees into sharing sensitive information or transferring funds—is actually among one of the most prevalent and damaging.
Check out this free webinar on the topic, hosted by MJ’s Carol Scully.
ACH Transactions Language
ACH transactions are electronic money transfers made between banks and credit unions across the Automated Clearing House (ACH) network. While convenient and sometimes appropriate, you should NEVER fulfill a request to wire money from an email alone. Below are some examples of language vetted by a cyber law firm that can be helpful to include in your email signature as notice of your organization’s best cyber practices on this topic:
- [CLIENT] will never send an email requesting that wiring, ACH, or other payment instructions be changed or altered. if you receive a similar request from anyone, you should always confirm billing or payment instructions with a known contact in person or, if not possible, over the phone, so that you can confirm the identity of the sender. If you ever receive or have received a request from [client] regarding payment instructions via email only, please reach out to a known contact at [CLIENT] in person or by phone. Always contact our main number and do not utilize the phone number in the email you receive.
- Never wire transfer money based on an email request from our office without calling this office and speaking with someone personally to confirm wire information. When calling, do not use the phone number from the e-mail signature line. Even if an email looks like it has come from this office, or someone involved in your transaction, do not accept emailed wire instructions from anyone without voice verification. You will never be instructed to wire money related to a payment without verbal consent.
Sorority Program Claim Examples
Click here for examples for the MJ Sorority program that help demonstrate the need for risk management around cyber risks.
This visual guide empowers chapter members to see the big picture, ensuring every detail is covered from start to finish. Simplify your planning process and make your next event a success!
Chapter Event Planning Timeline (PDF version for download)
Our team at MJ Sorority is always looking for ways to help clients manage risk. We continually identify and vet business partners that we believe will add value to your chapter house and simplify its operations.
Since the beginning of time, the biggest risk to your property is water related incidents. In the Sorority Program, water related claims make up 56% of the total property claims. These claims range from water seepage, internal pipes bursting, equipment breaking down (water heaters, ice machines), to sprinkler leakage incidents. We also see water claims ranked in the top five most frequent and most severe incidents.
The one phenomenon that has changed recently is the change in the weather pattern, specifically the increase in freezing claims of regular piping, as well as the automatic sprinkler system. In the last three years alone, we have seen a substantial increase in frozen pipes claims.
What we have learned from many of these claims is that in many situations freeze incidents are preventable. Unlike so many other changes in the weather pattern, the weather reports generally forecast an impending freeze, giving property owners advance notice to make the necessary arrangements to eliminate or minimize a claim.
One of the strengths of MJ Sorority in our risk analysis is the ability to uncover emerging vendor solutions to help our clients in their property risk management. In this pursuit, we uncovered a great tool to help property owners stay ahead of any of their sprinkler pipes freezing.
We are excited to partner with Salamander to share their freeze detection technology, which will help prevent future claims at your chapter house. Your participation in this webinar is crucial to ensure the safety and well-being of your chapter house.
In this issue of our monthly newsletter, we cover background checks, mitigating the risk of wind and hail storms, share a webinar on security technology, review claims examples, our upcoming health promotions course, and more.
Ensuring the safety and security of the chapter house is obviously a top priority. The chapter house is not just a residence; it is a home where members build lifelong bonds, create cherished memories, and engage in activities that shape their futures. Given its significance, implementing robust security measures is essential to protect both the physical space and the well-being of its residents. One of the most advanced and effective security solutions available today is biometric entry systems.
Enhancing Security with Biometric Entry Systems
Biometric entry systems utilize unique biological traits, such as fingerprints, facial recognition, or iris scans, to grant access. Unlike traditional locks and keys or even electronic keycards, biometric systems offer several distinct advantages that make them particularly well-suited for sorority chapter houses.
- Improved Access Control: Biometric systems ensure that only authorized individuals can enter the chapter house. Unlike keys or keycards, which can be lost, stolen, or duplicated, biometric traits are unique to each person and cannot be easily replicated. This significantly reduces the risk of unauthorized access.
- Enhanced Safety: The presence of a biometric entry system can deter potential intruders and enhance the overall safety of the chapter house. Knowing that the house is equipped with advanced security technology can provide peace of mind to members, their families, and alumnae.
- Convenience and Efficiency: Biometric systems streamline the process of entering the house. Members no longer need to worry about carrying or losing keys and keycards. Access is granted swiftly and efficiently, making it easier for members to come and go while ensuring that security is never compromised,
- Accurate Tracking and Monitoring: These systems provide precise records of entry and exit times for all members. This feature is particularly useful for monitoring the house during events or identifying who was present in case of any security incidents. It also helps in managing the house occupancy efficiently.
- Durability and Low Maintenance: Biometric entry systems are typically more durable and require less maintenance compared to traditional locks. They are designed to withstand frequent use and are less susceptible to wear and tear. This longevity ensures a more reliable security solution over time.
If your chapter house utilizes a biometric security system, it is prudent to provide annual written notice to all individuals whose biometric information identifiers are collected or stored and specify the purpose of the collection and length of time the information identifiers will be held, stored, and used. Written consent and release of this information should be included in an annual housing agreement. Read more about our suggestions for Housing Agreements here.
Investing in a biometric entry system for the sorority chapter house is a forward-thinking decision that prioritizes the safety and well-being of your members. By leveraging advanced technology, the chapter can provide a secure, convenient, and efficient environment that supports the flourishing of its community. In a world where security concerns are ever-present, adopting biometric entry systems reflects a commitment to excellence and proactive care for all members of the sorority.
Join our business partner and security expert, Johnson Controls, to learn more about smart security strategies for your chapter house. Watch recording.