If you are not a VATC member, but have come to rely on our annual Town Clerk & Municipal Permit Directory, click here to place your order. VATC members will receive their copies in the coming weeks.
VATC’s popular County Seminar Series will begin again this Fall. Additional dates and counties will be added to the calendar when the snow begins to melt in March. Click here for scheduled dates and counties.
VATC recently sponsored the 2017 REALTOR® of Distinctions Awards Gala held September 19 at the Echo in Burlington. We are grateful for the support the Realtor community gives to our title agents. Our member, Lisa Gale Peery of Gale & McAllister was a well-deserved recipient of the award. Congratulations, Lisa!
For closings taking place October 1, 2017, a $25.00 CPL/ICL fee will be charged. If the lender maintains a blanket CPL/ICL, the fee also must be charged. Please contact the VATC office with any questions or concerns.
VATC requires all agents and approved attorneys to complete 6 credit hours of real estate CLE during the 2-year reporting cycle. Report online or forward the CLE reporting form that you submitted to the Supreme Court.Report Online
Click here to read the latest newsletter.
It means many things but one that we are very proud of is summarized in a letter that VATC sent on January 16 to Deborah Bailey, Executive Director of the Vermont Bar Foundation. Here are excerpts from Andy’s letter to the Bar Foundation:
Thank you VATC & CATIC members. Without your support, VATC could not be able to support valuable bar-related™ programs such as Access to Justice. A portion of every CATIC policy goes to such worthy causes.
The filing season for 1099-S forms is officially underway. The Form 1099-S, along with the appropriate Form 1096 transmittal, must be submitted to the Internal Revenue Service no later than February 28, 2017, if filing on paper, or by March 31, 2017, if filing electronically.
CATIC/VATC agents have a fiduciary responsibility for the processing, safeguarding, and accounting of all funds held for the benefit of others. This responsibility requires management to monitor and perform all procedures necessary to ensure the proper disposition of all balances held. The fiduciary responsibility does not end with the disbursement of funds at closing, but also includes appropriate follow-up and review of reconciliations, file balances and unpaid items.
CATIC’s Compliance Department would like to remind our agents of the policies and internal controls that should be in place over fiduciary funds.
Please feel free to contact Jenn Blomback with any questions or concerns.
The Vermont Title Standards (2016 Release) is now live on our website. Printed copies of the Standards will be delivered to VATC members in the coming weeks.
Click here for the new Fire & Building Safety Code (which becomes effective 10/10/16). There is a matrix relative to the requirements for CO and Smoke Detectors required for various property types (see pages 34 and 35).
The second biennium of the 2015-2016 session of the Vermont General Assembly has adjourned. This Legislative Bulletin sets forth a number of new acts of interest to real property practitioners. If you have any questions or need assistance, please contact Andy Mikell at (800) 649-3366, or at email@example.com.
Act 65, Statewide Education Tax Rates
This act amends Act 46 from the 2015 session, concerning education tax rates. The 2015 legislation increased statewide education tax rates for school districts that increased spending at a rate higher than the allowable growth threshold. Act 65 of the 2016 session limits the thresholds in the 2015 legislation to fiscal year 2017 only, rather than both 2017 and 2018, and revises the process for determining the threshold. Effective January 30, 2016.
Act 66, Petroleum Cleanup Fund
The Petroleum Cleanup Fund provides financial assistance for the closure, replacement, or upgrade of underground or aboveground storage tanks. This act establishes the maximum amount of the grants that may be offered, depending on the nature of the tank, and increases the total amount of financial assistance that may be authorized in any one fiscal year. Effective February 10, 2016.
Act 73, Extending the Exemption from Encumbrance on Title of Properties Subject to a Pretransition Stormwater Permit
Vermont law provides, at 27 V.S.A. § 613, that notwithstanding any law to the contrary, no encumbrance on record title to real property or effect on marketability of title shall be created by the failure of the holder to obtain, renew, or comply with the terms of a pretransition stormwater discharge permit. Prior to the passage of Act 73, this provision was due to expire on June 30, 2016. This legislation extends that date until June 30, 2018.
The statute defines pretransition stormwater discharge permit as a “permit issued by the secretary of natural resources pursuant to 10 V.S.A. § 1264 on or before June 30, 2004 for a discharge of stormwater.” Effective April 12, 2016.
Act 76, Aboveground Storage Tanks
This act provides that the Secretary of Natural Resources shall, by July 1, 2017, adopt rules for the inspection of aboveground storage tanks. Standards for the rules are set forth, and include such matters as the protocol to be followed and the criteria to be reviewed in the performance of inspections, the frequency of inspections, and the training and certification requirements for tank inspectors. The act also provides that if the owner of an aboveground storage tank converts the type of fuel used so that the tank is no longer being used for fuel storage then the owner shall have the tank and any fill pipes removed at the same time as the conversion. Effective, generally, July 1, 2016, with the inspection and removal requirements effective July 1, 2017.
Act 79, Classification of State Waters
This act changes the classification of state surface waters, with four newly designated classes, A(1), A(2), B(1), and B(2). The act further provides that all waters, other than those that are considered Class A waters, shall be designated as Class B(2) waters unless and until they are reclassified. The Secretary is authorized to reclassify one or more uses of all or a portion of a water. Effective April 28, 2016.
Act 84, Conservation Easements
Section 1 of this act adds a new section to the statutes, 10 V.S.A. § 6311, which provides that a tax lien “shall not affect conservation rights and interests if the tax lien attaches to the subject property under 32 V.S.A. § 5061 subsequent to the recording of the conservation rights and interests in the municipal land records.” Section 2 of the act amends 10 V.S.A. § 823 to provide that a document creating conservation and preservation rights and interests shall not be subject to the requirement of filing a notice of claim within the 40-year period as provided in 27 V.S.A. § 603. The remainder of the act amends 27 V.S.A. § 604 to provide that such rights or interests shall not be barred or extinguished by reason of failure to file the notice provided for in section 605 of Title 27. Effective July 1, 2016.
Act 86, Public Notice of Wastewater Discharges
This act adds a new subchapter 1A to 10 V.S.A. chapter 47, titled “Notification of Sewage and Wastewater Discharges.” The new subchapter sets standards for notification to the public and to the Agency of Natural Resources when there has been an untreated discharge of sewage or wastewater from the treatment facility. Effective, generally, on May 4, 2016.
Act 89, Intermunicipal Services/Regional Planning
This act grants authority to a regional planning commission to enter into service agreements with multiple municipalities regarding intermunicipal services. The act sets forth the process for drafting bylaws concerning the formation of, withdrawal from, and method of terminating such an agreement. The act also lists a number of activities that the commission is not authorized to perform, including essential legislative functions, taxing authority, and eminent domain. Effective July 1, 2016.
Act 90, Municipal Plan Adoption, Amendment, and Update Process
This act makes a number of revisions to the statutes that govern the adoption and amendment of municipal development plans. The revisions include an extension of the period for which such plans remain in effect, from five to eight years, and new requirements for confirmation of the planning process by the regional planning commission. Effective July 1, 2016, with specific instructions that the eight-year expiration date applies to plans adopted or readopted on or after July 1, 2015, and that plans adopted or readopted before that date shall expire in accordance with the statute as it existed at the time of adoption or readoption.
Act 99, Pesticides
This act adopts a new statute, 6 V.S.A. § 1105a, authorizing the Secretary of Agriculture, Food and Markets to adopt rules that govern the sale, use, storage or disposal of certain pesticides. Any such rule would establish best management practices, standards, procedures, and reporting requirements. The Secretary shall not adopt requirements if and to the extent that a pesticide is already regulated by another agency, department, board or other instrumentality of the state. Effective July 1, 2016.
Act 105, Water Quality on Small Farms
The Agency of Agriculture, Food and Markets is charged with adopting and implementing the “Required Agricultural Practices,” 6 V.S.A. § 4810a, concerning standards for eliminating adverse impacts to water quality from farming practices. This act amends the statute to address matters such as the siting of waste storage facilities and the construction of farm structures within a floodway. Effective May 12, 2016.
Act 115, Disclosure of Compliance with Accessibility Standards in the Sale of Residential Construction
This act requires a seller of residential construction to provide written disclosure to a prospective buyer, before the sale, detailing whether the residential construction is in compliance with the standards set forth in 20 V.S.A. §2907. The disclosure shall be made on a form and in a manner prescribed by the Vermont Access Board. “Residential construction” is defined in the statute as new construction of one-family and multi-family dwellings, other than single-family dwellings built by the owner for personal occupancy, or the assembly or placement of residential construction that is prefabricated or manufactured out of state. Effective May 17, 2016.
Act 126, Residential Rental Agreements
This act makes a number of revisions to the statutes governing residential rental agreements, including the addition of a definition for “sublease.” 9 V.S.A. is amended by the addition of a new §4456b, titled “Subleases; Landlord and Tenant Rights and Obligations.” This new section concerns subleasing, and provides that a landlord may condition or prohibit subleasing, and may bring an action for ejectment against a person who is occupying the dwelling unit without right or permission. If subleasing is allowed, the tenant shall provide the landlord with written notice of the name and contact number of any person occupying the dwelling unit. Other provisions in the act concern expedited hearings in actions for ejectment of a person occupying the unit without right or permission and the process that shall be followed in the court’s handling of the matter. Effective July 1, 2016.
Act 132, Nonresidential Property Tax Rate, Education Tax Rates
This act sets the nonresidential education property tax rate at $1.535 per $100, for fiscal year 2017 only, rather than the rate of $1.59 per $100. The act also, for fiscal year 2017 only, sets the property dollar equivalent yield at $9,701.00 and the income dollar equivalent yield at $10,870.00. A Common Level of Appraisal Committee is created, charged with studying the use of an aggregate common level of appraisal in a merged school district to determine the statewide education tax for each municipality in that district. Other provisions of the act address a report on proposed changes to the calculation of the statewide education property tax, a report on issues related to creating an education tax that is adjusted by income for all taxpayers, and incentives for voluntary school governance mergers. Effective, generally, on July 1, 2016, with some sections effective at other times.
Act 134, Miscellaneous Tax Changes
This lengthy act makes numerous changes to the tax statutes, covering matters such as use value appraisals, assessment education for municipal assessing officials, return and payment of withheld taxes, and the homestead property tax adjustment. Effective, generally, on May 25, 2016, with some sections effective at other times.
Act 146, Estate Tax
This act makes a number of revisions to Vermont’s estate tax laws, including new language that provides that if an estate’s value exceeds $2,750,000, then the tax shall be assessed only on the value of the estate that exceeds that amount, rather than on the entire value. The rate of tax assessed on value that exceeds $2.75 million shall be 16%. Other provisions of the act concern estate tax returns filed by the estate’s executor and a study of the possible impact of moving Vermont’s exclusion amount under its estate tax to an amount that matches the federal basic exclusion amount. Effective May 26, 2016, as to the study, and retroactively to January 1, 2016 and applicable to decedents dying after December 31, 2015, as to the new estate tax exclusion and tax rate.
Act 150, Permits and Approvals/Department of Environmental Conservation
The stated purpose of Section 1 of this act is to establish standard procedures for public notice, public meetings, and decisions relating to applications for permits issued by the Department of Environmental Conservation. The Secretary of Natural Resources may adopt rules to implement the new Chapter 170 (Title 10), covering matters such as informational meetings, notice to adjoining property owners, public hearings, and the decision-making process. Five permit categories are established, with different requirements for each category.
Other portions of the act concern the Secretary’s environmental notice bulletin and permit handbook, appeals to the Environmental Division, permits for the construction or modification of air contaminant sources, permits in flood hazard areas, permits affecting watercourses, waste management zones, discharge permits, emergency permits, and Act 250 appeals to the Division. Effective, generally, on January 1, 2018, with some sections effective May 31, 2016.
Act 154, Potable Water Supplies from Surface Waters
This act makes numerous revisions to the statutes that govern the state’s potable water supplies and hazardous material releases. Matters covered by the act include the adoption of rules to govern permitting of surface waters as a residential water supply, testing for contamination in groundwater sources, and the assessment of damages against a person who is liable for a hazardous material release. The act also forms a working group to make recommendations concerning the state’s ability to prevent exposure to toxic or hazardous materials, identify and regulate their use, and inform the public about their hazards. Effective, generally, on June 1, 2016, with some provisions effective July 1, 2016 or July 1, 2017.
Act 157, Economic Development/Business Entities/Affordable Housing
This very lengthy act makes numerous revisions to the state’s statutes governing such matters as regional economic development, employment growth, and the Vermont Economic Development Authority. Of interest are Sections E.1 through E.4, which set forth new provisions on conversions, mergers, share exchanges, and domestications of corporations, limited liability companies and other business organizations. (11A V.S.A. Chapter 11)
Section Q.2 of the act directs the Joint Fiscal Office to conduct a comprehensive study of Vermont state taxes, covering matters such as historical trends since 2005, state tax levels per capita and per income level, and cross-border tax policies.
Sections T.2 through T.4 concern affordable housing, providing that there shall be a study of affordable housing matters, and revising the tax credit program and the Down Payment Assistance Program. Effective, generally, on June 2, 2016, with some sections effective July 1, 2016 or July 1, 2017.
Reprinted with permission from CentricPro.
All law firms are at risk of a cyberattack. Most law firms are concerned about the consequences of a cyberattack. Yet unfortunately there are still many law firms that are not focusing efforts, resources and financing towards mitigating the risk.
Why should you care? It was just reported in June in the 2016 Ponemon Cost of Data Breach Study1, that the average cost of a data breach is now $4 million; that is $158 per record, but in a highly regulated industry it can be as much as $355 per record. This is an increase of 29% since 2013. It continues to rise because 48% of the breaches are malicious attacks which cost more to remediate. Forensics, legal costs and regulatory requirements are identified as the majority of the cost, with the lack of an incident response plan being a significant cause as well. First-party losses from a data breach include loss of data, loss of business income/ business interruption, restoration, re-creation and remediation, notification and credit monitoring expenses to name a few. The costs of a cyberattack on your law firm could have a devastating financial impact.
In addition, there are liability considerations. Absent clearly defined rules, regulations, standards and best practices, it is said that a “reasonableness” standard comes into play in determining negligence and assigning liability. A business doing nothing to mitigate risks will not be acceptable. There are professional conduct rules to consider, and where federal and/or state rules and regulations govern your practice, there are more liabilities and penalties that could impact your operation. You even have some states reviewing their requirements in light of the increase in cyberattacks and enhancing requirements on notification and credit monitoring as well as now considering requiring businesses to implement certain safeguard measures. Some states are also expanding the definition of what information is required to be protected.
Further, you now have certain industries pushing for model cybersecurity laws. For example, the National Association of Insurance Commissioners (NAIC), along with state insurance regulators, is proposing its own state model cybersecurity law (Insurance Data Security Model). The concern here is that there may be different laws enacted for the various types of roles one may take on in one’s business, which laws may also conflict with existing state and federal data security laws making it difficult for a business to comply with all of them. Then you cannot forget about the contractual obligations you may have with third parties like your lenders and insurance companies. You may be obligated by them to employ reasonable or appropriate administrative and technical security measures to protect information.
And of course there is the loss of good will and the negative impact on your reputation in the event of a cyberattack, especially if you have not taken reasonable steps to mitigate risks that impact your clients and employees. Clients are inquiring more now than ever as to whether you are secure. They are becoming more educated on the matter and are looking for the law firms that represent them to confirm that their information and if applicable their funds are adequately protected and secure.
Unfortunately there is no guarantee that whatever you are doing is enough to keep you from ever experiencing a cyberattack, but doing nothing is not the answer and could lead to more exposure. Make sure you are focusing efforts on cybersecurity initiatives for your business.
1For the information reported in this paragraph and more see, Ponemon/IBM Security – 2016 Ponemon Cost of Data Br each Study; Also, www.cnbc.com, Cost of data breaches hits $4 million on average: IBM, by Berkeley Lovelace, Jr., 6/15/2016.
Reprinted with permission from CentricPro.
Though lenders are for the most part NOT advertising these services – most banks now offer at least one of the following fraud prevention devices: Positive Pay, Reverse Positive Pay, ACH wire blocks and/or International wire blocks. With the spate of cyber-attacks inflicting substantial losses on attorney IOLTA accounts around the region, it may behoove you to investigate whether your lender offers at least one of these services. So what are they?
The positive pay system typically works like this: you provide your lender with a list of checks written from your IOLTA account – for instance, every time you cut checks for a closing, you send that list/disbursement sheet/spreadsheet to your lender. As checks are presented for payment on your account, an employee of the bank will verify the details of each check against the list you provided them to make sure the information is identical. For any anomalies or for any checks presented for payment that do not appear on your list of checks, the lender will contact you.
International Wire Blocks:
Simply put, if you don’t do business internationally, then you have no reason to anticipate an international wire. Ask your bank to place an international wire block on your IOLTA account. Thus, no one will be able to wire money fraudulently into or more importantly, out, of your account.
ACH Fraud and ACH Wire Blocks:
ACH stands for Automated Clearing House and is an electronic funds transfer process between bank accounts. There are only two pieces of information required to commit ACH fraud: a checking account number and a bank routing number. And this information is available on every check you issue. If someone in the firm has been the target of a phishing email and tricked into running malicious keylogging software that records keystrokes, or if a check simply falls into the wrong hands, criminals can get the information they need, including bank account user names and passwords in order to perpetrate an ACH fraud1.
Back in 2009, the FBI reported that there had been approximately $100 million in losses due to ACH fraud with new victim complaints opened on a weekly basis2. Unfortunately with the frauds that continue to be reported today, this is not something that is going away.
Some of you may remember the movie “Catch Me If You Can” with Leonardo DiCaprio playing the role of Frank Abagnale, a counterfeiter who thwarted the FBI’s efforts at capture for years only to become an employee of that organization. The tips noted below are excerpted from an article written by Mr. Abagnale to help those who wish to avoid falling victim to ACH fraud.
1. Ask your bank to place ACH debt blocks on accounts that should not have ACH withdrawals. For example, a trust account or refund account should not have withdrawals via ACH. Such accounts should have ACH blocks. An ACH block rejects all ACH debits3.
2. Bank accounts should be structured so that authorized ACH debits occur in only a few designated accounts. Ask your bank to place an ACH filter on those accounts. An ACH filter allows debits only from companies that have been preauthorized, or in preauthorized dollar amounts. If your bank does not offer an ACH filter, open up a new account exclusively for authorized ACH debits, and restrict who has knowledge of that account number4.
3. Monitor all unblocked accounts daily to catch unauthorized activity. Companies have two business days to reject an unauthorized debit and recover their money. If an unauthorized debit is not questioned for more than two days, it will be much more difficult to recover lost funds. Because all fraudulent ACH transactions originate in real bank accounts, unwinding them is quite straightforward if caught in a timely fashion5.
We offer this information in order to help you stay on top of current trends in the marketplace and to help you evaluate the various tools available in order to better protect your accounts and your clients’ funds.
1Goodchild, Joan, “ACH Fraud: Why Criminals Love This Con.” CSO Online (2010), available at: http://www.csoonline.com/article/2125833/malware-cybercrime/ach-fraud–why-criminals-love-this-con.html
3Abagnale, Frank, “How to Help your Clients Combat ACH Fraud.” Intuit Accountants News Central (July 14, 2014), available at: https://blog.accountants.intuit.com/from-the-experts/how-to-help-your-clients-combat-ach-fraud/
Republished with permission from CentricPro.
Ransomware is malicious software or malware that encrypts information or parts of your network, preventing access. A ransom is demanded in exchange for an encryption key to unlock the network. You are notified and given a short amount of time to pay the ransom or your data is lost forever. In addition or in the alternative, the criminals may add the element of extortion, and demand payment or else they will release information or use it against you.
In a recent article in LegalTech News titled New Ransomware Strains Can Cause Headaches for Unaware Attorneys, it was reported that 28 new strains of ransomware were discovered over the past few months. Some of the new strains are reported to be the result of copycat cyber criminals, but others are from more experienced professional criminals and harder to crack. They are using new techniques and approaches, as well as new ways to extort money from victims. One new attack is referred to as a “hybrid ransomware” where they not only lock the user’s files, but they lock the whole computer and use it to perpetrate further attacks within or outside the network. The article warned attorneys to expect more of it, with attacks estimated to double or triple compared to last year.
In addition to working with your IT specialists to assist in cyberattack prevention, you need to be sure you have excellent back up in place and be sure to educate and train your staff. Ransomware is most successful when you allow access by downloading what may appear to be an innocent program or file. Increase your cybersecurity training and enforcement of your cybersecurity policies internally to help mitigate the issue. In addition, be sure your law firm has proper cyber insurance coverage.
To learn more, contact Colleen M. Capossela, Esq., President of CentricPro Management Services, Inc.
Reprinted with permission from CentricPro.
Email has become one of the most convenient and efficient ways of communicating. Unfortunately, it has now also become one of the most convenient and efficient ways for scammers to fool us, especially with regard to wire transfer schemes. Even the best-managed law firms could fall victim to scams that intentionally mislead unsuspecting employees into sending money or diverting payments to fraudsters who are impersonating clients, attorneys, lenders and Realtors.
These schemes are commonly referred to as social engineering scams where your employees are tricked with fake information received generally by email. The email appears to be legitimate, but it is not. It is a fraudster looking to get you to send money without realizing you are sending it to an imposter.
In the past week we were informed by a couple of CATIC Agents of fraudulent wire requests. One agent noted that as buyer’s counsel he received an email from seller’s attorney on a matter that would be closing soon requesting wiring of additional funds. References to the parties and the transaction appeared accurate, but there were some grammatical errors in the body of the email. In addition, in reviewing the email more closely the agent noticed that the email addresses of some of the parties were changed by one letter. This situation thankfully has a happy ending, with the attempted scam being prevented due to the vigilance of the attorney.
But unfortunately we are contacted by others and the results are devastating. Because the emails look so legitimate, at times the clues are not detected. At the CATIC Agent Forum, a representative of the FBI showed that it can come down to merely a change in an email address with the rest of the email appearing to be legitimate. It could simply be the changing of an “l” to a “1” in an email address which is very difficult to detect. Further, when responding you would not get an invalid email response back because the scammers are smart enough to pay the nominal cost for buying the scam domain name.
Lessons to be learned: Carefully examine all aspects of your emails. Do not automatically trust what you are receiving. Also set up email policies in your law firm and educate everyone on the dangers. In addition, make sure your law firm is properly covered by insurance in the event someone in your firm falls victim to a social engineering scam.
To learn more, contact Colleen M. Capossela, Esq., President of CentricPro Management Services, Inc.
Vermont Attorneys Title is pleased to announce that Elizabeth Smith, Esq. has joined the company as Title Counsel on June 1, 2016. Liz will assist Andy Mikell with the underwriting needs of VATC members.
Liz graduated from Vermont Law School and Saint Michael’s College. She brings years of private practice real estate experience to VATC.
Reprinted with permission from CentricPro.
Social Engineering Fraud, to put it simply, is the ability of a fraudster to influence someone to disclose information and/or get them to act inappropriately…basically manipulating people to get information or gain access to systems. It could happen by way of a variety of media, whether email, the Internet, telephone, and at times face-to-face encounters. We have reported on a number of social engineering fraud schemes that have affected law firms locally, such as the false emails portraying a client and the false requests for wiring of funds to the fraudster. A number of businesses have reported that they have fallen victim to social engineering attacks and that losses have been in the thousands of dollars.
To mitigate the effects of social engineering attacks, law firms need to incorporate a plan as part of their cyber security initiatives. Most important in that plan should be the goal to educate and make the entire office aware of social engineering fraud strategies and what to watch out for in this area.
Different social engineering fraud strategies include:
• Impersonation: a fraudster using a believable reason to impersonate a person in authority, a fellow employee, boss or a client to gather confidential information or to request transfer of funds.
• Phishing: a fraudster attempting to acquire sensitive information, even money or transfer of funds, for malicious reasons, by masquerading as a trustworthy party in an electronic communication; it also includes a fraudster sending emails to the law firm that contain malware designed to compromise computer systems and capture confidential or sensitive information.
The fraudster may have any number of goals but more often than not the objective is simply financial gain. They have learned to leverage the human qualities of trust, helpfulness and fear to
manipulate their targets. They play on the inherent desire of most people to trust another. CHUBB reported that a former hacker turned security consultant Kevin Mitnick in his book The Art of
Deception-Controlling the Human Element of Security addressed this trust issue by noting:
“Why are social engineering attacks so successful? It isn’t because people are stupid or lack common sense. But we, as human beings, are all vulnerable to being deceived because people can misplace their trust if manipulated in certain ways….”
What firms must do is educate their staff and train them on what to look out for and what to do or not do to avoid being deceived. Some suggested measures include:
• Give people access only to what they truly need and what they are authorized to view.
• Be suspicious of unsolicited emails.
• Never release confidential or sensitive information to someone you do not know or whodoes not have a valid reason for having it – even if the person identifies himself or herself as a co-worker, superior or IT representative.
• Establish verification procedures for issuance of checks and wire transfers. A simple measure of calling your contact at the number you normally call to verify wire instructions and documenting this discussion is better than relying on what is emailed to you. Reduce reliance on emails for financial transactions.
• Do not allow use of unauthorized devices, like thumb/flash drives or unauthorized software on systems.
• Shred physical documentation when throwing out.
• Conduct penetration tests to assess your firm’s vulnerabilities.
Also, investigate proper insurance coverages. Most crime insurance policies and professional liability policies do not cover against these types of schemes. CentricPro in conjunction with Smith Brothers Insurance LLC has put together insurance programs that can assist in this matter. Have a gap analysis performed on your current policies to determine what additional coverages your firm needs for protection. At CentricPro we can assist in coordinating a free gap analysis. Please feel free to contact Colleen M. Capossela, President of CentricPro, to learn more.
¹Excerpts from CHUBB’s Guide To Preventing Social Engineering Fraud