Example 1

The insured received a fraudulent email they thought was from their contractor providing a new account number to send a payment to. Using the new account number, the insured sent an ACH payment of approximately $800,000. The contractor contacted the insured when they didn’t receive the payment. The payment had cleared from the insured’s account which led both parties to realize the funds had been misrouted.

The initial payment was issued on a Friday. It cleared the insured’s account on the following Monday. The insured and contractor figured out the funds were sent to a fraudulent account on Tuesday and the bank was immediately notified. Luckily the bank was able to recover the funds since the were notified so quickly.

Example 2

The insured was emailing with a vendor on mailing their payment to a PO Box vs the vendor’s street address as road constructing was delaying delivery. Shortly after agreeing to mail the payment to a PO Box, the insured received another email asking the insured to instead wire to money to speed up the process. The email asking for a wire was fraudulent. The string of emails between the vendor and our insured was somehow infiltrated. One letter in the email address of the vendor was changed and the insured did not catch it. The payment in question was almost $300,000.

It took several months, but the bank was able to recover the funds.

No industry or business is immune to a cyber-attack. Your organization, knowingly or not, has likely experienced some brush with a cyber breach, potential breach, or near miss. Cyber threats emerge and evolve quickly, making them both difficult to predict and potentially volatile to manage.

The Greek community in particular is ripe for attack due to the volume and breadth of members’ personal identifiable information (PII) that is collected and stored by organizations. A breach of this information causes not only tangible and quantifiable harm, but also reputational harm, which can take years to rebuild, and in some cases, is lost forever.

Proactive risk management can make all the difference in the event of a cyber threat or breach. With that in mind, MJ Sorority has assembled a Cyber Toolkit to help your organization engage with key leadership, employees, and members to keep your operations safe and prevent business disruption due to cyber related incidents.

Here’s a peek into what’s included:

This kit equips your team to respond efficiently and effectively in the event of a breach or cyber-attack. We hope that you use the opportunities outlined in this communication to gain valuable insights about your current cyber security and make updates where you may be vulnerable. While this kit is not comprehensive, it can certainly help inform your next steps in creating and maintaining a secure environment for your employees, members, and other stakeholders.

Through education and proactive measures, we can mitigate the risks posed by malicious actors and safeguard sensitive information in an increasingly interconnected world.

If you have any questions about the programs and resources provided by MJ Sorority and our partners, please reach out to Kit Clark Moorman at kit.moorman@mjsorority.com.

Deepfakes

With new artificial intelligence (AI) technologies emerging every day, the threat of deep fakes is becoming more prominent and more dangerous, fooling even the keenest of eyes. A deepfake is a fabricated, extremely realistic image or video that has been digitally altered to impersonate someone else. They are typically used to spread false information or trick individuals into complying with the requests of a cybercriminal.

With the ability to convincingly impersonate real people, cyber criminals are able to orchestrate highly effective phishing scams, identity theft operations, and other cyber crimes that can have huge impact on your business operations and the safety of your personally identifiable information (PII).

Learn more about the threat of deepfakes and how your organization can get ahead of cyber criminals using this technology for malicious purposes here.

Complimentary and Discounted Cyber Services for Clients

Through your CHUBB policy (check with your client executive to see if you are covered), clients have access to a selection of essential mitigation tools and advisory resources that can help reduce your exposure. From cyber incident response solutions to education and training, CHUBB has compiled a group of experts to offer their services at a significant discount, sometimes even free of charge.

You can check out a full list of offerings here and learn more through CHUBB’s eRisk Hub. In addition, we have pulled a few FAQs and basic, complimentary services that you can learn more about in this loss mitigation article.

If you have questions about setting up or logging into your eRisk account, please contact your client executive.

Malware Response

Malware, short for malicious software, refers to intrusive and harmful programs or files developed by cybercriminals to steal, damage, or destroy data. Typically hidden in files, images, malware is usually distributed through malicious websites, emails and software.

We are all vulnerable to clicking on a link or attachment that contains malware, usually inadvertently. This article helps outline the important and immediate steps you and your organization should take in the event of a malware infection.

Managing Cyber Risk

Over the last decade, cyber security has evolved from a niche concern of IT professionals to a major priority for CEOs and Boards of Directors. Company leaders are now charged with managing cyber risk with the same urgency that they have treated tradition business risk in the past.

This paper explains the different forms of cyber risk and shows how the threat level has risen in recent years. It provides a basic framework for managing cyber risk. It also poses five key questions that business leaders should ask themselves to ensure their cyber risk stance is sufficiently robust and resilient to meet evolving threats.

The MJ Companies Cyber Practice

The MJ Companies has a specific cyber insurance practice, which has also developed several resources and services for your benefit. Please see the links below to engage with some of MJ’s free resources and for information on reviewing and assessing your organization’s cyber resilience with our team of experts.

Phishing

A common form of social engineering, phishing, occurs when a bad actor communicates via email, phone or text, requesting that a recipient take action, such as click on a link or provide account information. The collected information is then used to gain unauthorized access to protected PII or other data that isn’t meant to be shared.

See this article for examples of phishing attacks. The examples provided cost the victim-companies millions of dollars, with bad actors using a combination of phishing scams and business email compromise to manipulate people into sharing PII and in turn using that information to collect funds.

Phishing attacks can be particularly problematic as hackers use our own instincts against us, gaining access to PII by a victim’s own hand. KnowBe4, a partner of The MJ Companies and CHUBB, offers phishing simulations to help train employees to be wary of this kind of attack, discounted for MJ clients. To learn more, please reach out to Kit Clark Moorman at kit.moorman@mjsorority.com.

Business Email Compromise

In today’s digital world, the growing impact of cyber-attacks have become an ever-pressing concern for businesses of all sizes and across industries. While ransom events tend to capture the brunt of media attention, Business Email Compromise (BEC)—a type of cyber-attack where hackers gain access to a business email account and trick employees into sharing sensitive information or transferring funds—is actually among one of the most prevalent and damaging.

Check out this free webinar on the topic, hosted by MJ’s Carol Scully.

ACH Transactions Language

ACH transactions are electronic money transfers made between banks and credit unions across the Automated Clearing House (ACH) network. While convenient and sometimes appropriate, you should NEVER fulfill a request to wire money from an email alone. Below are some examples of language vetted by a cyber law firm that can be helpful to include in your email signature as notice of your organization’s best cyber practices on this topic:

Data Privacy Provisions for Vendor Agreements

When contracting with third party vendors, it is important to be sure that you are reviewing contracts for appropriate data privacy provisions. Privacy provisions explain how a third party can collect, use and distribute PII and what other obligations that vendor will have with regards to the PII you share with them. See this document, compiled by CHUBB partner McDonald Hopkins, for some suggested language to look for or add to vendor contracts that addresses the handling of PII.  

Sorority Program Claim Examples

Click here for examples for the MJ Sorority program that help demonstrate the need for risk management around cyber risks.

We have seen a recent uptick in phishing scams among MJ Sorority clients. In today’s digital age, the threat of phishing is more prevalent than ever before. Did you know that over 90% of successful hacks and data breaches start with phishing scams? It’s a sobering statistic that underscores the importance of staying vigilant against this pervasive threat.

But what exactly is phishing? Simply put, it’s the process of attempting to acquire sensitive information, such as usernames, passwords, and credit card or bank account details, by masquerading as a trustworthy entity. Phishers often use bulk emails that try to evade spam filters, claiming to be from popular social websites, banks, auction sites, or IT administrators. It’s a form of criminally fraudulent social engineering that preys on unsuspecting individuals.

Phishing techniques have evolved over the years, becoming increasingly sophisticated and diverse. From traditional email and spam campaigns to more targeted approaches like spear phishing and session hijacking, cybercriminals employ a wide array of tactics to deceive their victims. They manipulate links, inject malicious content, and even resort to voice calls and SMS messages in their quest to obtain personal information.

So, how can you protect yourself against phishing attacks? Awareness is key. Familiarize yourself with the common techniques used by cybercriminals, and adopt anti-phishing strategies to safeguard your information. Be cautious when clicking on links or downloading attachments from unknown sources, and always verify the authenticity of requests for personal or financial information.

At MJ, we utilize KnowBe4, a firm that provides security awareness training to members of your organization. Each quarter, they produce an infographic with the top types of phishing attacks, as excerpted above. For the full infographic and associated data, click here. KnowBe4 also offers a free phishing security test that you can utilize to see if your employees are susceptible to phishing attacks – learn more here.

Help us welcome our new Director of Risk Management Education and learn more about Kit Moorman. Learn more and read our press release.

In order to maintain a positive and supportive environment within sororities, as well as manage the risk of escalation during disagreements, it is essential to establish effective mechanisms for dispute resolution among sorority members.

As the cost and administrative burden of litigation continues to grow, MJ Sorority supports the inclusion of binding arbitration clauses in membership agreements as a fair and efficient form of dispute resolution. Binding arbitration clauses are standard practice in many industries today, and if executed thoughtfully, can benefit both the organization and its members.

Arbitration is a formal method of dispute resolution that provides an alternative to traditional litigation. Overseen by a neutral arbitrator or arbitrators, parties to a dispute present evidence, make arguments, and are bound by the arbitrator’s decision, much like the formal litigation process. However, there are some important distinctions between arbitration and litigation. Arbitration is a private process and typically much more efficient. Additionally, parties to an arbitration choose the arbitrator presiding together, or in the case of a tribunal, each choose an arbitrator, who then in conjunction with one another, choose the third arbitrator on the panel.

How do arbitration clauses become relevant during a dispute?

Typically, arbitration clauses are leaned upon when one of the parties to a dispute changes its mind about using the arbitration process and wants to “have their day in court.” The court then looks to the original agreement to determine the validity of the arbitration clause and if the language of the arbitration agreement passes muster, the court will hold the parties to their agreement and send the dispute to a neutral, third-party arbitrator.

This is why arbitration clauses should be presented as part of an organization’s membership agreement, ensuring that there is a clear written record from the moment a member joins the organization.

What are the key components of an arbitration clause?

To ensure that arbitration clauses included in membership agreements are enforceable, a few key components should be present:

Keeping these components in mind while drafting arbitration clauses will bolster their validity and ensure all parties have clear expectations of the arbitration process.

What are the challenges of binding arbitration? What concerns does MJ Sorority have with arbitration clauses?

When arbitration clauses first came into fashion in the early ‘00s, courts were mostly deferential to such clauses and did not entertain challenges to their validity. In the last 15 years, courts have become much more wary of arbitration clauses, in some cases, finding them unconscionable, meaning that they are held invalid.

Claims of unconscionability, while hard to win, are important to consider when drafting and distributing membership agreements with arbitration clauses.

What is the benefit of arbitration over mediation or traditional litigation?

The arbitration process is private, helping parties avoid potentially lengthy, public, and expensive litigation. Furthermore, unlike in mediation, the arbitration process authorizes a neutral arbitrator to make a decision about the dispute, including the arbitration award, which is then only confirmed by a court. Typically, the arbitration agreement will include language that waives the parties’ right to appeal on substantive grounds in a court of law, limiting costs for all involved.

What is MJ Sorority’s Opinion on arbitration for dispute resolution?

While organizations should examine arbitration laws in each state of chapter operation, binding arbitration clauses are generally recommended to be part of membership agreements. If used, these clauses should be carefully worded to be specific and reasonable to both the contracting member and the organization. Organizations must demonstrate that there is equal bargaining power between the contracting parties and that the language used is specific and unambiguous. Organizations should also put existing members that have not signed an updated membership agreement on notice of an arbitration program’s implementation and collect assent via signature where possible.

Further Information:

The monthly MJ Sorority Newsletter – This issue covers background checks, event planning resources, rising food costs, summer to do lists & more.

For more information on preventing phishing scams, review this resource from Chubb, the cyber security carrier for MJ Sorority clients.

MJ Sorority’s monthly newsletter. This issue covers boiler inspections, increasing construction costs, spring chapter house inspection recommendations, and more.

March 2022: Topics include property claims trends, spring weather resources, FAQ on hiring contractors, 2022 MJ Housing Forum recordings and more!

January 2022: Topics include winter weather reminders, Covid-19 updates, accounting best practices, renting your chapter house for events, and insurance limits.

Event Planning: Special Event Policies – This episode contains a discussion with Ruth and Allison about special event policies as part of our ongoing series on event planning. They dive into what they are, when you need them, what to look for, and more.

Unofficial Houses: What, Why, & How – In this episode, Allison and Sara discuss what we call “unofficial houses.”