Banking Sign In
Lock Icon

Cybersecurity Best Practices to Include in Your Institution’s Awareness Training

 

4/12/2022

 

Despite consumers’ varying perceptions of cybersecurity risk, anyone can be the target of hackers looking to steal money, information or an identity. But there is good news: Even the least computer-savvy people can take steps to protect themselves.

Your financial institution should empower consumers with information through cybersecurity awareness campaigns, an important step in the fight against cybercrime. Providing education and promoting good cyber hygiene will mitigate cybersecurity risk for consumers and your institution while increasing the potential for new business through knowledge sharing.

As your institution plans cybersecurity awareness initiatives, consider including the following cybersecurity best practices to enhance protections for your customers or members.

  • Update Devices: Everyone is likely familiar with the annoying pop-up reminder that your computer or phone requires a software update. While it may be easy to click “Remind Me Tomorrow,” it is best that customers or members take the time to install those immediately. Those updates often contain critical security patches that are easily exploited by cybercriminals. Almost all devices offer the option for automatic updates to streamline this process.
  • Install Anti-Virus (AV) Software for Home Devices: Home devices are subject to the same viruses and malware that can infect corporate machines. Home users should invest in AV software and make sure it periodically scans machines and updates to the newest definitions. While a paid AV software is recommended, there are free versions for consumers from companies like Bitdefender, Microsoft, Sophos and others which offer options for MAC and Windows.
  • Sign Up for Alerts: CSI’s recent poll revealed that the top cybersecurity issues that worry consumers as related to their personal confidential information are identity theft and stolen credit or debit card information, at 60% each. Effective alerting could enhance consumer vigilance against these threats.

Many websites offer free alerting to let users know when something happens on an account. Encourage your customers or members to take advantage of these alerts to monitor for potential fraud. Many financial institutions and credit card companies also offer alerts on purchases of a certain size or purchases made without the card present. Encourage customers and members to utilize this feature to quickly know if a card number has fallen into the wrong hands and minimize the damage.

  • Think before Clicking: Hackers often use SPAM email and text messages to get people to click on malicious links that lead them to download viruses or spyware, or prompt users to enter their credentials. Before clicking, your customers and members should ask the following questions:
  • Is this email expected? For example, did the text come with a link to tracking information for a mysterious order?
  • Who is sending this text or email? Hackers often use email addresses that look correct at first glance but are forged. As an example, an email from Apple.com would be correct, but an email from AppleInc.com would be forged. Additionally, text messages from businesses traditionally come from a five-digit number. If a consumer receives a suspicious text claiming to be from a company, but it has a 10-digit number, it is best to delete and block the number.
  • Is this link legitimate? Before clicking on any link, hover over the link with a mouse to see the website the link directs to. If the underlying address does not match up to the address in the email, do not click it.
  • Does this feel weird? Your customers or members should evaluate the situation before letting stress set in and making decisions that might put them at risk. If something feels like a scam it probably is a scam; encourage them to trust their instinct.
  • Enable Multi-Factor Authentication: One of the most troubling results of this year’s survey is that 30% of Americans agree that it is okay to use the same password for an online bank account that they use for other online accounts. Your institution should encourage consumers to use strong passwords while providing and promoting multi-factor authentication (MFA) to make it more difficult for hackers to gain account access.

Unfortunately, a username and password does not always provide adequate protection against hacking. It is not uncommon for these credentials to make their way to the dark web and into the hands of cybercriminals. To increase protections, many websites that hold important information offer the option for MFA. Instead of logging in with only a username and password, a user must provide a third piece of information to access their account.

Typically, the third piece of information comes in the form of a code sent via text or phone call to a specified number. There are also authenticator applications that serve the same purpose. While MFA may not be needed for every account, it is highly recommended for email accounts, online banking, healthcare accounts and anything that holds sensitive information.

 

 

Michael Cripps,

President and CEO

 

 


National Financial Capability Month

4/11/2022

 

April is National Financial Capability Month, and the FDIC offers several resources to help educate and protect consumers.  The FDIC’s Money Smart financial education program can help people of all ages enhance their financial skills and create positive banking relationships.

 

How Money Smart Are You?

This suite of 14 self-paced online games is the newest addition to the FDIC’s Money Smart product family and now available in English and Spanish for anyone to access.  It covers topics such as: your income and expenses, borrowing basics, building your financial future, and protecting your identity and other assets.

 

The following are just a few of the tools available from How Money Smart Are You?:

 

  • My Monthly Expense Log -This tool will help you organize and categorize how you use your money. This is an important step to building a spending and saving plan.
  • Estimate What I Can Afford for Housing– You can use this worksheet to estimate what you can afford to pay for housing. Remember, housing expenses include more than the rental payment or mortgage payment.
  • Save Money for My Goals– Use this form to calculate how much money you need to save every day, week, month, or year to reach your goals.
  • Get Ready to Borrow Money– You can use this tool to estimate how a lender might evaluate your creditworthiness. Doing so can help you get ready to borrow money.
  • Reduce the Risk of Identity Theft– You can use these strategies to reduce the risk of identity theft. But remember, you can never eliminate all risk.

 

 

 


March 22nd, 2022

Statement from Secretary Mayorkas on Cybersecurity Preparedness

“As the Russian Government explores options for potential cyberattacks against the United States, the Department of Homeland Security continues to work closely with our partners across every level of government, in the private sector, and with local communities to protect our country’s networks and critical infrastructure from malicious cyber activity. Organizations of every size and across every sector should continue enhancing their cybersecurity defenses. Organizations can visit CISA.gov/Shields-Up for best practices on how to protect their networks, and they should report anomalous cyber activity and/or cyber incidents to report@cisa.gov or (888) 282-0870, or to an FBI field office. DHS will continue to share timely and actionable information and intelligence to ensure our partners and the public have the tools they need to keep our communities safe and secure, and increase nationwide cybersecurity preparedness.”

 

 


March 1st, 2022

Don’t Pass By This Password Reminder:

 

You’ve heard it before, but we’ll say it again. It’s important to have strong passwords and change them regularly to help keep your accounts safe. Here are the basics: Don’t use personal information. This includes names of people in your family, your address, or birthdays, since this information can be publicly available to hackers.  Don’t use real words. Password cracking tools can process every word in the dictionary until a match is found. Instead use uppercase and lowercase letters combined with special characters such as “&” or “#” Create longer passwords. The longer it is, the better. Try for at least 10 characters.  Don’t use the same password for multiple websites. If one website has a data breach and you’ve used that password elsewhere, it’s easier for hackers to steal more information. Change your passwords. Get in the habit of changing them twice a year.

 

– Michael N. Cripps

President & C.E.O.

 

 


February 8th, 2022

Joint Release: Federal Agencies Launch Joint Effort to Alert Online Daters and Social Media Users of Romance Scams That Have Cost Americans Millions

WASHINGTON—Today, five federal agencies joined forces to remind the public about the ongoing dangers of romance scams. The Commodity Futures Trading Commission, the Consumer Financial Protection Bureau (CFPB), the Department of Homeland Security’s U.S. Immigration and Customs Enforcement (ICE), the U.S. Postal Inspection Service, and the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) have launched Dating or Defrauding?, a national awareness effort to alert the public to romance scams that target victims largely through dating apps or social media. The campaign is supported by USAGov/Outreach, a division of the U.S. General Services Administration’s Technology Transformation Services.

Romance scams are not new, but with the proliferation of online dating apps, social media, and even messaging apps, new types of scams are emerging that target new audiences and have drained victims of millions of dollars. According to the Federal Trade Commission (FTC), 2020 was a record year for romance scams. Consumer reports to the FTC indicate that the number of romance scam complaints continued to increase through 2021. A year-over-year comparison through the third quarter showed a 48 percent increase in reported romance frauds.

The joint federal agencies’ initiative shows the public how to recognize the scams before they give any money or assets and provides steps to take if they are victimized. Over the coming weeks, the interagency Dating or Defrauding? awareness campaign will reach the public via social media, local and national media outreach, and public-private partnerships to encourage them to be vigilant when making online love connections.

This effort is spearheaded through the following federal agency offices: CFTC’s Office of Customer Education and Outreach, CFPB’s Office for Older Americans, DHS/ICE’s Homeland Security Investigations, the U.S. Postal Inspection Service, and Treasury’s FinCEN.

 


 

December 1st, 2021

 

SCAM ALERT

THE SOCIAL SECURITY ADMINISTRATION WILL NEVER THREATEN, SCARE OR PRESSURE YOU TO TAKE ACTION.

If you receive a call, text, or email that . . .ou to take an immediate action.

  • Threatens to suspend your Social Security number, even if they have part or all of your Social Security number
  • Warns of arrest of legal action
  • Demands or requests immediate payment
  • Requires payment by gift card, prepaid debit card, internet currency, or by mailing cash
  • Pressures you for personal information
  • Requests secrecy
  • Threatens to seize your bank account
  • Promises to increase your Social Security benefit
  • Tries to gain your trust by providing fake “documentation,” false “evidence,” or the name of a real government official

…it is a SCAM!

DO NOT GIVE SCAMMERS MONEY OR PERSONAL INFORMATION – IGNORE THEM!

Protect yourself and others from Social Security-related scams

  • Try to stay calm. Do not provide anyone with money or personal information when you feel pressured, threatened, or scared.
  • Hang up or ignore it. If you receive a suspicious call, text, or email, hang up or do not respond. Government employees will not threaten you, demand immediate payment, or try to gain your trust by sending you pictures or documents.
  • Report Social Security-related scams. If you receive a suspicious call, text, or email that mentions Social Security, ignore it and report it to the SSA Office of the Inspector General (OIG). Do not be embarrassed if you shared personal information or suffered a financial loss.
  • Get up-to-date information. Follow SSA OIG on Twitter @TheSSAOIG and Facebook @SSA Office of the Inspector General for the latest information on Social Security-related scams. Visit the Federal Trade Commission for information on other government scams.
  • Spread the word. Share your knowledge of Social Security-related scams. Post on social media using the hashtag #SlamtheScam to share your experience and warn others. Visit oig.ssa.gov/scam for more information. Please also share with your friends and family.

 

               Michael Cripps,

              President and CEO


December 1st, 2021

Over 300,000 Android users have downloaded banking malware apps

Cybersecurity researchers report that password-stealing banking trojans were disguised as QR code readers, fitness monitors, cryptocurrency apps and more.

Here is the article : Over 300,000 Android users have downloaded these banking trojan malware apps, say security researchers | ZDNet

This article lists the apps that are on google play that should not be downloaded or installed : ‘Banking’ Trojan Malware Hits Over 300,000 Android Users | List of Apps to Avoid on Google Play App Store | Tech Times

 

 


November 16, 2021

 

I just wanted to share some information to help better protect you and your family as the holidays approach.

Researchers at Tessian (an email security company) caution that people should be wary of scams as Black Friday approaches. The researchers found that 30% of people in the US reported receiving a phishing message around Black Friday in 2020.

“Nearly a third of U.S. consumers (30%) said they received a phishing email around Black Friday last year, either by email or SMS to their personal email or cell,” the researchers write. “The thing is that consumers expect to receive more marketing and advertising emails from retailers during this time, touting their deals, along with updates about their orders and notifications about deliveries.

Inboxes are noisier-than-usual and this makes it easier for cybercriminals to ‘hide’ their malicious messages. What’s more, attackers can leverage the ‘too-good-to-be-true’ deals people are expecting to receive, using them as lures to successfully deceive their victims. When the email looks like it has come from a legitimate brand and email address, people are more likely to click on malicious links that lead to fake websites or download harmful attachments.”

Tessian also notes that employees at retailers should be vigilant for phishing attacks as they approach the busiest time of the year.

“And it’s not just consumers that need to be wary,” Tessian says. “Employees in the retail industry will be busier and more distracted than ever during this time, faced with hundreds of orders, thousands of customer queries to respond to, and overwhelming sales targets to hit. Cybercriminals will use this to their advantage, crafting sophisticated phishing emails and cleverly worded social engineering messages in the hope that a stressed worker will miss the cues and comply with their requests.”

 

            Remember: The bad actors are out in force, and you need to remember to implement good cybersecurity and cyber-hygiene practices – especially over the next couple of months. Be extra cautious of any emails invoking an emotional response or asking for your account information. Feel free to review the October National Cybersecurity Awareness emails and forward them to your family members.

 

 

 

Michael Cripps,

President and CEO

 


Ransomware 7/1/2021

The threat of ransomware has been growing exponentially over the last year. Strengthening your ransomware defenses should be at the forefront of everyone’s mind, including individuals and businesses.

The following arcticle from The Hacker News website gives a few tips and steps to help combat this threat.

www.thehackernews.com


Cryptocurrency Investment Scam 5/18/2021

The Federal Trade Commission has issued a new Consumer Protection Data Spotlight that reports consumers have lost more than $80 million to cryptocurrency investment scams, an increase of more than ten-fold year-over-year, according to a new data analysis from the Commission.

For more information on this topic, visit www.bankersonline.com