Current Trends in Corporate Criminal Activity 1:15 PM - 2:15 PM 4/28/2015

Size: px
Start display at page:

Download "Current Trends in Corporate Criminal Activity 1:15 PM - 2:15 PM 4/28/2015"

Transcription

1 Current Trends in Corporate Criminal Activity 1:15 PM - 2:15 PM 4/28/2015

2 Presenters: John McCullough, Financial Crimes Service Fred Laing, Upper Midwest Automated Clearing House Association 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 2

3 Agenda Transition and New Approaches to Crime Trends Cybercrimes Mitigation Techniques 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 3

4 Transition and New Approaches to Crime Trends 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 4

5 Physical Attacks Merging with Technology (Blow Torching ATMs, Madison, WI) 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 5

6 Sophisticated Skimmers on ATM s for Data Physical Attacks with Technology 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 6

7 Criminal Evolution Focus on Gathering Data The First generation gas pump skimmers place on the outside Device placed inside gas pumps, blue tooth connect, not as detectable 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 7

8 Technology to Clone Cards, Just Add Data Target Data, Home Depot, etc. Images removed 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 8

9 You re Hired to Shop (Mules) 1 Be a "Secret Shopper letter US residents in all 50 states being approach This check turns out to be counterfeit and is drawn against Wal-Mart s Payroll Account letter instructing them to deposit the check into their personal account for 24 hours Send on series of "secret shopper" tasks 2 Test Wal-Mart by sending a wire transfer/moneygram using these funds Shopper Complete customer service report and keeps $350 Letters post marked from Spain 3 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 9

10 4 Letters sent to mules Letter looks real, Individuals with no jobs find this offer as a great opportunity Greed does play a role in this process This person ends up as the looser 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 10

11 It Just Doesn t End There Images removed 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 11

12 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 12

13 Cybercrimes Criminals are seeking business, government and personal data Data is valuable to other criminals (i.e., Darknet) and sold Its all about data used for impersonations of a businesses, government agencies, employee PII or consumer data used to take over accounts, steal funds, illegal purchase goods/services, create new identity, open accounts, buy and trade, terrorism activities, and so on 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 13

14 Common Thread in Financial Crimes: Always impersonations The representations may appear creditable Data breaches seek personal, business or government data Methods of detection and apprehension are difficult to detect and prove The virtual world and physical world have merged Virtual currency is becoming a common pathway for financial funding of organized criminal and terrorist activity to avoid detection Being a little paranoid is a good thing when it comes to fraudster! 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 14

15 Financial Crime Trends (What Are We Seeing) Banks: Data Breaches, debit and credit frauds followed by check fraud and new wire frauds methods deployed and mobile deposits frauds Retailers: Data breaches, debit card fraud, cloned cards, gift card fraud and return frauds, and scams to fraudulent purchase and resale smart phones General businesses: Network system attacks, data breaches, counterfeit checks, account takeover, employee impersonations on tax return frauds, business impersonations Medical; System attacks, fraudulent claims, patient impersonations, medical prescriptions frauds 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 15

16 JP Morgan Chase (Give Me Derivatives) Images removed 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 16

17 U.S. Officials Say Russians Hacked White House Computers The intrusion likely resulted, as many cyber breaches do, from an employee clicking on a malicious link and/or attachment in a so-called phishing . That s how investigators believe the hackers accessed the State Department s systems 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 17

18 What is Thought to Have Happened: Russian hackers where behind cyber intrusion of the State Department in recent months used malware called perch to penetrate sensitive parts of the White House computer system, according to a U.S. official This malware is a low and slow process, which overtime steals data and avoids detection in network systems. The White House has said the breach affected an unclassified system. But that gave the hackers access to such sensitive information as real-time nonpublic details of the President's schedule. One official says the Russians have "owned" the State Department system for months 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 18

19 White House Asks For Our Help! (Fred and John) Here is what we found: We found the employee that open the malware This employee opened an The employee downloaded an attachment This let the Russians in Who is it? (Next Slide) 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 19

20 Fred and John Found Him Opening This and Downloading it Images removed 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 20

21 The Subject Matter is Meant to Fool Your Employees Images removed { USPS - Missed package delivery FW: Invoice <random numbers> ADP Reference #<random numbers> Payroll Received by Intuit Important - attached form FW: Last Month Remit Scanned Image from a Xerox WorkCentre Fwd: IMG01041_ _m.zip My resume Voice Message from Unknown Caller (<phone number>) Important - New Outlook Settings FW: Payment Advice - Advice Ref:[GB<random numbers>] New contract agreement Important Notice - Incoming Money Transfer Payment Overdue - Please respond FW: Check copy Corporate efax message from <phone number> FW: Case FH74D23GST58NQS 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 21

22 It Takes Only One Employee to Make Mistake! Images removed 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 22

23 How Effective Are These Criminals 780 Corporations Images removed 85 million known victims 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 23

24 The Report List 24 Pages of Corporations with Data Breaches Images removed 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 24

25 Survey by April 2015 CompTIA on Data Breach Causes Human error accounts for 52% Technology errors account for 48% Other Comments: 32 % respondents did not have the ability to prevent an attack 51 %, lacked training to deal with insider threats 43 % cited budget issues 40 % did not have Sufficient staff 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 25

26 Substantial Increase of Tax Return Fraud 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 26

27 Someone Filed My Tax Return Beware! Intuit CATO, breaching business networks Acquire payroll records Criminal impersonates person tax filing If a pattern develops, consider possible data breach Have contingency plans for employees to reporting such incidents 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 27

28 Tax Fraud Season If you become a victim of identity theft, the IRS recommends you take the following steps right away: Contact the IRS Identity Protection Specialized Unit at x245 so that steps can be taken to secure your tax account Complete IRS Identity Theft, IRS Form Report ID theft incidents to the Federal Trade Commission at consumer.ftc.gov or the FTC Identity Theft Hotline at File a report with the local police Contact the fraud departments of the three major credit bureaus: Equifax, equifax.com, ; Experian, experian.com, ; and TransUnion, transunion.com, Close any accounts that have been tampered with or opened fraudulently 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 28

29 Wire Frauds Are Increasing The FBI Denver Division has received an increase in business compromises criminal complaints. The fraud occurs when the controller, treasurer, or accounting officer at the business receives an that appears to be from the company executive. The is a request that a wire transfer be sent. The fraudulent appears to have originated from an executive within the company or appears to be an chain forwarded from company executives. The includes an attachment with instructions for the wire transfer. domain name used to send the fraudulent is similar to the company s domain name with a minor change. 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 29

30 Common Wire Frauds Today (This April Example, CA) Homeland Security Investigators in San Francisco are currently investigating an organization that creates domain names, which are similar to known organizations and sends fraudulent wire instructions to employees via . The employees believes the requests are originating from a high level manager within their company, and proceeds On 4/10/2015, HSBC Hong Kong received a $375, wire transfer from the United States. The wire transfer was sent to BROTENT TENTNOLOGY, LTD Account # 801-1X85XX-838. If your institution wired funds to this account, please contact SSA Michael Shinn. Thank you. 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 30

31 Why do people still fall for phishing attacks, especially finance people in charge of wire transfers at corporations? Organization with 10,000 employees, even if only one out of a thousand employees opens the phishing document, there compromised, leading to loss of information and attacks Criminals target selected employees with authority and attempt to fool them with fake s The targeted employees are busy and trusted employees, likely overworked, under deadlines, mistakes happen 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 31

32 Dave Jevans, Co-founder of the Anti- Phishing Working Group Stated: The hacker attack against Anthem Inc. (data breach) Started with a spear-phishing campaign which targeting five of its employees The real risk here is an increase in targeted attacks against a handful of key employees within your organization (people with authority) Data breach malware have spread to vendors with the intent to come through the side door of the vendors corporate clients being serviced (i.e., Target and Vendor) 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 32

33 Mitigation: Training of Employees https://www.youtube.com/watch?v=pnssgu8umyu https://www.youtube.com/watch?v=asyiz8df58k https://www.youtube.com/watch?v=sl9p9nsquv8 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 33

34 Other Risks to Consider Images removed Disgruntled employee(s) Criminal partners, insider 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 34

35 Taking Your Computer/Smart Phone Hostages 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 35

36 Example Ransomware : Your system is locked by cyber criminals with message denying access to files The Ransomware attacks are waged in two parts. First, a PC or mobile device is infected with malware that locks the corporate user out or encrypts files so that the user can longer access them Then a ransom is demanded through an automated message that appears on the device's screen. The user is told he or she has a limited amount of time to pay the ransom before the device will be wiped clean or the files will be erased How doe it start: Criminals will use various ploys to get staff to click on links or download attachments, which, in turn, infect their computers 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 36

37 Lance James, head of cyber-intelligence at the consultancy Deloitte & Touche. Now experts are calling attention to one of the reasons why ransomware attacks are becoming more common - because organizations say they'd rather not deal with the fallout that trails a breach or cyber-attack that goes public. Instead of getting law enforcement involved, they'd rather try their hands at making deals with their attackers first. But paying ransom is short-sighted and is never a good idea. Why? Because cybercriminals rarely keep their end of the bargain. Organizations that negotiate with hackers often end up with lost data after paying a hefty ransom. 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 37

38 Extortion Methods Expanding 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 38

39 Cyber Extortion is Successful 1/3 of US corporations who experience cyber extortion would negotiate for data return Corporations do not want to report extortions to Law enforcement Corporations do not want the publicity Corporations expenses to clean-up and notify parties is costly Corporation Stock shares drop Potential regulatory issues and fines CEO and CIO s on the hook 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 39

40 Distributed DoS attack So the bad guys took our servers down Answer: They are testing your response and planning other activity. They may use DDoS Attack as a distraction from another event they are executing against the company 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 40

41 Distributed Reflection DoS attack Combines Reflection and Amplification Uses third-party open resolvers in the Internet (unwitting accomplice) Attacker sends spoofed queries to the open recursive servers Queries specially crafted to result in a very large response Impact: Causes DDoS on the victim s server 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 41

42 Cache poisoning Corruption of the DNS cache data 1. Attacker queries a recursive name server for IP address of a malicious site 2. The recursive server does not have the IP address and queries a malicious DNS resolver 3. The malicious resolver provides requested rogue IP address and also maps the rogue IP address to additional legitimate sites (e.g. 4. The recursive name server caches rogue IP address as the address for 5. User queries the recursive server for IP address of 6. The recursive server replies to user with cached rogue IP address 7. Client connects to site controlled by attacker, thinking it is Impact: Logins, passwords, credit card numbers of the user 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 42 can be captured

43 TCP SYN floods Uses the 3-way handshake that begins a TCP connection Attacker sends spoofed SYN packets with the source IP address of bogus destinations The server sends SYN-ACKs to these bogus destinations It never receives acknowledgement back from these destinations and the connections are never completed These half-opened connections exhaust memory on the server Impact Server stops responding to new connection requests coming from legitimate users 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 43

44 DNS tunneling Uses DNS as a covert communication channel to bypass firewall Attacker tunnels other protocols like SSH, TCP or Web within DNS Enables attackers to easily pass stolen data or tunnel IP traffic without detection A DNS tunnel can be used for as a full remote control channel for a compromised internal host. Also used to bypass captive portals to avoid paying for Wi-Fi service Impact: Data exfiltration can happen through the tunnel 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 44

45 DNS hijacking Modifies DNS record settings (most often at the domain registrar) to point to a rogue DNS server or domain. User tries to access a legitimate website User gets redirected to bogus site controlled by hackers that looks a lot like the real thing. Impact Hackers acquire user names, passwords and credit card information See all Ten: 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 45

46 Why Does This Keep Happening "The reality is: The dark element is much better at information-sharing than the corporations are. (Usman Choudhary, ThreatTrack): Advance Persistence Attack (APT: Attack networks and low and slow method) Organize Motivated Well funding Smart and share information better than corporations Information is valuable information on the black market (Sony) 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 46

47 Mitigation Techniques and Tips

48 Training Employee education is Missing.. Do you have a formalized ongoing training program? Human error accounts for 52% of data breaches AND Educate, Educate, Educate Focus on specialized training with personnel with authority 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 48

49 Mitigation Techniques Companies can open attachments in a secure container or virtual machine, to avoid infection of the target computer Employ multiple anti-virus to detect various malware techniques Training users to avoid opening spam s is also very important Bankers need to educate users about the limits of two-factor authentication Employees should not rely on the information presented on the screen (links, phone numbers, pop-ups, domains names) Analytics software that can detect, say, that an organization is sending $500,000 to an account the bank has never seen before DNS attack indicator you have been or are being hit It is a distraction to keep you from detection of the real threat or execution of a crime 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 49

50 From a Network Standpoint Anti-virus software Firewalls Anti-Malware software Install software updates ASAP Monitor Internet traffic Manage passwords Strong policies defining what employees can do with their work computers when it comes to internet access, use of external devices, etc. An educated employee base 4/17/ FRPA and UMACHA Copyright 2015 all rights reserved

51 Physical/Network Security Use Dual Control whenever handling financial transactions Change vendor supplied defaults Encrypt data when you can Develop and implement a data retention, storage and destruction policy Ensure terminated employees credentials are deleted Ensure hiring policies include verifying application data and check references Regularly test systems for vulnerabilities AND Educate, Educate, Educate 4/17/ FRPA and UMACHA Copyright 2015 all rights reserved

52 Cash Management Products Positive Pay, Reverse Positive Pay Debit blocks and filters Stop all debits vs. stop all but specific debits Separate accounts for separate processes One for payroll, another for receivables, etc. Account reconciliation DAILY!! Balance Reporting 4/17/ FRPA and UMACHA Copyright 2015 all rights reserved

53 Out-of-Band Authentication Between You and Your FI What is it? Phone call (voice authentication or just a simple phone call) Text message (SMS) Secure Fax Why do it? To authenticate that the file or transaction is what you intended to generate Fraud prevention method but may also assist in preventing unintentional processing errors (sending the wrong week s payroll file to your FI) 4/17/ FRPA and UMACHA Copyright 2015 all rights reserved

54 Ways to Authenticate User ID and password (and/or picture) this is single factor and not sufficient by themselves, Challenge Questions fall into this too Token(s) a second factor, somewhat effective but there needs to be more, could be a cell phone or other similar device Biometric a third factor, hard to control in a virtual exchange but it s effective when used FFIEC defined three factors; what you know, what you have, and what you are 4/17/ FRPA and UMACHA Copyright 2015 all rights reserved

55 Exposure Limits Usually based on a credit review but can be used to limit fraud loss exposure Company and bank should work together to set the limit(s) Can be for a file, batch, or entry and can be daily, weekly or even monthly Should be set close to the size of the largest anticipated file Monitoring should be real time Limit should be reviewed regularly There should be well defined over-limit procedures 4/17/ FRPA and UMACHA Copyright 2015 all rights reserved

56 Anomalous Detection & Layered Security Look for trend lines that are out of band Sudden increases in transaction volume, dollar amounts, or returns Review ALL the data in a file, has anything changed from the last file? Where did the instructions come from When do you access the network to generate the transactions In other words, LOOK FOR ANYTHING THAT S DIFFERENT FROM WHAT YOU NORMALLY SEE! 4/17/ FRPA and UMACHA Copyright 2015 all rights reserved

57 FCC Recommendations for Small Businesses 1. Train employees in security principles 2. Protect information, computer and networks from Viruses, spyware and Malware 3. Provide firewall security for your internet connection 4. Download and install software updates as they become available 5. Make backup copies of important business data 6. Control physical access to your computers and networks 4/17/ FRPA and UMACHA Copyright 2015 all rights reserved

58 FCC Recommendations for Small Businesses (cont.) 7. Secure your Wi-Fi networks 8. Require individual user accounts for each employee 9. Limit employee access to data & information, limit authority to install software 10. Regularly change passwords 4/17/ FRPA and UMACHA Copyright 2015 all rights reserved

59 Mitigation Recommendations for Business Customers Using Online Payments (Spear Phishing and Business Account Takeover Attacks) Initiate payments under dual control Use dedicated computer where and web browsing are not possible. Limit admin rights on users workstations Reconcile transactions on a daily basis. Implement an employee awareness program Implement fraud detection systems with predictive analytic and transaction monitoring capabilities Use Out-Of-Band authentication systems manual client callback SMS text messaging Interactive Voice Response Fourteen additional in-depth defenses 59 FRPA and UMACHA Copyright 2015 all rights reserved 4/17/2015

60 Security is a TOTAL System, Process, and Procedure Issue!! DR WAN Data warehouse WW Campuses Business Analytics Back up tape WWW WW Customers Customer Portal Production Data Disk storage WW Partners WAN Outsourced Development Staging Back up disk Remote Employees VPN Enterprise File Server 4/17/ FRPA and UMACHA Copyright 2015 all rights reserved Endpoint Network Applications Files Storage

61 Security is a TOTAL System, Process, and Procedure Issue!! Device Theft WW Campuses Media Theft WAN Business Analytics Unauthorized Data warehouse Activity DR Media Loss Takeover Intercept WWW Unauthorized Access Unauthorized Access Unavailability Back up tape WW Customers Eavesdropping Fraud Customer portal Production Data Corruption Disk storage Unintentional Distribution WW Partners Data Loss Device Remote Loss Employees WAN VPN Outsourced Development Unauthorized Activity Enterprise Staging Data Theft File Server Back up disk 4/17/2015 DOS 61 FRPA and UMACHA Copyright 2015 all rights reserved Endpoint Network Applications Files Storage

62 What Happens If Your Organization Is a Victim? Discontinue using whatever piece of hardware is infected and disconnect it from any network (Use an expert on removal) Determine what connections that computer had with others and check those for problems Let corporate security know immediately so they can contact the authorities and any outside organization they feel may be needed to fix the problem Change passwords, ID s, etc. for anyone accessing systems tied to the infected system and disable the old ones Notify your provider(s) within 24 hours 4/17/ FRPA and UMACHA Copyright 2015 all rights reserved

63 Recommendations (cont.) (Who is in the best position to provide solutions?) Detecting fraud earlier and automate solutions Increase employee awareness training Better hiring practices Employee monitoring systems (Who touched it?) Investments in new fraud technology Sharing crime issues in real time with others (your bank, like companies, etc.) Seek out help from: (Local Law Enforcement, your vendors, organizations like FS-ISAC) FRPA and UMACHA Copyright 2015 all rights reserved 63 4/17/2015

64 The End ( kind of ) Thank You! 4/17/2015 FRPA and UMACHA Copyright 2015 all rights reserved 64

Don t Fall Victim to Cybercrime:

Don t Fall Victim to Cybercrime: Don t Fall Victim to Cybercrime: Best Practices to Safeguard Your Business Agenda Cybercrime Overview Corporate Account Takeover Computer Hacking, Phishing, Malware Breach Statistics Internet Security

More information

Questions You Should be Asking NOW to Protect Your Business!

Questions You Should be Asking NOW to Protect Your Business! Questions You Should be Asking NOW to Protect Your Business! Angi Farren, AAP Senior Director Jen Wasmund, AAP Compliance Services Specialist 31 st Annual Conference SHAPE YOUR FUTURE April 23, 2013 Regional

More information

Cybersecurity Governance Update on New FFIEC Requirements

Cybersecurity Governance Update on New FFIEC Requirements Cybersecurity Governance Update on New FFIEC Requirements cliftonlarsonallen.com Our perspective CliftonLarsonAllen Started in 1953 with a goal of total client service Today, Professional Services Firm

More information

Corporate Account Take Over (CATO) Guide

Corporate Account Take Over (CATO) Guide Corporate Account Take Over (CATO) Guide This guide was created to increase our customers awareness of the potential risks and threats that are associated with Internet and electronic- based services,

More information

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.

More information

Cybercrime and Identity Theft: Awareness and Protection 2015 HLC Conference

Cybercrime and Identity Theft: Awareness and Protection 2015 HLC Conference Cybercrime and Identity Theft: Awareness and Protection 2015 HLC Conference Christopher T. Van Marter Senior Deputy Prosecuting Attorney Chief White Collar Crime Unit Department of the Prosecuting Attorney

More information

ecommercial SAT ecommercial Security Awareness Training Version 3.0

ecommercial SAT ecommercial Security Awareness Training Version 3.0 ecommercial SAT ecommercial Security Awareness Training Version 3.0 Welcome The goal of this training course is to provide you with the information needed to assist in keeping your online banking account

More information

FFIEC CONSUMER GUIDANCE

FFIEC CONSUMER GUIDANCE FFIEC CONSUMER GUIDANCE Important Facts About Your Account Authentication Online Banking & Multi-factor authentication and layered security are helping assure safe Internet transactions for banks and their

More information

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft) 1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction

More information

Remote Deposit Quick Start Guide

Remote Deposit Quick Start Guide Treasury Management Fraud Prevention How to Protect Your Business Remote Deposit Quick Start Guide What s Inside We re committed to the safety of your company s financial information. We want to make you

More information

10 Smart Ideas for. Keeping Data Safe. From Hackers

10 Smart Ideas for. Keeping Data Safe. From Hackers 0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000

More information

Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT

Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection Foreword The consumerization

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

Electronic Fraud Awareness Advisory

Electronic Fraud Awareness Advisory Electronic Fraud Awareness Advisory Indiana Bankers Association Fraud Awareness Task Force February, 2012 Electronic Fraud Awareness Advisory Purpose/Summary The Indiana Bankers Association (IBA) was involved

More information

Here are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online.

Here are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online. Here are two informational brochures that disclose ways that we protect your accounts and tips you can use to be safer online. FFIEC BUSINESS ACCOUNT GUIDANCE New financial standards will assist credit

More information

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015 Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity

More information

September 20, 2013 Senior IT Examiner Gene Lilienthal

September 20, 2013 Senior IT Examiner Gene Lilienthal Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank

More information

ID Theft P E R S O N A L A N D O R G A N I Z AT I O N A L P R E V E N T I O N A N D D E T E C T I O N

ID Theft P E R S O N A L A N D O R G A N I Z AT I O N A L P R E V E N T I O N A N D D E T E C T I O N ID Theft P E R S O N A L A N D O R G A N I Z AT I O N A L P R E V E N T I O N A N D D E T E C T I O N M i c h e l l e C u m m i n g s, C I A, C F E, C D F M According to the National Crime Victimization

More information

DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers

DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers SUMMARY The Federal Financial Institutions Examination Council (FFIEC) is planning to update online transaction

More information

Online Cash Manager Security Guide

Online Cash Manager Security Guide Online Cash Manager Security Guide You re the One who can protect your business from the threat of a Corporate Account Takeover. 102 South Clinton Street Iowa City, IA 52240 1-800-247-4418 Version 1.0

More information

The SMB Cyber Security Survival Guide

The SMB Cyber Security Survival Guide The SMB Cyber Security Survival Guide Stephen Cobb, CISSP Security Evangelist The challenge A data security breach can put a business out of business or create serious unbudgeted costs To survive in today

More information

Cyber Self Assessment

Cyber Self Assessment Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have

More information

Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014

Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014 Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014 Lisa D. Traina, CPA, CITP, CGMA Lisa Traina utilizes her 30+ years of experience as a CPA, CITP and CGMA

More information

Best Practices Guide to Electronic Banking

Best Practices Guide to Electronic Banking Best Practices Guide to Electronic Banking City Bank & Trust Company offers a variety of services to our customers. As these services have evolved over time, a much higher percentage of customers have

More information

Cybersecurity Best Practices in Mortgage Banking. Article by Jim Deitch October 2015

Cybersecurity Best Practices in Mortgage Banking. Article by Jim Deitch October 2015 Cybersecurity Best Practices in Mortgage Banking Article by Jim Deitch Cybersecurity Best Practices in Mortgage Banking BY JIM DEITCH Jim Deitch Recent high-profile cyberattacks have clearly demonstrated

More information

Best Practices: Reducing the Risks of Corporate Account Takeovers

Best Practices: Reducing the Risks of Corporate Account Takeovers Best Practices: Reducing the Risks of Corporate Account Takeovers California Department of Financial Institutions September 2012 INTRODUCTION A state led cooperative effort, including the United States

More information

Your security is our priority

Your security is our priority Your security is our priority Welcome to our Cash Management newsletter for businesses. You will find valuable information about how to limit your company s risk for fraud. We offer a wide variety of products

More information

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord Building The Human Firewall Andy Sawyer, CISM, C CISO Director of Security Locke Lord Confidentiality, Integrity, Availability Benchmarks of Cybersecurity: Confidentiality Information is protected against

More information

Online Cash Management Security: Beyond the User Login

Online Cash Management Security: Beyond the User Login Online Cash Management Security: Beyond the User Login Sonya Crites, CTP, SunTrust Anita Stevenson-Patterson, CTP, Manheim February 28, 2008 Agenda Industry Trends Government Regulations Payment Fraud

More information

National Cyber Security Month 2015: Daily Security Awareness Tips

National Cyber Security Month 2015: Daily Security Awareness Tips National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.

More information

Practice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited

Practice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited Practice Good Enterprise Security Management Presented by Laurence CHAN, MTR Corporation Limited About Me Manager Information Security o o o o Policy formulation and governance Incident response Incident

More information

Reliance Bank Fraud Prevention Best Practices

Reliance Bank Fraud Prevention Best Practices Reliance Bank Fraud Prevention Best Practices May 2013 User ID and Password Guidelines Create a strong password with at least 8 characters that includes a combination of mixed case letters and numbers.

More information

Avoid completing forms in email messages that ask for personal financial information.

Avoid completing forms in email messages that ask for personal financial information. INTERNET FRAUD Online scams and viruses are constantly evolving and they threaten the security of computers worldwide. As criminals evolve their tactics, you need to keep your PC's security software (virus

More information

Fraud Detection and Prevention. Timothy P. Minahan Vice President Government Banking TD Bank

Fraud Detection and Prevention. Timothy P. Minahan Vice President Government Banking TD Bank Fraud Detection and Prevention Timothy P. Minahan Vice President Government Banking TD Bank Prevention vs. Detection Prevention controls are designed to keep fraud from occurring Detection controls are

More information

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation By Marc Ostryniec, vice president, CSID The increase in volume, severity, publicity and fallout of recent data breaches

More information

Identity Theft Protection

Identity Theft Protection Identity Theft Protection Email Home EDUCATION on DANGER ZONES Internet Payments Telephone ID theft occurs when someone uses your personal information with out your knowledge to commit fraud. Some terms

More information

Protecting your business from fraud

Protecting your business from fraud Protecting your business from fraud KEY TAKEAWAYS > Understand the most common types of fraud and how to identify them. > What to do if you uncover fraudulent activity or suspect you are a victim of fraud.

More information

Business ebanking Fraud Prevention Best Practices

Business ebanking Fraud Prevention Best Practices Business ebanking Fraud Prevention Best Practices User ID and Password Guidelines Create a strong password with at least 8 characters that includes a combination of mixed case letters, numbers, and special

More information

KEY STEPS FOLLOWING A DATA BREACH

KEY STEPS FOLLOWING A DATA BREACH KEY STEPS FOLLOWING A DATA BREACH Introduction This document provides key recommended steps to be taken following the discovery of a data breach. The document does not constitute an exhaustive guideline,

More information

IRS & Partners Combat Tax-Related Identity Theft: What s New for 2016

IRS & Partners Combat Tax-Related Identity Theft: What s New for 2016 Association of Government Accountants Professional Development Conference May 6, 2016 IRS & Partners Combat Tax-Related Identity Theft: What s New for 2016 Richard G. Furlong, Jr. Senior Stakeholder Liaison

More information

Tax-Related Identity Theft: IRS Efforts to Assist Victims and Combat IDT Fraud

Tax-Related Identity Theft: IRS Efforts to Assist Victims and Combat IDT Fraud Tax-Related Identity Theft: IRS Efforts to Assist Victims and Combat IDT Fraud Glenn Gizzi Senior Stakeholder Liaison Marc Standig Enrolled Agent What is tax-related identity theft? Tax-related identity

More information

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS $ ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS Boston Private Bank & Trust Company takes great care to safeguard the security of your Online Banking transactions. In addition to our robust security

More information

NATIONAL CYBER SECURITY AWARENESS MONTH

NATIONAL CYBER SECURITY AWARENESS MONTH NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the

More information

Top Ten Fraud Risks That Impact Your Financial Institution. Presented by Ann Davidson - VP Risk Consulting Allied Solutions LLC.

Top Ten Fraud Risks That Impact Your Financial Institution. Presented by Ann Davidson - VP Risk Consulting Allied Solutions LLC. Top Ten Fraud Risks That Impact Your Financial Institution Presented by Ann Davidson - VP Risk Consulting Allied Solutions LLC Agenda Education on understanding the fraud risk Take away.. Education to

More information

Payment Fraud and Risk Management

Payment Fraud and Risk Management Payment Fraud and Risk Management Act Today! 1. Help protect your computer against viruses and spyware by using anti-virus and anti-spyware software and automatic updates. Scan your computer regularly

More information

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望 Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望 Agenda Information Security Trends Year 2014 in Review Outlook for 2015 Advice to the Public Hong Kong Computer Emergency Response Team Coordination

More information

Presented by: Mike Morris and Jim Rumph

Presented by: Mike Morris and Jim Rumph Presented by: Mike Morris and Jim Rumph Introduction MICHAEL MORRIS, CISA Systems Partner JIM RUMPH, CISA Systems Manager Objectives To understand how layered security assists in securing your network

More information

Malware & Botnets. Botnets

Malware & Botnets. Botnets - 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online

More information

Corporate Account Takeover & Information Security Awareness. Customer Training

Corporate Account Takeover & Information Security Awareness. Customer Training Corporate Account Takeover & Information Security Awareness Customer Training No computer system can provide absolute security under all conditions. NO SECURITY MEASURE OR LIST OF SECURITY MEASURES CAN

More information

Top Fraud Trends Facing Financial Institutions

Top Fraud Trends Facing Financial Institutions Top Fraud Trends Facing Financial Institutions Presented on: October 7, 2015, 2-3 ET Presented by: Ann Davidson - VP of Risk Consulting at Allied Solutions Webinar Agenda 1. Fraud trends in 2015 and beyond

More information

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks White paper Phishing, Vishing and Smishing: Old Threats Present New Risks How much do you really know about phishing, vishing and smishing? Phishing, vishing, and smishing are not new threats. They have

More information

Presented By: Corporate Security Information Security Treasury Management

Presented By: Corporate Security Information Security Treasury Management Presented By: Corporate Security Information Security Treasury Management Is Your Business Prepared for a Cyber Incident? It s not a matter of if, it s a matter of when Cyber Attacks are on the Rise; Physical

More information

THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS

THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS David Glockner, Managing Director strozfriedberg.com Overview The big picture: what does cybercrime look like today and how is it evolving? What

More information

Cyber Security Breakout Session. Ed Rosenberg, Vice President & Chief Security Officer, BMO Financial Group Legal, Corporate & Compliance Group

Cyber Security Breakout Session. Ed Rosenberg, Vice President & Chief Security Officer, BMO Financial Group Legal, Corporate & Compliance Group Cyber Security Breakout Session Ed Rosenberg, Vice President & Chief Security Officer, BMO Financial Group Legal, Corporate & Compliance Group December 2014 Disclaimer: The material in this presentation

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

Presented by: Islanders Bank

Presented by: Islanders Bank Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives: Define Cybersecurity & why it s important Provide information about Dept. Homeland Security Cybersecurity Campaigns:

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest DDoS Attacks: The Latest Threat to Availability Dr. Bill Highleyman Managing Editor Availability Digest The Anatomy of a DDoS Attack Sombers Associates, Inc. 2013 2 What is a Distributed Denial of Service

More information

Innovations in Network Security

Innovations in Network Security Innovations in Network Security Michael Singer April 18, 2012 AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies.

More information

Firewalls, Tunnels, and Network Intrusion Detection

Firewalls, Tunnels, and Network Intrusion Detection Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls

More information

Cyber Security 2014 SECURE BANKING SOLUTIONS, LLC

Cyber Security 2014 SECURE BANKING SOLUTIONS, LLC Cyber Security CHAD KNUTSON SECURE BANKING SOLUTIONS 2014 SECURE BANKING SOLUTIONS, LLC Presenter Chad Knutson Senior Information Security Consultant Masters in Information Assurance CISSP (Certified Information

More information

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE

More information

OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875

OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 Understanding Information Security Information Security Information security refers to safeguarding information from misuse and theft,

More information

Security Guidelines and Best Practices for Internet Banking for Precision and Cash Management for Precision. Best Practices Guide

Security Guidelines and Best Practices for Internet Banking for Precision and Cash Management for Precision. Best Practices Guide Best Practices Guide Security Guidelines and Best Practices for Internet Banking for Precision and Cash Management for Precision Evolving security threats require the use of evolving controls and methods

More information

Business Internet Banking / Cash Management Fraud Prevention Best Practices

Business Internet Banking / Cash Management Fraud Prevention Best Practices Business Internet Banking / Cash Management Fraud Prevention Best Practices This document provides fraud prevention best practices that can be used as a training tool to educate new Users within your organization

More information

E-Banking Regulatory Update

E-Banking Regulatory Update E-Banking Regulatory Update Hal R. Paretchan, CISA, CISSP, CFE Information Technology Specialist Federal Reserve Bank of Boston Supervision, Regulation & Credit (617) 973-5971 hal.paretchan@bos.frb.org

More information

Combating Identity Theft: Tips to Reduce Your Cybersecurity Risks. September 16, 2015

Combating Identity Theft: Tips to Reduce Your Cybersecurity Risks. September 16, 2015 Combating Identity Theft: Tips to Reduce Your Cybersecurity Risks September 16, 2015 Current Cyber Threat Cyber criminals are not only targeting businesses, but individuals Stolen personally identifiable

More information

Retail/Consumer Client. Internet Banking Awareness and Education Program

Retail/Consumer Client. Internet Banking Awareness and Education Program Retail/Consumer Client Internet Banking Awareness and Education Program Table of Contents Securing Your Environment... 3 Unsolicited Client Contact... 3 Protecting Your Identity... 3 E-mail Risk... 3 Internet

More information

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics SBA Cybersecurity for Small Businesses 1.1 Introduction Welcome to SBA s online training course: Cybersecurity for Small Businesses. SBA s Office of Entrepreneurship Education provides this self-paced

More information

Endpoint & Server Protection. Brent Biernat First Vice President Network Services May 13, 2014

Endpoint & Server Protection. Brent Biernat First Vice President Network Services May 13, 2014 Endpoint & Server Protection Brent Biernat First Vice President Network Services May 13, 2014 The Evolution of Cyber Crime 1878 Bell Telephone Teenage Switchboard Operator Disconnected calls, eavesdropped,

More information

Cybersecurity Workshop

Cybersecurity Workshop Cybersecurity Workshop February 10, 2015 E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. 150 West Main Street, Suite 2100 Norfolk, VA 23510 (757) 624-3153

More information

Fraud and Identity Theft. Megan Stearns, Credit Counselor

Fraud and Identity Theft. Megan Stearns, Credit Counselor Fraud and Identity Theft Megan Stearns, Credit Counselor Agenda Fraud and identity theft statistics Fraud Identity theft Identity theft prevention Protecting your Social Security Number Online prevention

More information

I N T E L L I G E N C E A S S E S S M E N T

I N T E L L I G E N C E A S S E S S M E N T I N T E L L I G E N C E A S S E S S M E N T (U//FOUO) Malicious Cyber Actors Target US Universities and Colleges 16 January 2015 Office of Intelligence and Analysis IA-0090-15 (U) Warning: This document

More information

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. A guide for IT security from BIOS The Problem SME s, Enterprises and government agencies are under virtually constant attack today. There

More information

Anthony Minnaar Dept of Criminology & Security Science School of Criminal Justice College of Law University of South Africa

Anthony Minnaar Dept of Criminology & Security Science School of Criminal Justice College of Law University of South Africa SECURING THE DIGITAL DIVIDE: COMBATING CYBERCRIME Anthony Minnaar Dept of Criminology & Security Science School of Criminal Justice College of Law University of South Africa INTRODUCTION q Given modern

More information

Are All High-Risk Transactions Created Equal?

Are All High-Risk Transactions Created Equal? Are All High-Risk Transactions Created Equal? How to Minimize FFIEC Exam Pain 1 Lee Wetherington, AAP Director of Strategic Insight ProfitStars @leewetherington Agenda New Supplement to FFIEC Guidance

More information

CYBERSECURITY HOT TOPICS

CYBERSECURITY HOT TOPICS 1 CYBERSECURITY HOT TOPICS Secure Banking Solutions 2 Presenter Chad Knutson VP SBS Institute Senior Information Security Consultant Masters in Information Assurance CISSP, CISA, CRISC www.protectmybank.com

More information

I ve been breached! Now what?

I ve been breached! Now what? I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have

More information

Network Security and the Small Business

Network Security and the Small Business Network Security and the Small Business Why network security is important for a small business Many small businesses think that they are less likely targets for security attacks as compared to large enterprises,

More information

Visa CREDIT Card General Guidelines

Visa CREDIT Card General Guidelines Visa CREDIT Card General Guidelines General Account Information Phone Numbers and Addresses It is very important to keep us up-to-date with your correct address and phone number. Card reissues/replacements

More information

Control the Risk of Identity Theft

Control the Risk of Identity Theft Control the Risk of Identity Theft Guidance for Your Business R NORTH AMERICAN EQUIPMENT DEALERS ASSOCIATION This information was compiled from Protecting Personal Information: A Guide for Business, a

More information

+GAMES. Information Security Advisor. Be a Human Firewall! The Human Firewall' s Top Concerns in the Cyber, People & Physical Domains

+GAMES. Information Security Advisor. Be a Human Firewall! The Human Firewall' s Top Concerns in the Cyber, People & Physical Domains Information Security Advisor December 2015 Be a Human Firewall! The Human Firewall' s Top Concerns in the Cyber, People & Physical Domains +GAMES Spot the insider & Human firewall Filtering EXerCISE Good

More information

Who s Doing the Hacking?

Who s Doing the Hacking? Who s Doing the Hacking? 1 HACKTIVISTS Although the term hacktivist refers to cyber attacks conducted in the name of political activism, this segment of the cyber threat spectrum covers everything from

More information

IRS & Partners Combat Tax-Related Identity Theft What s New for 2016

IRS & Partners Combat Tax-Related Identity Theft What s New for 2016 IRS & Partners Combat Tax-Related Identity Theft What s New for 2016 General Scope of Identity Theft Identity theft costs U.S. victims more than all property crimes combined Identity theft remains number

More information

IT Security Risks & Trends

IT Security Risks & Trends IT Security Risks & Trends Key Threats to All Businesses 1 1 What do the following have in common? Catholic church parish Hospice Collection agency Main Street newspaper stand Electrical contractor Health

More information

TLP WHITE. Denial of service attacks: what you need to know

TLP WHITE. Denial of service attacks: what you need to know Denial of service attacks: what you need to know Contents Introduction... 2 What is DOS and how does it work?... 2 DDOS... 4 Why are they used?... 5 Take action... 6 Firewalls, antivirus and updates...

More information

OCR LEVEL 3 CAMBRIDGE TECHNICAL

OCR LEVEL 3 CAMBRIDGE TECHNICAL Cambridge TECHNICALS OCR LEVEL 3 CAMBRIDGE TECHNICAL CERTIFICATE/DIPLOMA IN IT NETWORKED SYSTEMS SECURITY J/601/7332 LEVEL 3 UNIT 28 GUIDED LEARNING HOURS: 60 UNIT CREDIT VALUE: 10 NETWORKED SYSTEMS SECURITY

More information

Beware! CryptoLocker Ransomware

Beware! CryptoLocker Ransomware Beware! CryptoLocker Ransomware 1 Ransomware Malicious software (malware) that infects a computer and restricts access to the computer and/or its files Demands a ransom to be paid in order for the restriction

More information

THE HOME LOAN SAVINGS BANK. Corporate Account Takeover & Information Security Awareness

THE HOME LOAN SAVINGS BANK. Corporate Account Takeover & Information Security Awareness THE HOME LOAN SAVINGS BANK Corporate Account Takeover & Information Security Awareness The information contained in this session may contain privileged and confidential information. This presentation is

More information

Cyber Risks and Insurance Solutions Malaysia, November 2013

Cyber Risks and Insurance Solutions Malaysia, November 2013 Cyber Risks and Insurance Solutions Malaysia, November 2013 Dynamic but vulnerable IT environment 2 Cyber risks are many and varied Malicious attacks Cyber theft/cyber fraud Cyber terrorism Cyber warfare

More information

Marble & MobileIron Mobile App Risk Mitigation

Marble & MobileIron Mobile App Risk Mitigation Marble & MobileIron Mobile App Risk Mitigation SOLUTION GUIDE Enterprise users routinely expose their employers data and threaten network security by unknowingly installing malicious mobile apps onto their

More information

Why is a strong password important?

Why is a strong password important? Internet Security Why is a strong password important? Identity theft motives: To gain access to resources For the challenge/fun Personal reasons Theft methods Brute forcing and other script hacking methods

More information

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS ftrsecure.com Can You Separate Myths From Facts? Many Internet myths still persist that could leave you vulnerable to internet crimes. Check out

More information

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com

More information