NATIONAL CYBER SECURITY AWARENESS MONTH



Similar documents
Protecting your business from fraud

Cyber Security. Securing Your Mobile and Online Banking Transactions

Malware & Botnets. Botnets

National Cyber Security Month 2015: Daily Security Awareness Tips

October Is National Cyber Security Awareness Month!

Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams. May TrustInAds.org. Keeping people safe from bad online ads

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

Learn to protect yourself from Identity Theft. First National Bank can help.

Internet threats: steps to security for your small business

Small businesses: What you need to know about cyber security

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

Common Cyber Threats. Common cyber threats include:

Remote Deposit Quick Start Guide

Retail/Consumer Client. Internet Banking Awareness and Education Program

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

CKAHU Symposium Cyber-Security

10 Quick Tips to Mobile Security

Don t Fall Victim to Cybercrime:

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

Your security is our priority

Cybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015

Best Practices Guide to Electronic Banking

1. Any requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.

Preventing, Insuring, and Surviving Fund Transfer Fraud... and Other Cyber Attacks

2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program.

Corporate Account Take Over (CATO) Guide

Payment Fraud and Risk Management

Business ebanking Fraud Prevention Best Practices

Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

Defense Media Activity Guide To Keeping Your Social Media Accounts Secure

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses

Data Management Policies. Sage ERP Online

A Case for Managed Security

Protect Yourself. Who is asking? What information are they asking for? Why do they need it?

Online Cash Manager Security Guide

Business Internet Banking / Cash Management Fraud Prevention Best Practices

The following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015.

Protection from Fraud and Identity Theft

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord

How to stay safe online

10 Smart Ideas for. Keeping Data Safe. From Hackers

IA/CYBERSECURITY IS CRITICAL TO OPERATE IN CYBERSPACE

Cybercrimes NATIONAL CRIME PREVENTION COUNCIL

Security Best Practices for Mobile Devices

Cybercrime and Identity Theft: Awareness and Protection 2015 HLC Conference

A Small Business Approach to Big Business Cyber Security. Brent Bettis, CISSP 23 September, 2014

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

BSHSI Security Awareness Training

Web Presence Security

Network Security and the Small Business

ONLINE IDENTITY THEFT KEEP YOURSELF SAFE FROM BESTPRACTICES WHAT DO YOU NEED TO DO IF YOU SUSPECT YOUR WHAT DO YOU NEED TO DO IF YOU SUSPECT YOUR

Cyber Security. Maintaining Your Identity on the Net

TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY. Mark

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics

DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

SMALL BUSINESS PRESENTATION

CYBER EXPOSURES OF SMALL AND MIDSIZE BUSINESSES A DIGITAL PANDEMIC. October Sponsored by:

Introduction to Computer Security

SPEAR PHISHING UNDERSTANDING THE THREAT

Protect yourself online

Identity Theft Protection

Infocomm Sec rity is incomplete without U Be aware,

General Security Best Practices

An Introduction on How to Better Protect Your Computer and Sensitive Data

Visa CREDIT Card General Guidelines

Client Security Guide

& INTERNET FRAUD

Preventing Corporate Account Takeover Fraud

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Electronic Fraud Awareness Advisory

Perspectives on Cybersecurity in Healthcare June 2015

Cybersecurity Awareness. Part 1

Questions You Should be Asking NOW to Protect Your Business!

V ISA SECURITY ALERT 13 November 2015

7 Urgent Security Protections Every Business Should Have In Place Now

Mobile Banking. Secure Banking on the Go. Matt Hillary, Director of Information Security, MX

OIG Fraud Alert Phishing

September 20, 2013 Senior IT Examiner Gene Lilienthal

Transcription:

NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the human firewall. Tip 2: Avoiding scams. Be suspicious of unsolicited phone calls, visits, or email messages and do not provide personal information or information about your organization or yourself. If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use c ontact information provided on a website connected to the request; instead, check previous statements for contact information. Creating a Culture of Cybersecurity Tip 3: Protecting yourself from phishing. Protecting yourself involves knowledge and technology. Never open emails from unknown senders. Carefully read the email, be mindful of grammatical errors and misspelled words. Don t click on the links in the email. Verify the legitimacy of emails by using your browser to go directly to the company website. Make sure your software technology is updated regularly. If you think you've received a phishing scam, delete the email message. Do not click any links in the message. 1

Tip 4: Protecting yourself from Ransomware. Ransomware roams through the internet. Secure your data by backing up your information on an external or cloud drive. Invest in security tools. Have security software installed and most importantly up-to-date with a current subscription. Remember with the thousands of new malware vari ants running every day, having a set of old virus definitions is almost as bad has having no protection. Make sure all the software on your system is up -to-date. This includes the operating system, the browser and all of the plug -ins that a modern browser typically uses. One of the most common infection vectors is a malicious exploit that leverage a software vulnerability. Keeping software up to date helps minimize the likelihood that your system has an exposed vulnerability on it. Back up data and scan sys tems regularly. While ransomware can slip past defenses, it's important to back -up your information so that you can retrieve it in a worst case scenario. Scan networks, systems and devices for malware frequently to stop data breaches as soon as they start. Tip 5: Business Email Compromise (BEC). BEC is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. Legitimate business e-mail accounts are compromised through social engineering or computer intrusion techniques who then conduct unauthorized transfers of funds. Prevent being a victim by: Create intrusion detection system rules that flag e -mails with extensions that are similar to company e -mail. For example, legitimate e-mail of abc_company.com would flag fraudulent e - mail of abc-company.com. Register all company domains that are slightly different than the actual company domain. Verify changes in vendor payment location by adding additional two-factor authentication such as having a secondary sign - off by company personnel. Confirm requests for transfers of funds. When using phone verification as part of the two -factor authentication, use 2

previously known numbers, not the numbers provided in the e - mail request. Know the habits of your customers, including the details of, reasons behind, and amount of payments. Carefully scrutinize all e-mail requests for transfer of funds to determine if the requests are out of the ordinary. Tip 6: Destructive Malware. Destructive Malware presents a threat to an organization s daily operations and business continuity; it impacts confidentiality, integrity and availability of data; and can threaten an organization s ability to recover from an attack. Follow five tips to combat cyber-attacks: 1. Back-up data and scan systems regularly. While malware can slip past defenses, it's important to back -up your information so that you can retrieve it in a worst case scenario. Scan networks, systems and devices for malware frequently to stop da ta breaches as soon as they start. 2. Don't open suspicious emails. Malware is easily downloaded through malicious links in emails. 3. Protect credentials with strong passwords. Although passwords seem unrelated to security, they are the first line of defense for companies. Require employees to create strong passwords that are a combination of lower and uppercase letters, numbers and special characters to prevent hackers from simply guessing the correct one. 4. Ensure third-party providers are protected. One of the ways companies are most vulnerable to cyber -attacks is through an insecure third-party service provider. Cybercriminals can steal credentials from these third parties to gain access to the company and information they are targeting. 5. Update software and patches. Software and tech companies often issue software updates and patches to fix security flaws that cybercriminals can exploit. Tip 7: Third Party Breaches. Eliminate third party risks by leveraging your contract and regulatory require ments. Key areas of concern include: 3

Managing your vendors. Perform regular due diligence of your third party service providers (TSP) as well as their outsourced vendors. Verifying their controls. Validate that the controls being used by the TSP are in line with your written contract meeting your requirements. Business resumption and contingency planning. Certify that the service provider is adhering to the agreed upon contingency plan that outlines the required operating procedures in the event of business disruption. Right to audit. Enforce the right of the institution and its regulatory agencies to obtain the results of the audits in a timely manner. Vendor managers should closely monitor the financial, technical and competiveness of their vendor s. Connected Communities: Staying Protected While Always Connected Tip 8: Limit the amount of personal information you post. Do not post information that would make you vulnerable, such as your address or information about your schedule or routine. If y our friend posts information about you, make sure the information is something that you are comfortable sharing with strangers. Tip 9: Take advantage of privacy and security settings. Use site settings to limit the information you share with the general p ublic online. Tip 10: Only access the Internet over a secure network. Maintain the same vigilance you would on your computer with your mobile device. Tip 11: Be suspicious of unknown links or requests sent through email or text message. Do not click on unknown links or answer strange questions sent to your mobile device, regardless of who the sender appears to be. Tip 12: Downloading Apps. Download apps and data only from trusted applications from reputable sources or marketplaces. 4

Your Evolving Digital Life Tip 13: Being smart about using your devices. Don't use your mobile device to store important and sensitive personal information, bank account numbers or other information that personally identifies you. Tip 14: Lock your smart devices. Use the screen lock feature on your mobile device. Many mobile phones now provide security options to customize your devices so that your information remains secure. Tip 15: Personal Identification Number (PIN). When selecting a PIN for your debit card or s mart device, never use important numbers associated with anniversaries, birth dates, social security numbers and the like. Select something easy to remember but not commonly known. Tip 16: Protect your personal computer. Keep operational and security software up-to-date. Combined, these patches close vulnerabilities on your computer and protect you from cyber -criminals. Tip 17: Practice good cyber-hygiene. Remember to select unique and strong passwords for all online accounts. Make sure your password is 8 or more characters in length and combine alphabetical, numerical and symbols. Building the Next Generation of Cyber Professionals Tip 18: Organizing operational security awareness. Your institutions security awareness program should be conduc ted as a growing and ongoing process to ensure that training and knowledge is not just delivered as an annual activity, rather it is used to maintain a high level of security awareness on a daily basis. Ensure your security "experts" are well known in your organization. Have them send out security alerts and training exercises. Make the training clear, crucial and compelling. Tip 19: Communicate your expectations on the first day of employment. Clearly state the mission of your cyber -security program, the risks institutions are exposed to, how employees are part of the 5

solution and where employees can report suspicious activity. Lead by example. Enforce your cyber-security policies when violations are made. Tip 20: Expand your security perimeter. By educating your customers and employees, you expand your security perimeter. What are some ways to increase education? Tip of the day. security message. Post a tip of the day that provide s a daily Risk Questionnaire. During Treasury Management visits with commercial customers, go over a brief questionnaire that reveals if they are at risk of financial loss due to cyber threats. Commercial Service Security Newsletter. Educate your commercial customers to specific cyber -threats that face small businesses today. Your proactive measure just may save your customer from a devastating cyber -event and earn you a loyal customer for life. Interactive Training. Many firms share interactive security quizzes with their customers on their website; it s fun and educational. Tip 21: Do not give out information about fellow employees, remote network access, organizational practices, or strategies to people you do not know. Avoid being the victim of a social engineer. If a person you don t know calls, sends an email or text, or visits you in person and asks for confidential information about your organization, do not supply any data until the person s identity has been verified. Tip 22: Use your computer with the assumption that everyone can see what you re doing. Yo u might be audited for acceptable use of equipment. Most of us are familiar with the idea that cookies help identify us to advertisers and website owners when we visit websites. However, your computer type, model, operating system, and even what version of Web browser you are using are also known to every site that you visit. This combined data results in another method to identify you and the types of information you access. Only visit websites for which you have a legitimate need when doing work for your organization. 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information