Cyber Security CATO Seminar Presented by: Jon Waldman CISA, CRISC
|
|
- Jeffrey Carroll
- 5 years ago
- Views:
Transcription
1 Cyber Security CATO Seminar Presented by: Jon Waldman CISA, CRISC Secure Banking Solutions
2 Contact Information Jon Waldman Partner, Senior IS Consultant CISA, CRISC Phone: Secure Banking Solutions
3 Dakota State Nationally Recognized National Security Agency Department of Homeland Security 4,000 universities in the country Only 100 named national centers in the past 10 years National Center of Excellence in Information Assurance Secure Banking Solutions
4 Agenda How is security changing in today s world? What is Commercial Account Takeover? How is this happening and why? How can I protect my business? What should I do next to improve security? Secure Banking Solutions
5 Cybersecurity State of the Union Trends (new technologies, greater adoption) $96,000 of sales are made on Amazon every minute $612,000 is spent online by consumers every minute Year of the Data Breach New and widespread vulnerabilities Cybercrime increasing rapidly! Commercial Account Takeover New Law on the way? (CISPA) 4/28/2015 Secure Banking Solutions, LLC 5
6 The evolution of Cyber Crime Used to be the hacker Now, it s Organized Crime Overseas operations Want $$$ to fund their organization Using Low Tech Attacks Target PEOPLE They purchase specialized software Marketing Material Secure Banking Solutions
7 Value of Hacked PC Secure Banking Solutions
8 Verizon DATA BREACH INVESTIGATIONS REPORT (DBIR) 1367 confirmed data breaches (2014) 63,437 security incidents (2014) 92% stemmed from external agents Organized criminal group 55% 55% utilized some form of hacking 29% utilized some form of social engineering 40% incorporated malware 75% of victims were opportunistic attacks 97% of breaches were avoidable through simple or intermediate controls (*2012) Secure Banking Solutions
9 Target (Nov/Dec 2013) 40M Credit/Debit Cards Card data for sale online. 70M Customer Records names, mailing addresses, phone numbers or addresses Malware-laced phishing attack sent to employees at an HVAC firm (which supported Target) From HVAC company, accessed Target s Vendor Portal Jumped inside the network and infected many Point of Sale systems Secure Banking Solutions
10 Recent Data Breaches Home Depot icloud Dozens of Healthcare institutions JP Morgan Chase The Food Service Industry (DQ, Jimmy Johns, Dominos, PF Chang s, etc.) Neiman Marcus Goodwill (18 MONTHS!) Anthem Sony Secure Banking Solutions
11 Secure Banking Solutions
12 Hacking made easy Default Passwords Hacking Tools Hacking Toolkits Caller ID Spoofing Social Engineer Toolkit Secure Banking Solutions
13 What is this Commercial Account Takeover? Commercial Account Takeover is when cyber-thieves gain control of a business bank account by stealing the business valid online banking credentials. There are several methods being employed to steal credentials, the most prevalent involves malware that infects a business computer workstations or laptops. - NACHA Secure Banking Solutions
14 Commercial Account Takeover around 85% of cyber attacks are now targeting small businesses. - Howard Schmidt (White House Cybersecurity Coordinator) 32 percent of respondents say their companies experienced a loss of more than $5,000 due to online banking fraud Ponemon Institute The FDIC lists this as #1 on its top 5 fraud threats list and states that it is responsible for millions of dollars in losses, frayed business relationships, and litigation affecting both banks and commercial accounts. Secure Banking Solutions
15 Commercial Banking Allow customers to access services of a financial institution via the internet. Bill Pay Funds transfer between other customers or banks Wire Transfers ACH Transactions Payroll Investments Loan applications and transactions Bank statements Secure Banking Solutions
16 How does CA Takeover Work? The bad guys Malicious software Small and medium size businesses, with computers and networks Financial Institutions Online Banking products MONEY! Secure Banking Solutions
17 Secure Banking Solutions
18 Money Mules Secure Banking Solutions
19 Where does it come from? Secure Banking Solutions
20 Types of Internet Traffic Secure Banking Solutions
21 Commercial Banking Fraud April 2013 Chelan County Public Hospital (Washington) lost $1.03 Million after attackers accessed payroll accounts and transferred the money into 96 different bank accounts (through the use of money mules) across the Midwest and east coast. Currently suing Bank of America: Secure Banking Solutions
22 Commercial Banking Fraud North Carolina fuel distributor JT Alexander & Son lost $800,000 in May Attackers were able to access the Bank s commercial internet banking account and initiate additional payroll ACH transactions remotely. The attackers again sent these payroll transactions to money mules distributed throughout the Midwest and east coast. Secure Banking Solutions
23 Commercial Banking Fraud Efficient Services Escrow Firm lost $1.5 million between December 2012 and February 2013 via three fraudulent international wire transfers to Russia and China. Efficient Services Escrow declared bankruptcy and was forced to lay off its entire staff in January Escrow Firm s network was compromised by a remote access Trojan prior to the fraudulent transfers. Secure Banking Solutions
24 Commercial Banking Fraud Village View Escrow lost $465,000 in March 2010 to an online hack The Catholic Diocese of Des Moines, Iowa, lost $600,000 in fraudulent ACH transactions August Experi-Metal Inc. of Sterling Heights, MI had $1.9M stolen, of which $560,000 was not recoverable due to 47 wires in one day to foreign and domestic accounts which EMI never wire to before PATCO Construction of Maine lost more than $500,000 due to Commercial Account Takeover in 2009 (probably the most public and infamous case, due to the lawsuits and outspoken owner) Choice Escrow and Land Title of Missouri lost $440,000 due to fraudulent wire transfers in 2009; courts ruled in favor of Bank in March of 2013, stating that the Bank had offered commercially reasonable security to Choice Escrow, but the business turned down the additional security features. So many more! Secure Banking Solutions
25 Secure Small Businesses BOTTOM LINE: Hackers are targeting small businesses. 70% of small business lack the 10 basic security controls. The bank has implemented controls to help protect your transactions. Your responsibility is to protect your business, funds, IT systems, and information. Secure Banking Solutions
26 So, what can we do about CATO? Make sure you have a relationship with your bank! Community Banks that have quality relationships with their customers tend to be more secure than larger, corporate financial institutions that do not have such relationships Work with your bank regularly to establish normal patterns of transactions Learn about Commercial Account Takeover Implement additional security controls within your business and on your network! Secure Banking Solutions
27 What does do to prevent CATO? MSA Hardware Token Required at Login Tokens can be required by customers for other user logons ACH filters and blocks (no charge!) Positive Pay including wire transfers (no charge!) Set and monitor ACH Limits Call-back verification for ACH transactions beyond limits Encourage Dual Approval of ACH processing and wires Build out a personal relationship with your and your business Happy to talk with you about how security controls work for businesses and what might be best for your business Encourage the use of a separate workstation or device for Online Banking
28 Small Business Information Security: The Fundamentals October 2009 NIST 7621 was released Assist small business management in understanding how to provide basic security for their information, systems, and networks. Provides commercially reasonable security measures which will reduce the likeliness of a security incident. Three basic areas which may reduce likeliness: Absolutely Necessary (todays focus) Highly Recommended Other Considerations Secure Banking Solutions
29 Exercise in Security Review the 10 Absolutely Necessary controls Rate how you have implemented the controls as we go over the controls Calculate your score Identify a plan to remediate security issues Secure Banking Solutions
30 1) Malware - Virus, Trojans, Spyware If your networks access the internet, then you have risk from Malware (Malicious Software). Secure Banking Solutions
31 1) My organization uses anti-virus and antispyware (malware) software: 1) I am not aware of what kind of software we use 2) We do not use this type of software 3) We have it on some computers 4) We have it on all computers but it is not updated on a regular basis and I question the quality of the product 5) We update our software and scan all computers daily with a quality product Secure Banking Solutions
32 2) Hardware Firewall Most small businesses have a broadband (high speed) internet connection which is always on. This leaves the network susceptible to network attacks on a 24/7 basis. Secure Banking Solutions
33 2) My organization secures our internet connection with a hardware firewall: 1) I am not aware if we have a hardware firewall 2) We do not use a hardware firewall 3) We have a hardware firewall but I am not sure on its quality 4) We have a commercial grade hardware firewall 5) We have a commercial grade hardware firewall that has all default security settings changed Secure Banking Solutions
34 3) Software Firewall In addition to hardware firewalls, software firewalls should be used on all workstations. Software firewalls protect workstations from each other. Microsoft provides built in firewall Secure Banking Solutions
35 3) My organization has a software firewall on all computers: 1) I am not aware if we have any software firewalls 2) We do not use a software firewall 3) We have a software firewall installed on a few computers 4) We have a software firewall installed on all computers 5) We have a commercial grade software firewall installed on all computers Secure Banking Solutions
36 4) Software Patching All operating systems such as Microsoft Windows, Apple OSX, and all distributions of UNIX/Linux have patches that need to be installed on a regular basis. Most software products require patches, including Microsoft Office, Adobe, Java, QuickTime, Firefox. These patches fix compatibility issues and known security vulnerabilities, not applying them leaves you vulnerable. Secure Banking Solutions
37 4) My organization applies security patches and updates to software programs: 1) I am not aware if we address security patches and updates 2) We do not patch or update any software 3) We patch and update some computers intermittently 4) We have Microsoft updates set to automatically install on all computers 5) We automatically update Microsoft and regularly update other critical programs on all computers Secure Banking Solutions
38 5) Backup Data Backing up your data protects it from numerous threats: Hackers destroying your computer Malware corrupting your data Fire and other natural disaster destroying your systems Many other threats Include all your critical data, backup often. Store a copy offsite. Test your backup process to know you can restore data. Secure Banking Solutions
39 5) My organization creates electronic backup copies of important data/information: 1) I am not aware if any information is backed up electronically 2) We do not create electronic backup copies of any information 3) We create backup copies of some important data intermittently 4) We create backups of all important data on a weekly basis 5) We backup all critical data weekly, test it monthly, and keep a copy off-site Secure Banking Solutions
40 6) Physical Access Security Secure each entrance point Monitor areas for unauthorized people Escort visitors around the building Secure documents, computers, servers from theft Secure? Secure? Secure Banking Solutions
41 6) My organization controls unauthorized physical access to protect our computers and important information: 1) I am not aware how we control physical security 2) We allow anyone to walk into our organization s sensitive areas unchallenged 3) We might sometimes challenge people who we do not recognize 4) We identify and challenge all third parties entering our organization s sensitive areas and lock all secondary entrances 5) We identify and challenge all third parties entering our organization s sensitive areas, lock all secondary entrances and also consider the placement of paper documents and computer monitors to protect information Secure Banking Solutions
42 7) Wireless Security Do not use wireless unless required for business Securely configure all wireless devices and access points. Most users implement with default settings Default passwords - WEP encryption can be hacked in hours (use WPA2!) Security vulnerabilities in wireless technology Update wireless software and firmware Users connect wireless devices to unsecured wireless, then conduct business. Secure Banking Solutions
43 7) My organization secures our wireless access points: 1) I am not aware if we have wireless 2) We bought a wireless access point and just connected it to our internal network 3) We use some type of security settings on our wireless 4) We use strong security settings and changed default settings on our wireless 5) We strictly prohibit wireless technology from being connected to our network Secure Banking Solutions
44 8) Security Awareness Training Employees should read security policies Employees should sign Acceptable Use Agreement Employees should receive training on security threats: Malware Phishing Social Engineering Unauthorized Access Percentage of illegitimate traffic 2013 Secure Banking Solutions
45 Phishing s Secure Banking Solutions
46 8) My organization trains our employees on basic security principles: 1) I am not aware of what training on security principles is done 2) We do not provide any training 3) We require employees handling sensitive information to watch webinars, read articles, and go to seminars on information security 4) We train employees when hired and on a regular basis by informed security personnel 5) We train employees when hired and on a regular basis by informed security personnel and we require all employees sign a statement that they understand our organization s security policies Secure Banking Solutions
47 9) Unique User Accounts Users should have a unique login to all computers, programs, and websites. Users should not be administrators on their local machine. If users can install software, then malware can install itself to the computer when clicked. Complex passwords - the password Spring08 can be cracked with on a normal computer in 24 seconds. Secure Passwords - 73% of users share the passwords which they use for online banking, with at least one nonfinancial website. If its easy to remember, its easy to guess. Try mnemonics: Proud to be an American + birth year = PtbaA!(*) where the birth year 1980 is typed in using the shift key Secure Banking Solutions
48 9) My organization has unique user accounts for each employee on computers and applications: 1) I am not aware if we have unique user accounts 2) We use unique usernames on some computers and programs 3) We use unique usernames on some computers and programs with passwords 4) We use unique usernames on all computers and programs with good passwords (8 characters consisting of random letters, numbers, and special characters) 5) We use unique usernames on all computers and programs with good passwords that are changed every 3 months plus users do not have administrative privileges Secure Banking Solutions
49 10) Limit Access to Data For all employees, provide access to only those systems and only to the specific information that they need to do their jobs. Do not allow a single individual to both initiate and approve a transaction (financial or otherwise). Limited access reduces the exposure of data to malware and hackers. Also reduces the impacts of malicious insiders. Secure Banking Solutions
50 10) My organization limits employee access to data and information: 1) I am not aware if we limit access to data or information 2) We allow employees to access any system and have access to all information 3) We allow employees to access any system but control access to some information 4) We allow employees to access systems and information that is only necessary for their job 5) We allow employees to access systems and information that is only necessary for their job and require two employees initiating and approving transactions (financial or otherwise) Secure Banking Solutions
51 Rate Your level of Defense Identify where you are Take steps to improve your security controls Good security does not guarantee protection Points Percent Correct 45 90% 40 80% 35 70% 30 60% Secure Banking Solutions
52 Security Lifecycle 1. Assess Risk 2. Implement Controls 3. Audit Controls Vulnerability Assessment Penetration Testing Social Engineering Security Audit Secure Banking Solutions
53 IT Audit Check your overall security program Identify other risk you may not have considered Outline basic components specific to your business Highlight best practices Secure Banking Solutions
54 Vulnerability Assessment Check Software Patching Check Malware Check Default Security Settings Workstations Hackers Internet Servers Bank Firewall Vulnerability Assessment Penetration Test Secure Banking Solutions
55 Penetration test Replicates a Hackers Actions to Break-in Check Hardware Firewall Workstations Hackers Internet Servers Bank Firewall Vulnerability Assessment Penetration Test Secure Banking Solutions
56 Social Engineering Test your people Check effectiveness of training program Types Include: Phishing s Phone Impersonation Physical Impersonation Dumpster Diving Secure Banking Solutions
57 Social Engineering Secure Banking Solutions
58 Remember Security is everyone s issue! Take steps to secure YOUR financial information on YOUR networks, just as the Bank has taken steps to ensure security on their end Work with your Bank to establish normal patterns of banking CATO is a lose-lose situation Let s try to prevent it from happening by working together! Secure Banking Solutions
59 Questions? Thanks for taking time out of your busy day to spend with us learning about Commercial Account Takeover. Let us know how we can help! Presenter: Jon Waldman, Secure Banking Solutions Park Bank: Samuel Huntingon, VP Treasury Management Secure Banking Solutions
Web Cash Fraud Prevention Best Practices
Web Cash Fraud Prevention Best Practices Tips on what you can do to prevent Online fraud. This document provides best practices to avoid or reduce exposure to fraud. You can use it to educate your Web
More informationEFT SWIFT Breaches Highlight Growing Fraud
EFT SWIFT Breaches Highlight Growing Fraud HOW ARE THE BAD GUYS STEALING MONEY OUT FROM UNDER OUR NOSES? PRESENTED BY: TOTAL TRAINING SOLUTIONS AND JON WALDMAN, SBS CISA, CRISC 1 Contact Information Jon
More information2016 Tri-State CF Partnership Webinar Series. Cyber Crime Trends a State of the Union April 7, 2016
2016 Tri-State CF Partnership Webinar Series Cyber Crime Trends a State of the Union April 7, 2016 Presenter Mark Eich, Principal Information Security Services Group CliftonLarsonAllen 2014 CliftonLarsonAllen
More informationWHAT IS CORPORATE ACCOUNT TAKEOVER? HOW DOES IT HAPPEN?
WHAT IS CORPORATE ACCOUNT TAKEOVER? Corporate Account Takeover (also referred to as CATO) is a type of fraud where criminals gain access to a business financial accounts to make unauthorized transactions.
More informationBest Practices Guide to Electronic Banking
Best Practices Guide to Electronic Banking City Bank & Trust Company offers a variety of services to our customers. As these services have evolved over time, a much higher percentage of customers have
More information10 Cybersecurity Questions for Bank CEOs and the Board of Directors
4 th Annual UBA Bank Executive Winter Conference February, 2015 10 Cybersecurity Questions for Bank CEOs and the Board of Directors Dr. Kevin Streff Founder, Secure Banking Solutions 1 Board of Directors
More informationNORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers
Identify Protect Detect Respond Recover Identify: Risk Assessments & Management 1. Risk assessments are conducted frequently (e.g. annually, quarterly). 2. Cybersecurity is included in the risk assessment.
More informationEmployee Security Awareness Training
Employee Security Awareness Training September 2016 Purpose Employees have access to sensitive data through the work they perform for York. Examples of sensitive data include social security numbers, medical
More informationCybersecurity The Evolving Landscape
Cybersecurity The Evolving Landscape 1 Presenter Zach Shelton, CISA Principal DHG IT Advisory Zach.Shelton@DHG.com Raleigh, NC 14+ years of experience in IT Consulting 11+ years of experience with DHG
More information2014 CliftonLarsonAllen LLP Cyber Crime and Payment Fraud Trends Key Threats to All Businesses CliftonLarsonAllen LLP. CLAconnect.
Cyber Crime and Payment Fraud Trends Key Threats to All Businesses CLAconnect.com What do the following have in common? Catholic church parish Hospice Collection agency Main Street newspaper stand Electrical
More informationThe BUSINESS of Fraud. Don t let it put you out of business. AFFILIATE LOGO
The BUSINESS of Fraud. Don t let it put you out of business. Veenindra J. Singh, First Vice President, Treasury Management Consultant California Bank & Trust 300 Lakeside Drive, Suite 800 Oakland, Ca 94612
More informationsecurity FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.
security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name. Security for Your Business Mitigating risk is a daily reality for business owners, but you don t have
More informationDHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1
Addressing the Evolving Cybersecurity Tom Tollerton, CISSP, CISA, PCI QSA Manager Cybersecurity Advisory Services DHG presenter Tom Tollerton, Manager DHG IT Advisory 704.367.7061 tom.tollerton@dhgllp.com
More informationCyber security tips and self-assessment for business
Cyber security tips and self-assessment for business Last year one in five New Zealand SMEs experienced a cyber-attack, so it s essential to be prepared. Our friends at Deloitte have put together this
More informationHow Breaches Really Happen
How Breaches Really Happen www.10dsecurity.com About Dedicated Information Security Firm Clients Nationwide, primarily in financial industry Services Penetration Testing Social Engineering Vulnerability
More informationTackling Cybersecurity with Data Analytics. Identifying and combatting cyber fraud
Tackling Cybersecurity with Data Analytics Identifying and combatting cyber fraud San Antonio IIA iheartaudit Conference February 24, 2017 What We ll Cover + Current threat landscape + Common security
More informationHIPAA 2017 Compliancy Group, LLC
1 Meet Your Expert Charles Weiselberg Compliancy Group, LLC Director of Customer Service Chuck@compliancygroup.com ENDORSED PARTNER 2 Compliancy Group We simplify compliance so you can confidently focus
More informationNOT-FOR- PROFIT SERVICES GROUP Client Information Bulletin
NOT-FOR- PROFIT SERVICES GROUP GUARDING AGAINST CYBERTHEFT The Problem: There has been an increase in electronic funds transfer (EFT) fraud being perpetrated on small to medium-size businesses in the past
More informationHow do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?
Cybersecurity Due Diligence Checklist Control # Control Name Risks Questions for IT 1 Make an Benign Case: Employees Inventory of using unapproved Authorized devices without Devices appropriate security
More informationProtecting Your Religious Organization Against Cybercrime
Protecting Your Religious Organization Against Cybercrime A State of the Union CLAconnect.com Disclaimers The information contained herein is general in nature and is not intended, and should not be construed,
More informationThe Cyber War on Small Business
The Cyber War on Small Business Dillon Behr Executive Lines Broker Risk Placement Services, Inc. Meet Our Speaker Dillon Behr Executive Lines Broker Risk Placement Services, Inc. Previously worked as Cyber
More informationCyber Insurance: What is your bank doing to manage risk? presented by
Cyber Insurance: What is your bank doing to manage risk? David Kitchen presented by Lisa Micciche Today s Agenda Claims Statistics Common Types of Cyber Attacks Typical Costs Incurred to Respond to an
More information9/11/ FALL CONFERENCE & TRAINING SEMINAR 2014 FALL CONFERENCE & TRAINING SEMINAR
1 2 1 Agenda: Types of Fraud Things you can do internally Things that companies can do Services Provided by the Bank 3 Because that is where the money is. 4 2 Checks Credit Cards ACH (Debits / Credits)
More informationCyber Security Updates and Trends Affecting the Real Estate Industry
Cyber Security Updates and Trends Affecting the Real Estate Industry What, Why, and How? Agenda Cyber Security Today Changes to Security Standards and Trends Protecting Yourself and Your Organization Takeways
More informationRecognizing Fraud Staying Safe 2018 Information/Cyber Security Training
Recognizing Fraud Staying Safe 2018 Information/Cyber Security Training Copyright Sage Data Security 2017-2018 All Rights Reserved Presented by: John H Rogers, CISSP Director of Advisory Services john.rogers@sagedatasecurity.com
More informationDisaster Recovery Self-Audit
Disaster Recovery Self-Audit Disaster Recovery Audit There are 3 steps to this process: 1. Identify all data and IT-related functions (like credit card processing, documents on your file server, member
More informationFlorida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government
Florida Government Finance Officers Association Staying Secure when Transforming to a Digital Government Agenda Plante Moran Introductions Technology Pressures and Challenges Facing Government Technology
More informationWhy you MUST protect your customer data
Why you MUST protect your customer data If you think you re exempt from compliance with customer data security and privacy laws because you re a small business, think again. Businesses of all sizes are
More informationHow NOT To Get Hacked
How NOT To Get Hacked The right things to do so the bad guys can t do the wrong ones Mark Burnette Partner, LBMC -Risk Services October 25, 2016 Today s Agenda Protecting Against A Hack How should I start?
More informationCyber Crime and Online Payment Fraud Trends
Cyber Crime and Online Payment Fraud Trends Speaker: Mark Eich, CliftonLarsonAllen Copyright This presentation is protected by U.S. and International copyright laws. Reproduction, distribution, display
More informationKeep the Door Open for Users and Closed to Hackers
Keep the Door Open for Users and Closed to Hackers A Shift in Criminal Your Web site serves as the front door to your enterprise for many customers, but it has also become a back door for fraudsters. According
More informationTake Risks in Life, Not with Your Security
Take Risks in Life, Not with Your Security Redefining Cybersecurity Why We re Here agio.com Agenda The Problem(s): Threat Landscape Current Threat Landscape People are the Problem Protect Yourself Solutions
More informationRecommendations for Implementing an Information Security Framework for Life Science Organizations
Recommendations for Implementing an Information Security Framework for Life Science Organizations Introduction Doug Shaw CISA, CRISC Director of CSV & IT Compliance Azzur Consulting Agenda Why is information
More information2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along
2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management Today s Speakers Olivia Munro Senior Marketing Specialist Eze Castle Integration Bob Shaw Director, Technical Architecture Eze Castle
More informationLegal Aspects of Cybersecurity
Legal Aspects of Cybersecurity John W. Mashni Taylor A. Gast (517) 371-8257 (517) 371-8238 jmashni@fosterswift.com tgast@fosterswift.com Alexander A. Ayar (248) 538-6326 AAyar@FosterSwift.com Risks Data
More informationCybersecurity Guidance for Small Firms Thursday, November 8 9:00 a.m. 10:00 a.m.
Cybersecurity Guidance for Small Firms Thursday, November 8 9:00 a.m. 10:00 a.m. It is crucial that small financial firms take proper cybersecurity measures to protect their customers and their firm. During
More informationBuilding a Business Case for Cyber Threat Intelligence. 5Reasons Your. Organization Needs a Risk-Based 5Approach to Cybersecurity
Building a Business Case for Cyber Threat Intelligence 5Reasons Your Organization Needs a Risk-Based 5Approach to Cybersecurity 5 Reasons for a Risk-Based Approach to Cybersecurity The Bad Guys are Winning
More informationKeys to a more secure data environment
Keys to a more secure data environment A holistic approach to data infrastructure security The current fraud and regulatory landscape makes it clear that every firm needs a comprehensive strategy for protecting
More informationSMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE
SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE Small business cybersecurity survival guide By Stephen Cobb, ESET Senior Security Researcher Computers and the internet bring many benefits to small businesses,
More informationTreasury Services Group Number Treasury Management Officer
Commonwealth Bank & Trust Company is providing this information to you, our ACH Origination customers, as a part of our responsibilities as an Originating Depository Financial Institution. Commonwealth
More informationHow Cyber-Criminals Steal and Profit from your Data
How Cyber-Criminals Steal and Profit from your Data Presented by: Nick Podhradsky, SVP Operations SBS CyberSecurity www.sbscyber.com Consulting Network Security IT Audit Education 1 Agenda Why cybersecurity
More informationCYBERSECURITY IN THE POST ACUTE ARENA AGENDA
CYBERSECURITY IN THE POST ACUTE ARENA AGENDA 2 Introductions 3 Assessing Your Organization 4 Prioritizing Your Review 5 206 Benchmarks and Breaches 6 Compliance 0 & Cybersecurity 0 7 Common Threats & Vulnerabilities
More informationWhat are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards
PCI DSS What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards Definition: A multifaceted security standard that includes requirements for security management, policies, procedures,
More informationSecurity & Phishing
Email Security & Phishing Best Practices In Cybersecurity Presenters Bill Shieh Guest Speaker Staff Engineer Information Security Ellie Mae Supervisory Special Agent Cyber Crime FBI 2 What Is Phishing?
More informationPCI Compliance. What is it? Who uses it? Why is it important?
PCI Compliance What is it? Who uses it? Why is it important? Definitions: PCI- Payment Card Industry DSS-Data Security Standard Merchants Anyone who takes a credit card payment 3 rd party processors companies
More informationCyber Fraud What can you do about it?
Cyber Fraud What can you do about it? Eric Wright Shareholder June 10, 2014 What is Cyber Fraud? NetLingo definition: Cyber fraud refers to any type of deliberate deception for unfair or unlawful gain
More informationSecurity Awareness & Best Practices Best Practices for Maintaining Data Security in Your Business Environment
Security Awareness & Best Practices Best Practices for Maintaining Data Security in Your Business Environment Ray Colado, Information Security Analyst Raise awareness around information security to help
More informationHealthcare HIPAA and Cybersecurity Update
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Healthcare HIPAA and Cybersecurity Update Agenda > Introductions > Cybersecurity
More informationToo Little Too Late: Top Reasons Why You Got Hacked
TUESDAY MAY 23,2017 2:00-3:15 PM Too Little Too Late: Top Reasons Why You Got Hacked MODERATOR SPEAKERS John Gross Director of Financial Management, City of Long Beach, CA Chad Alvarado Supervisory Special
More informationCybersecurity. Overview. Define Cyber Security Importance of Cyber Security 2017 Cyber Trends Top 10 Cyber Security Controls
Cybersecurity Hospitality Finance and Technology Professionals June 27, 2017 Presented by: Harvey Johnson, CPA Partner Overview Define Cyber Security Importance of Cyber Security 2017 Cyber Trends 1 About
More informationCybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City
1 Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City The opinions expressed are those of the presenters and are not those of the Federal Reserve Banks, the
More informationFraud and Social Engineering in Community Banks
Fraud and Social Engineering in Community Banks Information Security Trends and Strategies October 2, 2010 1 Our perspective LarsonAllen Started in 1953 with a goal of total client service Today, industry
More informationA Measurement Companion to the CIS Critical Security Controls (Version 6) October
A Measurement Companion to the CIS Critical Security Controls (Version 6) October 2015 1 A Measurement Companion to the CIS Critical Security Controls (Version 6) Introduction... 3 Description... 4 CIS
More informationRetail/Consumer Client Internet Banking Awareness and Education Program
Retail/Consumer Client Internet Banking Table of Contents Securing Your Environment... 3 Unsolicited Client Contact... 3 Protecting Your Identity... 3 1) E-mail Risk... 3 2) Internet Risks... 4 3) Telephone
More informationA practical guide to IT security
Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or
More information2017 Annual Meeting of Members and Board of Directors Meeting
2017 Annual Meeting of Members and Board of Directors Meeting Dan Domagala; "Cybersecurity: An 8-Point Checklist for Protecting Your Assets" Join this interactive discussion about cybersecurity trends,
More informationBusiness/Commercial Client Internet Banking Awareness and Education Program
Business/Commercial Client Internet Banking 1.855.860.5952 TMClientSupport@opusbank.com www.opusbank.com Table of Contents Unsolicited Client Contact... 1 E-mail Risk... 1 Internet Risks... 3 Telephone
More informationIntroduction to Information Security Dr. Rick Jerz
Introduction to Information Security Dr. Rick Jerz 1 Goals Explain the various types of threats to the security of information Discuss the different categorizations of security technologies and solutions
More informationGovernance Ideas Exchange
www.pwc.com.au Anatomy of a Hack Governance Ideas Exchange Robert Di Pietro October 2018 Cyber Security Anatomy of a Hack Cyber Security Introduction Who are the bad guys? Profiling the victim Insights
More informationCyber Crime Seminar. No Victim Too Small Why Small Businesses Are Low Hanging Fruit
Cyber Crime Seminar No Victim Too Small Why Small Businesses Are Low Hanging Fruit Why Are We Here? What is Cybercrime? Why YOU may become the next victim? What do they attack? Why do they attack? How
More informationPersonal Physical Security
Security Essentials For Personal Personal Physical Security Lights at night and/or motion sensitive flood lights Cut your bushes so people can t hide behind them Lock your doors and windows (do a nightly
More informationSMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE
SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE Small business cybersecurity survival guide By Stephen Cobb, ESET Senior Security Researcher Computers and the internet bring many benefits to small businesses,
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More information2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager
2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager NIST Cybersecurity Framework (CSF) Executive Order 13636 Improving Critical Infrastructure Cybersecurity tasked the National
More informationCyber Crime and Payment Fraud Trends
2013 CliftonLarsonAllen LLP Cyber Crime and Payment Fraud Trends Threats to All Not For Profit Entities CLAconnect.com What do the following have in common? Catholic church parish Hospice Collection agency
More informationManaging IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services
Managing IT Risk: What Now and What to Look For Presented By Tina Bode IT Assurance Services Agenda 1 2 WHAT TOP TEN IT SECURITY RISKS YOU CAN DO 3 QUESTIONS 2 IT S ALL CONNECTED Introduction All of our
More informationNotice to our customers regarding Toll Fraud
Notice to our customers regarding Toll Fraud - Beware of Toll Fraud. - Toll Fraud is a crime against you. Bizfon isn't responsible for your Toll Fraud. - You need to take steps to protect yourself from
More informationCybersecurity Conference Presentation North Bay Business Journal. September 27, 2016
Cybersecurity Conference Presentation North Bay Business Journal September 27, 2016 1 PRESENTER Francis Tam, CPA, CISM, CISA, CITP, CRISC, PCI QSA Partner Information Security and Infrastructure Practice
More informationCYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW
CYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW May 2018 Ed Plawecki General Counsel & Director of Government Relations UHY LLP Jamie See Manager UHY LLP Iowa Public
More informationData Security Essentials
Data Security Essentials Strategies to Protect Non-public Personal Information Oct. 28, 2015 alta.org/titletopics Speakers Chris Gulotta Real Estate Data Shield Chris Hacker ShortTrack Todd Hougaard BeesPath
More informationCyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)
Cyber Security Presenters: - Brian Everest, Chief Technology Officer, Starport Managed Services - Susan Pawelek, Accountant, Compliance and Registrant Regulation February 13, 2018 (webinar) February 15,
More informationGetting Started with Cybersecurity
2 Incidents per week: Since 2016, U.S. K-12 school districts have experienced more than two cyber incidents per week on average. Fastest growing cyber incidents in K12 schools Most common cyber incidents
More informationDom Nessi Burns Engineering March 29, 2017 CYBERSECURITY TRENDS 2017 REPORT
Dom Nessi Burns Engineering March 29, 2017 CYBERSECURITY TRENDS 2017 REPORT TOPICS Recent Cybersecurity News Past Cybersecurity News Role of Cybersecurity Major Trends Featured Speakers Matthew Dahl, Manager-Global
More informationRestech. User Security AVOIDING LOSS GAINING CONFIDENCE IN THE FACE OF TODAY S THREATS
Restech User Security AVOIDING LOSS GAINING CONFIDENCE IN THE FACE OF TODAY S THREATS Your presenter: Vince Gremillion, CISSP 30+ years technical and customer service experience Founder/Co-Owner RESTECH
More information5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief
5 Trends That Will Impact Your IT Planning in 2012 Layered Security Executive Brief a QuinStreet Excutive Brief. 2011 Layered Security Many of the IT trends that your organization will tackle in 2012 aren
More informationCybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016
Cybersecurity: Considerations for Internal Audit Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Agenda Key Risks Incorporating Internal Audit Resources Questions 2 San Francisco
More informationCLICK TO EDIT MASTER TITLE STYLE Fraud Overview and Mitigation Strategies
Fraud Overview and Mitigation Strategies SUNTRUST TEAM: DOUG HICKMAN SENIOR VICE PRESIDENT FOUNDATIONS AND ENDOWMENTS SPECIALTY PRACTICE JAMES BERNAL ASSISTANT VICE PRESIDENT FOUNDATIONS AND ENDOWMENTS
More informationU.S. State of Cybercrime
EXCLUSIVE RESEARCH FROM EXECUTIVE SUMMARY 2017 U.S. State of Cybercrime IDG Communications, Inc. 2017 U.S. State of Cybercrime TODAY S CYBERCRIMES ARE BECOMING MORE TARGETED AND BUILT FOR MAXIMUM IMPACT,
More informationGetting over Ransomware - Plan your Strategy for more Advanced Threats
Getting over Ransomware - Plan your Strategy for more Advanced Threats Kaspersky Lab Hong Kong Eric Kwok General Manager Lapcom Ltd. BEYOND ANTI-VIRUS: TRUE CYBERSECURITY FROM KASPERSKY LAB 20 years ago
More informationFTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.
FTA 2017 SEATTLE Cybersecurity and the State Tax Threat Environment 1 Agenda Cybersecurity Trends By the Numbers Attack Trends Defensive Trends State and Local Intelligence What Can You Do? 2 2016: Who
More informationFFIEC Guidance: Mobile Financial Services
FFIEC Guidance: Mobile Financial Services Written by: Jon Waldman, CISA, CRISC Partner and Senior Information Security Consultant Secure Banking Solutions, LLC FFIEC Updates IT Examination Handbook to
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationFDIC InTREx What Documentation Are You Expected to Have?
FDIC InTREx What Documentation Are You Expected to Have? Written by: Jon Waldman, CISA, CRISC Co-founder and Executive Vice President, IS Consulting - SBS CyberSecurity, LLC Since the FDIC rolled-out the
More informationKnowBe4 is the world s largest integrated platform for awareness training combined with simulated phishing attacks.
KnowBe4 is the world s largest integrated platform for awareness training combined with simulated phishing attacks. About Us The world s most popular integrated Security Awareness Training and Simulated
More informationRegulator s Perspective of Best Practices in Combatting Cybercrime Executive Fraud Forum October 30, 2013
Regulator s Perspective of Best Practices in Combatting Cybercrime Executive Fraud Forum October 30, 2013 Tony DaSilva, AAP, CISA Senior Examiner Federal Reserve Bank of Atlanta Disclaimer The views and
More informationDeMystifying Data Breaches and Information Security Compliance
May 22-25, 2016 Los Angeles Convention Center Los Angeles, California DeMystifying Data Breaches and Information Security Compliance Presented by James Harrison OM32 5/25/2016 3:00 PM - 4:15 PM The handouts
More informationHIPAA Assessment. Prepared For: ABC Medical Center Prepared By: Compliance Department
HIPAA Assessment Prepared For: ABC Medical Center Prepared By: Compliance Department Agenda Environment Assessment Overview Risk and Issue Score Next Steps Environment NETWORK ASSESSMENT (changes) Domain
More informationCybersecurity and Nonprofit
Cybersecurity and Nonprofit 2 2 Agenda Cybersecurity and Non Profits Scenario #1 Scenario #2 What Makes a Difference Cyber Insurance and How it Helps Question and Answer 3 3 Cybersecurity and Nonprofit
More informationInsider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey
Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey CyberMaryland Conference 2017 Bob Andersen, Sr. Manager Federal Sales Engineering robert.andersen@solarwinds.com
More informationEvolution of Spear Phishing. White Paper
Evolution of Spear Phishing White Paper Executive Summary Phishing is a well-known security threat, but few people understand the difference between phishing and spear phishing. Spear phishing is the latest
More informationCriminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud
Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains
More informationYou ve Been Hacked Now What? Incident Response Tabletop Exercise
You ve Been Hacked Now What? Incident Response Tabletop Exercise Date or subtitle Jeff Olejnik, Director Cybersecurity Services 1 Agenda Incident Response Planning Mock Tabletop Exercise Exercise Tips
More informationFrequently Asked Questions (FAQ)
Your personal information and account security is important to us. This product employs a Secure Sign On process that includes layers of protection at time of product log in to mitigate risk, and thwart
More informationA General Review of Key Security Strategies
A General Review of Key Security Strategies Disclaimers All content and comments are my own and may not reflect the views of the: United States Government United States Department of Justice (DOJ) Federal
More informationFraud Risks Facing Credit Unions. ALLIED SOLUTIONS LLC SERVICE CENTER 210 East Main Street, Suite 200, Niles, MI Fax:
Fraud Risks Facing Credit Unions Today s Session Global risks Share how the bad guys are getting in Focus on Cyber and Card Risk Discuss what the credit union can do to prevent the risk Open discussion
More informationWelcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time
TM Plan. Protect. Respond. Welcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time Registration is open for the April webinar:
More informationCyber Security Risk Management and Identity Theft
Cyber Security Risk Management and Identity Theft 2017 MD SHRM State Conference Presented by Robert Bob Olsen, Chief Executive Officer MS ITS, MBA, CISSP, CISM October 16, 2017 This presentation may not
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More information1) Are employees required to sign an Acceptable Use Policy (AUP)?
Business ebanking Risk Assessment & Controls Evaluation As a business owner, you want to be sure you have a strong process in place for monitoring and managing who has access to your Business ebanking
More informationThe 10 Disaster Planning Essentials For A Small Business Network
The 10 Disaster Planning Essentials For A Small Business Network If your data is important to your business and you cannot afford to have your operations halted for days or even weeks due to data loss
More information