CLICK TO EDIT MASTER TITLE STYLE Fraud Overview and Mitigation Strategies

Similar documents
security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.

Cyber Insurance: What is your bank doing to manage risk? presented by

Best Practices Guide to Electronic Banking

CYBER SECURITY RESOURCE GUIDE. Cyber Fraud Overview. Best Practices and Resources. Quick Reference Guide for Employees. Cyber Security Checklist

Personal Cybersecurity

The BUSINESS of Fraud. Don t let it put you out of business. AFFILIATE LOGO

WHAT IS CORPORATE ACCOUNT TAKEOVER? HOW DOES IT HAPPEN?

Your security on click Jobs

Cyber Security Updates and Trends Affecting the Real Estate Industry

How Cyber-Criminals Steal and Profit from your Data

Take Risks in Life, Not with Your Security

Web Cash Fraud Prevention Best Practices

FAQ. Usually appear to be sent from official address

Cybersecurity The Evolving Landscape

9/11/ FALL CONFERENCE & TRAINING SEMINAR 2014 FALL CONFERENCE & TRAINING SEMINAR

Restech. User Security AVOIDING LOSS GAINING CONFIDENCE IN THE FACE OF TODAY S THREATS

Fraud Update: Why Fraudsters Love Wires and How to Stop Them. Luis Rojas, Director, Product Management WesPay 2014

Security Awareness & Best Practices Best Practices for Maintaining Data Security in Your Business Environment

10 FOCUS AREAS FOR BREACH PREVENTION

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

The Cyber War on Small Business

2017 Annual Meeting of Members and Board of Directors Meeting

Must Have Items for Your Cybersecurity or IT Budget in 2018

Governance Ideas Exchange

Quick recap on ing Security Recap on where to find things on Belvidere website & a look at the Belvidere Facebook page

External Supplier Control Obligations. Cyber Security

Treasury Services Group Number Treasury Management Officer

It pays to stop and think

Target Breach Overview

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

Protecting Your Business From Hackers

Webomania Solutions Pvt. Ltd. 2017

ASSESSMENT LAYERED SECURITY

Business/Commercial Client Internet Banking Awareness and Education Program

ANNUAL SECURITY AWARENESS TRAINING 2012

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank

Preventing fraud in public sector entities

Sinu. Your IT Department. Oh, the humanity! The role people play in data security NYC: DC:

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

A practical guide to IT security

Internet of Things Toolkit for Small and Medium Businesses

BUILDING AN EFFECTIVE PROGRAM TO PROTECT AGAINST FRAUD

Identity Theft Prevention Policy

Retail/Consumer Client Internet Banking Awareness and Education Program

Cyber fraud and its impact on the NHS: How organisations can manage the risk

FFIEC Guidance: Mobile Financial Services

FFIEC CONSUMER GUIDANCE

Safeguarding Your Dealership from Fraud

Why you MUST protect your customer data

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

Guide to credit card security

Cyber security tips and self-assessment for business

Business ebanking User Guide May 2015

What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards

Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches

Evolution of Spear Phishing. White Paper

OPSEC and defense agains social engineering for devels, execs, and sart-ups

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

But it Was Such a Little Phish February 2016 Webinar

Create strong passwords

Regulator s Perspective of Best Practices in Combatting Cybercrime Executive Fraud Forum October 30, 2013

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

JAPAN CYBER-SAVVINESS REPORT 2016 CYBERSECURITY: USER KNOWLEDGE, BEHAVIOUR AND ATTITUDES IN JAPAN

Safety and Security. April 2015

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

FFIEC CONSUMER GUIDANCE

Service Provider View of Cyber Security. July 2017

Newcomer Finances Toolkit. Fraud. Worksheets

South Central Power Stop Scams

STAYING SAFE FROM SOCIAL ENGINEERING SCHEMES

Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide

Thanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at

Recognizing Fraud Staying Safe 2018 Information/Cyber Security Training

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Financial scams. What to look for and how to avoid them.

Shareholder Authentication

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

CISO as Change Agent: Getting to Yes

A Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016

CERTIFIED SECURE COMPUTER USER COURSE OUTLINE

ELECTRONIC BANKING & ONLINE AUTHENTICATION

Octopus Online Service Safety Guide

Cyber Security Risk Management and Identity Theft


Security & Phishing

Business Online Banking & Bill Pay Guide to Getting Started

Fraud and Social Engineering in Community Banks

Legal Aspects of Cybersecurity

How to recognize phishing s

Level 2 Cambridge Technical in IT

Mobile Cash Management

Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any

Employee Security Awareness Training

Train employees to avoid inadvertent cyber security breaches

Cybersecurity for the SMB. CrowdStrike s Murphy on Steps to Improve Defenses on a Smaller Scale

Employee Privacy in the Electronic Workplace

Using Security to Lock in Commercial Banking Customers

Preparing for a Breach October 14, 2016

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

Transcription:

Fraud Overview and Mitigation Strategies

SUNTRUST TEAM: DOUG HICKMAN SENIOR VICE PRESIDENT FOUNDATIONS AND ENDOWMENTS SPECIALTY PRACTICE JAMES BERNAL ASSISTANT VICE PRESIDENT FOUNDATIONS AND ENDOWMENTS SPECIALTY PRACTICE CHARLENE CRAIG SENIOR VICE PRESIDENT NOT-FOR-PROFIT & GOVERNMENT BANKING

Data Breaches Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breacheshacks/ 3

Paper vs. Electronic 73% SOURCE: 2016 AFP Payments Fraud and Control Survey 4

AFP PAYMENTS FRAUD AND CONTROL SURVEY 5

FRAUD PREVENTION BEST PRACTICES - CHECK 6

FRAUD PREVENTION BEST PRACTICES - ACH 7

WHO S BEING TARGETED Risk assess to effectively position your defense to these threat actor groups. Get informed. Some examples: Money Customer Data Incident patterns, by Industry (2015) Intellectual Property Classified Data Other Services = Entertainment, Technology, Transportation Source: 2015 Verizon Data Breach Investigations Report Data 8

THE THREAT LANDSCAPE BUSINESS EMAIL COMPROMISE

BUSINESS EMAIL COMPROMISE Controls Process SOURCE: 2016 AFP Payments Fraud and Control Survey 10

BUSINESS EMAIL COMPROMISE Business Executive Fraud - Email accounts of highlevel business executives (CFO, CTO, etc.) are spoofed/hacked and a fraudulent wire transfer request is made Bogus Supplier Invoices After a vendor has been hacked, a company is asked to change payment instructions or pay an invoice to an alternative, fraudulent account. Attorney Impersonation Scammers convince targets that wire transfers are needed for legal matter settlement, indicating the need for confidentiality and urgency. Data Theft The goal isn t direct funds transfer. Scammers are looking for sensitive corporate financial information. 11

BUSINESS EMAIL COMPROMISE Best Practices Wire Transfer Educate your staff about the fraud risks inherent in their daily processes. Create a culture that empowers employees to ask questions Develop processes for wire validation that include access to key executives for approval. Require two people to approve large sums or to make changes to any information that impacts the movement of funds. Verify important or large transactions through an alternate method including phone call or in-person. Limit information available to the general public about your company s internal operations. Conduct all banking on a dedicated machine used for no other task. 12

BUSINESS EMAIL COMPROMISE Best Practices Supplier/Invoice Train associates on all vendor management policies and empower them to ask questions when in doubt. MASTER and existence TITLE STYLE Know Your Vendor perform due diligence on the company s background Dual approvals for new vendors Email requests for new vendor set-up not accepted Plan How Your Vendor Will Connect to You EDI, secure FTP, Web portal, Phone Test, document, and validate Segregate Responsibility of Vendor Authentication and Purchasing Functions Changes to Vendor Master File : Requests must be validated by trusted source at vendor Verbal Confirmation Vendors should be required to verbally approve changes using phone numbers that are known and listed for vendors Vendor list, including contact information of individuals authorized to make payment changes, should be kept in a hard copy file New Vendor system flags (systemic red flags of change of normalcy) 13

AWARENESS Fraud Prevention: Prevent compromised email accounts Password discipline, consider two-factor authentication Be alert to fake email addresses and websites O vs 0, 1 vs l Even the telephone may not be trusted! Verify caller s identity (fraudsters can spoof telephone numbers) Dual control / approvals on payroll, payment, and wire systems Separate user ID for initiation and approval 14

THE THREAT LANDSCAPE BEWARE OF ONLINE RISKS

THREAT LANDSCAPE Phishing (Email) Smishing (Text Message) Vishing (Voice/Phone) Twishing (Twitter) Search Engine Poisoning Avoid Getting Hooked By a Phish Trusted Site Compromise Malvertising Software Vulnerabilities Scareware Fake Mobile Apps 16

CYBERSECURITY PROGRAM Have an Information Security policy Strong password requirements Length, complexity, and lock outs Keep up-to-date on security patches Operating systems Software Don t forget about your browsers! 17

CYBERSECURITY PROGRAM Malware / antivirus protection Firewalls and other security tools Keep your data on your network or under your control Access restrictions and use of company assets Remote access Third-party hosted sites/apps 18

SECURITY AWARENESS General user awareness How to spot a phishing email Fake help desk scam Good password security Don t forget about your IT staff 19

FOCAL POINTS Top 5 Security Program Focal Points 1. Have Information Security Policy Executive level approval, updated regularly 2. Have relevant and up-to-date technical security standards 3. Vulnerability & patch management 99% of the exploited vulnerabilities were compromised more than a year after the CVE was published (Verizon DBIR) 4. Have an effective security awareness program User, technical staff, clients 5. Identify and assess your risks Technology, business processes, third-parties Effective, risk-based assessment process 20

PASSWORD SECURITY Don t use the remember password re-use the same password across multiple sites MASTER TITLE characters STYLE write down or share your password Do use a different password for each account and change them often. use a combination of upper/lower case, numbers, and special use long (12 characters or greater), random multi-word passwords leverage multi-factor authentication Substitute numbers for letters and vice versa Use multiple random words Use capitalization in random places, intentionally misspell words, or spell them backwards Use words then remove letters and add relevant numbers: First Car 1992 Ford Mustang = FdMstg92 Use phrases substituting letters with numbers: The party is at 7 o'clock = prtyzat7 Experiment with your favorite song, album, or movie titles by adding numbers: Michael Jackson s Thriller = MJAXtHri13r 21

Better Safe Than Sorry Only download or buy apps from legitimate app stores. Know the reputation of apps and particularly the app publisher. Understand requests the app are asking to do with your device. Only enter credit card info on secure shopping portals. Be alert for poisoned search results when using search engines to find products. Don t use free public Wi-Fi to make purchases or do online banking. Be suspicious of great deals and don t click the links. Make sure the connection to e-commerce sites is secured (HTTPS). SOURCE: Network World 11/22/16 22

QUESTIONS / COMMENTS?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback