Why Cyber Security is a Top Priority
Jim Hannon, Executive Vice President - Operations
Cybersecurity is a concern for everyone, but it comes with especially high stakes in the banking industry. We are operating in a time of increased cyber activity and an extremely high number of attacks.
According to data from Trend Micro, the first half of 2021 saw an astonishing 1,318 percent increase in ransomware attacks on the banking industry. This is 300 times higher than other industries.
What are the actual threats looming for the banking industry?
Ransomware continues to be the main culprit. Ransomware encrypts files with sensitive client information and businesses are pressed for ransom in order to release the files. Social engineering and business email compromise (BEC) are other major threats. Social engineering is defined as the use of deception to manipulate individuals into divulging confidential information that may be used for fraudulent purposes.
An example of social engineering is phishing, which is the fraudulent practice of sending emails purporting to be from a reputable person or company in order to induce individuals to reveal sensitive information. Examples of phishing campaigns can include email which appear to be from an Executive of your company requesting to move funds or an email which contains a counterfeit invoice and targets companies to pay. Urgency is usually a key element with these types of email. The fact that workforces are now often hybrid or remote means that these concerns are all the more founded.
What are we doing to keep accounts secure?
Combating the rise in cybercrime is a key initiative at Parkside Financial Bank & Trust and there are several things Parkside is doing to mitigate these risks.
Data within the Parkside network is encrypted – both moving of the data as well as data at rest. Backups are also encrypted and sent offsite for redundancy.
The Bank also performs vulnerability scanning on the network. This allows the Bank to identify potential network issues/weaknesses and resolve them before they impact the Bank’s environment. This is supplemented by a robust patch management process for the various bank systems.
Employees are also regularly tested with social engineering exercises as well as required Information Security training. Additionally, the Bank partners with various Information Technology vendors who are familiar with security risks within the financial industry, offer best practices to mitigate those risks and provide 24 x 7 x 365 network monitoring.
What are things you can do to keep your personal and business accounts safe?
Use bank-provided online tools that are at your disposal.
When accessing your bank account, there are several tools the bank provides which can help you reduce fraud risk. Personal accounts offer security questions that may need to be entered for access to the account, in addition to authenticating transactions over a certain dollar amount. Alerts can also be provided via text or email that notify you of account activity or changes to your account information. Some systems also require a one-time text code for access.
Business accounts offer security features such as Positive Pay and ACH Debit Filters. Positive Pay allows companies to upload issued checks to the bank and, as they clear, validate them against a provided file. ACH filters allow a company to authorize other companies to debit their bank account. If an ACH attempts to post to an account and the ACH Company has not been authorized, the transaction can be rejected.
In addition, dual control is another mitigating factor for businesses when initiating transactions, such as ACH or Wires. The first person can set up/edit the transaction and the second person must approve it. If it is not possible to have two people involved in a transaction, an out-of-band authentication method should be utilized.
Banking clients and employees of bank business clients should also be aware of scams and warnings in an attempt to gain information for the purpose of compromising bank accounts.
Emails, calls, or even invoices requesting funds (usually with a tone of urgency) are a red flag and should not be trusted. The same goes for emails with links that purport to redirect you to websites requesting payment or personal information. In some cases, these links lead the user to a page that never loads, but malware is being downloaded to the machine in the background. Another recent scam involves receipt of an overpayment for an invoice with a “bad check” and then a call or email asking you to return the overpayment via wire transfer. You return the funds per the request, but then the check you deposited for payment comes back as insufficient. You are now potentially “out” the funds you wired.
Best practice is to always call back the phone number you have on file to verify changes to account information or requests. In many cases, the email accounts have been compromised and the fraudsters are seeking information that can be used to compromise your accounts.
Knowing how best to secure bank account information is helpful, but cyber attackers are very good at finding the weakest link in your organization. Your firm is only as secure as your “weakest” employee. Make a point to educate employees on the tools at their disposal, why a heightened sense of security is so critical and red flags to look out for with email or phone correspondence.
Provide required training for your employees involving social engineering and how to identify and react to suspicious email requests for money movement, especially when account information has changed.
For individuals, never provide sensitive information, including your social security number, via email. If you receive an email with a link that appears to come from a known company, go to the company’s website directly or call them using a phone number on their site to confirm the request.
Cybersecurity is everyone’s concern, but the rate of incidents remains critically high for the financial industry. Utilizing the tools and alerts that are available from your online banking systems, as well as educating yourself regarding the latest scams and threats, will assist in mitigating these risks.
DISCLAIMER: This newsletter is intended to provide thought-provoking commentary. The information presented herein has been obtained from and is based upon sources and vendors deemed to be reliable, but may be incomplete. Parkside Financial Bank