Cyber Security &

Fraud Prevention

Examples, Tools & Tactics

Ben Graybar, VP Commercial Banker

(850) 556-0771 Cell/Text Ben.Graybar@HancockBank.com

* Source: American Banker 3/4/2015, Bank Technology News by Penny Crosman

THE EVOLVING LANDSCAPE

Cyber security threats have evolved exponentially with the rapid adoption of cloud computing, mobile

technology, and remote access.

You can protect your business by staying abreast of the latest emerging threats.

“Fraud prevention and protection is a lot like squeezing Jello,” said Dr. Stephen Coggeshall, chief scientist at

LifeLock, which sponsored the Javelin study. “When you stop it in one place, it squirts out someplace else.”*

FACTS

Source: 2015 AFP Payments Fraud and Control Survey

SECURITY MATTERS: FRAUD HAPPENS

… & Size Doesn’t Matter

Source: 2015 Internet Security Threat Report - Symantec

PHISHINGImpersonation Tactics

• PHISHING: A bogus email or text that appears to be from a business claiming you do business with them. They request you click on their link.

• SPEAR PHISHING: A bogus e-mail that appears to be from a business or someone you know. It often appears as a “reply” to a previous conversation you had with that business or person.

• MASQUERADING or BOSS PHISHING: Hackers infiltrate email networks, impersonate executives and send instructions that perpetrate wire fraud.

FACTS

*Source: 2015 Assoc. for Financial Professionals Payments Fraud and Control Survey

59% of business respondents said they were more concerned about cyber security

threats this year than in the past.

62% of all businesses had attempted or actual payment fraud in 2014*

FACTS

Source: USA Today, June 3, 2014

FACTS

Source: Guardian Analytics, Banking Fraud Threats and Trends – Q2 2014

TYPES OF PAYMENTS TARGETED FOR FRAUD

Source: Assoc. of Financial Professionals Payments Fraud & Control Survey

THE DOOR IS OPEN(Did anyone notice?)

Pineapples, Raspberry Pie & Bluetooth …

Hackers can get WIFI masking devices for under $50.

These are used for cell phones on auto-connect to WIFI.

Bluetooth connections are also open doors to access your phone, and all the data in it.

HOW TO SAFEGUARD (your defense)

HOW TO SAFEGUARD

HOW TO SAFEGUARD

TREASURY ACTIVITY ALERTS

Treasury Management tools can provide automatic alerts for:

1. Outgoing Wires2. Outgoing ACH transactions3. ACH Profiles – changes, additions and deletions 4. Commercial Loan payments and advances

If you use Treasury Solution Dual Administration, alerts can be set up by the Administrator to let them know when changes occur.

The Dual Administration feature is optional, but highly recommended.

We recommend a multi-layered approach for security measures to protect your accounts. There are built-in security measures, from login to administrative audit control; & each client must decide what is appropriate for their situation.

INTERNAL VIGILANCE & EMPLOYEE FIREWALLS

Your company needs more than strong security procedures; each employee must function as an

‘employee firewall’ at their workstation.

Remember, your employees trust the Internet and social media; this makes the Internet one of the

greatest security risks to your business.

FIVE SECURITY PRINCIPLES FOR EMPLOYEES

1. Secure your workspace – secure your mobile devices, computer, laptop, desk and office against unauthorized access.

2. Protect data – Paper or electronic, secure company and client data from access by the wrong people.

3. Be Cyber-Smart – Raise awareness of phishing scams and protect sensitive data on social media.

4. Educate Yourself & Others – Learn about security so you can protect yourself, your family and the company.

5. Report Issues – When you encounter a security threat, know what to do and who to engage on it.

INTERNAL PROCEDURES

Reconcile Each Account monthly, and separate duties between staff that issue payments vs. those that reconcile the bank accounts.

Require Dual Authorization for all monetary transactions; your bank requires it on all ACH and wire transfers.

Conduct a Daily Transaction Review for all outgoing items !!!(ACH, wires, and checks)

Review Audit Logs of your online banking system.

Remotely Deposited Checks – Void/secure checks once they are remotely deposited and destroy them according to your bank’s retention period.

Validate Vendor Information by requiring confirmation prior to paying an invoice from a new vendor or processing a change of address request.

IBM’s TRUSTEER RAPPORT ACCOUNT PROTECTION

Shielding your PC from fraudsters is free.

Rapport performs three key security steps:

1. Keystrokes are encrypted as soon as the keys are pressed, defeating key-logging malware programs.

2. Web sites are authenticated before any login details are transmitted, ensuring passwords are not compromised.

3. Data is secured within the browser until it has been submitted to the verified, legitimate web site, preventing unauthorized access to sensitive data.

PROTECT YOUR INFORMATION

Be very protective of your login credentials.

Do not share IDs, passwords or your online credentials with anyone.

Please be aware that a bank will not solicit confidential client information by telephone, text or in an email.

Any communications that attempt to do so are not from the bank and may be fraudulent.

A bank will never ask you to disclose your password or other private info, nor will the Bank send any emails asking for this information.

Do not respond to this type of call or message, & DON’T CLICK on it!

SHARE THE MESSAGE – REGULARLY TALK TO ALL STAFF!

CONCLUSION

“Consider focusing more on people than technology. Try to use brevity, humor and other modes of engagement to help users

understand the organization’s security and privacy challenges.”

-Chief Information Officer, Deloitte Services, LP 2014 Transforming Cybersecurity Report

“Cybercrime is a clear, present and permanent danger. While it’s a permanent condition, however, the actors, threats,

and techniques are very dynamic.”

-Tom Ridge, former Secretary of the Dept. of Homeland Security, 2014 US State of Cybercrime Survey