Blog Archives

We’re Working with You to Battle Cyber Crime

bb-cyber-seminar

Since 2013, cyber criminals have attacked over 22,000 businesses via business email scams with losses totaling over $3.1 billion. Businesses of any size are vulnerable. Experts estimate that 80% of cyber attacks are avoidable through basic cyber hygiene.  By implementing a variety of safety and prevention measures, you can significantly reduce the chances of your business suffering losses due to cyber crime.

To help businesses understand the risks and the ways they can help protect themselves from this growing threat, we recently sponsored a cyber security seminar at Arizona Small Business Association’s Friday, Sept. 30 meeting. We want to share a few of the key takeaways from our panel of experts in law enforcement, information security and insurance. Here’s what we learned from Howard Miller, CRM, CIC, of L/B/W Insurance and Financial Services, and Chuck Matthews and Robert Meshinsky of WGM Associates.

  • Employee training throughout your organization is critical. Make sure you have clear policies about cyber security and that they are clearly communicated to your staff, contractors and anyone else who has the ability to expose your company to risk. Educate all of your employees about the risks of clicking on links in emails and sharing business information via phone or email with people they don’t know or trust.
  • Limit access to software to employees who really need it and make sure that each employee has their own log-in (don’t have employees share log-ins) so you can track activity back to a specific person.
  • Keep software updated regularly. Cyber thieves exploit vulnerabilities in older versions of software.
  • Use two-factor authentication to access your internet email and other sensitive applications such as online banking. Two-factor authentication requires you to use a one-time password in addition to your regular password, making it more difficult for hackers to hack.
  • Make sure your back-up files are capturing all of your critical data and that your employees are following your prescribed protocol for backing up their files. Also make sure you are backing up your files in a different physical location so you can use them in the event of a natural disaster.
  • Look at your third party vendor contracts to understand what cyber risk you might assume through your relationship with that vendor, particularly with cloud providers who typically accept little, if any, liability associated with cyber crime.
  • Take information security as seriously as operations and finance.
  • Create a VPN (virtual private network) to secure communications to your business network that are initiated by authorized employees using devices outside of your network.
  • Secure your wi-fi with a password and encryption.
  • Use different passwords for different sites and make them long and complex.
  • Check any existing cyber security insurance you may have to look for gaps or exclusions in the coverage. Business interruption is typically limited to physical causes so most insurance won’t cover business interruption due to a cyber attack.
  • Before your business is targeted by cyber criminals, establish a relationship with your local FBI office. They’re the lead federal agency for investigating these kinds of attacks.

For banking (online as well as offline), the following recommendations were made:

  • Use dual control for all ACH and wire transfers. Dual control means that another person or account has to authorize a transfer in addition to the person who initiates it.
  • Never trust wire instructions or other funds transfer instructions sent via email. Always call the person or company to verify the instructions.
  • Set up alerts that automatically notify you about log-ins, password changes, transfers, etc. This way if an unauthorized change is made, you know and can respond quickly.
  • Use Trusteer Rapport software (available free) to provide a secure web channel between your computer and the bank’s online banking site.
  • Use our ACH Fraud Protection Service, which enables business clients to review ACH transactions before they are complete and to choose to pay or return each item.
  • Use ACH blocks or restrictions, if you know you won’t be using these electronic payments, or if you want to limit ACH withdrawals to only specific vendors.

To address the risks of funds transfer fraud and cyber deception, our bank has also introduced a new way for our business banking clients to protect themselves through a first-of-its-kind cyber insurance group policy. The policy provides gap insurance, since most cyber crime insurance policies don’t cover losses for money sent out of a business banking account “voluntarily;” that is, when someone in your firm is tricked into sending funds to a cyber criminal posing as a trusted colleague or vendor. For more information on this policy, please visit grandpointinsurance.com.

Insurance Products are:
Screen Shot 2016-06-23 at 9.12.21 AM
Insurance Products are offered through Grandpoint Insurance Services, Inc., a non-bank insurance agency affiliate of Grandpoint Bank, and facilitated through LBW Insurance & Financial Services, Inc., an unaffiliated insurance agency.

screen-shot-2016-09-28-at-7-28-21-pm

fbtwitterLinkedIngp

Help Protect Your Business: Important Cyber Security Seminar

screen-shot-2016-09-20-at-3-00-29-pm

Since 2013, cyber criminals have attacked over 17,000 businesses via business email scams, with losses totaling over $2.3 billion. An estimated 80 percent of businesses are not adequately prepared for a cyber crime attack. Are you?

The Biltmore Bank of Arizona is proud to sponsor a panel discussion addressing this growing threat at Arizona Small Business Association’s Friday, Sept. 30 meeting from 7:00 to 9:30 a.m. at the Arizona Biltmore, located at 2400 E. Missouri Avenue.

We invite you to attend as our guest to learn about emerging cyber crime risks and ways you can help protect your business. You will hear from our panel of experts from the FBI, information security and insurance industries. FBI representatives will include retired agents who served on the 9/11 task force, served as the FBI’s national spokesperson on cyber crime and agents who taught computer forensics at the FBI Academy in Quantico.

At the event, entitled Arizona Speaks: Business & Technology, additional speakers will also be on hand to discuss utilizing equity crowdfunding to raise capital.

Register here by Sept. 23.

screen-shot-2016-09-20-at-2-58-01-pm

fbtwitterLinkedIngp

FBI Article: Ransomware

ransom

We receive a lot of positive feedback when we run articles from the FBI’s cyber crime division. We’re pleased the Bureau has encouraged us to share their articles on this topic, so we want to share a recent post from their website about ransomware. Ransomware refers to a malware that restricts access to the infected computer/network and demands that the operators pay some sort of ransom to regain control of their network. We hope this article is helpful to you. Please let us know if you have information or ideas on this topic that our readers may want to hear.

You can find this article, as well as many other articles you may find valuable to keep your business and staff secure against cybercrime, at this web address: https://www.fbi.gov/investigate/cyber↗

For more information about fraud protection tools and product features provided by The Biltmore Bank of Arizona, please visit our website.

Ransomware 

Hospitals, school districts, state and local governments, law enforcement agencies, small businesses, large businesses—these are just some of the entities impacted by ransomware, an insidious type of malware that encrypts, or locks, valuable digital files and demands a ransom to release them.

The inability to access the important data these kinds of organizations keep can be catastrophic in terms of the loss of sensitive or proprietary information, the disruption to regular operations, financial losses incurred to restore systems and files, and the potential harm to an organization’s reputation. Home computers are just as susceptible to ransomware and the loss of access to personal and often irreplaceable items— including family photos, videos, and other data—can be devastating for individuals as well.

In a ransomware attack, victims—upon seeing an e-mail addressed to them—will open it and may click on an attachment that appears legitimate, like an invoice or an electronic fax, but which actually contains the malicious ransomware code. Or the e-mail might contain a legitimate-looking URL, but when a victim clicks on it, they are directed to a website that infects their computer with malicious software.

One the infection is present, the malware begins encrypting files and folders on local drives, any attached drives, backup drives, and potentially other computers on the same network that the victim computer is attached to. Users and organizations are generally not aware they have been infected until they can no longer access their data or until they begin to see computer messages advising them of the attack and demands for a ransom payment in exchange for a decryption key. These messages include instructions on how to pay the ransom, usually with bitcoins because of the anonymity this virtual currency provides.

Ransomware attacks are not only proliferating, they’re becoming more sophisticated. Several years ago, ransomware was normally delivered through spam e-mails, but because e-mail systems got better at filtering out spam, cyber criminals turned to spear phishing e-mails targeting specific individuals. And in newer instances of ransomware, some cyber criminals aren’t using e-mails at all—they can bypass the need for an individual to click on a link by seeding legitimate websites with malicious code, taking advantage of unpatched software on end-user computers.

The FBI doesn’t support paying a ransom in response to a ransomware attack. Paying a ransom doesn’t guarantee an organization that it will get its data back—there have been cases where organizations never got a decryption key after having paid the ransom. Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals.

So what does the FBI recommend? As ransomware techniques and malware continue to evolve—and because it’s difficult to detect a ransomware compromise before it’s too late—organizations in particular should focus on two main areas:

  • Prevention efforts—both in both in terms of awareness training for employees and robust technical prevention controls; and
  • The creation of a solid business continuity plan in the event of a ransomware attack.

Tips for Dealing with Ransomware. While the below tips are primarily aimed at organizations and their employees, some are also applicable to individual users.

  • Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.
  • Patch operating system, software, and firmware on digital devices (which may be made easier through a centralized patch management system).
  • Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans.
  • Manage the use of privileged accounts—no users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary.
  • Configure access controls, including file, directory, and network share permissions appropriately. If users only need read specific information, they don’t need write-access to those files or directories.
  • Disable macro scripts from office files transmitted over e-mail.
  • Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).
  • Back up data regularly and verify the integrity of those backups regularly.
  • Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up.

screen-shot-2016-09-28-at-7-28-21-pm


↗ Linking to Non-Biltmore Bank Websites

This icon appears next to every link that directs to a third party website not affiliated with Biltmore Bank. Please be advised that if you click this link you will be taken to a website hosted by another party, where you will no longer be subject to, or under the protection of, the privacy and security policies of Biltmore Bank. We recommend that you review and evaluate the privacy and security policies of the site that you are entering. Biltmore Bank assumes no liability for the content, information, security, policies or transactions provided by these other sites.

fbtwitterLinkedIngp

Biltmore Bank Makes First-of-its-Kind Cyber Crime Insurance Available!

 

cyber-security1-596x245

Biltmore Bank has introduced a new way for its business banking clients to protect themselves from financial losses due to funds transfer fraud and cyber deception through a first-of-its-kind cyber insurance group policy.

Grandpoint Bank has created Grandpoint Insurance Services, Inc., a non-bank insurance agency affiliate, to develop the Client Cyber Crime Insurance product. The policy, offered to customers of Grandpoint Bank and its divisions, including Biltmore Bank, offers cyber crime loss coverage that is specifically geared to monetary losses. It was created as an affordable and easy alternative to individually underwritten, higher-priced commercial crime insurance policies.

The majority of businesses don’t realize that they have significantly more exposure for losses due to fraud than individual account holders, who are afforded certain regulatory protections. Businesses are often tricked into approving fraudulent transfers, notwithstanding internal controls to identify and prevent this kind of risk.  According to the FBI, since 2013, over 17,000 businesses have lost an aggregate of more than $2.3 billion to one type of cyber crime alone, known as the business email scam.

Even as monetary losses due to cyber crime have skyrocketed in recent years, many traditional commercial crime policies specifically exclude losses arising from cyber deception.

“We are excited to make this new coverage available to our business clients,” said Petra Griffith, Director of Product Development for Grandpoint Bank. “The policy focuses on the kinds of coverage that directly address the key fraud risks that businesses face – losses to their bank accounts through cyber crime.  Cyber crime is a major concern for businesses, especially since they are typically liable if cyber criminals steal funds from their business accounts. They often don’t have the appropriate insurance in place and are finding it more difficult to protect themselves in this ever evolving, increasingly sophisticated cyber crime environment.”

The Client Cyber Crime Insurance policy is available exclusively to business clients of Grandpoint Bank and its divisions, Biltmore Bank of Arizona, Bank of Tucson, and Regents Bank, through Grandpoint Insurance Services, in partnership with LBW Insurance & Financial Services, Inc.  The policy is underwritten by Hiscox Inc., on behalf of Underwriters at Lloyd’s, London, which is rated A by A.M. Best. Insurance products are not a deposit, not FDIC insured, not federal government agency insured, not bank guaranteed.

The Client Cyber Crime Insurance group policy coverage helps reimburse funds in business deposit accounts lost due to funds transfer fraud and cyber deception and is offered at premiums that represent substantial savings from individual policies currently available on the market. Any business that has a deposit account at Grandpoint Bank or its divisions is automatically eligible to enroll in the policy and select from a range of coverages with premiums that start at $30 per month.

“Educating and alerting our clients, and the broader business community, about established and emerging cyber crime trends is a commitment we’re passionate about,” said Rich Endicott, President of the Biltmore Bank of Arizona. “We’ve been working for over a year to create a more powerful solution to help clients protect their financial assets against attacks by cyber criminals.”

For more information on the Client Cyber Crime Insurance, visit grandpointinsurance.com.

_____________________________________________________________________________________________________________

Insurance Products are:
Screen Shot 2016-06-23 at 9.12.21 AM
Insurance Products are offered through Grandpoint Insurance Services, Inc., a non-bank insurance agency affiliate of Grandpoint Bank, and facilitated through LBW Insurance & Financial Services, Inc., an unaffiliated insurance agency.

screen-shot-2016-09-28-at-7-28-21-pm

fbtwitterLinkedIngp

Nine Tips for Better Cyber Security

cyber4

Our Increasing dependence on information technology and networks has brought tremendous efficiency to our work and personal lives, but with these efficiencies come risks; particularly risks from cybercrime. According to an October 2014 independent study conducted by Ponemon Institute, the percentage of businesses impacted by malware and other kinds of cyber fraud is up 144 percent, and a survey by Experian↗ found that 60 percent of small businesses that suffer a cyber attack are out of business within one year due to the costs of customer notification, lawsuits, etc. Small and medium-sized businesses can be especially vulnerable since they often do not have the same level of resources as larger companies to defend their information technology systems and track their financial transactions on a frequent or daily basis. While protecting your business against cyber criminals may require a combination of special resources and a change in workplace procedures, here are a few basic steps that you can take at work and at home to reduce your risk of being hacked, spoofed, falling victim to computer viruses and Trojan horses or having your identity stolen.

  1. Keep your computer secure. Install and run anti-virus and anti-spyware and make sure you keep these up to date to protect against new threats. Use the latest versions of Internet browsers, such as Firefox, Google Chrome and Internet Explorer, and make sure your operating system and applications are updated regularly.
  2. Use a separate, dedicated computer for online banking – this decreases your chance of infection with malware because you are unlikely to encounter these programs on trusted banking sites. Do not use this computer for general web browsing and email.
  3. Never share usernames and passwords –use strong passwords with a combination of lower and upper case letters, numbers and symbols, and change your passwords if you suspect they could have been compromised. Use different passwords for the main applications you use. For example, your online banking password should be different than your email password.
  4. Use email safely. Don’t click on links within your email – instead, open your browser and search for the company that supposedly sent the link. Be cautious about opening attachments or downloading files from unfamiliar sources. These files can contain viruses or other software that can jeopardize your computer’s security.
  5. Don’t give out personal information over the phone or via email unless you have initiated the contact. Even if the email looks like it’s coming from someone you know, the person’s email may have been hacked.
  6. Never use unprotected Internet connections – In addition to using only secure connections, make sure websites asking for sensitive information are secure. These websites will show up in your browser with a lock icon in its toolbar that, when clicked, should display an info sheet, including the company’s name. Also, the URL should start with “https” instead of “http.”
  7. Educate your employees, family, housemates or anyone else who has access to your computer network and/or your financial information about cyber security best practices. You should also discuss monitoring account information and billing statements regularly for unauthorized charges and withdrawals.
  8. Do not keep your passwords on your computer in a Word document. While this practice is convenient for cutting and pasting and may protect against key logging software that can grab your keystrokes, this technique leaves the user vulnerable to clipboard loggers that capture the contents of the clipboard. Documents on your computer, even when password protected, are also vulnerable to skilled hackers. A better idea is to use a password manager program – some of which are free. PCMag.com offers an overview of these programs here.↗
  9. Ask your bank what they are doing to assist you in cyber fraud prevention. At The Biltmore Bank of Arizona, our online banking platform offers tools, such as Trusteer Rapport,↗ which works alongside your current security software to add protection and decrease your susceptibility to criminal behavior, protecting you and your business from threats your antivirus cannot. We also offer features like Security and Transaction Alerts that can help clients protect themselves from fraud. Businesses using online banking also have access to security features such as dual control and user limits, along with Treasury Management products like ACH Fraud Protection, Positive Pay, and out-of-band authentication and secure access codes to protect ACH and wire transactions. And, we continually invest in back office resources to help detect potentially fraudulent transactions.

screen-shot-2016-09-28-at-7-28-21-pm


↗ Linking to Non-Biltmore Bank Websites

This icon appears next to every link that directs to a third party website not affiliated with Biltmore Bank. Please be advised that if you click this link you will be taken to a website hosted by another party, where you will no longer be subject to, or under the protection of, the privacy and security policies of Biltmore Bank. We recommend that you review and evaluate the privacy and security policies of the site that you are entering. Biltmore Bank assumes no liability for the content, information, security, policies or transactions provided by these other sites.