SlideShare a Scribd company logo

Cyber Security and Fraud Prevention Tools Tactics

Download as PPTX, PDF
B
Ben Graybar

This document discusses cyber security threats and fraud prevention tactics. It provides examples of common phishing scams and outlines tools and best practices for safeguarding information. Some key points include: - Cyber threats have increased with cloud, mobile, and remote access adoption and fraud can occur across businesses of all sizes. - Over half of businesses surveyed were more concerned about cyber threats in 2015 and over 60% experienced payment fraud in 2014. - Common phishing scams include impersonating businesses in emails or texts to get users to click links or reply to fake conversations. - Recommended safeguards include employee training, dual authorization, daily transaction reviews, and using security tools like IBM Trusteer Rapport.

1 of 20
Downloaded 73 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Cyber Security & Fraud Prevention Examples, Tools & Tactics Ben Graybar, VP Commercial Banker (850) 556-0771 Cell/Text Ben.Graybar@HancockBank.com
* Source: American Banker 3/4/2015, Bank Technology News by Penny Crosman THE EVOLVING LANDSCAPE Cyber security threats have evolved exponentially with the rapid adoption of cloud computing, mobile technology, and remote access. You can protect your business by staying abreast of the latest emerging threats. “Fraud prevention and protection is a lot like squeezing Jello,” said Dr. Stephen Coggeshall, chief scientist at LifeLock, which sponsored the Javelin study. “When you stop it in one place, it squirts out someplace else.”*
FACTS Source: 2015 AFP Payments Fraud and Control Survey
SECURITY MATTERS: FRAUD HAPPENS … & Size Doesn’t Matter Source: 2015 Internet Security Threat Report - Symantec
PHISHING Impersonation Tactics • PHISHING: A bogus email or text that appears to be from a business claiming you do business with them. They request you click on their link. • SPEAR PHISHING: A bogus e-mail that appears to be from a business or someone you know. It often appears as a “reply” to a previous conversation you had with that business or person. • MASQUERADING or BOSS PHISHING: Hackers infiltrate email networks, impersonate executives and send instructions that perpetrate wire fraud.
FACTS *Source: 2015 Assoc. for Financial Professionals Payments Fraud and Control Survey 59% of business respondents said they were more concerned about cyber security threats this year than in the past. 62% of all businesses had attempted or actual payment fraud in 2014*
FACTS Source: USA Today, June 3, 2014
FACTS Source: Guardian Analytics, Banking Fraud Threats and Trends – Q2 2014
TYPES OF PAYMENTS TARGETED FOR FRAUD Source: Assoc. of Financial Professionals Payments Fraud & Control Survey
THE DOOR IS OPEN (Did anyone notice?) Pineapples, Raspberry Pie & Bluetooth … Hackers can get WIFI masking devices for under $50. These are used for cell phones on auto-connect to WIFI. Bluetooth connections are also open doors to access your phone, and all the data in it.
HOW TO SAFEGUARD (your defense)
HOW TO SAFEGUARD
HOW TO SAFEGUARD
TREASURY ACTIVITY ALERTS Treasury Management tools can provide automatic alerts for: 1. Outgoing Wires 2. Outgoing ACH transactions 3. ACH Profiles – changes, additions and deletions 4. Commercial Loan payments and advances If you use Treasury Solution Dual Administration, alerts can be set up by the Administrator to let them know when changes occur. The Dual Administration feature is optional, but highly recommended. We recommend a multi-layered approach for security measures to protect your accounts. There are built-in security measures, from login to administrative audit control; & each client must decide what is appropriate for their situation.
INTERNAL VIGILANCE & EMPLOYEE FIREWALLS Your company needs more than strong security procedures; each employee must function as an ‘employee firewall’ at their workstation. Remember, your employees trust the Internet and social media; this makes the Internet one of the greatest security risks to your business.
FIVE SECURITY PRINCIPLES FOR EMPLOYEES 1. Secure your workspace – secure your mobile devices, computer, laptop, desk and office against unauthorized access. 2. Protect data – Paper or electronic, secure company and client data from access by the wrong people. 3. Be Cyber-Smart – Raise awareness of phishing scams and protect sensitive data on social media. 4. Educate Yourself & Others – Learn about security so you can protect yourself, your family and the company. 5. Report Issues – When you encounter a security threat, know what to do and who to engage on it.
INTERNAL PROCEDURES Reconcile Each Account monthly, and separate duties between staff that issue payments vs. those that reconcile the bank accounts. Require Dual Authorization for all monetary transactions; your bank requires it on all ACH and wire transfers. Conduct a Daily Transaction Review for all outgoing items !!! (ACH, wires, and checks) Review Audit Logs of your online banking system. Remotely Deposited Checks – Void/secure checks once they are remotely deposited and destroy them according to your bank’s retention period. Validate Vendor Information by requiring confirmation prior to paying an invoice from a new vendor or processing a change of address request.
IBM’s TRUSTEER RAPPORT ACCOUNT PROTECTION Shielding your PC from fraudsters is free. Rapport performs three key security steps: 1. Keystrokes are encrypted as soon as the keys are pressed, defeating key-logging malware programs. 2. Web sites are authenticated before any login details are transmitted, ensuring passwords are not compromised. 3. Data is secured within the browser until it has been submitted to the verified, legitimate web site, preventing unauthorized access to sensitive data.
PROTECT YOUR INFORMATION Be very protective of your login credentials. Do not share IDs, passwords or your online credentials with anyone. Please be aware that a bank will not solicit confidential client information by telephone, text or in an email. Any communications that attempt to do so are not from the bank and may be fraudulent. A bank will never ask you to disclose your password or other private info, nor will the Bank send any emails asking for this information. Do not respond to this type of call or message, & DON’T CLICK on it!
SHARE THE MESSAGE – REGULARLY TALK TO ALL STAFF! CONCLUSION “Consider focusing more on people than technology. Try to use brevity, humor and other modes of engagement to help users understand the organization’s security and privacy challenges.” -Chief Information Officer, Deloitte Services, LP 2014 Transforming Cybersecurity Report “Cybercrime is a clear, present and permanent danger. While it’s a permanent condition, however, the actors, threats, and techniques are very dynamic.” -Tom Ridge, former Secretary of the Dept. of Homeland Security, 2014 US State of Cybercrime Survey

More Related Content

PPT
Cyber crime and fraud
FCA - Future Chartered Accountants
 
PDF
State of Cyber Crime in Banking Sector Today: Threats and Solutions
Goutama Bachtiar
 
PPTX
Cyber crime ppt
Bushra22
 
PPTX
Facebook
Puni Hariaratnam
 
PDF
Analysis the causes and effects of cyber crime
Mohammad Husain
 
PPTX
Updated Cyber Security and Fraud Prevention Tools Tactics
Ben Graybar
 
PPT
Cyber crime
S.M.Mustofa Kauser
 
PPTX
Cyber Crime and a Case Study
Pratham Jaiswal
 
Cyber crime and fraud
FCA - Future Chartered Accountants
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
Goutama Bachtiar
 
Cyber crime ppt
Bushra22
 
Facebook
Puni Hariaratnam
 
Analysis the causes and effects of cyber crime
Mohammad Husain
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Ben Graybar
 
Cyber crime
S.M.Mustofa Kauser
 
Cyber Crime and a Case Study
Pratham Jaiswal
 

What's hot (17)

PPTX
Chapter 17 a fraud in e commerce Jen
VidaB
 
PPTX
E commerce fraud chapter 17 B Ahmed
VidaB
 
PDF
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Knowledge Group
 
PPTX
Cyber Crime - "Who, What and How"
Jisc
 
PPTX
Cybercrime Awareness
Johann Lo
 
PDF
Axxera End Point Security Protection
Shawn Crimson
 
PPTX
Phishing Incident Response Playbook
Naushad CEH, CHFI, MTA, ITIL
 
PPTX
Cyber attack
Avinash Navin
 
PPTX
12 c business i environment i society mba 2016
Rajesh Satpathy, Regional College of Management (RCM), Bhubaneswar
 
PPTX
Cybercrime IN INDIA , LAW AND ORDER
Sooraj Maurya
 
PDF
Phishing
Deepak Kumar (D3)
 
PPTX
Name parul
Parul231
 
PDF
Cybe Crime & Its Type
Deepak Kumar (D3)
 
DOC
Cyber Fraud
Dixita S
 
PDF
Cyber crime
Rafel Ivgi
 
PPTX
Ransomware
DeepakKumar4980
 
PPTX
Phishing awareness
PhishingBox
 
Chapter 17 a fraud in e commerce Jen
VidaB
 
E commerce fraud chapter 17 B Ahmed
VidaB
 
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Knowledge Group
 
Cyber Crime - "Who, What and How"
Jisc
 
Cybercrime Awareness
Johann Lo
 
Axxera End Point Security Protection
Shawn Crimson
 
Phishing Incident Response Playbook
Naushad CEH, CHFI, MTA, ITIL
 
Cyber attack
Avinash Navin
 
12 c business i environment i society mba 2016
Rajesh Satpathy, Regional College of Management (RCM), Bhubaneswar
 
Cybercrime IN INDIA , LAW AND ORDER
Sooraj Maurya
 
Phishing
Deepak Kumar (D3)
 
Name parul
Parul231
 
Cybe Crime & Its Type
Deepak Kumar (D3)
 
Cyber Fraud
Dixita S
 
Cyber crime
Rafel Ivgi
 
Ransomware
DeepakKumar4980
 
Phishing awareness
PhishingBox
 
Ad

Similar to Cyber Security and Fraud Prevention Tools Tactics (20)

PDF
Are Mobile Banking Apps Safe?
VISTA InfoSec
 
PPTX
Cyber Security Awareness for safety.pptx
ndlicertificates
 
PPTX
Cyber Crime
Mohan Robert
 
PPTX
Security Awareness Training.pptx
MohammedYaseen638128
 
PDF
Center for Identity Webcast: The Internet of Things
The Center for Identity
 
PDF
day-1-presentation-on-cyber-threats-by-anni-kumar.pptx.pdf
swatigairola2017
 
PDF
day-1-presentation-on-cyber-threats-by-anni-kumar.pptx.pdf
swatigairola2017
 
PPTX
Cybersecurity Awareness for employees.pptx
AbdullaFatiya3
 
DOCX
Tarun Gaur On Data Breaches and Privacy Fears
Tarun Gaur
 
PDF
The Small Business Cyber Security Best Practice Guide
Inspiring Women
 
PPTX
Information security awareness - 101
mateenzero
 
PDF
Protecting Your Business From Cybercrime
David J Rosenthal
 
PDF
Information and Cyber Warfare
Swapnil Jagtap
 
PPTX
I’ve Been Hacked  The Essential Steps to Take Next
Brian Pichman
 
PPTX
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
AwodiranOlumide
 
PDF
Cybersecurity Awareness Protecting Yourself in a Digital World.pdf
SafeAeon Inc.
 
PDF
Cyber Security
Ncell
 
PDF
Securing corporate assets_with_2_fa
Hai Nguyen
 
PPTX
CCIAOR Cyber Security Forum
CCIAOR
 
PPT
W A2 Group P P
tawnygsu
 
Are Mobile Banking Apps Safe?
VISTA InfoSec
 
Cyber Security Awareness for safety.pptx
ndlicertificates
 
Cyber Crime
Mohan Robert
 
Security Awareness Training.pptx
MohammedYaseen638128
 
Center for Identity Webcast: The Internet of Things
The Center for Identity
 
day-1-presentation-on-cyber-threats-by-anni-kumar.pptx.pdf
swatigairola2017
 
day-1-presentation-on-cyber-threats-by-anni-kumar.pptx.pdf
swatigairola2017
 
Cybersecurity Awareness for employees.pptx
AbdullaFatiya3
 
Tarun Gaur On Data Breaches and Privacy Fears
Tarun Gaur
 
The Small Business Cyber Security Best Practice Guide
Inspiring Women
 
Information security awareness - 101
mateenzero
 
Protecting Your Business From Cybercrime
David J Rosenthal
 
Information and Cyber Warfare
Swapnil Jagtap
 
I’ve Been Hacked  The Essential Steps to Take Next
Brian Pichman
 
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
AwodiranOlumide
 
Cybersecurity Awareness Protecting Yourself in a Digital World.pdf
SafeAeon Inc.
 
Cyber Security
Ncell
 
Securing corporate assets_with_2_fa
Hai Nguyen
 
CCIAOR Cyber Security Forum
CCIAOR
 
W A2 Group P P
tawnygsu
 
Ad

Cyber Security and Fraud Prevention Tools Tactics

  • 1. Cyber Security & Fraud Prevention Examples, Tools & Tactics Ben Graybar, VP Commercial Banker (850) 556-0771 Cell/Text [email protected]
  • 2. * Source: American Banker 3/4/2015, Bank Technology News by Penny Crosman THE EVOLVING LANDSCAPE Cyber security threats have evolved exponentially with the rapid adoption of cloud computing, mobile technology, and remote access. You can protect your business by staying abreast of the latest emerging threats. “Fraud prevention and protection is a lot like squeezing Jello,” said Dr. Stephen Coggeshall, chief scientist at LifeLock, which sponsored the Javelin study. “When you stop it in one place, it squirts out someplace else.”*
  • 3. FACTS Source: 2015 AFP Payments Fraud and Control Survey
  • 4. SECURITY MATTERS: FRAUD HAPPENS … & Size Doesn’t Matter Source: 2015 Internet Security Threat Report - Symantec
  • 5. PHISHING Impersonation Tactics • PHISHING: A bogus email or text that appears to be from a business claiming you do business with them. They request you click on their link. • SPEAR PHISHING: A bogus e-mail that appears to be from a business or someone you know. It often appears as a “reply” to a previous conversation you had with that business or person. • MASQUERADING or BOSS PHISHING: Hackers infiltrate email networks, impersonate executives and send instructions that perpetrate wire fraud.
  • 6. FACTS *Source: 2015 Assoc. for Financial Professionals Payments Fraud and Control Survey 59% of business respondents said they were more concerned about cyber security threats this year than in the past. 62% of all businesses had attempted or actual payment fraud in 2014*
  • 8. FACTS Source: Guardian Analytics, Banking Fraud Threats and Trends – Q2 2014
  • 9. TYPES OF PAYMENTS TARGETED FOR FRAUD Source: Assoc. of Financial Professionals Payments Fraud & Control Survey
  • 10. THE DOOR IS OPEN (Did anyone notice?) Pineapples, Raspberry Pie & Bluetooth … Hackers can get WIFI masking devices for under $50. These are used for cell phones on auto-connect to WIFI. Bluetooth connections are also open doors to access your phone, and all the data in it.
  • 14. TREASURY ACTIVITY ALERTS Treasury Management tools can provide automatic alerts for: 1. Outgoing Wires 2. Outgoing ACH transactions 3. ACH Profiles – changes, additions and deletions 4. Commercial Loan payments and advances If you use Treasury Solution Dual Administration, alerts can be set up by the Administrator to let them know when changes occur. The Dual Administration feature is optional, but highly recommended. We recommend a multi-layered approach for security measures to protect your accounts. There are built-in security measures, from login to administrative audit control; & each client must decide what is appropriate for their situation.
  • 15. INTERNAL VIGILANCE & EMPLOYEE FIREWALLS Your company needs more than strong security procedures; each employee must function as an ‘employee firewall’ at their workstation. Remember, your employees trust the Internet and social media; this makes the Internet one of the greatest security risks to your business.
  • 16. FIVE SECURITY PRINCIPLES FOR EMPLOYEES 1. Secure your workspace – secure your mobile devices, computer, laptop, desk and office against unauthorized access. 2. Protect data – Paper or electronic, secure company and client data from access by the wrong people. 3. Be Cyber-Smart – Raise awareness of phishing scams and protect sensitive data on social media. 4. Educate Yourself & Others – Learn about security so you can protect yourself, your family and the company. 5. Report Issues – When you encounter a security threat, know what to do and who to engage on it.
  • 17. INTERNAL PROCEDURES Reconcile Each Account monthly, and separate duties between staff that issue payments vs. those that reconcile the bank accounts. Require Dual Authorization for all monetary transactions; your bank requires it on all ACH and wire transfers. Conduct a Daily Transaction Review for all outgoing items !!! (ACH, wires, and checks) Review Audit Logs of your online banking system. Remotely Deposited Checks – Void/secure checks once they are remotely deposited and destroy them according to your bank’s retention period. Validate Vendor Information by requiring confirmation prior to paying an invoice from a new vendor or processing a change of address request.
  • 18. IBM’s TRUSTEER RAPPORT ACCOUNT PROTECTION Shielding your PC from fraudsters is free. Rapport performs three key security steps: 1. Keystrokes are encrypted as soon as the keys are pressed, defeating key-logging malware programs. 2. Web sites are authenticated before any login details are transmitted, ensuring passwords are not compromised. 3. Data is secured within the browser until it has been submitted to the verified, legitimate web site, preventing unauthorized access to sensitive data.
  • 19. PROTECT YOUR INFORMATION Be very protective of your login credentials. Do not share IDs, passwords or your online credentials with anyone. Please be aware that a bank will not solicit confidential client information by telephone, text or in an email. Any communications that attempt to do so are not from the bank and may be fraudulent. A bank will never ask you to disclose your password or other private info, nor will the Bank send any emails asking for this information. Do not respond to this type of call or message, & DON’T CLICK on it!
  • 20. SHARE THE MESSAGE – REGULARLY TALK TO ALL STAFF! CONCLUSION “Consider focusing more on people than technology. Try to use brevity, humor and other modes of engagement to help users understand the organization’s security and privacy challenges.” -Chief Information Officer, Deloitte Services, LP 2014 Transforming Cybersecurity Report “Cybercrime is a clear, present and permanent danger. While it’s a permanent condition, however, the actors, threats, and techniques are very dynamic.” -Tom Ridge, former Secretary of the Dept. of Homeland Security, 2014 US State of Cybercrime Survey