Pub. 7 2017-2018 Issue 5

20 O V E R A C E N T U R Y : B U I L D I N G B E T T E R B A N K S - H E L P I N G C O L O R A D A N S R E A L I Z E D R E A M S T wo Hundred and Forty Two years ago, foreign powers invaded the privacy of homes and businesses and took what they wanted; with no Army to protect them, brave citizens formed as “Minutemen” on the village green to defend their inalienable rights, using unconventional tactics. Today, foreign powers and nefarious actors once again are invading the privacy of our homes and businesses in Arizona and across the country in an attempt to accumulate wealth and steal identities and intellectual property through Cyber Attacks. With no Army to protect us, our Information Technology and Security Experts are forming on the Cyber village green called the “attack surface”. These modern day Digital Minutemen and women work each day in support of a “common cause”: to defend our inalienable right of Privacy. AZ Bankers understands that privacy is a sacred trust be- tween them and their customers. Trust is essential in banking because of its personal nature and it is a predictor of loyalty, advocacy and the likelihood of customer retention. Every day we read how too many customers find that trust shattered by cyber breaches. As we enter into a season of heightened threat activity, there are some simple things we all can do to avoid tragedy be- fore sacred trust is broken. Small business owners throughout Arizona may be at even greater risk of a cyber-attack than you might realize. Approximately 31% of all data breaches occur in companies with 100 or fewer employees. Research shows that cyber-attacks cost small and medium-size businesses an average of $188,242, and almost two-thirds of victimized companies are forced out of business within six months of being attacked. With new threats to computer systems and data emerging every day, it pays to be prepared. Like our forefathers, who fought in the fields, forests and farms of Colonial America during the harsh winter months, we too need to be vigilant. Each of us can join the ranks of Digital Minutemen. Everyone can follow a marksman’s approach to cyber and “aim small, miss small.” Vigilance is something everyone can contribute. With last month’s latest Bad Rabbit attacks in Ukraine coming on the heels of WannaCry, Petya and NotPetya expect to see some variants manifest during the holiday season. The activity in Europe is typically a dress rehearsal for a broader global attack. We are also seeing some increases in alerts pertaining DYRE and TRICKBOT, a couple of older malware attacks that are targeted to the Financial Sector. There are some very simple things each one of us can do to maintain the security of data and keep up with today’s increas- ingly sophisticated threats. We all know to not download files or click on links when we aren’t 100% sure of their origin, but there is a simpler way to defeat ransomware’s impact on your organization: make sure you’re backing up your files remotely to a place not connected to the internet. This is something everyone can do to contribute to lessening the impact. If you have a recent, clean backup of all your critical systems, you can avoid having to pay ransomware. Backing up your own workstation or laptop regularly is also very important. Enter into the holiday season with a plan to keep your patches up to date. Update your software, phones, tablets and computers, both business and personal. As a rule, don’t use Windows XP, as Microsoft is no longer providing security updates. This seems like simple common sense but the latest ransomware virusesmentioned above exploited vulnerabilities that were well known and documented. Updating ensures that known vulnerabilities are fixed and software companies employ highly qualified professionals to develop their patches. It is one of the few ways you can easily leverage the cybersecurity expertise of experts in the field and dramatically reduce your exposure. Update and confirmyour inventory of all assets attached to your network. This again should include phones, tablets and other mobile devices. It should also include your ecosystemof partners and contractors that have access to your network. We are all familiar with the Target hack a few holiday seasons ago. Access was gained through an HVAC contractor. Proper asset hygiene helps an organization confirm only authorized assets are accessing your network. It can also assist in identifying unusual activity by assets that are authorized. Review your Passwords and connect to a gradient trust model. All it takes is one mistake for the gate to be opened but designing a series of privileges into your system will ensure that only the right device using the right connection by the right person will verify users can only use what they are meant to. In many cases it just requires a simple content filter on access so the content isn’t opened when someone may accidentally click on malware. The final step in gradient trust is building permissions from the bottom up using concepts like application whitelisting. We also highly recommend the use of Two Factor Authen- tication for access to online banking applications, mobile banking applications and any online accounts that have PII Simple Things You Can Do To Maintain Data Security And Keep Up With Sophisticated Cyber Threats