Pub. 8 2018-2019 Issue 4

O V E R A C E N T U R Y : B U I L D I N G B E T T E R B A N K S - H E L P I N G C O L O R A D A N S R E A L I Z E D R E A M S January • February 2019 23 Baiting Baiting is similar to a Trojan horse virus that uses physical media and relies on the curiosity of the victim. In this type of attack, attackers leave some malware-infected CD-ROMs, or USB flash drives in locations people will find them (bathrooms, elevators, sidewalks, parking lots, etc.), they give them legit - imate and enticing labels. “For example, an attacker may cre - ate a disk featuring a corporate logo, available from the target's website, and label it "Executive Salary Summary Q2 2012". The attacker then leaves the disk on the floor of an elevator or somewhere in the lobby of the target company. An unknowing employee may find it and in - sert the media into a computer to satisfy his or her curiosity, or a good Samaritan may see it and return it to the company. In any case, just inserting the disk into a computer installs malware, giving attackers access to the victim's PC and, perhaps, the target company's internal computer network. Vishing Vishing uses a fake interactive voice response system to recreate a legitimate-sounding copy of a bank or other institution's system. The victim is prompted (typically via a phishing e-mail) to call into the "bank" via an (ideally toll-free) number provided to "verify" information. A typical vishing system will reject log-ins continually, ensuring the victim enters PINs or pass- words multiple times, often disclosing several different passwords. More ad - vanced systems transfer the victim to the attacker/defrauder, who poses as a cus- tomer service agent or security expert for further questioning of the victim. How Prevalent Is It, and How Much Can It Cost? Unfortunately, cybersecurity hacks and scam campaigns only seem to be increasing, year after year. And they're costing both businesses and consum- ers thousands, in some cases tens or hundreds of thousands. In 2017 alone, phishing scams increased over 50 percent from the prior year, affecting both consumers and the company’s they affiliate with. The Social Engineer has research to show that social engineered phishing scams make up about 70 percent of all financial cybersecurity attacks. Even worse, they found that the average business loses $43,000 per account, while subjected individuals lost about $4,200 per scam. In some instances, hundreds of thousands of dollars were lost in both personal and company-wide phishing scams. In Summary: Trust Your Gut and Educate Your Employees on the Matter By now, it’s probably clear to you that cybersecurity, especially in regards to social engineering, is a digital topic we should all heed and familiarize ourselves with. However, even if you don’t have time to go down the many internet rabbit holes on the subject, remember to follow your gut and intuition. If that email or online requests seems a bit odd or, frankly, “too good to be true”—then it probably is. If you’re suspicious about an email or request, check with the consumer.ftc.org before taking action to make sure you don’t throw away thousands to a scam. Be sure the link you are clicking on is real. If you are suspicious that a link may not be valid, open a new browser window and type in the URL to the company yourself before attempting to log in. If you’re not sure an email requesting money from a source that is familiar to you is real, ask that person for confirmation directly. Especially for smaller community banks and credit unions, preventing such scams from costing you a pretty penny starts with educating employees on the matter. Consider looking into formal cybersecurity training for your organization. When you and your em - ployees take cybersecurity seriously, it’s a win-win situation for your institution, employees, and customers. It is also an excellent time to look into a Cyber Risk Management Policy. A liability policy that accesses breach response coverage addressing technologies, processes, and practices designed to protect networks, devices, programs, and data fromattack, damage, or unauthorized access. n This article originally appeared on the Golden Eagle Insurance’s Lender Blog. Copyright © October 2018 Golden Eagle Insurance