October: National Cybersecurity Awareness Month
October is the 13th annual National Cybersecurity Awareness Month (NCSAM). Many organizations including the Department of Homeland Security, U.S. Department of State and many state banking associations are promoting awareness of this important subject.
“Cybersecurity Awareness Month is an opportunity for financial institutions to take stock of their level of understanding of cyber threats and their ability to respond to potential cyber attacks,” said Thomas J. Curry, FFIEC Chairman and Comptroller of the Currency.
Maintaining strong cybersecurity and awareness standards is the responsibility of everyone, including the bank teller, the board of directors and even your bank’s customers. The following are a few refreshers on ways you can stay cyber safe:
Email Links – While it is a useful tool, you need to be aware of the risks associated with emails. Attachments and links in an email may infect your computer with ransomware, malware and other viruses.
Social Engineering – One of the more common threats is not a computer virus but a con game known as social engineering. This is when someone tries to manipulate you into providing them information or access they should not have. If you receive a call from someone who is asking for passwords, claiming to be from technical support (some banks have reported getting calls from individuals claiming to be from Microsoft) or other suspicious calls, be cautious and report the call to management. If you need technical support, call a number that you already have on file instead of the number a suspicious caller leaves.
Social Media Sites – Social media sites pose threats similar to spam emails and fraudulent links. Just because a friend or follower made a post or tweet, doesn’t mean it is safe to click. The user may have been hacked themselves.
Know the Signs - Would you be able to recognize if your computer was compromised with malware? If programs keep opening without you doing anything or if new, unrecognized programs are installed, if you can’t shut down or restart your computer, or a pop up message stating that your files may be locked shows up, these might be signs that your computer has been compromised with malware. If any of these happen, you should immediately follow your bank’s procedures for this situation.
Be Careful Whitelisting - Whitelisting an address automatically allows that specific email address to be delivered to your inbox, bypassing spam filters specifically designed to block malicious threats and subjecting you to increased risk. Adding emails to the whitelist is a risk management decision and should be approved by management.
No Macros Allowed – Never click “Allow” or “Enable” when asked if you want to enable macros in Word or Excel, especially in a file that is delivered via email or from a link on a website.
Unique Passwords - Always use complex passwords, and don’t use them for multiple accounts. If one site is breached, your other accounts are more susceptible to be hacked into if you’re using the same password. By using different passwords, if someone learns your password, at least they can’t access other systems or accounts. Be especially cautious and never use the same passwords you have for social media or other personal sites for banking applications
Online Awareness – Did you carefully read the fine print when you signed up to use your social media site — particularly the part that says you agree that anything you post online, including your pictures, will belong to the social media site? Posting personal information makes it easier for a hacker to launch a social engineering attack against you, using your personal information to trick you into doing what they want.
Technology is changing rapidly and so are cyber threats with new technology risks occurring every day. This makes it even more important to use safe information security practices. Sound information security relies on each employee doing his or her part by being aware of technology risks, using caution when online and following the bank’s policies.
How confident are you in the people and systems your bank relies on for your bank’s information security? Contact us at 800-498-8877, option 2, or at email@example.com and discover how BankOnIT is helping more banks than ever before address the unique information security risks they face.