WHO'S BEHIND IT ALL?
At Amegy, our client service team always performs above and beyond expectations. The entire group takes great pride in their service to you, and they are truly the life blood of our success. Customer service is not a department; it is an attitude. Clients may not get to see them face to face, but our client service specialists have bright smiles as they respond to requests and inquiries. We would like to take this opportunity to introduce you to the faces behind the scenes that are responsible for a large part of our outstanding customer relations and continued business success.
DO YOU THINK YOU'RE SAFE FROM CYBER CRIME?
Protection from Cyber Crime – Part 2 of 3
Last year, Amegy conducted a fraud seminar in Houston entitled Cyber Crime Risk Management. It featured presentations from the FBI Cyber Crime Division and Zions Bancorporation. In the Fall 2012 edition of this newsletter, we covered the FBI presentation; and this edition covers remarks made by Michael Fowkes, Director of Security Analytics & Forensics for Zions Bancorporation.
The Verizon Wireless Risk Team along with the United States Secret Service and other law enforcement agencies publish a data breach investigations report every year. The 2012 report revealed that 97% of all breaches could have been avoided through the use of simple or intermediate controls. Most breaches are caused by hackers or through the use of malware (short for malicious software). Malware includes computer viruses, worms, Trojan horses, spyware and adware. In May 2012, the fourth largest antivirus vendor, Panda Security, reported that 80% of all malware attacks are caused by Trojan horses.
Common Attack Methods Used
- Email with embedded URL links and attachments
- Web Browsing – Drive-by-downloads
Embedded URL Links
- SQL injection
- Guessing user IDs and passwords
- Default user IDs and passwords
One of our tech-savvy bankers has this to share, "Never click on embedded URL links or attachments unless you are absolutely certain they are from a known source and the request seems legitimate. Last year, I received an email from my wife who was forwarding an email from one of my sons. Without thinking, I clicked (yes, any of us can make a mistake) on the hyperlink and then called my son to ask why he sent the email. He hadn't sent it. Apparently, he had an old email address that someone compromised. The fraudster sent out malicious emails to everyone in his address book. I immediately contacted the Amegy IT group to report the breach. My point is, no matter how careful you are, you can make mistakes. And if you make a mistake or something unusual happens, immediately contact your IT group and online banking relationships."
Michael Fowkes demonstrated that many times when you visit a website you are directed to a vast number of websites unbeknownst to you. Dependent on the website, it is possible to be directed to a page that contains malicious software. Trojan horses are a disguise. They look to be trustworthy and legitimate programs, but in reality they are facilitating hacker access to one’s computer.
Hackers use this method to add code to legitimate websites in an attempt to get the user to reveal IDs and passwords.
Fowkes’ main message was “Protection Through Depth.” To illustrate this, he showed a picture of a castle on a hill. The castle had two separate walls followed by high ramparts. The message was if the hacker got through the first wall, they were greeted by a second wall. If they broke through that wall, they were greeted by another defense. His point is, "Make your company a difficult target, the hacker will usually give up and attack an easier target." He concluded his speech with a list of security best practices. Here are a few of them:
- Use network firewalls for both inbound and outbound traffic
- Use Intrusion Detection Systems (IDS)
- Use anti-virus software
- Use anti-malware browser plug-in (Trusteer Rapport – Amegy offers free to our clients)
- Use encryption
- Keep security patches up-to-date
- Change default passwords
In Part 3, we will share some tools the banking industry offers to help you protect your assets from Cyber Crime. Helpful Resources: