By Charles Gibson Jr.
Vice President, Risk Advisor
Last week I attended a morning meeting presented by First Republic Bank: Cyber Security for the C-Suite. The presentation consisted of three speakers moderated by First Republic’s COO Michael Selfridge. The panelists were from the FBI, Secret Service and the Bank’s Chief Information Security Officer.
The first statistic that blew me away was that if the amount of Cyber Crime translated into GDP it would be the 19th largest economy in the world. Valued at 575 Billion last year it would be just ahead of Turkey’s Gross Domestic Product.
All three speakers discussed various ways crimes are being committed, what type of crimes and how they are doing it. The combinations are virtually limitless. As soon as something is figured out – a new technology or coding is created to circumvent the protection. This leaves an enormous challenge for businesses.
The tips that were given to prevent and mitigate the chances of data breaches and stolen identities surrounded education and awareness. As far as the methods that are used to illegally obtain sensitive information – human error and social engineering consist of over half of all reported situations. When in doubt, “pick up the phone” — this was repeated often because the human touch has been lost in many of our day-to-day transactions and it is easy to be duped into making an error which could cost your company significantly.
Best Practice suggestions for companies include:
- Educate computer users for threats
- Implement Firewalls Antivirus software with regular updates
- Use complex passwords
- Implement packet capture at gateway, e.g. netwitness, tcpdump and review
- Implement scripts to conduct daily checks for account added/removed on domain controller and review
- Exercise caution when posting to social media and company websites
- Be suspicious of requests for secrecy or pressure to take action quickly
- Consider additional IT and financial security procedures, like out of band communication and digital signatures
- Create IDS rules to flag possible spoofed email addresses
- Implement two factor authentication for corporate email accounts
We at DG highly recommend preparing for a loss. The above suggestions certainly will help prevent a loss, but in the event that something does happen, being prepared can save your company millions.
Our suggestions include:
- Create a Disaster Recovery Plan
a.) The first steps should include notifying your financial institutions ASAP once a breach is recognized. Other notification can be made to the FBI at www.ic3.gov
b.) There are many more steps – Consult with Deland, Gibson for more information.
- It is important to evaluate and identify cyber risks with a DG Advisor. Most businesses do not know the extent of the exposures they face. We at DG can walk you through an introductory assessment for further education on the subject.
- Buy Cyber insurance. Many companies don’t think this will happen to them – or see the exposure. It is there. The benefits of Cyber liability would be another entire blog post so we won’t get into that here… Pick up the phone and ask us!
- We also have a relevant document for clients: Best Practices for Online Banking – connect with your DG Advisor for more information.