![Tips to Avoid Cyber-Attacks by Summit State Bank](images/cyber-protection.webp)
Cybercrimes have increased in frequency and sophistication in the past decade. The best way to avoid becoming a victim, is to take the necessary steps to secure yourself from cyber-attacks. Here are 11 ways that you can protect yourself from a cyber-attack.
1. Protect Your Data
Data which is vulnerable and can be targeted by hackers should be protected first. If you are a business owner, keep a check on how this crucial data storage is being accessed by staff and make sure that it cannot be accessed by anyone without authorization. Double check the procedures that you use to lock the data to ensure that it is safe and out of reach from intruders.
Invest in secure and sophisticated hardware that is password protected and includes two-way authentication.
If you own a small business, your company can help protect its employees, customers, and data by creating and distributing business policies that cover topics such as how to destroy data that's no longer needed and how to report suspicious emails or ransomware.
2. Avoid Wire Fraud
Wire transfers are a fast and convenient way to transfer money among individuals and businesses. However, because of their speed and permanence, they are also frequent targets for fraud. A wire transfer is an immediate form of payment.
Summit State Bank does everything in our power to identify suspicious activity. It is not uncommon for several of our team members to call you to confirm your identity and authorization as protecting the security of your funds is our top priority. There are also several steps that you can take to protect yourself from wire fraud scams:
• Be wary of scammers claiming they are your relative and having a crisis but do not want you to tell anyone.
• Do not send funds to an individual or business you have never met.
• Be cautious of situations where you are requested to make a money transfer and that is the only form of payment the person will accept.
• Double-check the information you include on a wire transfer. One typo could send the money to the wrong person or business.
3. Phishing and Spear Phishing
Phishing is a form of social engineering, characterized by attempts to fraudulently acquire sensitive information, such as passwords, account, credit card details, etc. by masquerading as a trustworthy person or business in an apparently official electronic communication, such as an e-mail or an instant message. Most often, a phishing scam is perpetrated on bank customers through an official-looking email that appears to be from the bank.
Spear phishing is an email or electronic communications scam targeted towards a specific individual, organization or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user's computer. One popular approach Spear phishers use is to pose as a friend, boss, family member, or social media organization to gain your trust and fool you into giving them your information. These emails are well-researched and personal, making it harder to distinguish between what is real and what is fake. The email will look nearly identical to what the target is used to receiving from that person. It will likely have all relevant logos and names attached. This email convinces the victim to click a link to reset a password.
Here are a few rules to follow:
- Never enter personal or company information in response to an email, pop-up webpage, or any other form of communication you didn't initiate. Phishing can lead to identity theft. It's also the way most ransomware attacks occur.
- Your company can help by employing email authentication technology that blocks these suspicious emails. You'll usually be notified that the email has been sent to a quarantine folder, where you can check to see if it's legitimate or not.
- Be cautious. If you're unsure about the legitimacy of an email or other communication, always contact your security department or security lead.
4. Monitor Your Accounts
Check your account activity frequently for anything unusual. Simply log in to SummitOnline for personal accounts and Summit eBanking for business accounts to view them online. This will help you quickly detect possible fraudulent activity. Contact Summit State Bank immediately if you notice anything suspicious. You should also frequently monitor your credit card activity and you may consider signing up for a credit monitoring service that notifies you when changes are posted to your credit report. This is one of the fastest ways to find out if someone has opened new accounts in your name.
5. Password Protection
A strong password contains at least 10 characters and includes numbers, symbols, and capital and lowercase letters. To further protect yourself, you should change your passwords on a regular basis. Changing and remembering passwords can be challenging. A password manager can help.
Summit State Bank uses two-factor authorization in our online banking platforms as a safety precaution and we urge you to use strong, intricate passwords to help prevent cyberthieves from accessing your information. Simple passwords can make access easy, therefore, creating unique, complex passwords is crucial.
Another effective way to prevent cyber-attacks is to ensure that multi-factor authentication has been enabled for all applications that access the internet in your business. Enabling a multi-factor authentication process for logins will require employees to provide several pieces of information instead of just one. As a result, security will be heightened. It will be much more difficult for any unauthorized person to access your systems.
6. Employ Secure Wi-Fi
Securing your Wi-Fi networks and hiding them is one of the safest things you can do for your systems. If you're working remotely, you can help protect data by using a virtual private network (VPN), if your company has one. A VPN is essential when doing work outside of the office or on a business trip. It will prevent attacks and log any intrusion attempts. It also serves as a filter to make sure employees cannot access potentially harmful websites while logged in as well.
7. Enable Firewall Protection
Having a firewall for your company and home network is a first line of defense in helping protect data against cyber-attacks. A firewall system will block any brute force attacks made on your network and/or systems before it can do any damage.
8. Invest in Security Systems
Investing in a quality security system that includes protections such as strong antivirus and malware detection, external hard drives that back up data, and running regular system checks, is well worth the investment.
All devices you use at work and at home should have the protection of strong security software. It's important for your company to provide data security in the workplace but alert your IT department or Information Security manager if you see anything suspicious that might indicate a security issue. There may be a flaw in the system that the company needs to patch or fix. The quicker you report an issue, the better.
9. Stay Current
Your computers and network are only as safe as you maintain them, so while it may be an annoyance to receive pop-up notifications to update your software, it is vital to closing gaps where hackers are trying to penetrate your network.
If your company sends out instructions for security updates, ensure that they are installed immediately. This is also applicable to personal devices you use at work. Installing updates quickly helps defend against the latest cyberthreats.
Antivirus and anti-spyware tools are constantly working and updating to battle the latest attacks, but if every machine is not routinely updated, you leave your company vulnerable to an attack that can quickly take down the whole organization. Keeping your network current is the best line of defense against attacks.
10. Use Third-Party Controls
The best way to prevent a third-party cyber incident is to ensure your third parties have robust cyber-security programs. Collaborate with your third parties to establish how your data is handled. Who owns the data and has access to it? How long will data be retained? What happens to data if you terminate your contract with them? Make sure you document data ownership and management in your third-party contracts.
11. Train Employees on Cyber-Security
Educating your employees to be vigilant in protecting data is as important as having firewalls set up. Train your employees to check links before clicking them, check email addresses from the received email and use common sense before sending sensitive information. If there's ever a question about the legitimacy of an email, call the sender to verify they actually sent an email If a request seems odd, it probably is.
Stay current on scams and the latest terminology. Schedule regular employee training so everyone is aware of the latest scams.
Here are a few examples of common types of cyber-attacks:
• Phishing – Phishing is a form of social engineering, characterized by attempts to fraudulently acquire sensitive information, such as passwords, account, credit card details, etc. by masquerading as a trustworthy person or business in an apparently official electronic communication, such as an e-mail or an instant message. These types of communications can also contain malicious attachments or links to malicious files, that when opened, can infect a computer with malware.
• Vishing – The telephone equivalent of phishing. Vishing is the act of using the telephone in an attempt to trick someone into providing confidential information or performing malicious tasks. An example would be a person posing as a sales rep, trying to obtain information about bank systems. Another example would be someone posing as a bank customer trying to obtain information about a customer's account or even trying to trick an employee into providing them with online access to an account.
• Business Email Compromise – Business email compromise (BEC)—also known as email account compromise (EAC)—is one of the most financially damaging online crimes. It exploits the fact that so many of us rely on email to conduct business—both personal and professional. In a BEC scam, criminals send an email message that appears to come from a known source making a legitimate request. Here is an example of a BEC attack:
An employee with access to company accounts receives an urgent email request, ostensibly from a top executive, to wire a large sum of money for what sounds like a legitimate purpose, such as an acquisition or vendor payment. The message includes routing data for a bank account that's actually controlled by the fraudsters, often at a foreign bank. In a variation on this scam, the email supposedly comes from a vendor looking to change its payment account.
• Denial of Service (DoS) / Distributed Denial of Service attacks (DDoS) – A denial of service (DoS) attack is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have. In a distributed denial-of-service (DDoS), large numbers of compromised systems (sometimes controlled by a botnet) attack a single target. The most common DoS attacks are against websites. Attackers will flood a website with hundreds of thousands of requests, which will overwhelm the website and prevent other users from being able to access it.
If you have any questions or concerns about your account, please do not hesitate to contact us at: 707-568-6000.
In addition to the tips above, the Federal Communications Commission (FCC) provides a tool for businesses that creates a custom cyber-security plan for your company by choosing from a menu of expert advice to address your specific business needs and concerns. You can find that at: https://www.fcc.gov/cyberplanner.
Already a customer? Sign up for Online Personal Banking »
Open a Personal Banking account »
Summit State Bank will never phone, text or email you to request private information such as account number, social security number, card number, or password. Do not respond to requests for such information.
When logging in, you may be prompted to use a one-time code, in addition to your username and password. This code will be communicated to you through either an automated voice call or a text message.
Sign up for Online Business Banking »
Summit State Bank will never phone, text or email you to request private information such as account number, social security number, card number, or password. Do not respond to requests for such information.
When logging in, you may be prompted to use a one-time code, in addition to your username and password. This code will be communicated to you through either an automated voice call or a text message.