A Private Industry Notification (PIN) recently issued by the FBI reports cyber criminals are attempting to use social engineering and other schemes to bypass the multi-factor authentication security protocols commonly used by banks and other businesses.
While the bulletin goes on to state “multi-factor authentication continues to be a strong and effective security measure,” we believe the most important step a bank can take to fortify its defenses is to educate its employees about the pervasive problem of online crime.
Phishing scams are the initiation point to most electronic fraud; the importance of training employees to identity phishing emails and social engineering tricks cannot be overstated. To build your employees’ online security awareness, American Bankers Association (ABA) has partnered with SANS.org, a leading information security training organization, for a series of online training for bankers—both ABA members and nonmembers—in every job role.
The series features interactive courses that address various areas including security awareness, cybersecurity compliance, and data security. For more information, visit aba.com/training-events/online-training/sans-cybersecurity-training-suites.
It is also important to recognize the inherent risk in certain types of accounts and transactions. Take extra scrutiny of international wires, disbursements from HELOC accounts, and money tied to real estate transactions. All tend to be predisposed to fraud for various reasons.
Finally, take steps to educate your customer base about the prevalence of phishing and social engineering. Do not assume they understand the risks; often, attacks target individuals or small businesses who may be more prone to divulging sensitive information.
For more information about best practices to implement at your bank, please refer to these wire fraud loss control resources on https://www.abais.com/banks.
This information provides guidance and is not intended as a legal interpretation of any federal, state or local laws, rules or regulations. ABA Insurance Services Inc. (“ABAIS”) does not warrant that all potential hazards or conditions have been evaluated or can be controlled. The liability of ABAIS and its affiliates is limited to the terms, limits and conditions of the insurance policies issued by ABAIS. 102019.SA1 © ABA Insurance Services Inc., dba Cabins Insurance Services in CA, ABA Insurance Services of Kentucky Inc. in KY, and ABA Insurance Agency Inc. in MI, 3401 Tuttle Rd., Suite 300, Shaker Heights, OH 44122.