Pub. 4 2016 Issue 1

Issue 1. 2016 9 THERE ARE A NUMBER OF WAYS WE CAN HELP YOUR SMALL BUSINESS CLIENTS GROW AND PROSPER. WELL…ONE NUMBER IN PARTICULAR! For operating capital needs, talk to us about SBA Community Advantage (7a) Loans. 801.474.3232 | mwsbf.com Partner with us on SBA 504 Loans • Purchase land and equipment • Buy, build or remodel a building • Lower monthly payments • 10- to 20-year fixed rates • As little as 10% down Utah’s #1 Small Business Lender through crime-as-a-service. A software product called “Ran- som32” that allows anyone to kick off their own ransomware campaign by simply registering for a Bitcoin account. The “customer” simply uses their Bitcoin credentials to sign up for the ransomware service, configure the style and type of attack they wish to send out, and start sending out the malware. Bad guys also set up call centers to support online dating scams (the call center makes calls to victims pretending to be the love of their life), ransomware (helping victims purchase Bitcoins and decrypt files, ensuring that the victim recovers so that the fraud continues to propagate), and reshipping scams (using stolen credit cards to purchase expensive items online, shipping such items to “mules” at other addresses, then reselling the merchandise). Call centers charge fees to assist in cybercrime activities, ranging from $10 a phone call to ongoing fees for extended scams. How Does Crime-as-a-Service Affect My Institution? Financial institutions have to look out for cybercrime from mul- tiple different angles, specifically being aware to potential attacks on both employees and customers. Institutions must be very cognizant of and continuously monitoring their internal networks for unauthorized traffic and unknown files. Once in the network, cyber-attacks attempt to remain undetected while gathering infor- mation or gaining access to funds, but there are typically red flags if you’re paying close enough attention. It’s extremely important to be able to detect an attack that is occurring, not just attempt to prevent or recover from an attack. Getting transferred funds back is much more difficult than stopping an attack from leaving the network. Monitoring customer transactions is also extraordinarily im- portant in order to combat identity theft. Setting transaction limits, implementing two—factor authentication, and developing payment whitelists are very effective controls to mitigate the risk of customer fraud. The last thing to keep in mind is that training and education reduces the risk for everyone involved. It is no longer acceptable to have employees watch a 60-minute video on phishing once a year; financial institutions must provide ongoing, relevant, and useful training and education to their employees on an ongoing basis, and consider leveraging such training and education for customers as well. How can SBS help? Secure Banking Solutions offers numerous services and products to help you better protect your financial institutions, including our popular Cybersecurity Retainer, which includes Incident Response consulting, digital forensics, temporary staffing, and se- curity awareness training in the event of an attack or incident. For more information, visit us at https://www.protectmybank.com. If you are looking for some additional details on cybercrime and what you can do to protect yourself, the SBS Institute offers financial-institution specific, role-based Cybersecurity Certifica- tion Programs on numerous topics that will help you protect your institution from attacks. Check out the SBS Institute certification programs, including our Vulnerability Assessor or Ethical Hacker certifications, here: https://www.protectmybank.com/sbsinsti- tute/ n