Fraud Task Force By Quentin McConkey, Security Officer, BTC Bank $123,405,404. That was the number reported to the Internet Crime Complaint Center (IC3) for total dollar losses to fraud in the state of Missouri in 2023. According to the FBI, they believe only 1 in 44 incidents are reported. If we multiply the reported number by 44, the actual losses exceed $5 billion. That is an astronomical figure to consider! As bankers, what can we do to help combat this? There are several steps we can take, such as educating our staff and customers on the dangers of fraud. Additionally, we can communicate and work together to share information about the fraud we encounter. When it comes to fraud, we’re all in this together, regardless of size, location or assets. I recently met with a member of the MIBA team and proposed creating a Fraud Task Force across the state. The principles of the task force would be to meet quarterly (virtually), discuss current fraud-related events and bring in guest speakers to educate us so we can better combat fraud. This task force would also provide a valuable networking opportunity for bankers. For example, if you join this task force and encounter a fraudulent incident, you will have direct contact with another banker across the state who works with fraud at their bank. I hope you all consider joining this team because there is no end in sight when it comes to fraud. It truly will take a team effort! Please feel free to reach out to me with any questions or if you would like to help with the task force. You can contact me at (660) 425-7285 or quentin.mcconkey@btcbank.bank. Discover the 75 Cybersecurity Commandments trusted by top executives. JMARK.COM | 844-44-JMARK 2 844-44-JMARK | JMARK.COM People First. Technology Second.® Do you adhere to the NIST Digital Guidelines? Do only authorized personnel have password access to computer devices? Do you require users adopt secure password standards (NIST) and then enforce them? Are passwords updated every three months? Do administrators have separate accounts for network management? Do you use MFA everywhere you can? Do you enforce MFA on remote access email and sensitive documents? Do you use secure methods (VPN) for remote systems access? Do you maintain a “zero-trust” security culture? Is your data stored in a secure offsite facility? Is all data at rest and in transit encrypted? Do you have procedures in place to identify and secure the location of confidential information – whether as digital or hard copies? Do you have procedures in place to identify and secure the location of personal private information? Do you continually create retrievable backup and archival copies of critical information? Do you have procedures in place for shredding and securely disposing of paper documents? Do you lock your shredding and recycling bins? Do you have policies in place for secure disposal of electronic/computer equipment? Do you have policies in place for secure disposal of electronic media such as thumb drives, tapes, CDs and DVDs, etc.? Do you have procedures in place to regularly assess IT compliance with required regulations (HIPAA, PCI, FINRA, GDPR, CCPA, etc.)? Do you conduct regular reviews of users with physical access to protected facilities or electronic access to information technology systems? Do you deploy systems in a hardened/secure state? Do you have a vulnerability management system that detects and fixes vulnerabilities on all devices (workstations, network equipment, server equipment, etc.)? Do you have a third-party company that runs an annual penetration test? Do you enforce a “Clear Desk and Screen” policy to keep all confidential information hidden? ACCESS CONTROL POLICIES DATA PRIVACY POLICIES YES YES NO NO 2 844-44-JMARK | JMARK.COM People First. Technology Second.® Do you adhere to the NIST Digital Guidelines? Do only authorized personnel have password access to computer devices? Do you require users adopt secure password standards (NIST) and then enforce them? Are passwords updated every three months? Do administrators have separate accounts for network management? Do you use MFA everywhere you can? Do you enforce MFA on remote access email and sensitive documents? Do you use secure methods (VPN) for remote systems access? Do you maintain a “zero-trust” security culture? Is your data stored in a secure offsite facility? Is all data at rest and in transit encrypted? Do you have procedures in place to identify and secure the location of confidential information – whether as digital or hard copies? Do you have procedures in place to identify and secure the location of personal private information? Do you continually create retrievable backup and archival copies of critical information? Do you have procedures in place for shredding and securely disposing of paper documents? Do you lock your shredding and recycling bins? Do you have policies in place for secure disposal of electronic/computer equipment? Do you have policies in place for secure disposal of electronic media such as thumb drives, tapes, CDs and DVDs, etc.? Do you have procedures in place to regularly assess IT compliance with required regulations (HIPAA, PCI, FINRA, GDPR, CCPA, etc.)? Do you conduct regular reviews of users with physical access to protected facilities or electronic access to information technology systems? Do you deploy systems in a hardened/secure state? Do you have a vulnerability management system that detects and fixes vulnerabilities on all devices (workstations, network equipment, server equipment, etc.)? Do you have a third-party company that runs an annual penetration test? Do you enforce a “Clear Desk and Screen” policy to keep all confidential information hidden? ACCESS CONTROL POLICIES DATA PRIVACY POLICIES YES YES NO NO 1 844-44-JMARK | JMARK.COM People First. Technology Second.® Do you have procedures in place to prevent unauthorized physical access to computers and other electronic information systems? Do you have solutions in place to prevent physical access to your secure areas, such as door locks, access control systems, security offices, or video surveillance monitoring? Do you have security desks, and sign-in/sign-out logs for users accessing these areas? Do you physically escort visitors out of secure areas? Can you ensure users always log out of their computers when leaving them? Are all computers set to lock automatically after 10 minutes if left idle? Can you remotely wipe computers, laptops, and mobile devices that are lost or stolen? Is there a policy in place to protect data during equipment repairs? Do you have security policies in place for all of your computers, laptops, tablets, and smartphones? Do you have a “Bring Your Own Device” policy in place for employee mobile devices? Do you have emergency evacuation plans in place for employees? Do all employees have emergency shelter-in-place kits for emergencies where they can’t leave your facility? (canned food and a can opener, bottled water, a blanket, prescription medicines, sanitary wipes, a garbage bag with ties and toilet paper for personal sanitation) Do key employees know how to seal off designated areas in your facility if necessary? PERSONAL & PHYSICAL SECURITY YES NO Technology has transformed the way we all do business for the better. However, to keep your data and business from being at risk, you must ensure your tech is secure and continuously monitored. We’re providing this detailed checklist as a reference tool to help you verify that comprehensive cybersecurity and physical security policies are in place throughout your organization. CYBERSECURITY COMMANDMENTS Be Ready Take Action Plan Ahead Follow Up 75 Real strategies. From the experts. Keep hackers out of your bank and grab your free copy at JMARK.com/75 today. 10 | The Show-Me Banker Magazine
RkJQdWJsaXNoZXIy MTg3NDExNQ==