Pub 4 2023 Issue 6

Mike Gilmore is the Chief Compliance Officer of RESULTS Technology and a Certified Information Systems Auditor (CISA) with more than 30 years of experience in the banking industry. RESULTS Technology provides IT services to community banks across the Midwest. In his role as CCO, Mike provides compliance and risk assessments, audit and exam support and policy documentation. He can be reached at mgilmore@resultstechnology.com. • If you suspect a malicious sender, you can utilize header analyzers like one from MX. This can be a valuable tool to verify a sender’s address. Scan the QR code to verify an address. https://mxtoolbox.com/EmailHeaders.aspx • If you are expecting an attachment but are not 100% sure of its safety, there is another free tool by VirusTotal that will help analyze its safety. Scan the QR code to analyze an attachment. Do not provide it with any potentially sensitive PII documents as that is always a concern, but if you want to be sure if something is safe or not, this is a fantastic tool. https://www.virustotal.com/gui/home/upload Remember, even with the best firewall, antivirus and fully security-patched systems, you are still vulnerable to malware and phishing attempts. Proper security awareness training is key to a comprehensive cybersecurity program. As always, don’t hesitate to contact us if you need help or have questions. • Never click embedded links in messages without hovering your mouse over them first. • Look for “fake” domains. Note that www.microsoft.com and www.support.microsoft.software.com are two different domains (and only the first is an actual Microsoft site). • Always check the email “From” field to validate the sender. The “From” address may be spoofed. • Do not “unsubscribe” — it is easier to delete the email than to deal with the security risks. • Do not respond to spam in any way. Use the “Delete” button. • Do not open any email attachments that end with .exe, .scr, .bat, .com or other executable files you do not recognize. • Always check for so-called “double-extended” scam attachments. A text file named “safe.txt” is safe, but a file called “safe.txt.exe” is not. • Alert coworkers and friends of suspicious emails. RESULTS provides its employees with a Microsoft Outlook Plug-In called Catch Phish. This gives them a quick, easy way to analyze a potential phishing attempt and report it to the rest of the staff. • Do not whitelist your own domain; this allows actors to bypass spam filtering by impersonating your domain. • Do not respond to chain emails; that alerts potential malicious actors that you are receptive to targeted emails. • Let employees know that they are being tested. There’s nothing as embarrassing as being the one employee caught in a phishing test. You can even have a little fun with it. At RESULTS, if someone clicks on a phishing test, they are the lucky recipient of our Big Mouth Billy Bass trophy that sings “Take Me to The River.” It’s embarrassing but fun. 11 In Touch

RkJQdWJsaXNoZXIy ODQxMjUw