Cybersecurity Resource Center
Hardly a day goes by without news of another cybersecurity breach affecting businesses of all sizes, government organizations and individuals. The proliferation of products and services offered online as a convenience to consumers has unfortunately also become a convenient source of nefarious activity for criminals as well. It is important not to become complacent about the threat of cyber attacks. Below you will find simple explanations of some of the most common threats to your private information as well as some best practices to help prevent you and your business from becoming a victim.
Here are 10 quick tips to help protect your small business; many are relevant for individuals as well:
1. Train employees in security principles
2. Protect information, computers, and networks from viruses, spyware, and other malicious code
3. Provide firewall security for your internet connection
4. Make backup copies of important business data and information
5. Control physical access to your computers and network components
6. Download and install software updates for your operating systems and applications
7. Secure your wi-fi networks
8. Require individual user accounts for each employee
9. Limit employee access to data and information and limit authority to install software
10. Regularly change passwords
Understanding the Threat
Identity Theft - involves the use of your personal information - such as your name, Social Security number, credit card or bank account numbers, or other identifying information - by someone else, to commit fraud or other crimes. There are several ways your personal information may become compromised.
- E-mail Phishing - Involves you receiving an e-mail that appears to be from a legitimate company, such as Community Business Bank. It may even include the company's logo and a link to an Internet address that looks appropriate. This e-mail directs you to link to a website where you are to supply account or personal information. However, simply clicking the link could secretly install software on your computer. The software may infect your computer with a virus or record and transmit everything you type, including passwords. Additionally, the website you link to may be spoofing the correct Internet site.
- Website Spoofing - Involves you trying to visit a website but accidentally keying-in or linking-to a different address. This may lead you to a website that mimics the legitimate site that you were trying to visit. The spoof Internet site may route whatever information you provide to criminals. This can include your account numbers, Social Security Numbers, credit card information, passwords and personal identification numbers. Use bookmarks to access known sites to avoid being lured to imposter sites.
Infiltrating your Business Network If your business maintains sensitive information about your customers including names, credit card or bank account numbers, social security numbers or other identifying information in your company records then you are a target for this kind of attack.
- Ransomware A form of malware that targets your critical data and systems for the purpose of extortion. Ransomware is frequently delivered through spearfishing emails. After the user has been locked out of the data or system, the cyber actor demands a ransom payment. After receiving the payment, the cyber actor with purportedly provide an avenue to the victim to regain access to the system of data. Recent iterations target enterprise end users, making awareness and training a critical preventative measure.
- Business Email Compromise A sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scams can take several different formats. In one version, a business, which often has a long standing relationship with a supplier, is asked to wire funds for invoice payment to an alternate, fraudulent account. The request may be made via telephone, facsimile or e-mail. In another version, the e-mail accounts of high-level business executives (CFO, CTO, etc) are compromised. A request for a wire transfer from the compromised account is made to a second employee within the company who is normally responsible for processing these requests.
Protect Yourself and Your Business
At Community Business Bank were committed to ensuring that the tools and services we provide our customers are safe and secure. We employ strong authentication, layered security and special back-office analysis.
For more information on the general practices that Banks use to protect you read about these guidelines from the FFIEC (Federal Financial Institutions Examination Council):
Important Facts About Your Account Authentication & Online Banking
The best advice is to be cautious and take control of your personal information.
- Always shred unwanted documents that contain personal information including any bank notices, utility bills, mortgage notices and credit card statements.
- Place outgoing mail in a secure mail or US Postal Service mailbox only.
- Dont leave receipts at ATMs, gas pumps, etc. Take them with you and shred them once you have verified them against your account statement.
- Review credit card and bank statements immediately for unauthorized charges and contact the company if statements are more than a few days late.
- Don't write down passwords, and use passwords that are not related to your family name, address or phone number. A creative password that incorporates alpha, numeric and special characters is best.
- Report lost or stolen credit and debit cards immediately!
- Review your Credit Report at least once per year. The Fair Credit Reporting Act (FCRA) requires each of the nationwide consumer reporting companies Equifax, Experian, and TransUnion to provide you with a FREE copy of your credit report, at your request, once every 12 month. AnnualCreditReport.com is the official site to help consumers to obtain their free credit report.
Annual Credit Report.com http://www.annualcreditreport.com
Equifax - http://www.equifax.com; 1-800-685-1111
Experian - http://www.experian.com; 1-888-397-3742
TransUnion - http://www.transunion.com; 1-800-916-8800
Protect your Activity Online
- Do not reply to an e-mail or pop-up message asking for personal or financial information. Legitimate companies like Community Business Bank will never ask for personal or financial information via an e-mail or pop-up message.
- Don't e-mail personal or financial information. If you initiate a transaction, look for indicators that the message is secured, which can be validated by a lock icon. Most e-mail programs do not provide confidentiality via encryption.
- Use bookmarks to access known sites to avoid being lured to imposter sites
- Use updated anti-virus software. Some phishing emails contain viruses and software that can harm your computer.
Protect your Business
- Have an instant response plan in place. In the plan, designate who will be contacted both inside and outside your business and at what point in the timeline of the incident they will be alerted. Define what, if any, triggers will lead you to make certain decisions.
- Avoid Free Web-Based email. Establish a company website domain and use it for company email accounts.
- Be suspicious of requests to take action quickly or maintain a level of secrecy.
- Download and install software updates from programs you routinely use in a timely manner.
- Teach employees the basics including being careful about where and how they connect to the internet and about the dangers of suspicious emails.
- Pay close attention to your bank accounts and watch out for irregular activity and fraudulent transactions and bills.
What to do if your information has been compromised
Community Business Bank
If you believe your Community Business Bank Account(s) may have been compromised or if you receive what may be a phishing e-mail or visit what might be a spoof website referring to Community Business Bank, and if by chance you have provided any personal information, please contact us immediately at:
Call us toll-free at: 1-877-377-9077 then press "zero" for assistance.
If the e-mail or website had references to another company, you should contact that company directly.
Put your response plan into action, and immediately alert the people you have determined need to know at the outset of an incident. You should also report the crime to your local law enforcement agency and the FBI Internet Crime Complaint Center. If the crime is identified and reported soon enough, there may be a chance to recover the information and/or funds.
U.S. Government Agencies
- Federal Trade Commission
Identity Theft Clearing House
- Social Security Administration
Fraud Hotline: 800-269-0271
- FBI Internet Crime Complaint Center (IC3)
- FBI Local office:
4500 Orange Grove
Sacramento, CA 95841
Credit Reporting Agencies
To request a credit report and/or to report fraud: 888-397-3742
To request a credit report: 800-685-1111 Option 4
To report fraud: 800-525-6285
- TransUnion Corporation
To request a credit report: 800-916-8800
To report fraud: 800-680-7289
Federal Trade Commission brochures available on their website: http://www.ftc.gov
- How Not to Get Hooked by 'Phishing' Scam
- "ID Theft: When Bad Things Happen to Your Good Name"
- Cybersecurity Awareness Basics
- A Cybersecurity Guide for Financial Institution Customers
- A Cybersecurity Guide for Businesses