October 29, 2013 10:41
If your organization uses cloud-based file sharing designed specifically for business use with strong safeguards (e.g. end-to-end encryption), you can skip this article. If your employees are using a consumer focused file-sharing solution, the following four steps might be an interesting little wake-up call.
- Investigate, identify and fix: Murphy's law in security states that if it can be breached, it will be breached, and it will continue to be compromised until it is truly fixed. Worse yet, this process tends to uncover additional security gaps, which will require additional resources. During this step, someone will have to document the incident in great detail: who discovered the breach, when did it happen, how much data was compromised and what type of data was it? This will require several lengthy interviews and weeks of investigation. Got time for that?
- Inform internal authorities: Your organization will need to hold several meetings with the internal stakeholders directly affected by the breach. This includes accounting, HR, IT (i.e. you) and the entire upper management team - not a very valuable use of anyone's time.
- Inform the external authorities: When your data has been stolen or compromised, you will need to also alert various levels of law enforcement (FBI, secret service, etc.) as well as your legal counsel. If your organization has a PR/crisis management team, this is their time to shine.
- Inform the end users: Sorry, but if data was compromised, it is best that the employees hear it from their own organization first instead of reading about it on the Internet. Aside from the written communications, your helpdesk is going to be swamped with questions about the data breach so they need to ramp up for heavy traffic.
Depending on your industry, your data breach checklist (by the way, do you have one?) will vary in terms of exact tasks, but the following is pretty much universal: You have got to find it and you've got to fix it - and you've got to let a number of parties know all the messy details. I would recommend using an external Incident Response company that knows what they are doing. The rules of evidence in cyber crime forensics are easy to break and that gets you further in the soup.
The real point here is that data breaches redirect valuable resources away from production time and easily cost hundreds of thousands of dollars. So if you've tried everything and still can't convince upper management to block all consumer file sharing sites in your firewall rules, maybe this short checklist will do the trick.
With grateful acknowledgement to, and adapted from:
Note: links to third party web sites are provided for your convenience only. Bank of Ann Arbor does not control those sites or their content.
October 29, 2013 9:19
New regulations affecting international money transfers go into effect this month (October 2013). The Consumer Financial Protection Bureau (CFPB) is helping to educate the public on the protections and changes the new regulations will bring. If you send money abroad, you need to read this information. Of course, you can always talk with your friendly Bank of Ann Arbor team member too.
October 25, 2013 3:24
JumpstARTS, Bank of Ann Arbor's 2013 Facebook contest to support arts in the local schools is off and running. Over 15,000 votes have been received for 160 local schools. Voting continues until Friday, November 8, 2013. Fans of Bank of Ann Arbor's Facebook page can vote for their favorite elementary, middle and high school to each receive one of 12 jumpstARTS checks worth $3,000. To learn more visit Bank of Ann Arbor on Facebook, follow #VoteJumpstARTS on Twitter or visit www.bankofannarbor.com/jumpstarts.
October 18, 2013 5:32
Bank of Ann Arbor's jumpstARTS Facebook contest will launch on October 23. While we're excited to get this started, some technical problems are preventing the application from working the way we promised so voting is delayed. We sincerely apologize for that. But we're going to fix it and we ask for your patience while we make changes to the application to get it right.
Voting will now start on October 23 at 9:00am and to make up for the delay we have extended the voting period to Friday, November 8, 2013 to give you the same number of opportunities to vote.
Again, we are very sorry for this inconvenience, but we'd rather it be delayed a bit if it means having the application work the way we promised rather than you being disappointed in a less than perfect voting experience. Thank you for your patience and we hope to have you back on Wednesday, and every day until November 8th too.
"Like" Bank of Ann Arbor on Facebook or visit www.bankofannarbor.com/jumpstart to keep up to date on this exciting contest.
October 17, 2013 8:44
Nicola's Books in Ann Arbor's Westgate Shopping Center is competing against five other independent booksellers for the opportunity to host New Times best selling author Malcolm Gladwell to Michigan Theater in Ann ARbor. Mr. Gladwell is on tour in support of his new book, David and Goliath. Cast your vote in support of Nicola's by visiting their website, http://www.nicolasbooks.com/. One vote is all you need to do. Bank of Ann Arbor is pleased to help by spreading the word about this easy and exciting way to support a local retailer.
October 16, 2013 1:42
Bank of Ann Arbor is pleased to sponsor Music & Mocha with Martin Bandyke on 107one fm Fridays from 6a-10a. This week join us at Zou Zou's Cafe in downtown Chelsea for a live broadcast of Martin's show.
October 16, 2013 1:39
This week, cybercriminals are using a well-known social engineering trick to try to make employees click on fake invoices to distribute a piece of malware. This is especially risky as they are trying to reach employees in the finance department, who either might open the attachment or get it forwarded by a co-worker that is not sure what this is and sends it to Accounting.
The emails are entitled “Invoice #3404196 – Remit File” and they read something like this: “The following is issued on behalf of the Hong Kong Monetary Authority. Attached is the invoice (Invoice_3604196 (dot).zip received from your bank. Please print this label and fill in the requested information."
If anyone in your organization opens the attachment, a malware dropper may get downloaded, which in turn will pull down a large amount of malware that allows the bad guys to take over the whole machine: STOP - LOOK - THINK before you click and be safe out there.
October 12, 2013 8:43
All Bank of Ann Arbor offices will be open regular hours on Columbus Day, Monday, October 14, 2013.
October 1, 2013 4:50
Today, Tuesday October 1, 2013, the first stage of the new health care act kicks in. You can start shopping for policies on new insurance "marketplaces". There is going to be an enormous amount of confusion about this law, starting with whether you even need to buy a new policy or not. The federal government website, healthcare.gov, is the best place to start, but the bad guys have already figured out dozens of ways to scam people.
Variations on a Scheme
Bad guys are now sending spam and phishing emails with subjects like "We can get you a great deal right now," or "We can help you get signed up." There are also the scams that use the social engineering tactic 'prevent a negative consequence' to coerce an employee to give out personal information or even send money with subjects like "You are going to get in trouble if you don't sign up.", or "You will get fined by the Federal Government if you don't comply." There are even scams that use the guise of a (non-existent) 'New Health ID Card' or 'Discount Cards'.
An example is a scammer who will claim to be calling or sending a phishing email on behalf of Medicare and will ask for your Social Security number, driver’s license number, bank account number or credit card information for your new "National Insurance Card."
Tell your employees to delete any email related to this, and hang up the phone if they get a live cold call or a robo-call promoting a toll-free hotline promising they can be signed up right now. Especially if scammers ask for a wire transfer over the phone, hang up. Those are all Red Flags and these new marketplaces and exchanges are a hotbed for scams. It would not surprise me if completely fake health care exchange websites will be promoted in the coming days. Stay safe out there and STOP - LOOK - THINK before you click!