Pub. 5 2016 Issue 3

l e a d i n g a d v o c a t e f o r t h e b a n k i n g i n d u s t r y i n k a n s a s 18 T HE FBI ANNOUNCED that it’s seen a dramatic rise in ransomware. These attacks entice users to open an email attachment or click on a link that downloads malware that “locks-up” or encrypts data on a computer, shared files or files on a server that’s accessible from the computer. The attacker then demands payment to unlock the data or provide the decryption key. These infections can be devastating and recovery can be a difficult and timely process. The FBI recommends not paying the ransom and that you contact them if you are the victim of such an attack. It’s important to realize that if you do pay the ransom there’s a chance you won’t get your files back regardless. But more importantly, paying the ransom may cause you to be targeted again in the future simply because you’ve shown a willingness to pay. Ransomware events not only pose a security threat, but they also take a significant investment of time to resolve, they create downtime (by loss of access to data) and they cause reputational risk. Thus, costing the bank far more than the ransom demanded. A better approach is to have systems and processes in place to reduce the threat of such attacks. Here are a few risk management tips: • Be aggressive with your spam filtering – this reduces the threat that malware can come in as an attachment via email. • Use caution whitelisting individual email addresses – even a trusted sender can become infected and transmit a virus to you. • Always block high risk attachments (even from whitelisted addresses) – Certain files have a high propensity for malware and some cannot be scanned by anti-virus software. • Educate employees – Have regular employee training to keep information security at top of the mind awareness. • Obtain expert assistance – Consider utilizing a vendor that has specialized tools and software that can help you prevent these attacks and recover from them in the event they do occur. Many times it’s hard to see the security benefits of investing now to prevent a future incident; however, victims of a ransomware attack will agree that the best defense is have a solution in place before an event occurs. For more information on how your bank can reduce IT risks such as a ransomware attack while spending less time managing IT, contact BankOnIT at solutions@ bankonitusa.com. About the author: Robert Mendez is executive vice president of BankOnIT. Mendez has nearly 25 years of banking experience and joined BankOnIT in 2006. He holds a BBA in finance, an MBA and is a graduate of the Graduate School of Banking at Louisiana State University in Baton Rouge. Mendez pre- viously co-founded a bank regulatory software company. As a former banker, Mendez has a unique perspective on a bank’s need to meet security, efficien- cy, reliability and regulatory requirements, while maximizing earnings. dramatic rise ice users to k on a link that up” or encrypts or files on a he attacker provide the stating and s. and that you attack. It’s nsom there’s dless. But use you to be ou’ve shown a threat, but e to resolve, ta) and they k far more ch is to have he threat of nt tips: his reduces attachment addresses – and transmit from a high be scanned by yee training to nd awareness. ACKS ARE INCREASING • Obtain expert assistance – Consider utilizing a vendor that has specialized tools and software that can help you prevent these attacks and recover from them in the event they do occur. Many times it’s hard to see the security benefits of investing now to prevent a future incident; however, victims of a ransomware attack will agree that the best defense is have a solution in place before an event occurs. For more information on how your bank can reduce IT risks such as a ransomware attack while spending less time managing IT, contact BankOnIT at s lutions@bankonitusa.com. About the author: Robert Mendez is executive vice president of BankOnIT. Mendez has nearly 25 years of banking experience and joined BankOnIT in 2006. He holds a BBA in finance, an MBA and is a graduate of the Graduate School of Banking at Louisiana State Universi y in Baton Rouge. Me dez previously co-f unded a bank regulatory soft are company. As a former banker, Mend z h s a unique perspective on a bank’s ne d to meet security, efficiency, reliability and regulatory requirements, while maximizing earnings. ou have to address FBI WARN ATTACKS ARE INCREASING HOW MUCH TIME DO YOU HAVE TO ADDRESS CYBERSECURITY? By Robert Mendez, EVP, BankOnIT