Monthly Archives: August 2016

Bank of Tucson Cyber Crime Seminar

Screen Shot 2016-08-25 at 10.59.34 AM

Since 2013, cyber criminals have attacked over 17,000 businesses via business email scams with losses totaling over $2.3 billion. Businesses of any size are vulnerable. The “2014 Internet Crime Report” said Arizonans submitted 6,040 of the Internet crime complaints the previous year, reporting losses of nearly $25.4 million, and cyber crime rates have continued to rise since that time.

Experts estimate that 80% of cyber attacks are avoidable through basic cyber hygiene.  By implementing a variety of safety and prevention measures, you can significantly reduce the chances of your business suffering losses due to cyber crime.

The Department of Homeland Security has designated October as National Cyber Security Awareness month and provided some helpful resources here.↗

To help businesses understand the risks and the ways they can help protect themselves from this growing threat, we’re getting a head start on Cyber Security Awareness month by hosting a cyber security seminar on September 15 at Viscount Suite Hotel. We’ve already got a large RSVP list, so sign up soon here↗ if you’d like to snap up this valuable information.

In the meantime, we want to share some sneak peaks of advice you’re likely to hear about in more detail at our seminar… and may have read about on our blog. We assure you, there’s plenty more information to be shared at our seminar, so don’t miss it.

  • Employee training throughout your organization is critical. Make sure you have clear policies about cyber security and that they are clearly communicated to your staff, contractors and anyone else who has the ability to expose your company to risk. Educate all of your employees about the risks of clicking on links in emails and sharing business information via phone or email with people they don’t know or trust.
  • Limit access to software to employees who really need it and make sure that each employee has their own log-in (don’t have employees share log-ins) so you can track activity back to a specific person.
  • Keep software updated regularly. Cyber thieves exploit vulnerabilities in older versions of software.
  • Use two-factor authentication to access your internet email and other sensitive applications such as online banking. Two-factor authentication requires you to use a one-time password in addition to your regular password, making it more difficult for hackers to hack.
  • Make sure your back-up files are capturing all of your critical data and that your employees are following your prescribed protocol for backing up their files. Also make sure you are backing up your files in a different physical location so you can use them in the event of a natural disaster.
  • Look at your third party vendor contracts to understand what cyber risk you might assume through your relationship with that vendor, particularly with cloud providers who typically accept little, if any, liability associated with cyber crime.
  • Take information security as seriously as operations and finance.
  • Create a VPN (virtual private network) to secure communications to your business network that are initiated by authorized employees using devices outside of your network.
  • Secure your wi-fi with a password and encryption.
  • Use different passwords for different sites and make them long and complex.
  • Check any existing cyber security insurance you may have to look for gaps or exclusions in the coverage. Business interruption is typically limited to physical causes so most insurance won’t cover business interruption due to a cyber attack.
  • Before your business is targeted by cyber criminals, establish a relationship with your local FBI office. They’re the lead federal agency for investigating these kinds of attacks.

For banking (online as well as offline):

  • Use dual control for all ACH and wire transfers. Dual control means that another person or account has to authorize a transfer in addition to the person who initiates it.
  • Never trust wire instructions or other funds transfer instructions sent via email. Always call the person or company to verify the instructions.
  • Set up alerts that automatically notify you about log-ins, password changes, transfers, etc. This way if an unauthorized change is made, you know and can respond quickly.
  • Use Trusteer Rapport software (available free) to provide a secure web channel between your computer and the bank’s online banking site.
  • Use our ACH Fraud Protection Service, which enables business clients to review ACH transactions before they are complete and to choose to pay or return each item.
  • Use ACH blocks or restrictions, if you know you won’t be using these electronic payments, or if you want to limit ACH withdrawals to only specific vendors.

To address the risks of funds transfer fraud and cyber deception, our bank has also introduced a new way for our business banking clients to protect themselves through a first-of-its-kind cyber insurance group policy. The policy provides gap insurance, since most cyber crime insurance policies don’t cover losses for money sent out of a business banking account “voluntarily;” that is, when someone in your firm is tricked into sending funds to a cyber criminal posing as a trusted colleague or vendor. For more information on this policy, please visit grandpointinsurance.com.

Insurance Products are:
Screen Shot 2016-06-23 at 9.12.21 AM
Insurance Products are offered through Grandpoint Insurance Services, Inc., a non-bank insurance agency affiliate of Grandpoint Bank, and facilitated through LBW Insurance & Financial Services, Inc., an unaffiliated insurance agency.

screen-shot-2016-09-28-at-7-28-21-pm_____________________________________________________________________________________________________________

↗ Linking to Non-Bank of Tucson Websites

This icon appears next to every link that directs to a third party website not affiliated with Bank of Tucson. Please be advised that if you click this link you will be taken to a website hosted by another party, where you will no longer be subject to, or under the protection of, the privacy and security policies of Bank of Tucson. We recommend that you review and evaluate the privacy and security policies of the site that you are entering. Bank of Tucson assumes no liability for the content, information, security, policies or transactions provided by these other sites.

fbtwitterLinkedIngp

Inside Tucson Business Article – Cyber Insurance: A Necessity in the Digital Age

Screen Shot 2016-08-08 at 2.04.01 PM

Linda Drake

Thank you to article author Linda Drake of Trailblazer Advisors and to Inside Tucson Business for allowing us to republish this article on our blog. Client Cyber Crime Insurance is available to all business customers of Grandpoint Bank and its divisions, Bank of Tucson, The Biltmore Bank of Arizona and Regents Bank.

Read the original article here:
http://www.insidetucsonbusiness.com/business_chatter/cyber-insurance-a-necessity-in-the-digital-age/article_3bbe8650-4f93-11e6-a8b2-8baff37c26c2.html↗

Whether you are a business large or small, old or new, the dangers of a cyber breach are lurking. The truth is that all businesses today are digital in one form or another. It is the age of the Internet of Everything! Cloud computing is the basis of almost all transactions and with every touch of the keyboard or data entry, there is an attached risk of a breach. And with that breach, comes the liability that might not just be disruptive to your business; it could be devastating.

The costs of a breach can be enormous. (Imagine losing a major bank transfer or assuming a loss of $10,000 for each cyber-security infraction.) By the way, your attacker can come from the outside or inside, as 70 percent of breaches are initiated by employees or former employees.

So what this thing called cyber insurance? Cyber insurance arose out of the traditional Errors and Omissions (E&O) coverage known to most businesses. Over time coverage was extended to viruses, data corruption to connected client systems, or damage affecting customers. Generally, early adopters were technology-based companies.

More than a decade ago, network security policies expanded to include breaches of confidential information. At that point, the retail segment adopted cyber insurance on a wide scale.

Coverage for any business could be simple or complex. The determining factor is an employer’s decision on degree of acceptable risk. Let’s take the simple first.

The Bank of Tucson, through Grandpoint Insurance Services, now offers cyber insurance coverage for its customers at a nominal cost. The coverage for business accounts protects against losses for funds transfer fraud (when someone impersonates your company for a funds transfer) and cyber deception (when a criminal pretends to be your vendor employee or client and gets you to transfer money to them). Mike Hannley, president of Bank of Tucson, announced the new product in the last month. Mike commented, “Internet criminals do not use guns for illicit gain, but they gladly use your computer and network for paydays!”

Let’s take a look at broader, more complex cyber insurance. That kind of cyber insurance may have several parts:

Network Security: Your network has failed in some form. It could be that someone is trying to shut down your network to in an effort to stop you from conducting business. Or, you’ve just experienced a data breach, some form of extortion, or tapped your system to advance a virus to all of your connected transmissions.

Privacy: Privacy is huge and does not necessarily have to be connected to a system failure. There are many known cases of information of physical records that are not properly disposed of, including human errors (think of a lost laptop with an easily penetrated passcode) or a hard drive with customer records that somehow got into the wrong hands.

Media Liability:  This aspect covers advertising injury claims like copyright, libel and slander. Coverage may extend to offline content as well.

Digging deeper, network security and privacy liability policies covers first and third party liabilities. First party means the direct costs of responding to a breach; third party means it applies when people sue or make claims against you.

First party inclusions: 

Costs of notifying anyone attached to the breach

Loss of profits and business interruption

Legal advice and regulatory obligations

Public relations expenses

Third party inclusions:

Regulatory fines and penalties

Damage and judgments related to the breach

Legal expenses

Costs of responding to regulatory inquiries

According to Jack Clements, CPA at the Clements Agency, “Every company, large or small, should at least consider cyber Insurance. There are so many examples of exposure to loss that it is difficult to list them all; some exposures are unique to certain types of businesses.”

“And don’t forget about controls; they are critical,” Jack continued. “In broad policies, premiums are based upon the quality of your controls. Many companies believe that their controls are so strong, that it can never happen to them. Believe me, it can and it will.”

Another aspect of this discussion is commonly known as “Social Engineering” or “Duping.” This is a scheme where a seemingly legitimate email is sent to you asking for money or confidential information. It happens all the time. Jack added, “In fact, an attempt was made on our office this week. We received a business email from my brother, with whom we do business, asking for a wire transfer. When we called him, we learned that it was completely fraudulent. Had we complied, the transaction would not have been covered by our Cyber Policy, since we willingly sent the money. We would, however, have been covered by the Social Engineering endorsement that we have on our package policy. Just another area to think about.”

Linda Drake is a 25-year, seasoned global entrepreneur, corporate executive, author and Certified Professional & Executive Coach. 

For more information on the Client Cyber Crime Insurance, visit www.grandpointinsurance.com (California Insurance License #0K82434).

Insurance Products are:
Screen Shot 2016-06-23 at 9.12.21 AM
Insurance Products are offered through Grandpoint Insurance Services, Inc., a non-bank insurance agency affiliate of Grandpoint Bank, and facilitated through LBW Insurance & Financial Services, Inc., an unaffiliated insurance agency.

screen-shot-2016-09-28-at-7-28-21-pm_____________________________________________________________________________________________________________

↗ Linking to Non-Bank of Tucson Websites

This icon appears next to every link that directs to a third party website not affiliated with Bank of Tucson. Please be advised that if you click this link you will be taken to a website hosted by another party, where you will no longer be subject to, or under the protection of, the privacy and security policies of Bank of Tucson. We recommend that you review and evaluate the privacy and security policies of the site that you are entering. Bank of Tucson assumes no liability for the content, information, security, policies or transactions provided by these other sites.

fbtwitterLinkedIngp

Twelfth Consecutive 5-Star “Superior” Rating for Grandpoint Bank and its Divisions

5starjan16Grandpoint Bank and its divisions, Bank of Tucson, Regents Bank and The Biltmore Bank of Arizona, received a twelfth consecutive quarterly 5-Star “superior” rating from independent rating and research firm BauerFinancial,↗ which is regarded as “the nation’s bank rating service.”

The five-star rating, which was based on March 31, 2016 financial data filed with the government, goes only to banks that are considered the strongest in the nation, as assessed for strength, stability and soundness.

According to BauerFinancial, to earn five stars, institutions are required to maintain a tangible capital ratio of at least four percent, a tier 1 risk-based capital ratio of at least four percent and a total risk-based capital ratio of at least eight percent. Other criteria evaluated include: profitability/loss trend, evaluating the level of delinquent loans and repossessed assets, the market versus book value of the investment portfolio, regulatory supervisory agreements, the community reinvestment rating (CRA) and liquidity.

Banks cannot pay to be rated nor opt out of being rated by BauerFinancial. Four- and five-star banks appear on BauerFinancial’s Recommended Report.

screen-shot-2016-09-28-at-7-28-21-pm_____________________________________________________________________________________________________________

↗ Linking to Non-Bank of Tucson Websites

This icon appears next to every link that directs to a third party website not affiliated with Bank of Tucson. Please be advised that if you click this link you will be taken to a website hosted by another party, where you will no longer be subject to, or under the protection of, the privacy and security policies of Bank of Tucson. We recommend that you review and evaluate the privacy and security policies of the site that you are entering. Bank of Tucson assumes no liability for the content, information, security, policies or transactions provided by these other sites.

fbtwitterLinkedIngp