Pub. 7 2012-2013 Issue 4

www.nebankers.org 24 Extraordinary Service for Extraordinary Members. bellbanks.com | Member FDIC Make your opportunity a “done deal”... fast! r 1BSUJDJQBUJPO MPBOT DPNNFSDJBM BHSJDVMUVSBM DPOTUSVDUJPO PQFSBUJOH MJOFT BOE UFSN MPBOT r #BOL TUPDL PXOFSTIJQ MPBOT r #BOL CVJMEJOH GJOBODJOH r #VTJOFTT BOE QFSTPOBM MPBOT GPS CBOLFST r .VMUJ GBNJMZ MPOH UFSN QFSNBOFOU GJOBODJOH 2982 3100 13th Ave. S., Fargo, ND | Member FDIC | bellbanks.com Call Gene Uher at 605.201.1864. • Implement additional security controls on systems used for wire or ACH activities (e.g., restrict email access, restrict Internet usage, etc.). • Adhere to dual-control procedures. • Consider implementing time-of-day login restrictions and/ or monitor employee logins that occur outside of normal business hours. • Implement an Intrusion Detection/Prevention System (IDS/IPS). • Block connections from IP addresses known or suspected to be associated with fraudulent activities. • Implement a fraud detection system. • Implement anomaly detection systems. • Implementmultifactor authentication for high-risk systems. • Consider implementing out-of-band authorization prior to allowing wire or ACH activity. • Consider implementing restrictions onwire and ACHactivi- ties (e.g., dollar and/or volume limits, etc.). • Test your Incident Response Plan. • Conduct an external penetration test. • Conduct a social engineering test. • Ensure all observations from your prior IT-related audits and/or security tests have been properly addressed. In addition, below are some possible red flags that indi- cate whenmalicious or fraudulent activity may be occurring: • Activity, such as a logon, from a suspicious IP address (e.g., an IP address known or suspected to be associated with fraudulent activities, a foreign IP address, a new or unknown IP address). • Activities during unusual times of the day. • Unusual transaction activity (e.g., unusually small or large transaction amounts, an uncommon transaction such as a one-time bill pay to new payee, etc.). • Changes to administrative, cash management, or online banking settings (e.g., newuser accounts added, newpayees added, modifications to an ACH batch or wire transfer after it has been initiated, disabled or changed security features or notifications, changes to account and routing numbers of existing payees, etc.). • Unusual system activity (e.g., inability to login to online banking system, dramatic loss of computer speed, changes in appearance of website, etc.). Z Russ Horn is the president of CoNetrix. CoNetrix is a provider of information security consulting, IT/GLBA audits and security testing, and tandem—a security and compliance software suite designed to help financial institutions create and maintain their Information Security Program. Visit CoNetrix at www.conetrix.com . Q Cyber Attacks — continued