How to gain more from operational risk management practices. Modern risk management technology solutions improve efficiency and provide greater visibility into risks. Today’s tools provide real-time visibility, action plans, enhanced reporting and business intelligence, and proactive notifications for operational risk. Real-time data empowers banks and financial services organizations to proactively manage risks and instantly detect and mitigate emerging issues. Click here to learn more.
Protecting your bank from phishing attempts
FRBservices.org's July 15 FED360° newsletter includes an article, "Gone phishing—Tips to help protect your organization from phishing attempts." Phishing is used by threat actors in attempts to acquire sensitive information using a fraudulent solicitation, via email or on a website (or through text messages) in which the fraudster poses as a legitimate business or reputable person. The article offers tips to help protect banks and other organizations from phishing attempts:
- Educate your staff on what phishing is, how to spot it and how/where to report it when it occurs.
- Consider having occasional "testing" phishing exercises.
- Have clear and well documented policies on how to manage phishing attempts to ensure staff respond appropriately
- When possible, use technology to aid in the identification of phishing emails though the classification of internal versus external email sources
- Add warning messages to the header of all incoming emails from external senders, alerting employees to review external messages with extra care
- Maintain contemporary anti-virus and anti-malware scanning software to offer additional protections in the event staff inadvertently click on suspicious links embedded in the body of an email
- Stay on top of the evolving phishing tactics by consulting with your information security staff to monitor trends and adjust internal policies and procedures accordingly
- Restrict or remove email and web browsing on systems routinely used for payments processing