FRAUD OR FACT VOLUME2•ISSUE2•JUNE2018

DEFINING CYBERSECURITY (by HOMELAND SECURITY)

Ourdailylife,economicvitality,andnationalsecuritydependonastable,safe,andresilientcyberspace.

Cyberspaceanditsunderlyinginfrastructurearevulnerabletoawiderangeofriskstemmingfrombothphysicalandcyberthreatsandhazards.Sophisticatedcyberactorsandnation-statesexploitvulnerabilitiestostealinformationandmoneyandaredevelopingcapabilitiestodisrupt,destroy,

orthreatenthedeliveryofessentialservices.

THE BASICS

THE “ DARK WEB”

SOCIAL ENGINEERING

The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. People with an online accounts, social media, or any online presence should watch for phishing attacks and other forms of social engineering. ︎

THE BASICS FRAUD OR FACT

THE BASICS FRAUD OR FACT

Types of Attacks?

THE BASICS FRAUD OR FACT

Who may be doing the hacking?

Crimes are not only for money but also for your data FRAUD OR FACT

Terminology - NPPI & PII Defined Non-publicPersonalInformation(“NPPI”):

Personally identifiable data such as information provided by a customer on a form or application,informationaboutacustomer’stransactions,oranyotherinformationaboutacustomerwhichisotherwiseunavailabletothegeneralpublic.NPPIincludesfirstnameorfirstinitialandlastnamecoupledwithanyofthefollowing:

SocialSecurityNumberDriver’slicensenumberState-issuedIDnumberCreditordebitcardnumberOtherfinancialaccountnumbersNYSDFSCyberSecurityAmendedRegulations:HavenarrowedtheirbroaddefinitionofNonpublicInformationto“BusinessRelated”information(§500.01(g))(earlierversioncovered“anyinformation,notnonpublicorbusiness-relatedinformation).

Personallyidentifiableinformation(PII):Anydatathatcouldpotentiallyidentifyaspecificindividual.Anyinformationthatcanbeusedtodistinguishonepersonfromanotherandcanbeusedforde-anonymizinganonymousdatacanbeconsideredPII

Get a better understanding Cyber Insurance

• Cyber Insurance still in “wild west” territory, but improving.

• Don’t purchase without reviewing current policy; consulting specialist. • Policies may become outdated quickly in light of new threats, so review regularly.

• Be aware of what’s covered. Notice requirement costs? More?

Cyber Insurance Get a better understanding

FRAUD OR FACT

Thisiswhyhumanerrorissoimportant–ifsomeoneinyouroffice‘clicks’abadlink,thenyouragencymaynothavecoverageforthaterrororcybereventthatleadstohackedemails,divertedwiretransfersorbreachofprivatedata.

Cyber Insurance Get a better understanding

• Ensure E&O covers defense for suits related to alleged negligent acts leading to breach or other cyber crime. • Crime coverage (also called “fidelity” insurance) and cyber policies can cover first-party losses for social engineering.

• At this time, coverage for direct third party losses caused by “social engineering” scams (e.g., a client’s loss via wire fraud) may not exist.

Cyber Insurance Get a better understanding

Cyberliabilityprovidescoverageforthetheftofyourcustomers’non-publicinformationNOTthetheftofyourcustomers’escrowfunds.

CyberLiabilityprovidescoverageintheeventyousufferasecuritybreach,yourcustomers’non-publicinformationiscompromisedandtheysueyoufordamagesandexpenses.ThesecostsarecoveredunderthefollowingCyberLiabilitypolicyinsuringagreements:v SecurityandPrivacyLiabilityv PrivacyRegulatoryDefense&Penaltiesv DataRecovery-Ransomwarev CustomerNotificationandCreditMonitoringCostsv DataExtortion/Ransomwarev MultimediaLiability

Help is coming in 2018 with Wi-Fi Protected Access 3

•  WPA3protocolstrengthensuserprivacyinopennetworksthroughindividualizeddataencryption.

•  WPA3protocolwillalsoprotectagainstbrute-forcedictionaryattacks,preventinghackersfrommakingmultipleloginattemptsbyusingcommonlyusedpasswords.

•  WPA3protocolalsoofferssimplifiedsecurityfordevicesthatoftenhavenodisplayforconfiguringsecuritysettings,i.e.IoTdevices.

•  Finally,therewillbea192-bitsecuritysuiteforprotectingWi-Fiusers’networkswithhighersecurityrequirements,suchasgovernment,defenseandindustrialorganizations.

FRAUD OR FACT FUTURE IMPROVEMENTS

FRAUD OR FACT VOLUME2•ISSUE2•JUNE2018

PROTECT YOURSELF PROTECT YOUR BUSINESS

PROTECT YOUR CUSTOMER PROTECT YOUR FUTURE

STAY INFORMED