Pub. 13 2016 Issue 1

O V E R A C E N T U R Y : B U I L D I N G B E T T E R B A N K S - H E L P I N G N E W M E X I C O R E A L I Z E D R E A M S Spring • 2016 19 the software. This form of attack is being used increasingly more because it is more profitable than attaching skimming hardware. The malware can sit undetected in the system for a longer period of time, thereby allowing the thieves to thoroughly and quickly drain an ATM before it is noticed or serviced by official bank personnel. Malware installed by email attachment. Recently, a community bank’s system was accessed due to malware delivered by email to a teller. From all ap- pearances, the email from a spoofed government site looked legitimate so the teller opened the attachment. The attach- ment masked a virus which snaked through the bank’s net- work, installing malware which allowed the hackers access to various systems and files (including a Microsoft Office language pack translator which was manipulated and acti- vated by the malware, most likely to translate English key strokes into a foreign language). The hackers were able to access and make changes to a number of customer accounts. Luckily for the bank, a customer noticed a simple discrep- ancy on their statement and notified the bank, which was able to act quickly to the attack before loss of any customer funds. This bank’s staff was able to respond efficiently be- cause a breach response program was in place. Below is a brief overview of the bank’s actions which helped them succeed in handling the breach and communi- cating to customers what had occurred: • Bank staff assessed the situation, notified senior man- agement and began an initial analysis to determine the potential issue as soon as they were notified by the customer. • Once it was determined that there was a potential breach, management met, formed a response team and consulted their formal breach response program for next steps. • More in-depth analysis and forensic reviews of all bank and vendor systems were conducted by the bank’s IT in coordination with external vendors to de- termine the breadth and scope of the breach. Affected computers and systems were taken offline to prevent further spread. • In addition to the spoofed government agency, oth- er parties were immediately notified, including potentially affected vendors as well as the bank’s accounting and legal advisors. • Law enforcement divisions were contacted, including the Secret Service and state/local police departments. • Once it was determined to what extent external communications were needed, it was decided that only the affected customers needed to be contacted. These customers were promptly contacted by a spe- cially trained team of customer service reps, formed specifically to handle this situation. Each CSR was paired with a bank officer or manager and provided with a phone script, including an explanation to the customer of what occurred and next steps. Addition- ally, notifications were mailed to these customers. • To establish new accounts for the affected customers, meetings were held at times and branches convenient for the customer. Accordingly, branch office hours were extended to accommodate these customers, who were also provided an identity protection package. • Afterwards, the bank made what they felt were nec- essary changes to certain systems, software and protocols in order to decrease the potential occur- rence of future breaches. • Overall, the bank was able to determine, isolate and shut down the breach and send out initial customer communication within 5 days after the initial custom- er alert. Because they had the foresight to develop and institute a breach response plan, the bank’s staff was able to effectively handle this crisis. Does your bank have a breach response plan? Resources are available for you and your staff to devel- op and implement a breach response plan. If your bank is a member of the American Bankers Association, you can learn more or access materials such as a Full Communi- cation Tool Kit at aba.com/cybersecurity or contact ABA’s Doug Johnson (djohnson@aba.com ) or Heather Wyson (hwyson@aba.com ) at 800-BANKERS. Also, if your bank is not a member already, consider join- ing FS-ISAC (The Financial Sharing and Analysis Center), a nonprofit organization uniquely dedicated to the financial industry as a go-to resource for cyber and physical threat in- telligence and information sharing. Visit fsisac.com or call Member Services at 877.612.2622 for more information.  About ABA Insurance Services EndorsedbyNewMexicoBankersAssociationandAmericanBankersAssociation,ABAInsuranceServices offersaCyberProgramtoNewMexicobankswhichincludesanewpolicy,CyberCoverandthe losscontrol/ data breach resources of Cyber Care. Backed by the financial strength and stability of American Bankers Mutual Insurance,Ltd.(ABMI),thisuniquebank-ownedandbanker-directedprogramoffersD&O,bondand P&C insurance to financial institutions countrywide and has been recognized for underwriting and claims handling expertise for nearly 30 years. For more information, please visit abais.com/cybercare or contact ABA Insurance Services’ Richard Flenner at 800-274-5222 or rflenner@abais.com . M A I N E V E N T Join your colleagues "RINGSIDE" in Albuquerque, New Mexico, June 9-10, 2016 for The New Mexico Bankers Association's 105th Annual Convention! It's time to throw your hat into the ring! The New Mexico Bankers Association (NMBA) invites you, your senior staff and directors to attend the 105th Annual Convention, June 9-10, 2016, at the Sandia Resort & Casino Hotel. This action-packed convention offers you the chance to hear phenomenal speakers covering hot topics, enjoy outstanding entertainment and partic- ipate in engaging activities for bankers, associate members, and guests! Register now for your guaranteed "ringside" seat at the Main Event! In honor of our Main Event theme, come Meet & Greet “Holly Holm” as she will kick off our convention on June 9th. Be part of the excitement! Register TODAY! Go to www.nmbankers.com to get all the details. Paul Dipaola NMBA President NMBA 105th ANNUAL CONVENTION A N