You must be aware when your customers are targeted by phishing attempts, and that means your customers need to be able to report it to you. Make sure they know what phishing is and how to recognize it — but most importantly, ensure they know what communication looks like when it comes from you, and what types of information you will and will not ask from them.

 

Once a phishing attempt is identified, your computer security systems must respond immediately. Have procedures in place to “tag” phishing websites and report them to Web hosts, ISPs, and law enforcement and other authorities.

 

While it can be useful to maintain a constant stream of communication with your customers via email, don’t overdo it. It’s all too easy for one fraudulent phishing email to get “lost in the crowd,” and your customers won’t realize the link they’re about to click is a phishing link. A good way to ensure a level of secure communication is to utilize an email encryption tool or your online banking banking application. The additional security of the multi-factor authentication and secured messaging will help reduce the risk.

 

The most vigorous phishing attempts are usually targeted at people with access to large accounts, especially when that person’s access is publicly visible, as in the case of a high-ranking company official. Ensure you can identify those customers and then work with them directly to ensure they’re informed of the risk and know how to respond. Ensuring dual controls for submission & approval for both the customer and bank when able can add a layer of control.

 

Don’t forget the security fundamentals. Your authentication procedures should be robust and well tested, and your Web and email filters should be monitored carefully to ensure they’re doing what you need them to.

Contact us today and request a risk management consulting session for your bank.