Summer Hours: Monday - Thursday 8:00 am - 5:00 pm • Friday 8:00 am – 12:00 p.m.

In addition to following banking regulations, many community banks implement the same or similar strict security measures for their technology and information as large corporations and global banks. Even so, more cybercriminals are targeting community banks and seeking ways into their systems. In a recent article, Independent Banker discussed this issue with John Toney, a former U.S. Secret Service Agent.

Mr. Toney described the types of cybercriminals and reasons for targeting large and small entities. The article notes his description of “upstream” and “downstream” hackers. While upstream hackers are targeting large entities, such as big banks and corporations, the latter are less experienced hackers looking for an easier mark. These hackers’ end goals often include selling stolen personal or financial information through the online black market. Mr. Toney noted that the downstream hackers can be difficult to catch and prosecute, as many are operating from outside the U.S.

Types of cyberattacks are becoming more sophisticated, so it’s important to alert employees and customers to be on the lookout for the following:

  • Spear-phishing emails, which target bank employees.
  • Domain-spoofing emails, which target consumers.
  • Email scams targeting bank officers, often appearing to come from a colleague.
  • Phone scams or online queries designed to play on your employees’ desire to provide excellent customer service.

Because community banks may be seen as easier targets due to their size, they should plan for cyberattacks to become more frequent. In order to further protect their own data and customer information, Mr. Toney encouraged banks to limit employee network access to only what is required for their work. In addition, he stressed the importance of continuing to discuss new and existing cybersecurity risks and fraud prevention strategies with customers and employees.

Read the full article from Independent Banker, including detailed descriptions of the new cyber threats.