ARTICLE
REPUTATION RANSOMWARE: THE LATEST CYBER SECURITY THREAT by Casey Boggs, ReputationUS The term “ransomware” has become all too common in today’s cyber security discussion. For Community Bankers of Washington members who have heard the term, but unfamiliar with what it is, here’s a brief definition: ZDNet describes ransomware as a form of malicious software–or malware–which encrypts documents on a PC or even across a network. Victims can often only regain access to their encrypted files and PCs by paying a ransom to the criminals behind the ransomware. The “bad guys,” or “malicious actors” as we call them in the cyber security biz, are threatening to hijack more than just proprietary data from businesses, nonprofits and/or government entities. More than ever, the “actors” are tapping into your ethos and pathos by threatening to adversely affect your bank’s reputation. Two recent news items underscore the point: 1. Extortion Scam Threatens Website Owners With Reputational Damage 2.Send Bitcoin or your company’s reputation is TOAST! Scary, huh? But what can these actors actually do to hurt your bank’s reputation? Some claim they can send offensive messages to your beloved staff or valuable customers. Other claims include circulating spam on your bank’s behalf, spread lies on commonly visited social media platforms and falsify information about your sales practices. Once this erroneous news is out there–regardless of how false the information is about the bank–it’s hard to reverse. Like attempting to put toothpaste back into a tube. Your staff and customers are understanding and forgiving, but the impact still lingers. From a reputation management perspective, Casey Boggs of ReputationUs – a member of the Community Bankers of Washington’s Community Bank Incident Response Program (CBIR Program) – recommends a few initial steps: •Awareness. Many times, these actors come through phishing attacks. Your bank’s IT team can typically stave off extortion scams by conducting regular internal awareness campaigns and establishing strict policies, while implementing email security solutions. •Identify vulnerabilities. Overall, where is your bank’s most reputationally (yes, new word!) vulnerable? What are some Achilles Heels that your bank has recently experienced via your staff, prospective employees, customers, future customers, media, or social review sites? •Training. Your bank can also perform regular phishing tests to evaluate how well the awareness strategy is working. Better to fail during practice than in a real game, right? As we often declare, protect the reputation that precedes you, BEFORE a crisis (or ransomware) DEFINES you.