U.S. Bank cybersecurity blockchain specialist Jenny Menna said the banking industry is evaluating the security benefits of using blockchain to send encrypted information.
"We've seen potential breaches at some of these cryptocurrency exchanges," Menna told a Chamber Forum audience Monday at Rogue Valley Country Club in Medford, Ore. "We are looking as an industry if there are ways we can use blockchain for communicating with each other, but we are not there yet."
In an industry where faster payment is paramount between clearinghouses, eight large banks have invested in early-warning technology for person-to-person payments.
Banks were already focused on customer identity protection before 143 million Americans were exposed to data theft as a result of the Equifax breach.
"We're really putting our foot on the gas after Equifax," Menna said. "How do we authenticate that you are you? You almost always have your phone with you, so if your phone is in Oregon and you are buying something physically with your credit card in Montana, it's probably not legitimate."
She said the industry desires to end passwords and Social Security numbers and sees blockchain as one avenue to the goal.
U.S. Bank has 600 people assigned to ward off potential cyberattacks through analytical and other means. But small firms without such resources are just as likely to get hit, Menna said.
"Ponemon Institute has shown 61 percent of small and medium businesses have been the victim of some sort of cyberattack," she said. "If you've got a website and you have people using email, it's enough. The thing about cyberattacks is it's easy to do at scale. It's not like you have to walk into each business with a gun and try to steal the money out of the register; you can do it from afar and you can do it in volume."
She said software patches prevent security chinks from becoming conduits for attack.
"Get your employees to be smart about clicking on links. Think about the receivable accounts, set them up so they can't send money out," Menna said. "If employees are sending wires over a certain amount of money, put protocols in place so they have to have a second person approve it."
In the same manner as parents comb through a child's trick-or-treat haul for bad stuff, she encouraged people to be wary of Internet activity.
"In the world we live in, we need to not only be suspicious about Tootsie Rolls, but about emails and instructions we're getting on the phone," she said. "At this point, half of the calls I get on my iPhone come from somebody named Scam Likely; the provider knows, and don't even answer those."
She said fraudulent emails on a phony IRS letterhead have attempted to extract payroll information.
"Last year, we saw a variation that was the CEO to the head of HR saying to send all the W-2 information for all of our employees," Menna said. "Of course it's not going to the CEO, and the minute the bad guy gets the email they are out filing fraudulent tax returns for all the employees. Once that horse is out of the barn, it's gone. I'd be shocked if we didn't see it continue this year."
Even real estate transactions are susceptible, Menna said.
Anti-virus and patches are a front-line defense, she said. Ultimately, have a plan in place if a breach occurs, to contact attorneys, law enforcement, insurance, communications and having the information backed-up.
©2018 the Mail Tribune (Medford, Ore.) Distributed by Tribune Content Agency, LLC.
