Online Security

From the Desk of Tim Mendenhall, CISM / VP, Director of Information Security & ISO 
 
COVID-19 Resource Center:

As you protect yourself and those around you from COVID-19, be aware that scams and fraud are on the rise. Five Star Bank remains vigilant in safeguarding our customers' information during these difficult times.   The resources below outline some of the current scams surrounding COVID-19. 

 Scam Information Links:

Avoiding Social Engineering and Phishing Scams 

 Avoiding COVID-19 Cyber Scams 

Coronavirus Advice for Consumers 

 

Additionally, there are many websites providing information about the Coronavirus.  Some of the websites are legitimate and some are not.  Make sure to use a reputable resource for your information:

 

Fraud Information:

Federal Trade Commission

Federal Bureau of Investigation

 

Medical Information:

Coronavirus.gov

USA.gov 

Centers for Disease Control

 

Online Security Resource Center:

Five Star Bank is committed to the security of our customers' information and cyber awareness. As threats continue to evolve, it is imperative that you and your staff understand the risks to help minimize risk of a breach within your company or at home.  We have outlined some key terms below with some recommendations on how to help minimize risk around these threats.

 

Training:  As valuable as our employees are, they can also pose the greatest risk.   Companies should implement monthly training and testing to keep employees updated on current cyber risks and trends.  Testing can help identify employees that need additional training on how to recognize Phishing attempts.

 

Email Security:   Threats around email continue to be the main avenue for breaches.  Most BEC, Ransomware, and other breaches can be tied back to malicious links or attachments received through email, which an employee clicked on or opened.   Companies should understand these risks and implement security measures, such as Multi-Factor Authentication, SPF/DMARC/DKIM, Advanced Threat Protection, and Suspicious Event Alerting to minimize risk to the company, infrastructure, and the employee.

 

Multi-Factor Authentication (MFA):  This should be turned on for any and all services that are accessible outside of your infrastructure. Office 365, Salesforce, Online Banking, VPN, and other websites that contain financial, healthcare, or other personally identifiable information (PII) should have MFA enabled to minimize your risk. 

 

Business Email Compromise (BEC):  In 2019, BEC scams cost US businesses $3.5 Billion.   A majority of these scams are initiated by email.   A procedural change as it relates to email requests can help minimize this risk.   Companies should consider implementing a “call back” procedure to a known good phone number for any request around wires, ACH, payroll, vendor account number and address changes requested through email. 

 

Patch Management:  It is important to keep systems updated with the most current patches.  A centralized application will help administer deployment of key patches to endpoints.  However, if a centralized application is not available, make sure to set your computers to auto-updated when critical patches are released.  

 

Anti-Malware:  A good endpoint security solution should include anti-malware, intrusion prevention, and firewall to minimize exposure to malware.

 

Firewall:  A firewall should be turned on for the endpoints as well as the perimeter of the network.  Key components, like Geo-IP Filtering, Content Filtering, and other controls on a network perimeter firewall will help minimize risk to malicious traffic entering your network.

 

Vulnerability Scanner:   A vulnerability scanner is useful in verifying that patch levels have been updated, applications are secure, and helps to identify additional security holes.  Microsoft occasionally issues patches which also require a manual registry update to apply the patch, and periodically this step is missed.  A vulnerability scanner should be able to identify any missing registry keys associated with a patch.

 

Incident Response:   No one ever thinks they are going to be the next victim.  However, having a good incident response plan that outlines key personnel and their responsibilities will greatly streamline recovery in the event of an incident.

 

Disaster Recovery:  Clean backups are required to ensure a successful recovery after a breach.  Make sure key data, applications, and resources are backed up. 

 

Cyber Insurance: Cyber insurance can help minimize financial risk to the company in case of an incident. 

 Additional security information: 

 

Anti-Phishing Working Group

 

Internet Crime Complaint Center (IC3)

 

Federal Trade Commission

 

Information on the CIS Critical Security Controls:

CIS Security

 

If you have any questions, please contact us.

 Contact Us

 

 
 
 
 
On larger screens, this slider can show up to three (of six possible) slides, and on smaller screens up to two slides at a time. If additional slides exist beyond those initially visible, the user may arrow or click on the previous and next buttons or drag or swipe the slides to view more.
Man wearing a scarf standing in front of Champagne Salon sign.
“FIVE STAR BANK exemplifies what it means to be a true community partner. They have allowed my dream to become a reality.”
Raymond James Irwin
Founder & Chief
Champagne Officer
Fizz Champagne Bar
Conductor, conducting an orchestra.
“We appreciate that FIVE STAR BANK shares our mission and values. The bank has been a strong community partner for Sacramento Philharmonic and Opera.”

Alice Sauro
Executive Director
Sacramento Philharmonic
Two women standing in a hair salon.
“FIVE STAR BANK has been absolutely amazing. We would not be here without them.”

Kathy Fennessy & Mary
Brigham
Owners, Hoshall’s
Salon & Spa
Man wearing earphones sitting in front of a microphone.
“Our family of companies proudly banks with FIVE STAR. Together, we are a winning combination for entrepreneurship.”
Mark Haney
The Haney Biz Project
Two men walking through a field.
“Everyone thought I was crazy to plant my own orchard. FIVE STAR BANK understands the Ag-Tech space and helped make it possible.”
Arun Ohri
Jubilant Earth Nurseries
Two men talking and walking outside.
“FIVE STAR BANK understands the business aspect of manufactured housing and what it takes to go in and create value.”


Eli Weiner
Cascade Corporate Management