Enhance Readiness, Resilience, & Recovery

CHALLENGE »  Distinguishing between approved AI processess and social engineering AI  processes attacks are increasingly challenging and sophisticated.  

MINIMIZE RISKS »  

i *  Nanlu.org is not afiliated with any of the external links. Links are provided solely for educational and informational purposes.
»  Defenses  »  Fraud Plan 

TOP
 

  DEFENSE IN DEPTH (SOLUTIONS) * 

Added Security Knowledge . . .

  User Authentication control
    Yubico MFA2 security key
    Duo Security ( Learn)
    Smart Card (optional)
    FIDO2 WebAuthn
    Entra ID Conditional Access 
 

  Compliance Laws 
 (US mandatory protection)

Financial reporting 
*  SSAE SOC1 services 
*  SOC 1 vs SOC 2 vs SOC 3

Handling card transactions
PCI DSS   
GLBA 

Financial cybersecurity guidelines 
*  NIST SP800-53 / Guide /  Overview FFIEC (replaced by NIST RMF)

Cross-sector cybersecurity goals 
*  CISA's CPGs

 Community collaboration 
* CIS Workbench
 

 
TOP
 

  FRAUD PLAN

  • Review bank operations locally at branch, for a safer communication support.  
  • Review fraudulant activities locally with a bank representative.  
    • Fraudster may evasedrop on phone activities, emails and intercept phone calls.
  • Review multiple accounts with credit agencies.

TOP

  STOP FRAUD     

TOP

  MINIMIZE RISKS (...)

  • Do not act on your own when in doubt. 
  • Do not click on any links. Use safe security practices.
  • Recommend a phishing-resistant MFA authenticator, FIDO2 protocol. 
  • Recommend Duo Security for simplicity. ( Learn about . . .l).
  • Control permissions: who gets your resources, for how long, and on what devices. 
  • Deep clean logs accross all platforms.
  • Set restrict extenstions, filters, and permissions.
  • Upskill in security awarenesses.
  • Give access to only need to know users.
  • Give the least privilege access in mind.