Ransomware and Rip Van Winkle: Don’t Ever, Ever Sleep Again

This can't be right

Security Awareness Week: June 5-9, 2017

By Rodney Nelsestuen, Chief Information Officer

We all know the story of Rip Van Winkle who slept for 20 years and woke to find he’d missed the Revolutionary War and that society had changed dramatically. Today, poor Rip would find that a mere 20-minute nap may be enough to put him out of touch – especially when it comes to security.

This was driven home by the recent global attack of ransomware (aptly named Wannacry) that put hospitals, governments, and businesses on the defensive and interrupted the normal course of business on some estimated 250,000 computers in 150 countries, including the US. This event was one of the first to have a large-scale global reach and one which cost those who were attacked an estimated $3 billion dollars. Moreover, the success of Wannacry and its scale will most certainly result in a massive expansion of the ransomware “business.”

You may wonder why ransomware is suddenly so popular as compared to other types of hacking. Here are three reasons:

The attacker need do nothing and still gets paid.

Ransomware either encrypts files on a computer or blocks access to the files. These programs used to be delivered exclusively in emails as an attachment that a victim would open. While that delivery method is still in use, the more pernicious versions simply roam the internet and when they find an unprotected network or computer, will launch the attack without human intervention.

Stealing personal information and credit card data is still popular, but imagine how much work it is to steal, store, organize, and then find a buyer for that data. In short, the old fashioned methods of theft are a lot of work compared to a ransomware attack that threatens to delete all data on a computer unless the victim pays for the release. Attackers simply sit back and wait for the victim to pay.

Want to go into business? Try ransomware as a service.

Don’t know anything about computers or hacking? No need to worry. You can contract with a hacker and outsource your criminal activity. Organizations offering ransomware services are beginning to take root and will encourage bad actors of all types to try their hand at it.

After all, what do they have to lose? The outsourced service provider does all the work and gets paid a cut of the take, and you merely await your share as the business owner.

If one door is locked, just try another.

The interconnectivity of the internet and businesses across the globe makes it much easier for a ransomware attack to succeed. Can’t get into a corporate network? Try the company’s version of webmail, which can be accessed from any computer in the world. Can’t get a user to click on a link? Then use in-memory malware to deliver the payload. Find it hard to scale your crime? Then hack cloud services and launch attacks against thousands of high value targets at once. In short, ransomware has multiple attack vectors.

So what can I do to protect my business?

There are long-standing processes and tools that companies need as a foundation to stopping ransomware. While the list of approaches is long, let’s focus on three items that will reduce the risk of being hacked or a victim of ransomware:

  1. Whether you run your own technology or outsource it, be sure you know what protections and processes you have in place. Anti-virus software, firewalls, and intrusion detection software with expert alerts, and patching systems and applications are regularly among these basics.More importantly, make sure your security tools are on the most current versions. This may mean having updates almost continuously at times as risk conditions can change dynamically. It’s good to look into new technologies as new threats arise, but remember that the tools you do have may be the best there are if kept up to date.
  2. Layer security across your business. No one single solution will protect you from every attack. Whether physical locks on doors, increasing the sophistication of passwords, using out of band authentication, or segmenting your network with additional firewalls, consider using a layered approach to make it more difficult for bad actors to get through to your valued information. This includes using the security and authentication steps offered by your bank. Most banks will provide tools that allow the business to verify financial transactions before they occur. Unfortunately, too many businesses fail to adopt these solutions and processes.
  3. Train your staff on proper use of the connected world we live in – and keep security awareness in the forefront of employees’ minds. The human threat is twofold: first, people make mistakes and as humans, we always will.Second, there has been a growing threat from insiders who are ‘groomed’ by bad actors to ultimately take part in a crime. While this is an unpleasant topic, it’s something every business owner or manager needs to consider today.

One final thought. It would pay most businesses to be connected to an organization that monitors the global threat environment and can keep the business up to date on emerging threats. This external information can then be aligned with your internal IT steps and actions. There are several such organizations and many have very reasonable fees.

The security issues faced by businesses will only be more challenging in the future. Staying up to date on security technology, being vigilant on how users interact with your systems, and having an eye to the emerging threats as they grow are all smart and necessary steps for any business today.

While there are no sure-fire solutions to risk, by taking a multi-faceted approach you’re in the know about the threat environment, and you’ll feel better that you’re managing it in a sound manner. Then you’ll be able to sleep peacefully even with one eye open so as not to miss, as Rip Van Winkle did, the important things in life such as the birth of a nation.

Gina Miller Joins Merchants Bank as Vice President and Commercial Banker

MillerGina

Gina Miller, Commercial Banker

Gina Miller has joined Merchants Bank as a Vice President and Commercial Banker, according to Shawn Sackman, Senior Lending Officer and Senior Vice President for Merchants Bank’s Southeast Region.

“We are excited to have Gina join our team,” Sackman said. “With her experience, ability and connections, as well as our increased presence in the La Crosse area, we know she will contribute to our continued growth.”

Miller had been with the Wells Fargo organization for the past 17 years, most recently as a Business Relationship Manager/Commercial Banker.

“Merchants is a great match for me because it is a community bank that is built on and values the relationships with its customers,” Miller said. “Building and maintaining those relationships has been my goal throughout my career, and I look forward to continuing that career with Merchants as it gains more market share in our area.”

Miller is a graduate of Viterbo University. She is active in the community. She is a member of the Coulee Region Young Professionals, a member of the Women’s Alliance of La Crosse, and a participant in the Chamber of Commerce’s La Crosse Area Community Leadership Program.

Onalaska is one of the fastest growing of all 21 Merchants’ locations. In 2016, Merchants reported record income of $14,154,891. The Onalaska location was one of the leaders in productivity, with nearly $2.2 million in net income.

In addition to Onalaska, Merchants has Minnesota locations in La Crescent, Rushford, Lanesboro, Caledonia, Spring Grove, Winona, St. Charles, Goodview, Rochester, Cannon Falls, Red Wing, Hampton, and the southern Twin Cities metropolitan suburbs of Apple Valley, Cottage Grove, Hastings, Lakeville and Rosemount. Merchants has an additional Wisconsin location in Eau Claire. All banks are FDIC members and equal housing lenders. Loans are subject to approval. Twin Cities-based Merchants Bank Equipment Finance is a division of Merchants Bank, N.A.

Jerad Brown Has Joined Merchants Bank in Rushford and Lanesboro as a Commercial and Ag Banker

BrownJerad

Jerad Brown, Commercial & Ag Banker

Area native Jerad Brown has joined Merchants Bank in Rushford and Lanesboro as a Commercial and Ag Banker, according to Ken Graner, President for Merchants Bank in Rushford and Lanesboro.

“Jerad has the right mix of experience, interest and personality to be successful as a banker and, more importantly, to help our customers grow,” Graner said. “His work in credit analysis and his interest and experience in business and ag will be a benefit to the people he serves.”

For the past two years, Brown has worked with Rushford State Bank as a credit analyst, looking at agriculture and commercial loans, including an emphasis on the Farm Service Agency (FSA) guaranty program. A graduate of Rushford-Peterson High School and South Dakota State University, he served as a member of the South Dakota State University Livestock Judging Team. At SDSU, Brown majored in Agriculture Science and had minors in Animal Science and Agriculture Business.

“The people who live here are my neighbors. I know what’s important to them, and I know how important it is for our local economy for our farms and businesses to succeed,” Brown said. “I look forward to putting my knowledge and energy to work for Merchants Bank and our customers.”

ICS: 5 Frequently Asked Questions

ICSAccount-Blog

An Insured Cash Sweep (ICS) account is an easy way to protect your business deposits over $250,000. But how does it work? Learn this and more with these five frequently asked questions.

How does an Insured Cash Sweep account work?
If you want to protect deposits of more than $250,000 (the standard FDIC insurance coverage amount), you can use an ICS account to deposit your money automatically through a network of pre-selected, highly rated banks. Just open your ICS account with Merchants Bank and we do the rest.

An ICS account can be structured as a checking account with our ICS Demand Checking or as a savings account with our ICS Money Market Savings. Both accounts earn interest, allow for unlimited deposits and have no minimum balance requirements.

Why would an ICS account be better than using multiple banks?
Skip the running around and paperwork. With an ICS, you only have to open one account at Merchants to take advantage of the automatic, additional FDIC insurance coverage through the ICS network of banks. Plus, you’ll only have one statement to review.

Who has custody of my funds?
Funds placed through an Insured Cash Sweep are deposited only in FDIC-insured banks. Merchants Bank acts as custodian for your ICS deposits.

How safe is my information and the ICS service?
As always, Merchants Bank takes protecting your information seriously. Your confidential information is not shared with the ICS bank network.

The ICS program has been designed to comply with all FDIC requirements. You can be confident that your deposits are safe and sound.

Are there other account options similar to ICS?
Merchants Bank also offers a CDARS account through the Certificate of Deposit Account Registry Service. This account provides additional FDIC insurance protection through a Certificate of Deposit account – instead of checking or savings. You can choose from a variety of terms to fit your needs.

Protect your large deposits and enjoy the convenience of having them insured with one bank through ICS. Want to learn more about how your business can benefit from an Insured Cash Sweep account?

References:
*http://www.insuredcashsweep.com/home/faqs/

Placement of your funds through the ICS service is subject to terms, conditions, and disclosures set forth in the agreements you enter into with us, including the ICS Deposit Placement Agreement. Limits and customer eligibility criteria apply. Program withdrawals are limited to six per month when using the ICS savings option. If you are subject to restrictions with respect to the placement of funds in depository institutions, it is your responsibility to determine whether the placement of your funds through ICS, or a particular ICS transaction, satisfies those restrictions. ICS and Insured Cash Sweep are registered service marks of Promontory Interfinancial Network, LLC. Public Fund 0414

Meet John Piscitiello, Commercial Banker

Piscitiello, Johncrop

John Piscitiello, Commercial Banker

Get to know John’s commercial banking philosophy and how he helps businesses in the Twin Cities.

Share a little about your background and banking career.

John: I grew up in Winona and went to St. Mary’s University. After graduation, I moved to the Twin Cities, where I currently live with my wife and four boys in Lakeville.

I have been in the lending business my whole career. During the real estate boom years of the 2000s, I was a business owner in the construction lending industry. It was a challenging environment leading up to the economic meltdown. I was fortunate to exit the business before the Great Recession hit, and I learned many great lessons about both the successes and failures of running a business.

What do you like most about your job?

John: When I am able to make a difference helping a client succeed and reach their goals.

What kinds of businesses do you typically work with and how do you help them?

John: My clients are typically family-owned companies located in the Twin Cities market. I help them by providing financing and other banking services where needed, along with ideas and guidance when appropriate.

What is something not many businesses know about work with Merchants Bank?

John: That Merchants is an employee-owned ESOP bank! Being employee-owned has a positive effect on our company culture, and is a nice contrast to the big banks.

How would you describe your partnership with your business customers?

John: It is very much a business partnership. For me to be a good banker for my clients, I need to have a deep understanding of their business and business goals. This helps me to not only provide the services and advice needed, but also allows me to be an advocate for my clients internally within the bank.

What do you hope your customers say about working with you?

John: I hope my customers say that I understand them and that they have a banker they can trust to take care of their needs.

What does community banking mean to you?

John: To me, community banking means strong relationships with our clients and with the local markets we serve. Community banking also means local decision-making, which for many business owners can be the difference between feeling understood and getting the service they need versus feeling like your bank doesn’t get you.

Loans are subject to approval.

Meet Mike Swanson, Commercial Banker

SwansonMike

Mike Swanson, Commercial Banker in Hastings

Get to know Mike, Commercial Banker,  and how he helps businesses – big and small – meet their financial goals.

Share a little about your background and banking career.
Mike: I started in banking as a part time teller in high school at Vermillion State Bank. Two years later, I moved to First Federal Bank (now known as MidCountry Bank) as a Construction Loan Assistant. After college, I moved back to the retail side of the bank as a Personal Banker and eventually became a branch manager there.

In 2012, I started at Merchants Bank as Personal Banker. Since then, I’ve changed office locations and roles a couple of times and eventually was fortunate enough to move to the commercial side of banking, in my current role as a Commercial Banker. It had been a goal of mine to move into a commercial role for many years and I feel very fortunate Merchants has afforded me that opportunity and in my hometown no less!

What do you like most about your job?
Mike: When people hear you are a banker they tend to draw conclusions about number crunching and spreadsheets, but I’m a community banker because I like people! I love building relationships and getting to know my clients, their goals, dreams, and aspirations, and most importantly helping them achieve them.

I also greatly enjoy my community and Merchants Bank’s commitment to the communities we serve allows me to be involved in several organizations. Part of my job is to help make Hastings a great community for all of us who live and work here.

What kinds of businesses do you typically work with and how do you help them?
Mike: That’s one of the great things about Merchants – whether you are a one-man show landscaper or plumber, or have employees in multiple locations – we are going to have products and services to offer you. I’ve work with several one-man operations in landscaping, agriculture, all the trades (plumbing, electrical, etc), as well as real estate investors, accountants, and doctors.

We can help with equipment purchasing and leasing, working line of credits, credit card, and an entire suite of cash management services too. We have something for every kind of business.

What do you hope your customers say about working with you?
Mike: I hope they say “that was such a great experience I’m going to tell everyone I know about Mike at Merchants!” Really, I hope they know I am working for them and that I’m here to offer them options in order to meet their future goals. I hope they say I am a long-term trusted partner to help them reach their goals.

What does community banking mean to you?
Mike: Community banking means that we, the Bank, take care of our community. Decisions are made by people who understand the local needs of families, businesses and farmers.

In today’s world, you can’t walk into just any bank and ask to talk to the president. But at Merchants you can because of our local, market-based leadership. Being a community bank means we partner with you through opening your child’s savings account, financing your first home, or helping you get the business of your dreams started. It means when you walk in the door, we’re going to know your name and you will know ours.

Loans are subject to approval.

One Time Security Code and Trusteer Rapport, Extra Layers of Security for Your Business

Blog-Trusteer

The security of your online business transactions is vitally important to us, and we’re always researching ways to provide extra security for your business transactions. With that in mind, we are excited to offer our business customers One Time Security Code and Trusteer Rapport, two free services designed to increase your transaction security.

One Time Security Code

One Time Security Code is a required extra level of security for high-risk transactions, such as the submission of ACH files, while using Merchants Business Online Banking. One Time Security Code does not replace any current security programs offered through Merchants, but is an additional service.

How does One Time Security Code work? If a business is performing ACH transactions online, One Time Security Code sends a code via email, phone call or text message that the business customer enters into the appropriate area in Merchants Online Banking for further verification. Once the code is entered, the transaction can be completed.

“One Time Security Code is a great tool to protect your business and is likely familiar to you through your past online experiences,” said Kerri Bronk, Merchants Bank’s Senior Operations/E-Channel Officer. “It is similar to what other websites use when you forget your password and need to verify your identity using a PIN or code sent to your email or phone.”

Who Should Use One Time Security Code? All Merchants Bank business customers who conduct ACH transactions through our Online Banking must use One Time Security Code. If you haven’t yet been contacted by the Merchants Bank Electronic Banking department (866-496-0522) or Cash Management Officers Tammy Johnson (507-457-1190) or Machelle Anderson (507-263-7572), they will be in contact in the near future, or you can feel free to contact them.

Trusteer Rapport

Trusteer Rapport better controls and reduces risk when using a computer for business by providing extra security for financial malware beyond malware identification and protection that a business should already be using. Trusteer Rapport does not replace normal computer security. While it is not required of Merchants Bank business customers, it is highly recommended. It takes just a few minutes to download.

Trusteer Rapport has multiple tools to:

  • Flag and notify customers of potential security risks. For example, if the same password is being used for multiple sites.
  • Flag or automatically clean malware off of a computer system.
  • Choose which sites are protected with Trusteer Rapport during financial transactions. If a site is protected, Trusteer Rapport will lock down the computer and not allow other programs or functions to happen until the transaction you are performing is complete. This protects the computer/customer from potential hackers searching for financial information, like what can happen in online shopping.
  • View statistics on online behavior and malware detection.

Who should use Trusteer Rapport? “Even if you can’t see someone committing a crime, it doesn’t mean they aren’t in the background online trying to figure out your online patterns and information,” Bronk said. “We encourage all businesses, especially those using Online Banking, to take advantage of the additional level of protection provided by TrusteerRapport.”

How Do I Start?

If you’d like to learn more about Trusteer Rapport, or have other questions about One-Time Security Code, the best place to start is Merchants Bank’s Electronic Banking department at 866-496-0522, or by visiting our website.

ContactUsButton