Sign Colorado Banking Notice To Quit Secure

Sign Colorado Banking Notice To Quit Secure. Apply airSlate SignNow digital solutions to improve your business process. Make and customize templates, send signing requests and track their status. No installation needed!

Contact Sales

Asterisk denotes mandatory fields
Asterisk denotes mandatory fields (*)
By clicking "Request a demo" I agree to receive marketing communications from airSlate SignNow in accordance with the Terms of Service and Privacy Notice

Make the most out of your eSignature workflows with airSlate SignNow

Extensive suite of eSignature tools

Discover the easiest way to Sign Colorado Banking Notice To Quit Secure with our powerful tools that go beyond eSignature. Sign documents and collect data, signatures, and payments from other parties from a single solution.

Robust integration and API capabilities

Enable the airSlate SignNow API and supercharge your workspace systems with eSignature tools. Streamline data routing and record updates with out-of-the-box integrations.

Advanced security and compliance

Set up your eSignature workflows while staying compliant with major eSignature, data protection, and eCommerce laws. Use airSlate SignNow to make every interaction with a document secure and compliant.

Various collaboration tools

Make communication and interaction within your team more transparent and effective. Accomplish more with minimal efforts on your side and add value to the business.

Enjoyable and stress-free signing experience

Delight your partners and employees with a straightforward way of signing documents. Make document approval flexible and precise.

Extensive support

Explore a range of video tutorials and guides on how to Sign Colorado Banking Notice To Quit Secure. Get all the help you need from our dedicated support team.
Show more

Industry sign banking colorado notice to quit secure

[Music] hello and thank you for participating in today's bkd webinar cybersecurity threats and risk and energy our presenters today are omar eosin in ron hole shizer Omar is a leader in a and B KT national energy in national and natural resource practice he has more than 18 years of experience in providing audit services for publicly traded and privately held entities and coordinating large internal international audits Omar has experience and power utilities oil and gas mining and manufacturing he also has experience in capital raising activities and related SEC filings bankruptcy and fresh start accounting Ron has more than 25 years of experience helping companies with information technology and cyber security issues his primarily focuses on providing internal audit and IT cybersecurity services to a number of industries his team conduct cybersecurity risk assessments general IT control reviews internal and external pentesting red team testing Incident Response consulting business continuity plans and social engineering reviews for approximately 250 companies in the US again thank you for participating in today's webinar I will turn it over to our presenters Thank You Alice welcome to our webinar this is Ron hull shizer I'm a managing director for big Haiti cyber and so not only is October the month for Halloween but the department of homeland security in 2004 called it the cybersecurity awareness month and so I I think they were related but it was three years after 9/11 in 2004 when they came up with that and boy have things changed so today we're gonna go to the dark side for the next hour so you can see the objectives we've we've got up there we're going to discuss the ever evolving landscape primarily in the back office since we have an hour and this is a can be a pretty extensive subject we decided to kind of limit it to the back office issues that we're seen we're gonna identify some steps that both individuals and companies can take to minimize the effect we're going to talk about the bkd cyber top 10 cybersecurity areas we're gonna go through some trench stories of cybersecurity cases and then talk about a few resources that you could utilize so prior to putting this together I get a couple of notices from companies on the number of breaches there are six or seven a day that are in the news but I took three specifically in this industry and you can see both IBM security Verizon and then chief information officer magazine had identified these three you can see what those issues were it's it's a wide range the first one had to do with Peter breach tax on operations and the third had to do with an inside job with a network engineer and so we'll talk a little bit about the people side of this as far as we go through this so one of the things that we've seen in cyber is executive c-level executives controllers accounting folks people that have access to kind of the inside is that people are being targeted and you know we're all victims of identity theft when the Equifax hack occurred most of us had already experienced some identity theft but that one I believe impacted everybody in the United States I personally am a victim of identity theft with the IRS so I had to go through these steps to kind of protect my identity so we all have to deal with it and it's an ever challenging problem because the attacks have been morphing and changing over the years so we took a look at the the top social engineering things that we're seeing so that number one is a CEO scheme and this is typically where the president the CEO they leave the country perhaps or they're traveling and financial executive will receive an email that says hey I need you to send this wire I need you to do it today I'm personally aware of about two dozen of these that were successful anywhere from about $8,000 to the the worst one that I'm aware of firsthand is about $100,000 and they all had a very similar pattern and so one of the things that we've seen is with social medium we'll talk about that we all have digital footprints and the bad guys have been camping out on executives and looking at information and then they've done a lot of due diligence to identify other executives within the company and then they strike when they see some change that they think they can leverage and so there was one specifically that the the president the company had gone to Italy and he and his wife were gone for a week and the CFO received a an email from him and it had that very similar pattern and I just send this wire she thought it was strange because you know she was thinking that he and he and his wife would be sitting on a veranda somewhere drinking some wine looking at the Italian Alps and last thing he would be doing was be would be sending emails cuz she knew him and so there was a sense of urgency she held off she called him the next day because of the seven hour difference time difference and said hey listen I'm really sorry but I didn't send that wire yesterday via email and he's you know he of course said what are you talking about I didn't send you an email so anyway that's very typical pattern on the on the CEO scam the elderly abuse it doesn't impact companies per se but it does people could get compromised and so it's just just something to be aware of but it's it's usually taking the form of a romantic thing and then there's blackmail or extortion involved so it could impact employees that then have an incentive to see if they could do embezzlement or some kind of wire fraud and then the last one is is in fact a wire fraud we worked a number of those in our within our firm we've got about three dozen certified fraud examiners and I've worked in conjunction with that that group that if they think they got hacked or compromised in some manner we would go in as his team's to do the due diligence the forensics we would do pen testing and I'll show you an example of one that I worked on so a lot of this is just being aware of what the bad guys are up to with social engineering and that it is impacting individuals and then companies as a result so I thought I would just share since I'm a victim of identity theft and I also in a prior life I worked in aerospace and nuclear industry so I had a Department of Defense top-secret clearance in the Department of Energy top-secret clearance and so when the Office of Personnel Management got hacked you know my information was out that way between that the IRS the Equifax and a number of others I've gotten extremely protective about my digital footprint so I use I use a personal VPN I particularly I use Avast and it works with my iphone my iPad and my Mac in addition to my bkd Dell computer and we have a virtual private network but the use that I have for that is if I'm sitting in Starbucks and I'm setting up a connection to their network I turned the VP on VPN on and it encrypts all the traffic that I'm on with Starbucks to a vast server somewhere in the IEEE States I typically connected to Dallas or Denver sometimes Chicago but it's encrypted so nobody in Starbucks can intercept my traffic I also use some technology to make sure I know where my phone is in this day and age we we use our phone for password resets it's it's very important most multi-factor authentication now relies on a on a phone so a lot of times if you're in your bank or your 401k and you want to change the password you'll get a message to send a text or an email usually to your phone you'll get a six digit number you put that in and it'll it'll match your username password with your phone so that's two factors of authentication so if your phone ever gets stolen or lost you may not be able to reset passwords and you have to work something out it's a real hassle but I always want to make sure I know where my phone is I do use a password manager I have 123 usernames and passwords and they're very difficult to keep track of since I have so many and so I use LastPass there are five or six others but it allows me to not have them in an Excel spreadsheet not have them written down and it at least allows me to have a little better control over my passwords and I can make them quite complex since it works with browsers so last year my Facebook account got hacked and so I am off Facebook I'm also off Twitter and Instagram for the same reason just because of the kind of work I do I just want my digital footprint to be as small as possible I still am on LinkedIn but I've really been very deliberate about controlling my digital password I use some other tools for instance tile again to track my phone and vice versa and then I typically and this is more for my personal email I unsubscribe four or five years ago it was kind of sketchy whether or not you'd want to unsubscribe but most of the email that I get is for instance from Chili's I've paid with their little kiosks that you have at the table and then it says do you want an email of your receipt and I put my email address in and then I get a ton of email from Chili's most of that's being done with with firms like Constant Contact and so I feel pretty comfortable about unsubscribing and and those typically I don't run any problems where I'm generating additional traffic so with that I'm going to turn this over to Omar for a first polling question sure thanks Ron so approximately how many global cyber attacks happen in a day would it be a thousand ten thousand a hundred thousand two hundred thousand or you're not sure and while we're waiting on the audience Ron do we have idea as to is there like certain regions or countries where such attacks usually originate from we do you can look at firewall traffic since we have about 250 clients you can see where it's coming from it's interesting that a big chunk in the last two or three months is like Brazil and newbs Equis Tan and so we kind of think about you know the Russians and the Chinese and all of that North Koreans but there are other other countries that is coming from and anyway yeah it's it's not who you might think it is the usual subjects it's it's coming from other places with people with trained IT folks that you know their governments aren't as as strong and so there's a lot of bad stuff going on interesting thank you and here the result said that that's pretty good actually I'm surprised the audience got it almost really right it's the approximate number is about a hundred and seventeen thousand attacks a day that's just massive Ron would you walk us through the risk versus cost sure let me go to the next slide so we're gonna go through the the bkd cyber top ten so the first the first one we had is know who can access your day that we're seeing a lot of really intense with companies and with reliance on employees so and just compared to seven or eight years ago a lot of companies sheer data they have people having access to their systems and so you know this is a big one know who can get in whether its employees or somebody else and and and how what that looks like so Laura Omar from from your standpoint it from an audit standpoint what do you see on this front on the segregation of duties administrator access yeah Ron you're absolutely right from an audit standpoint the last two bullets and bold in here are the ones that we come across almost all the time and they're not really confined to small companies even midsize companies oftentimes we have the what we call the superuser access and the segregation of duties but I mean they're all condemned to the same issue which is you know funding what's the cost benefit to add another layer of security and hansung systems or adding another body to the accounting department but but again those are the repeat offenders in in my world at least it also I'd like to touch on the physical access while I haven't really seen it that often it's just twice and two separate instances two different clients I was walking in their premises and here's the server room one of which did not have a door the other one had it door but it was always almost always open because they wanted to fan out you know cool down the servers well I mean anyone practically can't come in and you know plug in a jump drive or what have you and now they're tapped into your network it's just amazing all right thank you so on the cyber side or IT side we have terms for everything most of its kind of technobabble but on the cyber side we we have a term white hat that's a good guy we've got a black hat which is a bad guy and then we've got a grey hat the good guy during the day and a bad guy at night so one of the things I thought I would share is Eddie Tipton I became aware of Eddie Tipton I was asked to speak at the association of state and provincial lotteries in Seattle about a hundred IT folks and any way that the the day I arrived the the person who had invited me said hey did you hear about Eddie it's like no tell me about Eddie it's like well oh and he is in the news and so Eddie was the IT security director for the state of Iowa and he was also involved with the multi-state lottery which is about a two-thirds of the state's participate in that and he was their security director located in in Iowa and anyway I said well what what about Eddie he was like well number one he was really really arrogant he was you know in and he kind of humble he said yeah you know us IT guys are pretty arrogant obnoxious like yeah I'm one of those he said yeah and he was over the top he would he had been coming to their meeting for about eight years and so what did he do well there's Eddie that security picture security camera photo of Eddie he's in that dark hoodie to the left at a convenience store in Des Moines buying a lotto ticket and you're thinking Ron a lottery employees can't buy tickets well they can't be a policy but there he is he bought a ticket lo and behold there is the winning ticket and it's it's actually signed by an attorney in New York and Eddie had sent it to him to cash him because it was a multi-state lottery ticket and I would do the same thing if I won and it was over five million dollars if I'd won that much money I wouldn't want my neighbors let alone the bad guys know that I won the lottery so I would set up a trust and and try to try to do that and so what happened well here's Eddie today he was sentenced to to prison there's been a couple trials the first trial was for that specific lottery ticket turns out he also perpetrated other lottery basically thefts in four other states and this is the one that did him in it really caught him so what happened well the lottery has a practice that they ask where the ticket was purchased when you try to cash it and it's a control question because they know where the tickets was sold and because it was in Des Moines and the multi-state lottery was headquartered in Des Moines he didn't tell the attorney and it kind of unraveled from there so what did he do well he was the IT security person so he had the key to the server room kind of like what Omer talked about he also had the cart key and he was a trusted employee been doing it for quite some time and so he snuck into the room with the multi-state lottery machine it's not it doesn't use ping pongs it's a computer that determines the numbers and he basically hacked into the machine and made it because he's also a programmer made it pick the numbers that he knew would win and then you might ask well Ron what about surely they have security cameras well they do and they normally run 1520 frames per second he hacked into the cameras and dialed them back to one frame per minute and so it was like mission impossible he snuck in did what he did and and got out and anyway that's that's what he did there's actually there was an article in USA Today not too long ago there's been a movie put about that about it on YouTube and so kind of what's the message with IT folks well in this day and age we've become so reliant on the knowledge and expertise of the IT people that you know my advice for what it's worth is I would suggest treating them really well painting them well but putting some controls around them because most of them have the keys to the kingdom and they do have a lot of control and there's so much interdependence now on i.t that sometimes you feel a little compromised it's like ell I really don't want to give Eddie that much control but he needs to do his job but if you put some controls around them that prevents them from being motivated to try to do something wrong because they know that maybe somebody's watching over them so anyway that's my advice with IT folks pay him well treat him well but put some controls around them so the number two on the bkt cyber is take advantage of security controls in the last year year and a half we've seen a lot of movement on passwords there's a new NIST standard which is at least in the IT arena I know within my group when it came out the the big thing was they were recommending long passwords that don't expire and they don't expire particularly for regulated industries most of us that have been around for a while we prefer passwords expiring but that was that was one of the recommendations and so so what we've done is we've looked really hard at password as part of our cybersecurity train testing and also awareness training in length and complexity I have a huge impact on the ability to being compromised so for instance I I told you that I use LastPass well I have a strategy on my own personal password since I have 123 I have really strong ones for my bank account my credit union my fidelity 401k my wife's Vanguard 401k they're all at least 16 characters long they're they're very complex and they're just a gobbledygook of characters I've got medium and weak some examples of my weak passwords would be I do March Madness every year so I'm going to Yahoo or CBS Sports to do the picks with my family and so those are pretty easy but there's nothing on there that can be compromised other than there's no credit card information there's nothing I'm concerned about so if somebody did compromise that password the worst they could do is you know pick a different team to win the national championship so I've got a strategy I've got really strong medium and weak based on the the threat so I thought I'd just go through a couple things we we did purchase a dedicated password cracker about a year and a half ago because of the crypto currency the price of the video cards has just skyrocketed people are doing cryptocurrency mining and when I had looked at about two years ago a password cracker was about eight thousand dollars and then six months later hid it had ballooned the same same unit was 20 grand and it's one of those things I you know I can buy a Honda Accord for used one for 20 grand so anyway we went to Dell and we got one of their Alienware gaming machines that has two of these very powerful and video video cards and so what we do is we we obtain the the encrypted password it's it's known as a hash it's through 32 characters long we can either get it from memory we can get it as it's flying across the network we can get it if it's at rest for instance if it's in Active Directory we can steal that and then what we do is we put it into a tool called hash cat and we let athina that's the name of what we've named her do her thing so we we've been really successful with helping test passwords and it's part of our social engineering awareness training we don't want anybody fired or any kind of punitive thing if somebody's using weak passwords it's just one of the many things that employees should should consider when they're setting up their passwords so I thought I'd go go through a couple examples of what we see and in what strong and weak ones look like so you know for many companies they may be having their passwords expire 90 days they may be eight characters and complexities turned on that's a fairly typical Windows Active Directory setting so for instance one thing we've seen is things like Summer 2018 dollar sign and if they expire every 90 days well we're all kind of lazy and so we you know try to have passwords that are somewhat easy to remember so we find that employees when it becomes autumn its autumn 2000 this case $19 sign then it's winter then spring and that's actually a very easy password for us to break with hash Kat and Athena it takes less than a second for a password like that even though it meets the complexity and the length it's easy to it's easy to crack verses and I've just put up a Bible verse but you know Galatians 5:22 the fruit of the Spirit is love to a peace patience kindness goodness gentleness self-control if you took up a phrase and then a certain number of letters from that phrase and only you know the key in this case it's the first letter of some keywords with a special character thrown in this is a very difficult password to crack so it's got length it's not a dictionary word and this is very very difficult to crack so easy versus difficult on the on this slide so I asked one of our cyber engineers to just prepare for this to give me some some common themes that he's saying and so he put this together for me so current month of the season he can break those really easy January February March or winter spring summer fall uppercase lowercase that really doesn't make it more difficult it the fact that it's a dictionary word makes it easy a holiday Christmas Thanksgiving Halloween those were easy to crack city are straight where you're located we see that particularly for businesses you know it's four three two one Main Street will see those in pass words those are easy to crack again they're dictionary words and they've got a pattern to them child's name and then a birth here and so one thing he did share with me is he does see some common themes women will be you you will use their children's names or their grandchildren's names and then men will use sport sports teams so Dallas Cowboys you know Washington Redskins Washington Nationals and again those are easy to crack name of a popular song nursery rhyme religious passage the actual verbage that's in those even though it's long kind of easy to remember because it's got a number of dictionary words easy to crack then we see password I hate passwords all kinds of variants of that we do see a lot of vulgarity and racial slurs people think that if that's in a password it's harder to crack it's not it's just as easy again they're their dictionary words and then on the IT side we do need we see name of Windows services or common network protocols so we'll say tcp/ip and then one two three four five six that's a network protocol or Windows Server 2016 things like that so those are all you know pretty easy for us to crack so you can see the ones I just asked him to give me some examples of ones that he's cracked and you can see that list in the last 12 months about 28% of the passwords that we've obtained that encrypted hash we've been able to crack and we typically will let our password cracker run for a couple days some of the more difficult ones may take a couple days but what we do do is provide feedback that hey these employees were compromised again it's a it's a training opportunity for employees and it helps enhance the cyber security posture so with that I'm going to turn it back over to Omar to go to our second polling question thanks Ron so what is the approximate cost of a data breach in the energy industry according to IBM a hundred grand million 4 million 7 million or you're simply not sure and you know Ron I always think that whether the number is a hundred grand or a ten thousand dollars we're really talking about real dollars that have just vanished and it's a straight head to the bottom line not that not to mention the potential you know reputational damage and potential lawsuits and what-have-you yeah I also I see the hard dollar cost and then I also see the the reputational damage I think I shared at the beginning I follow the the breaches that come out daily and those are the only the ones in the news so they're a lot you don't want to be on that list and so there's the the financial hard cost and then there obviously the reputation risk so of course and so the results are here and you know it's not a bad mix but the approximate number is actually 7.4 million so it's talking a lot of dollars in here but with that let's move on to number three and that's the other Ron worst yeah so number three know where your data is stored and I understand it is easier said than done but you really have to document and maintain an accurate acid inventories so what we run across a lot of times is what we call rogue devices like the iPads laptops phones and they all contain sensitive information the problem is sometimes these devices are either stowed away or not being used and so the worst case as such a device can be stolen and the city of information is released and the worst part all of this in that the company wouldn't even know that this just happened and the company is not compromised one of the solution is you know such a scenario is having random spot checks maybe conduct quarterly or annual inventories and I also consider technical solutions like track it moving on to number four implement data loss prevention controls organizations must limit access to removable media like the CD ROMs jump drives even email and file transfer sites should be looked into so I don't know if a lot of companies still use you know desktops and hard drives and CD ROMs in offices and cubicles and like but I know 10 years ago that was the common practice and one of my large clients it was a billion plus in revenues operations in 30 countries and all that they had their own headquarters here in the u.s. their own building their own parking garage and one of the employees passing through the garage and notice is CD on the ground labeled payroll he picked it up and instead of handing it to HR he went to his office shut the door and put it in his computer and almost instantly it company-wide network failure they had a massive breach and so since then of course they've upgraded and actually don't they don't have that kind of access anymore even the monitors they use don't have the capability to stick in a jump drive anymore and also to touch on the file transfer sites just think of how much or how many information you have stored away there and how all this information is absent any retain Paulo you know retention policies restrictions and what have you you really need to consider either storing all this information and secure sites or just purchase this information destroy all devices the lesser the digital footprint you have the more safer you are and with that Ron you're gonna walk us through a wire fraud case yeah and I was also going to just add on the on the data loss you know one of the things that we do is Red Team testing which is basically a pen test on steroids and basically what we do is only a couple people within the company would know that we're actually gonna basically simulate an attack just like a cyber attack would be so we actually do a number of different things we try to come in and be the internet we try to social engineer either be phishing pretext calling where we'll call and try to obtain information that allows us to get in we we can put some malware on a USB and put company's accounting department on it and throw it out in the parking lot and if an employee goes oh as they're walking in hey it looks like somebody dropped a USB if they plug it in it'll execute it will run this malware that opens up doors and windows it punches a hole basically through their firewall back to our pen test labs in either Oklahoma City and little or little and then our folks are in and so anyway we do that to simulate real world and even to the point where we'll take information we'll try to set up users within their network will basically try to do what a bad person would be would do and the the objective is to see if the company picks up on whether we're doing this and so anyway there we we've done a number of them in the last three or four months where we've gotten pretty far and so it's really again part of that awareness and it's more focused on the IT folks to make them aware of what to look for if they are under attack so I was gonna go Omar to the the wire fraud our firm was hired by a law firm by a company here in the US they had a big relationship about 10 million dollars a year in product that they bought from a company in Israel and they both of these two companies the company here in the US and the company in Israel both thought they'd gotten hacked and so we we went in when I went in with one of our certified fraud examiners and myself and then we did a bunch of IT testing we did some penetration testing we did some forensics to see if if we could see what what had happened and as it turned out after a lot of this testing it turned out to be a pure fishing wire fraud so what had happened was an email went to the salesperson in Israel and this is about a 50 million dollar revenue company here in the US so the fact that he was buying ten million dollars worth of product from this company they were a big vendor for them and anyway the email went to the the salesperson and it was like hey I need to place a product she thought it was the buyer at the reseller here in the US is like you know what do you need and from that about two and a half months of very patient back and forth they they were able to uncover names of the executives prices products you name it and they even knew that the controller who had been with their company at here in the US for a long long time only work from 9:00 until 3:00 she was a single mom she had a nine-year-old daughter and she would drop her daughter off at school and then leave early to go pick her up from from school that she had worked with this president for years and they knew that I mean even to the point where one of the emails was hey how daughter doing soccer last night it was really creepy and so after they gather after the bad guys gathered all this information they eventually sent the controller an email that said hey we've changed our banking relationship we're no longer with the Bank of Israel we were with a different Bank here's the new wire and instructions could you change that and so she forwarded that to the bank here in the u.s. they called her back via the phone and said are you sure you want to do that it's like oh yeah yeah and so that happened on a Thursday and then on Friday $450,000 went to a bank in Kuala Lumpur Malaysia so it was a foreign wire those are we've got a little better laws now to claw that back if you jump on it but it was gone and so the owner of this building of this company he was a single stockholder he was basically out $450,000 so one of the things that they knew was this this gal since you work from 9:00 to 3:00 and there's a time difference between here in Israel didn't think she'd ever call back just call them to verify what she got received on the email so that's fairly typical I know of about 18 or 19 of these firsthand that are very very similar so with that talk a little bit about an encrypting data it's very important to encrypt data in the old days five or six years ago Christian was pretty slow actually maybe seven or eight but it's gotten so much better now that there really is no good reason why data shouldn't be encrypted either at rest in a database whether it's sequel Oracle or in transit flying through a network so one of the things that we look at is particularly legacy systems a lot of legacy providers and in certain platforms may or may not have encrypted data so that's very important some other threats just the Internet of Things I actually did a screenshot this is my security camera looking outside my home but one of the ironic things security cameras produced in countries that are not friendly to the United States had embedded malware with them and the bad guys could basically take over a security camera and originate an attack and so anyway that's just one of the many things to think about you know we've all got now smart refrigerators and smart ovens and you know smart locks and they're all basically small computers that could be used for attacks so number six on the bkt cyber list is effective patch management just my own personal experience is most of the IT folks do a pretty good job with this for instance Patch Tuesday this week had a ton of releases by Microsoft they were I would say probably low risk but there wer a bunch of them so you have to be very disciplined about it and then you also have to just be aware and make sure you're budgeting for end of lies so for instance if if you if your company hasn't converted over to Windows 10 or server a more recent server version than 2008 Microsoft and Jane were is is dropping support for those two and what that means is over time more and more exploits will become available and if you still have something one of those devices in-house you could be compromised so we do a lot of risk assessments cybersecurity risk assessments IT risk assessments it's very important to think through the threats and risks see if you've got compensating mitigating controls and if you don't you know fill that gap so it's something that we do quite a bit talk a little bit about ransomware I'm aware of about four dozen successful malware attacks they all looked fairly typical an email came in to an employee that maybe buys from Amazon all the time your package is on its way click here to track they do it downloads the payload and then it starts encrypting the files and then eventually you get a message similar to this this is the one a crime message you know what happened to my computer your important file is encrypted can I recover them sure just pay us money usually Bitcoin and so you know the this looks really official there's a countdown clock you only have so much time so there's a sense of urgency you know Bitcoin excepted here it looks pretty official friend of mine had that happen at his company he's the CFO and anyway one of their IT folks had to figure out how to get a Bitcoin because they decided to pay the thousand dollar ransom and so he drove with a thousand dollars of cash to a city about 90 minutes away met a guy in a parking lot to get the information because the guy wasn't going to give it to him without the cash brought back to the office put it down in that decrypt after they did the payment and it started on unencrypted the files the good news is they had really good backups and so they just did it out of an abundance of caution we got hired by a hospital and they had a very similar scenario happen to them and the difference was they paid the thousand dollar Bitcoin because they had terrible backups and they were able to decrypt the files unfortunately by that time the bad guys had put some other open windows and doors into their network and about two months later they came back and hit the hospital with the thirty thousand dollar Bitcoin and in that it was then that they hired bkt cyber to come in we looked at a number of things that they did but I'd put just the four things that we did to kind of prevent some of the bad email from coming in so layered security for instance our firm uses Proofpoint so if you send me an email it goes to a company proof point they strip out the bad stuff they forward it to our exchange server in Missouri we have Barracuda and some other really sophisticated devices it strips that stuff out it comes to my laptop we have Symantec endpoint it also prevents stuff so I I don't get that email I mean I just I can't tell you now my personal email I get it all the time they also license no before which is a training tool if you don't have it it's pretty affordable and not only does it provide a subcommittee training but you can also self test your employees with phishing so small companies it's three or four thousand dollars a year and it's well worth that we we've got probably half of our clients of the 250 are using it this company or this hospital also had administrator rights for every computer so they remove that because actually if if you have administrator rights on PCs when you get this malware that executes if you take it away it won't execute so that's another you know compensating control and then they had map drives that it spread basically like wildfire fire so they went to SharePoint to share files rather than Maps drives which is kind of an older technology so so the big thing is you know people are weakest link so train train train do that all the time so with that just give you an example of what we do when we do social engineering testing and this is phishing where we send out emails on the last 18 months five to 46 percent of users that we tested give us their username and passwords and the meetings about 23% the good news is it gets better the bad news is it doesn't go to zero our database with our clients seven to eight percent of the floor I know the FBI earlier this year they said the floor is about 10 percent with employees that have had cyber security training so so with that I'll turn it over to Omar for question three thanks Ron were you the victim of a phishing attack in the last 12 months you can select no or yes zero to three attacks yes four to seven yes seven plus or not sure and you know Ron these attacks are getting really more sophisticated by the day I guess just two months ago I get an email from a well-known company in Colorado but it was little unclear to me as to the nature of the email because one I never done business with them in to it was a voicemail that came to my email inbox so I hovered over their email address and sure enough there were no you know random letters and numbers and what-have-you so I clicked on it and ten minutes later I get an email from our IT folks saying I've been compromised they're getting very smart and 30% said no you guys are really really lucky is I wasn't expecting that they have good controls Omar that's awesome right good filters all right moving on to number nine audit and access controls sorry you're fine so Kentucky mobility scans and penetration test and identify weak points I mean if I want to summarize all this I'll take you to the four-step model first identify those weak points in to assess the risk if the risk is acceptable for those weak points then you're probably fine if not then you need then to design controls to mitigate this risk and finally and most importantly you need to test controls controls are only as good if they're operating right and so you really need to test those controls to make sure that they're operating as designed and I know it'd be Katie and Ron you mentioned those we do a lot of pen tests you're gonna walk us through one of the examples yeah this is this is an example of one of our internal pen tests and there's a lot of techno babble and gobbledygook on here but the net-net of it was we compromised some passwords and one of the mapped drives was not not authenticated a two of their employees had left Excel spreadsheets with usernames and passwords on them on a shared drive one of them ironically was the IT director so we get a lot of different places so the main thing is to minimize action the impact by taking immediate action with any of these attacks whether it's wire fraud there's some clawbacks within within the banking industry if it's ransomware take immediate action unplug and don't wait it's not going to get better so I just listed some some IT governance best practices training training training we talked about layered security awareness with your vendors outside parties that have maybe some hooks third-party reviews hiring bkt cyber or somebody like us to do an independent view and then there are a lot of tools with self assessments so with that I'll turn that over to you or Mar for polling question number four okay and that's our last polling question do you have a cyber security incident response plan and while waiting on the audience I bet we're gonna get a some knows in Iran do we have any ideas any thoughts on this one yeah we do we we do a number of things on the cyber security incident response plan we have some some sample policies and procedures we also can help with the cybersecurity assessment and the advantage of doing that is you can see where your threats and risks are coming from that you can fashion an incident response plan and then the other thing is you know you can get cybersecurity insurance one thing I would say that on that one wire fraud that we did they did have cybersecurity insurance but they had not had an attorney look at some of the terms of conditions in there they actually made a claim and they weren't able to recover any money so there are a number of attorneys that we've partnered with that it's really a legal thing just making sure that you've got the right I you know sometimes the the insurance policies come from agents maybe that don't have a real good background or specialty and cybersecurity insurance so it's best to have an attorney look at that so so it looks like fifty percent yes that is awesome that that next one the yes but it's not very good that's kind of what we say because you feel good that you have one but we don't think it's as good as it needs to be and in the know and then no but we're working on it so it's kind of a mixed bag it's kind of what am I expected so more if you want to kind of close this out yeah sure I mean as as Ron mentioned as you mentioned that earlier on the the purpose of this webinar was to focus mostly on the back office not so much on the operational side although I just want to touch briefly on the ops side because you know in my personal views I believe the upside is far greater than the back office just because of the nature of it as a matter of fact in 2013 the Department of Homeland Security announced that an astounding 40% of all cyber attacks in the US were directed at the energy industry so as you can imagine the the purpose behind the ops attacks it's totally different than the back office the back office motives are most of the time our financial gain whereas the office attacks are along the line of terrorism for the most part the target of cyber attacks are supervisory control and data acquisition systems with the direct line for the control networks so if a hack was successful to infiltrate internal networks in midstream controlling systems the hacker then can remotely operate relief valves they have compressors and manually override automatic shutdowns so on and so forth take it to another level you know think of nuclear power plants and if a successful attack were to happen that's really dangerous stuff we're talking about and that's why cyber is a very hot topic especially these days and we strongly recommend you know companies to perform an assessment just start with the assessment where are the weak points and you know can the company does it have the capability and the ability to detect them prevent such attacks and now I you know they like the last two slides is really just for informational purposes on the beacon you thought where if you're not registered please do of course it's a free service that we offer you can pick the topics of your choice and most of them are CP eligible bkd footprints in with that Alice I'm gonna turn it back to you Omar and Ron will be answering questions at this time as a reminder to ask a question click on the question tab located in your GoToWebinar tool bar and type in your question if your question goes unanswered our presenters will follow up via email Ron and Omar it looks like we've had a couple come in already the first one in the last year what have you seen the bad actors do those been different yeah Omar oh I'll take that one the biggest thing I talked about it was the digital footprint in people being targeted very specifically and and what we're seeing is the bad actors are very patient and so probably the most striking example of that one of our clients showed us showed me an email that she she's the CFO for her company and that had gone to one of the accounts payable people and it had five or six streams and you know we all get those kinds of emails but the first ring was from the president that basically said hey we had this important vendor he just told me that we're no longer with Bank of Oklahoma were with Bank first and he forward it supposedly to somebody else who forwarded it the CFO hey could you go ahead and take care of this then there's another email that said yeah we got these wiring instructions and then that was the email that went to this this person an Accounts Payable and she went ahead and changed the wiring instructions for this important vendor and it was a midstream company and so I was asking the CFO I said this litt was it you think this was an inside job and she know you know we're this industry we everybody kind of knows everybody else and if you've been around you know these people and you you know that we use this vendor a lot and so she said we don't think so but the only thing that stopped it from going out the wire was the supervisor they had a they were using the cash management system with their bank that they could initiate and approve wires themselves and the supervisor looked at it and said boy that looks strange I I don't think that's right and sure enough under the see something say something she asked around found out no it was totally bogus the email had only gone to the Accounts Payable person so anyway digital footprint is it is a big thing I haven't seen that up until about the last 18 months so we have time probably for about two more I'm another one that came in are what concerns have you heard from the Board of Directors on cyber security cyber security I'll take this one Ron so I've had a couple of board members to different companies ask the same question and again maybe that's because cyber these days is a hot topic but the their comment or question you know was around what's my responsibility as a as a board member and I always say you know board the board's responsibilities to protect shareholders assets whether their risk is coming from cyber or non cyber it's really irrelevant when it comes to their responsibilities they need to understand if management has assessed the weak links let's say the company has the risk associated with with those weak spots and what is the plan that they have and there's also the you know legal aspect especially when it comes to cyber so they really need to understand the legal ramifications if any and assess whether they need whether or not they need a third-party specialist to come in and weigh in on this to protect them and of course to protect the company thank you our last one today will be if there were one thing that companies have done that has helped prevent cyber attacks from being successful what would it be I'll take this one as well Ron you know employee awareness training is the number one because most of the attacks are directed towards employees so the first thing to do is train and educate then test and finally hold them accountable and that last part the the premise for is is that you know we could eat as the service for so many different companies and the one common theme that we have seen so far is repeat offenders you have certain employees that they go through the program they get the training we send those phishing emails on purpose and they they click on it they fall into the trap and then they get more education and then we send more phishing emails and then they do it again so again comes back to training training and employee awareness thank you to our presenters this is all the time we have for questions if you did ask a question that went unanswered our prisoners will follow up with you via email thanks again for attending our webinar and have a great day

Keep your eSignature workflows on track

Make the signing process more streamlined and uniform
Take control of every aspect of the document execution process. eSign, send out for signature, manage, route, and save your documents in a single secure solution.
Add and collect signatures from anywhere
Let your customers and your team stay connected even when offline. Access airSlate SignNow to Sign Colorado Banking Notice To Quit Secure from any platform or device: your laptop, mobile phone, or tablet.
Ensure error-free results with reusable templates
Templatize frequently used documents to save time and reduce the risk of common errors when sending out copies for signing.
Stay compliant and secure when eSigning
Use airSlate SignNow to Sign Colorado Banking Notice To Quit Secure and ensure the integrity and security of your data at every step of the document execution cycle.
Enjoy the ease of setup and onboarding process
Have your eSignature workflow up and running in minutes. Take advantage of numerous detailed guides and tutorials, or contact our dedicated support team to make the most out of the airSlate SignNow functionality.
Benefit from integrations and API for maximum efficiency
Integrate with a rich selection of productivity and data storage tools. Create a more encrypted and seamless signing experience with the airSlate SignNow API.
Collect signatures
24x
faster
Reduce costs by
$30
per document
Save up to
40h
per employee / month

Our user reviews speak for themselves

illustrations persone
Kodi-Marie Evans
Director of NetSuite Operations at Xerox
airSlate SignNow provides us with the flexibility needed to get the right signatures on the right documents, in the right formats, based on our integration with NetSuite.
Check 5000+ reviews
illustrations reviews slider
illustrations persone
Samantha Jo
Enterprise Client Partner at Yelp
airSlate SignNow has made life easier for me. It has been huge to have the ability to sign contracts on-the-go! It is now less stressful to get things done efficiently and promptly.
Check 5000+ reviews
illustrations reviews slider
illustrations persone
Megan Bond
Digital marketing management at Electrolux
This software has added to our business value. I have got rid of the repetitive tasks. I am capable of creating the mobile native web forms. Now I can easily make payment contracts through a fair channel and their management is very easy.
Check 5000+ reviews
illustrations reviews slider
walmart logo
exonMobil logo
apple logo
comcast logo
facebook logo
FedEx logo

Award-winning eSignature solution

be ready to get more

Get legally-binding signatures now!

Start free trial Request a call
  • Best ROI. Our customers achieve an average 7x ROI within the first six months.
  • Scales with your use cases. From SMBs to mid-market, airSlate SignNow delivers results for businesses of all sizes.
  • Intuitive UI and API. Sign and send documents from your apps in minutes.

A smarter way to work: —how to industry sign banking integrate

Make your signing experience more convenient and hassle-free. Boost your workflow with a smart eSignature solution.

How to sign & complete a document online How to sign & complete a document online

How to sign & complete a document online

Document management isn't an easy task. The only thing that makes working with documents simple in today's world, is a comprehensive workflow solution. Signing and editing documents, and filling out forms is a simple task for those who utilize eSignature services. Businesses that have found reliable solutions to industry sign banking colorado notice to quit secure don't need to spend their valuable time and effort on routine and monotonous actions.

Use airSlate SignNow and industry sign banking colorado notice to quit secure online hassle-free today:

  1. Create your airSlate SignNow profile or use your Google account to sign up.
  2. Upload a document.
  3. Work on it; sign it, edit it and add fillable fields to it.
  4. Select Done and export the sample: send it or save it to your device.

As you can see, there is nothing complicated about filling out and signing documents when you have the right tool. Our advanced editor is great for getting forms and contracts exactly how you want/need them. It has a user-friendly interface and complete comprehensibility, supplying you with total control. Register today and start enhancing your eSign workflows with highly effective tools to industry sign banking colorado notice to quit secure on the internet.

How to sign and fill forms in Google Chrome How to sign and fill forms in Google Chrome

How to sign and fill forms in Google Chrome

Google Chrome can solve more problems than you can even imagine using powerful tools called 'extensions'. There are thousands you can easily add right to your browser called ‘add-ons’ and each has a unique ability to enhance your workflow. For example, industry sign banking colorado notice to quit secure and edit docs with airSlate SignNow.

To add the airSlate SignNow extension for Google Chrome, follow the next steps:

  1. Go to Chrome Web Store, type in 'airSlate SignNow' and press enter. Then, hit the Add to Chrome button and wait a few seconds while it installs.
  2. Find a document that you need to sign, right click it and select airSlate SignNow.
  3. Edit and sign your document.
  4. Save your new file to your profile, the cloud or your device.

Using this extension, you eliminate wasting time on monotonous actions like saving the data file and importing it to an eSignature solution’s library. Everything is close at hand, so you can easily and conveniently industry sign banking colorado notice to quit secure.

How to sign forms in Gmail How to sign forms in Gmail

How to sign forms in Gmail

Gmail is probably the most popular mail service utilized by millions of people all across the world. Most likely, you and your clients also use it for personal and business communication. However, the question on a lot of people’s minds is: how can I industry sign banking colorado notice to quit secure a document that was emailed to me in Gmail? Something amazing has happened that is changing the way business is done. airSlate SignNow and Google have created an impactful add on that lets you industry sign banking colorado notice to quit secure, edit, set signing orders and much more without leaving your inbox.

Boost your workflow with a revolutionary Gmail add on from airSlate SignNow:

  1. Find the airSlate SignNow extension for Gmail from the Chrome Web Store and install it.
  2. Go to your inbox and open the email that contains the attachment that needs signing.
  3. Click the airSlate SignNow icon found in the right-hand toolbar.
  4. Work on your document; edit it, add fillable fields and even sign it yourself.
  5. Click Done and email the executed document to the respective parties.

With helpful extensions, manipulations to industry sign banking colorado notice to quit secure various forms are easy. The less time you spend switching browser windows, opening some accounts and scrolling through your internal records seeking a doc is much more time and energy to you for other essential assignments.

How to securely sign documents using a mobile browser How to securely sign documents using a mobile browser

How to securely sign documents using a mobile browser

Are you one of the business professionals who’ve decided to go 100% mobile in 2020? If yes, then you really need to make sure you have an effective solution for managing your document workflows from your phone, e.g., industry sign banking colorado notice to quit secure, and edit forms in real time. airSlate SignNow has one of the most exciting tools for mobile users. A web-based application. industry sign banking colorado notice to quit secure instantly from anywhere.

How to securely sign documents in a mobile browser

  1. Create an airSlate SignNow profile or log in using any web browser on your smartphone or tablet.
  2. Upload a document from the cloud or internal storage.
  3. Fill out and sign the sample.
  4. Tap Done.
  5. Do anything you need right from your account.

airSlate SignNow takes pride in protecting customer data. Be confident that anything you upload to your account is protected with industry-leading encryption. Auto logging out will protect your user profile from unwanted access. industry sign banking colorado notice to quit secure from your mobile phone or your friend’s mobile phone. Security is essential to our success and yours to mobile workflows.

How to electronically sign a PDF on an iOS device How to electronically sign a PDF on an iOS device

How to electronically sign a PDF on an iOS device

The iPhone and iPad are powerful gadgets that allow you to work not only from the office but from anywhere in the world. For example, you can finalize and sign documents or industry sign banking colorado notice to quit secure directly on your phone or tablet at the office, at home or even on the beach. iOS offers native features like the Markup tool, though it’s limiting and doesn’t have any automation. Though the airSlate SignNow application for Apple is packed with everything you need for upgrading your document workflow. industry sign banking colorado notice to quit secure, fill out and sign forms on your phone in minutes.

How to sign a PDF on an iPhone

  1. Go to the AppStore, find the airSlate SignNow app and download it.
  2. Open the application, log in or create a profile.
  3. Select + to upload a document from your device or import it from the cloud.
  4. Fill out the sample and create your electronic signature.
  5. Click Done to finish the editing and signing session.

When you have this application installed, you don't need to upload a file each time you get it for signing. Just open the document on your iPhone, click the Share icon and select the Sign with airSlate SignNow button. Your file will be opened in the mobile app. industry sign banking colorado notice to quit secure anything. Additionally, using one service for all of your document management needs, everything is quicker, better and cheaper Download the app right now!

How to sign a PDF document on an Android How to sign a PDF document on an Android

How to sign a PDF document on an Android

What’s the number one rule for handling document workflows in 2020? Avoid paper chaos. Get rid of the printers, scanners and bundlers curriers. All of it! Take a new approach and manage, industry sign banking colorado notice to quit secure, and organize your records 100% paperless and 100% mobile. You only need three things; a phone/tablet, internet connection and the airSlate SignNow app for Android. Using the app, create, industry sign banking colorado notice to quit secure and execute documents right from your smartphone or tablet.

How to sign a PDF on an Android

  1. In the Google Play Market, search for and install the airSlate SignNow application.
  2. Open the program and log into your account or make one if you don’t have one already.
  3. Upload a document from the cloud or your device.
  4. Click on the opened document and start working on it. Edit it, add fillable fields and signature fields.
  5. Once you’ve finished, click Done and send the document to the other parties involved or download it to the cloud or your device.

airSlate SignNow allows you to sign documents and manage tasks like industry sign banking colorado notice to quit secure with ease. In addition, the safety of your data is priority. Encryption and private web servers can be used as implementing the latest functions in information compliance measures. Get the airSlate SignNow mobile experience and operate more effectively.

Connect airSlate SignNow to your apps
Check out airSlate SignNow integrations
Data accuracy, security, and compliance
airSlate SignNow is committed to protecting your sensitive information by complying with global industry-specific
Learn more about security

Trusted esignature solution— what our customers are saying

Explore how the airSlate SignNow eSignature platform helps businesses succeed. Hear from real users and what they like most about electronic signing.

So easy to get contracts signed
5
Jon S

What do you like best?

The ease of uploading documents and creating enter-able fields along with templates for contracts used often.

Read full review
Great and easy to use eSignature program
5
User in Real Estate

What do you like best?

I have been using airSlate SignNow for several years and it is easy to upload docs, create signatures and send to my clients. My clients love using it as well because of its ease of use.

Read full review
Easy, efficient, and green
5
User in Internet

What do you like best?

We send over Agreements for our clients to review and digitally sign. Clients find it easy, hassle-free and we love less paper!

Read full review
be ready to get more

Get legally-binding signatures now!

No credit card required

Related searches to Sign Colorado Banking Notice To Quit Secure

covid landlord responsibilities
covid clause lease
coronavirus landlord duty to notify
showing rental property during pandemic
can my landlord show my apartment during covid
tenant has covid

Frequently asked questions

Learn everything you need to know to use airSlate SignNow eSignatures like a pro.

How do you make a document that has an electronic signature?

How do you make this information that was not in a digital format a computer-readable document for the user? " "So the question is not only how can you get to an individual from an individual, but how can you get to an individual with a group of individuals. How do you get from one location and say let's go to this location and say let's go to that location. How do you get from, you know, some of the more traditional forms of information that you are used to seeing in a document or other forms. The ability to do that in a digital medium has been a huge challenge. I think we've done it, but there's some work that we have to do on the security side of that. And of course, there's the question of how do you protect it from being read by people that you're not intending to be able to actually read it? " When asked to describe what he means by a "user-centric" approach to security, Bensley responds that "you're still in a situation where you are still talking about a lot of the security that is done by individuals, but we've done a very good job of making it a user-centric process. You're not going to be able to create a document or something on your own that you can give to an individual. You can't just open and copy over and then give it to somebody else. You still have to do the work of the document being created in the first place and the work of the document being delivered in a secure manner."

How to sign on pdf file?

When I try to sign the document I am trying to print, the following errors occur, and the document remains unresponsive on my computer: "This computer cannot print this document." The PDF is signed, but the signatures cannot be merged together. How often should I check the information displayed on the web site? The information is updated on a weekly basis, usually at the start of each day. The information can change during the course of a project.

?

Get more for Sign Colorado Banking Notice To Quit Secure

Related links to learn sign language

  • The Tenants Who Evicted Their Landlord - The New York Times Oct 13, 2020 — Watching this looming eviction crisis take shape, I've often thought of those ... I went to report on them — the security guards, store clerks and night-shift ... Tenants couldn't miss the large, homely signs Frenz had affixed to the front of each ... Association, a trade organization for the rental housing industry.
  • ex10-5.htm - SEC.gov NOTE: This Lease Summary is provided solely as a convenience to ... for acquiring and maintaining all State of Colorado industry-specific licenses, ... Colorado Statutes permitting marijuana cultivation, Landlord may terminate ... Tenant shall submit to Landlord a security deposit in the amount of $50,000 on April 1, 2015.
  • List of industry trade groups in the United States - Wikipedia This is a list of notable industry trade groups in the United States. Contents. 1 National ... ACA International · American Bankers Association · American Council of Life Insurers ... Retail Industry Leaders Association · Security Industry Association · Society of ... Not logged in; Talk · Contributions · Create account · Log in ...

Find out other Sign Colorado Banking Notice To Quit Secure