Rich
Woldt - CPP, CFE RMLC Owner & CEO...
|
Welcome... In 2004 we
published an e-News but quickly realized there are too
many already all ready out there so we now attempt to
lead you to those we have found to be credible.
|
I recommend you
first read your trade association monthly news letters
and than go to our R&D library and our continuing
education center for the latest RM information.
|
E-mail
Updates and consultations upon request - NO SPAM Periodically our faculty
will publish an
RM007 e-mailed comment on an
important Risk Management concern such as during a national
crises or to update our list of risk specific workshops,
presentations, additions to our security catalog or remind
you of an RMLC learning opportunity...
Sign up
today. |
Tips for
creating your own...
Annual Meeting
Presentations Chapter Meeting
Presentations
Staff
Training Workshops & Seminars
RM007 CATALOG
This
section will be back up in 2006... On-line
Store Manuals
RM LEARNING CENTER Faculty Curriculum
RM TOOLBOX On-lineConsultation Seminar Tri-folds Self-assessments Professional Associations Trade Associations Security Companies Research Links Credit Union History &
Traditions
ABOUT RICH WOLDT
Profile Press Packet
|
|
RM007
Current e-News October 7, 2005
I am
willing to bet… that US credit unions who
weathered recent storms with CUNA Management School graduates
at the helm were well-prepared, ready to act and are
recovering quicker than credit unions or companies not blessed
with CUNA expertise.
It's a bit tongue-in-cheek,
but a review of my notes from Southeast CU School in Athens,
Southwest in Denton and the RM sessions conducted recently in
Madison found that contingency planning was
taught in most 1st and 2nd year classes from 1972 though
Y2K. This
e-News will provide a summary of what those students learned
and what we have recently added.
In the early '70's
when NCUA issued Regulation #749 dealing with offsite storage
of credit union records we taught cost-effective methods of
duplicating month end share and loan trial balances and that
"big black book" - the general ledger. Many credit unions ship
their back-up records to the salt mines in Hutchinson Kansas.
Students in the mid '70s learned about a
grandfather-father-son system based on tornado losses and
recovery problems seen after hurricanes. In the '80s when the
threat of earthquakes in California and even the Midwest gave
a wake up call, "Disaster Recovery" was elevated to "Business
Resumption.".
RM Students were instructed to make sure
to brief upper management and officials on how to select and
train "Damage Assessment and Disaster Recovery Teams" as well
as how to plan for succession in management. As Y2K
approached, students learned to expand their "Business
Resumption" plans to include the latest in "Contingency
Planning" protocols.
At Denton, TX students learned
the latest response protocols based on 9/11 and anyone
attending the Texas CUL RM workshops had Credit Union Incident
Command System (CUICS) training. Last month San Antonio
learned to apply CUICS strategies and Dallas completed
advanced CUICS yesterday. Credit unions in the Indiana
region are
reminded that a two-day RM workshop is scheduled in
Indianapolis on October 20 and
21. Credit
unions in Great Britain will be provided with CUICS training
at the Industrial Conference in Birmingham in November and the
Jamaica Credit Union League is scheduling advanced CUICS as
soon as they dig out from Ivan.
I have confidence in
our credit union movement and in our ability to prepare for,
act and recover from any critical incident. After being put to
the test of four hurricanes in a year, we can all take pride
in the way that Florida credit unions and all those others
along the gulf and up the East coast inspired us with their
bravery and courage during a very tough time.
The RMLC
faculty stands ready to assist in many ways… the
3rd annual RM
Cruise
through the Western Caribbean has been accordingly
expanded to
include advanced CUICS training, focusing in 2005 on what
happened to our credit union friends who weathered the storms
of '04.
ATTENTION: Spoofing and Phishing
(pronounced “fishing”) are somewhat synonymous in that they
refer to forged or faked electronic documents. Spoofing generally refers to the
dissemination of e-mail which is forged to appear as though it
was sent by someone other than the actual sender.
Phishing, often utilized in
conjunction with spoofed e-mail, is the creation of a Web site
to make that site appear as the legitimate business website.
Once the fraudulent website has been launched, the spoofed Web
sites attempt to dupe the unsuspecting victims into divulging
sensitive information, such as passwords, credit card and bank
account numbers. The victim usually traverses to the spoofed
website via a hyperlink that was provided to him/her in a
spoofed e-mail.
ACTION ALERT: Recently the Internet Crime Complaint
Center
(IC3) has seen a new breed of Phishing scams being advertised
in spam e-mails. Old Phishing scams would reconstruct a
look-alike site for whoever they were trying to impersonate.
If they were trying to target eBay users by claiming they
needed to update their personal information, for example, the
phishers would use all of the images and formatting associated
with a legitimate eBay page, to attempt to make their
fraudulent web pages/emails look authentic. The phishing page
would be located on the phisher's site. It would collect all
of the information from the victims; e-mail that data to an
email address controlled by the phisher, and then redirect the
victim to the actual site being impersonated. By redirecting
to the real site at the end, the victim would be more likely
to believe that the whole thing was legitimate.
Although the IC3
still receives reports of phishing scams like this, we have
seen multiple new scams that use a very different technique.
First of all, the e-mails advertising these scams put the body
of the message into an image file, which makes filtering much
more difficult. Secondly, the actual phishing site will use
JavaScript to open a new window in the foreground that
harvests the victim's information, and will load the site
being impersonated in the background to make the scam look
even more authentic. Although these methods do not make
tracking the scam any easier or harder, they are likely to
fool more people into thinking that it is
legitimate.
Another method used
in the e-mail is to put the entire message into an image, and
to put that image in the body of the e-mail. So the whole
"Dear Mr. X, you need to update your account info" would be in
an image file. This entire image is then covered with a clear
image. Whenever the clear image is clicked on, it sends the
user to the phishing page.
You can get more
information on this and other cyber schemes at the
U.S.
Department of Justice's Operation Web
Snare.
For more information
on upcoming
events, bios
on the Risk Management Learning Center's expert
team of advisors and speakers, a curriculum of specific topical subject
matter suitable for delivery to your own management team,
staff and/or board of directors through workshops, lectures or presentations please visit RMLearningCenter.com. |
|
|