Hands typing on laptop


Cybersecurity vigilance in a cyber-compromised world
March 5, 2018

Email: the life force of our days; the thing we check 500 times an hour (sometimes a minute), and have put our complete faith in to communicate and hold our thoughts, our work, our information and really every aspect of our lives. Turns out, it’s really dangerous. Between 2013 and 2016, the FBI reported that companies lost $5 BILLION to email scams. And that’s only what was trackable and reported.

Photo of Max Tumarinson

Senior Vice President
Chief Information Security Officer

Cyber-enabled financial fraud is on the rise globally. You’ve seen the news about hacks, leaks, and compromises left and right in recent months, and if you haven’t taken a moment to step back and analyze your practices, consider this your warning. The most frequent and increasing business email compromises threatening information security at companies both big and small are PHISHING and SPOOFING.

You’ve probably heard about these acts and how dangerous they are. So let’s talk solutions. Our goal at Amalgamated Bank is to protect customers from these threats. Sometimes, that even means protecting people from themselves (because we’ve all accidentally clicked on a malicious link or absentmindedly fallen for an elaborate scam at some point or another). Our Information Security team at Amalgamated Bank is always looking for new ways to improve security and our customers’ experience. We regularly conduct assessments and scrutinize processes to determine if we are meeting customers’ needs and providing the best possible safety measures. As part of our ongoing security enhancements, we will be introducing multi-factor authentication (MFA) for institutional investors before they can sign in to Amalgamated Investment Management (AIM) to transact with the bank.

MFA is a method of confirming a user's identity through which a user is granted access only after successfully presenting two or more pieces of evidence (factors) that confirm that he or she is an authorized user. Those factors may include knowledge (a piece of information that only the user knows) and possession (something that only the user has). For example, in the case of our Investment Management clients, we require a secret password (knowledge), and a “soft token” that users can access through their smartphones (possession).

As an additional boost to security standards, the New York State Department of Financial Services released new cybersecurity regulations which provide new, more stringent requirements for financial companies to meet. These updated requirements go even further than federal security regulations, providing a prescriptive set of requirements that, based on recent data and analysis, serve as effective risk mitigants to potential threats.

We are optimistic about the move to MFA and digital security measures across the board as means to reduce risk. MFA provides:

- Enhanced authentication instructions via online portals.

- Increased transparency and improved workflow with online visibility of the wire queue. That is, the ability for clients to have greater control of transactions and know what is going on minute-to-minute as wires are initiated, approved, and processed.

- Additional communication about potential threats. Through the secure online portal, the bank can communicate broadly, quickly, and efficiently.

Don’t ever forget: it only takes one click for your sensitive information to become compromised. But vigilance and technology upgrades can make a big difference to our customers’ safety, and our own. For more information and useful security tips visit our Security Center.