MACNY held cybersecurity summit to inform businesses about threats

Get our email updates

Stay up-to-date on the companies, people and issues that impact businesses in Syracuse, Central New York and beyond.

ROME, N.Y. — The Manufacturers Association of Central New York, Inc. (MACNY) held its first post-pandemic Cybersecurity Summit on Sept. 29 at the Innovare Advancement Center in Rome. The goal was to help arm manufacturers and other businesses with information and resources in the fight against growing cyber threats. “It has been a consistent need […]

Already an Subcriber? Log in

Get Instant Access to This Article

Become a Central New York Business Journal subscriber and get immediate access to all of our subscriber-only content and much more.

Learn More and Become a Subscriber

ROME, N.Y. — The Manufacturers Association of Central New York, Inc. (MACNY) held its first post-pandemic Cybersecurity Summit on Sept. 29 at the Innovare Advancement Center in Rome.

The goal was to help arm manufacturers and other businesses with information and resources in the fight against growing cyber threats.

“It has been a consistent need of companies and the community,” says Randy Wolken, president and CEO of MACNY, a nonprofit manufacturing trade association representing more than 300 businesses and organizations across Central and Upstate New York. In a world that is so software and technology driven, companies need all the help they can get to ward off cyber threats, he adds in an interview with CNYBJ at the summit.

MACNY organized the first such summit in 2019 before the pandemic hit, and Wolken says he is pleased with the response to this first in-person event since then.

Businesses from all over the region in industries ranging from manufacturing to education attended the event. The summit featured presentations by area cybersecurity and other professionals on topics such as hackers, cyber liability, manufacturing supply chain and information supply chain risks, legal issues in cyber-incident response, and cybersecurity considerations for the manufacturing industry.

When the cost of a data breach can run into the millions and more than 40 percent of cyber attacks are aimed at U.S. organizations and businesses, it’s crucial for companies to stay on top of things, keynote speaker Dr. Ersin Uzun explains. He is executive director and professor at the ESL Global Cybersecurity Institute at Rochester Institute of Technology.

The odds of any business or organization experiencing some sort of attack are about 70 percent, Uzun says. An attack can start with something as simple as a phishing email to which an employee unwittingly responds.

“The small businesses are seeing more attacks,” he says. Attackers are looking for “low hanging fruit,” Uzun notes, since businesses that don’t have a robust protection system and are easier to attack. Businesses can ward off attacks by strengthening the weakest link, humans, with training on how to recognize and avoid the dangers of cyberattacks.

“If [attackers] send an email and no one clicks on it, they’ll just move on to the next target,”Uzun says.

Typically, companies in high-risk areas such as finance are considered common targets, he says, but most of those businesses have strong cybersecurity methods these days. Cyber criminals have moved on to other targets, he notes, and in 2021, manufacturing companies were attacked more than the finance and banking industry.

“Attackers are moving to industries they see are not very well protected,” Uzun explains. They will also target small to medium-sized businesses because they are often more willing to pay a ransom to end the attack.

Often companies are vulnerable because they have not been able to fill open IT roles, Uzun says. There are currently about 2 million open jobs in the cybersecurity landscape, meaning the competition for available candidates is fierce. Some companies may balk at the salary cost of an IT professional, Uzun says, so they may want to consider outsourcing their IT needs to a managed security service provider instead.

It can take a company more than 200 days to even realize it has been attacked if it’s not being vigilant in its cybersecurity efforts, and there is a less than 1 in 2,000 chance a cybercriminal will ever be caught and prosecuted, Uzun stipulates.

It’s a constant fight. As new technologies to protect businesses emerge, so do new ways to attack a business.

“Attackers are adapting, too,” Uzun says. “They are not stale. It’s better that you do something about it.”

To help businesses even more, MACNY is in the process of organizing a cybersecurity consortium, Wolken tells CNYBJ.

One of the biggest challenges in cybersecurity is that no one really likes to talk about it, he says, but a business that shares its experience with others can help those other businesses avoid a similar breach.

“People need to talk to each other,” Wolken says. He hopes the consortium will serve as a safe space where companies can share and learn from each other.

Secure Network Technologies sponsored MACNY’s Cybersecurity Summit while GreyCastle Security and Assured Information Security co-sponsored the reception following the summit.

Companies and organizations that presented at the summit included Secure Network Technologies, Amwins Brokerage, Brown & Brown Insurance, Cybersecurity and Infrastructure Security Agency, Bond Schoeneck & King PLLC, GreyCastle Security, and Assured Information Security.

Project focused on students, cyberthreats wins SUNY TAF funding

Health Care, Subscriber Only, Technology

ALBANY, N.Y. — A project developed at SUNY Canton involving a game-based platform teaches K-12 students to protect themselves against cybersecurity threats. It is among five faculty-led projects at regional SUNY schools to benefit from state Technology Accelerator Fund (TAF) funding to test their commercial readiness. Altogether, TAF provided total of $300,000 to eight projects

Already an Subcriber? Log in

Get Instant Access to This Article

Become a Central New York Business Journal subscriber and get immediate access to all of our subscriber-only content and much more.

Learn More and Become a Subscriber

ALBANY, N.Y. — A project developed at SUNY Canton involving a game-based platform teaches K-12 students to protect themselves against cybersecurity threats.

It is among five faculty-led projects at regional SUNY schools to benefit from state Technology Accelerator Fund (TAF) funding to test their commercial readiness. Altogether, TAF provided total of $300,000 to eight projects that SUNY says are “poised for commercial success,” according to a news release.

The recipients include projects at the SUNY College of Environmental Science and Forestry (ESF) in Syracuse, Upstate Medical University in Syracuse, SUNY Polytechnic Institute (SUNY Poly) in Marcy, Binghamton University in Vestal, and SUNY Canton, SUNY said. The funding awards include $25,000 for the SUNY Canton project; $47,000 for the Binghamton University initiative; and $50,000 each for the projects at Upstate Medical University, SUNY ESF, and SUNY Poly, SUNY tells CNYBJ.

In addition, projects at the University at Albany, the University at Buffalo, and Stony Brook University also received state money.

The lack of funding for “promising discoveries” — after government-sponsored support ends and before a licensee or venture-capital support is secured — is a “significant obstacle” to the commercial development of university technology, SUNY contended in a release. Recognizing the need, the SUNY TAF program was established over a decade ago to help bridge that gap for SUNY researchers.

TAF funding is awarded through a “rigorous” evaluation process, with input from external experts in various fields of science, technology, and business development. Factors in the evaluation process include the availability and strength of intellectual property protection marketability, feasibility, breadth of impact, and commercial potential.

SUNY TAF’s investment in these eight projects will provide each of the faculty-led technology development teams with the capital needed to further validate, advance, and enhance the commercial readiness of their technologies, per the release.

Regional SUNY TAF projects

The project at SUNY Canton in St. Lawrence County developed a game-based platform for teaching K-12 students to protect themselves from cyberthreats. Kambiz Ghazinour — associate professor at the center for criminal justice, intelligence, and cybersecurity at SUNY Canton — is the instructor helping to lead that effort.

Juntao Luo, associate professor of pharmacology and surgery at the Upstate Medical University, has invented novel materials that can effectively deliver various therapeutic drugs for targeted disease treatments, SUNY said.

Bandaru Ramarao, professor and chair of chemical engineering at SUNY ESF, has developed a polymer that can convert agro-industrial waste into novel bioplastics for use in packaging.

The project at SUNY Poly developed a novel power semiconductor device and packaging technology to “enable and provide more reliable, rugged, and efficient solution” for power electronics, according to the release. The faculty member involved is Woongje Sung, associate professor of nanoengineering.

Scott Schiffres, associate professor of mechanical engineering at Binghamton University, has developed a technology that can detect the age and quality of powders used in the additive manufacturing industry “in its original space without sacrificing printing speed and without significant hardware modification,” SUNY contended.

State officials push tools against cybersecurity threats

Subscriber Only, Technology

ALBANY — The New York State Department of Financial Services (DFS) provides a free cybersecurity toolkit for small businesses so they can protect themselves and their customers from growing cyber threats. DFS works in partnership with the New York City–based nonprofit Global Cyber Alliance (GCA) to make the toolkit available. GCA is “dedicated to making

Already an Subcriber? Log in

Get Instant Access to This Article

Become a Central New York Business Journal subscriber and get immediate access to all of our subscriber-only content and much more.

Learn More and Become a Subscriber

DFS works in partnership with the New York City–based nonprofit Global Cyber Alliance (GCA) to make the toolkit available. GCA is “dedicated to making the Internet a safer place by reducing cyber risk,” per its LinkedIn profile.

The areas covered in the cybersecurity toolkit include identifying hardware and software, updating defenses against cyber threats, strengthening passphrases and multi-factor authentication, backing up and recovering data, and protecting email systems.

“Individuals and businesses can take small steps to improve cyber hygiene that have a big impact on overall security. The first-in-the-nation cybersecurity regulation issued by the New York State Department of Financial Services protects consumers and businesses by requiring financial services companies to implement critical cybersecurity controls such as multifactor authentication,” New York State Superintendent of Financial Services Adrienne A. Harris said in a statement.

The free cybersecurity toolkit for small businesses and the DFS-developed sample cybersecurity policies can be found on the DFS website (www.dfs.ny.gov).

Details on the toolkit and comments from state officials on the cybersecurity topic were part of an Oct. 3 announcement by Gov. Kathy Hochul designating October as Cybersecurity Awareness Month in New York. It’s part of joint state and national efforts to “engage and educate” the public about cybersecurity and provide tools and resources to help them stay safe online, Hochul’s office said.

The theme for the 19th annual Cybersecurity Awareness Month — “See Yourself in Cyber” — focuses on the growing importance of cybersecurity and encourages people and organizations to “take the necessary measures to protect themselves in an increasingly connected world.”

Each week in Cybersecurity Awareness Month focuses on a different topic. The topics include understanding and implementing basic cyber hygiene practices, including the creation of strong passphrases, using multi-factor authentication, performing software updates, and backing up data. They also include recognizing and reporting phishing attempts, whether they come through email, text messages, or chat boxes.

Information on pursuing a career in cybersecurity, making cybersecurity a “business priority” by ensuring products and processes are “secure by design,” and encouraging the consideration of cybersecurity when purchasing new internet-connected devices are also part of the discussion.

“Your digital safety is important to us,” Jackie Bray, commissioner of the New York State Division of Homeland Security and Emergency Services, said. “This Cybersecurity Awareness Month, each of us should take simple steps to keep ourselves and our organizations safe. Enable multi-factor authentication and use strong passphrases. And be vigilant to protect against phishing.”

M.A. Polce named to list of top 250 managed security service providers

Regional News, Subscriber Only, Technology

ROME, N.Y. — M.A. Polce announced it has again been named to the Top 250 list of managed security service providers (MSSPs) for 2022 by MSSP Alert, a resource provided by the CyberRisk Alliance. This is the fourth consecutive year that M.A. Polce has been recognized on the list. In its sixth year, the list

Already an Subcriber? Log in

Get Instant Access to This Article

Become a Central New York Business Journal subscriber and get immediate access to all of our subscriber-only content and much more.

Learn More and Become a Subscriber

ROME, N.Y. — M.A. Polce announced it has again been named to the Top 250 list of managed security service providers (MSSPs) for 2022 by MSSP Alert, a resource provided by the CyberRisk Alliance.

This is the fourth consecutive year that M.A. Polce has been recognized on the list. In its sixth year, the list tracks the MSSP market’s ongoing growth and evolution, identifying and honoring leading MSSPs worldwide. The rankings are based on MSSP Alert’s 2022 readership survey, combined with the site’s editorial coverage of MSSP, managed detection and response, and managed-service providers.

M.A. Polce ranked number 216 on this year’s list. It is a managed cybersecurity and information technology consulting company, based in Rome, that provides comprehensive and sustainable cybersecurity services.

“MSSP Alert congratulates M.A. Polce on this year’s honor,” Joe Panettieri, editorial director of the MSSP Alert, said in a press release. “The MSSP Alert readership and Top 250 honorees continue to outpace the cybersecurity market worldwide.”

MSSP Alert research highlights for 2022 show that its honorees, on average, expect to generate $24 million in revenue for 2022, up 26 percent from 2021. The growth rate is roughly double the market average.

Honorees are headquartered in 30 different countries and 90 percent of them expect to be profitable in 2022, a five-point improvement from 2021.

Among those honored, 69 percent have in-house security operations centers (SOCs), 19 percent are hybrid, 8 percent completely outsource their SOCs, and 4 percent are reevaluating their SOC strategies.

The most-frequent attacks targeting MSSP customers in 2022 include phishing (97 percent of organizations), vulnerability exploits (93 percent), and ransomware (91 percent).

The honorees use a combined 140 different hardware, software, cloud, distribution, and services vendors to assist in their cybersecurity efforts. The increasingly seek out partners to deliver managed detection and response, extended detection and response, incident response, and other key services.

M.A. Polce recently celebrated the grand opening of an expansion at its Rome headquarters. The 6,750-square-foot office more than doubled the company’s existing footprint and supports its growth strategy. The new space accommodates an additional 22 employees with a layout that fosters collaboration and communication. The company has hired at least 12 new employees since then.

M.A. Polce, which also has an office in Syracuse, offers a variety of assessment and compliance solutions along with hardware and professional services. Founded in 1998, it serves organizations in the financial, insurance, government, education, utility, and manufacturing industries.

CyberRisk Alliance is a business intelligence company serving the high growth, rapidly evolving cybersecurity community with services to inform, educate, build community, and inspire an efficient marketplace. Its brands include SC Media, SecurityWeekly, ChannelE2E, MSSP Alert, InfoSec World, Identiverse, Cybersecurity Collaboration Forum, CRA Business Intelligence, and Cybersecurity Collaborative.

VIEWPOINT: How to recognize a health-care scammer when you hear one

Business Mentors, Health Care, Subscriber Only, Technology

When you hear about the risk of identity theft today, most of the time it’s in the context of cybersecurity — scammers hacking into people’s email or online bank accounts to steal private information such as credit card numbers and passwords. While the biggest risks may have moved online, identity theft over the phone is

Already an Subcriber? Log in

Get Instant Access to This Article

Become a Central New York Business Journal subscriber and get immediate access to all of our subscriber-only content and much more.

Learn More and Become a Subscriber

While the biggest risks may have moved online, identity theft over the phone is still alive and well in New York state and across the country.

These fraudsters are after more than just credit card or bank information. The Washington, D.C.–based Coalition Against Insurance Fraud says health-care-related scams are by far the most common type of insurance fraud in the United States, with billions lost each year to a variety of false reimbursement and billing schemes. Medicare fraud alone is estimated to cost $60 billion every year.

According to the U.S. Department of Health and Human Services and state consumer protection offices, these are the common COVID-19 scams to look out for:

Text scams

Many people are receiving messages from people posing as government agencies falsely advertising new COVID-19 vaccines, cures, or tests. Do not click on links in texts related to the virus. Instead, check cdc.gov/coronavirus for current information.

Robocall scams

These automated calls are “phishing” not just for bank or credit-card information, but also for Social Security numbers and health plan ID numbers to use in other types of fraud.

Phone scammers often prey on people through various guises, including:

• The “health care representative”: The caller will claim to be a representative of your health plan, such as your Medicare Advantage or Medicare supplement plan.

• The “government representative”: A caller might claim to be working for the government, saying he or she is calling from Medicare, for example, and is authorized to collect fees or penalties over the phone to set right some supposed problem with the person’s Medicare account. Medicare does not make unsolicited phone calls.

• Medical discount plans masquerading as health insurance: Sometimes the caller will offer medical discount plans that are said to be the equivalent of insurance. In reality, most are memberships in a “club” that claims to offer reduced prices from certain doctors and pharmacies, as well as on some procedures.

• The “health insurance counselor”: This fraudster will offer help navigating the health-insurance marketplace for a fee, capitalizing on people’s confusion about the state-based health exchanges created through the Affordable Care Act. This sort of assistance is indeed available and is legitimate, but the people who offer it – also known as “navigators” – aren’t allowed to charge for their services.

In addition to knowing some of the tell-tale signs the person on the other end of the line is a fraudster, other ways to help avoid health care phone scams, include:

• Protect your personal information – including details about your Medicare coverage. Guard your health care insurance card number just like you would your credit card number, providing it only to health care providers at the time you are seeking services.

• One of the leading Medicare health scams involves fraudsters filing false claims for durable medical equipment such as wheelchairs, scooters, walkers and nebulizers. It’s illegal for a medical supplier to make an unsolicited phone call to people with Medicare. So, if you receive a call to buy medical equipment that your doctor hasn’t ordered, hang up.

• Another health scam that’s becoming increasingly common is designed to take advantage of people who accidentally misdial a toll-free number (a number starting with 1-800, 1-866, or 1-877). In these scenarios, scammers purchase a toll-free number that is just one digit off from a legitimate number. When people mistakenly dial that number, they think they’re speaking with a call-center agent from the company they were attempting to reach. Instead, they’re on the line with a scammer.

• Carefully monitor your statements from Medicare or your health plan for any claims for services or supplies that you did not receive.

• If any part of a phone conversation makes you uneasy, hang up and call the company or organization the person claims to be representing, using either the phone number on your health plan ID card, if the person claimed to be calling from your health-insurance company, or the toll-free number on the organization’s website.

• Report suspicious activity to local police, the state attorney general, the Centers for Medicare and Medicaid Services, or the Federal Trade Commission. Doing so can help protect others from falling prey to the fraudster’s schemes.

Dr. Don Stangler is chief medical officer at UnitedHealthcare of NY (UHC.com)

Quanterion offers resources during Cybersecurity Awareness Month

Business Mentors, Regional News, Subscriber Only, Technology

UTICA, N.Y. — Quanterion Solutions, Inc. has launched a cybersecurity resource program in conjunction with October being Cybersecurity Awareness Month, a global initiative to promote cybersecurity awareness and best practices. As a “registered champion” of the event, Quanterion says it is providing resources throughout the month for businesses and consumers and raising awareness of

Already an Subcriber? Log in

Get Instant Access to This Article

Become a Central New York Business Journal subscriber and get immediate access to all of our subscriber-only content and much more.

Learn More and Become a Subscriber

As a “registered champion” of the event, Quanterion says it is providing resources throughout the month for businesses and consumers and raising awareness of cyber threats.

The National Cyber Security Alliance and the Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security are leading the month-long event.

“Hackers are increasingly driving sophisticated attacks that take advantage of new technologies and threaten the security of individuals and businesses,” John Reade, director of information systems at Quanterion, said in a release. “This Cybersecurity Awareness Month, Quanterion Solutions is pleased to work alongside CISA, the National Cybersecurity Alliance, and other organizations to raise awareness about the importance of Internet safety.”

The initiative highlights emerging cybersecurity challenges and shares resources to protect devices, accounts, digital identities, and data. This year’s theme is, “It’s easy to stay safe online,” focuses on recognizing and reporting phishing attacks, using password managers, enabling multi-factor authentication, and updating devices to patch security issues.

Quanterion’s resources are available online at www.quanterion.com/cyber-awareness-month-2022-resources/.

Utica–based Quanterion is a small business that says it specializes in analytical services, products, and training across a number of technical disciplines including reliability, maintainability & quality, information systems, technical information centers, software systems & development, cybersecurity, knowledge management, critical infrastructure protection, and homeland defense and security.

Cybersecurity Awareness Month is designed to engage and educate public and private-sector partners to raise awareness about cybersecurity to increase the resiliency of the nation’s critical information systems. Other efforts by the nonprofit National Cybersecurity Alliance include Data Privacy Week in January and CyberSecure My Business, which offers webinars, web resources, and workshops for businesses. More information is available at staysafeonline.org.

SBA’s inaugural Small Business Cyber Summit set for Oct. 26

Small Business, Subscriber Only, Technology

The U.S. Small Business Administration (SBA) will host a free, virtual national Cyber Summit on Oct. 26. The SBA Cyber Summit will help introduce American small businesses to tools, tips, and resources to “bolster” their cybersecurity infrastructure. It’ll also explore new trends and challenges that entrepreneurs are increasingly facing. This cybersecurity forum will be a

Already an Subcriber? Log in

Get Instant Access to This Article

Become a Central New York Business Journal subscriber and get immediate access to all of our subscriber-only content and much more.

Learn More and Become a Subscriber

The U.S. Small Business Administration (SBA) will host a free, virtual national Cyber Summit on Oct. 26.

The SBA Cyber Summit will help introduce American small businesses to tools, tips, and resources to “bolster” their cybersecurity infrastructure. It’ll also explore new trends and challenges that entrepreneurs are increasingly facing.

This cybersecurity forum will be a first for the agency, SBA Administrator Isabella Casillas Guzman, said in announcing it Sept. 22.

“America’s small businesses are pivoting to digital technologies and online strategies at historic rates to reach new customers and improve operational efficiencies, but that pivot has also exposed them to significant new threats from cyberattacks,” Guzman said in a release. “Our SBA team has mobilized to support them against these potentially disruptive threats with cybersecurity resources and trainings across our resource partner networks, as well as through our recently launched Small Business Digital Alliance. Launching the SBA’s first annual Cybersecurity Summit will help us build on that work and ensure America’s 33 million small businesses and innovative startups can pivot safely online and grow resilient businesses.”

Registration for the event is open to all and free. Those interested can sign up through this link: www.bit.ly/SBACyberSummit.

About the event

The inaugural SBA Cyber Summit will include various speakers, including Guzman, SBA Associate Administrator Mark Madrid, SBA resource partners, Small Business Development Centers, the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, business chambers, state government partners, experts from the public/private sectors, major technology platforms, and “award-winning” business coaches, the SBA said.

“Comprised of digestible and compact segments,” attendees will have the opportunity to network and learn more about practical tips, problem-solving strategies, industry trends, threat avoidance, and small-business testimonials to help small-business owners defend themselves against cyberattacks, the SBA said.

Cyberattacks are a “growing threat” to small businesses and the U.S. economy. The SBA cites the FBI’s Internet Crime Report as indicating the cost of cybercrimes against the small-business community reached $2.4 billion in 2021.

Small businesses are “attractive targets” because they have information that cybercriminals want, and they “typically lack” the security infrastructure of larger businesses.

According to an SBA survey, 88 percent of small-business owners felt their company was vulnerable to a cyberattack. Yet many businesses cannot afford professional IT solutions, have limited time to devote to cybersecurity, or do not know where to begin, the SBA noted.

VIEWPOINT: Businesses & employees must stay alert to changing fraud tactics

Business Mentors, Subscriber Only, Technology

October is cybersecurity month, and like the masks people wear at Halloween, perpetrators of online fraud frequently change how they look. It’s important to remain vigilant and make sure your employees are familiar with new fraud tactics. A tactic that is increasingly used is what is known as “remote access scamming.” With remote-access scams, fraudsters

Already an Subcriber? Log in

Get Instant Access to This Article

Become a Central New York Business Journal subscriber and get immediate access to all of our subscriber-only content and much more.

Learn More and Become a Subscriber

A tactic that is increasingly used is what is known as “remote access scamming.” With remote-access scams, fraudsters are hoping to trick you or your employees into providing them with the information they need to gain access to your systems, especially your online- banking credentials. One example of a common remote-access scam starts with a phone call from someone who claims to have identified a computer problem with your system.

Sometimes they’ll claim to be from the IT department, or from a large well-known technology or software company, stating that they need your help to fix a problem. What they are really trying to do is gain control of your system, using your access and passwords.

A recent — and diabolical — twist is that some fraudsters are saying that they have detected an issue with your business banking account and they’re transferring you to the Fraud Department to “help fix” the issue. Nothing could be further from the truth; they are using your fear of fraud to gain access.

Here are some red flags that you should be aware of, and make sure your employees are familiar with as well:

• Unsolicited tech support calls — an incoming call from “tech support” should be treated with suspicion, especially if all of your devices are working properly. If you haven’t called for tech help and someone calls you, put your guard up immediately.

• Pop-ups directing you to call a number to address a detected virus — this is a method to have you initiate the call, and have you provide them with the details that provide remote access to your computer.

• Gift-card requests — this should be a dead giveaway that something is wrong or not above-board. No legitimate company will ever ask for you to purchase a gift card and then provide the information to someone over the phone.

• High-urgency requests — any demands that there is no time to waste, or other indicators that an issue is urgent should be treated with high levels of suspicion. What criminals are hoping for here is that you — or your employees — will react without thinking about the request or ask any questions about its legitimacy.

• Requests for one-time PINs — one-time PINs (OTP) are a key fraud-prevention measure and should never be circumvented. Never provide an OTP to anyone who calls and requests one.

• Requests to download software — any request to download software onto your computer, especially to “fix” a virus or other issue from someone who has called you should be treated as potential fraud.

• Requests for any other sensitive information — if a request seems weird or suspicious, pay attention to your instincts. Providing funds for a lawyer or legal fees over the phone is strange. A sudden family emergency that requires over-the-phone payment, but the caller isn’t someone you know, is also strange. Requests to mail cash — strange. Someone saying they are from your bank but asking you to provide them with digital banking credentials — very suspicious. Treat any of these scenarios as having a high potential for fraud.

It’s critically important that your employees are aware of these types of scams, because fraudsters will frequently target people who are expected to respond quickly to requests from company officials. It’s called “spear-phishing” and it’s designed to prey upon rank-and-file employees. In other words, criminals are hoping that your employees will be too scared or too intimidated by a request from “the boss” to say no.

If you ever have a reason to suspect that you’ve fallen victim to a remote-access scam, immediately call your financial institution’s customer-service team. Have your systems professionally cleaned and change all of your passwords and login credentials.

One of the most important things you can do as a leader in your organization is to make employees feel comfortable to say “no,” and to stop, think, and question requests. You would rather have them say “no” to the CEO than “yes” to an online criminal.

Terra Carnrike-Granata is senior VP and senior director of information security at NBT Bank, where she designs and implements sophisticated controls to prevent loss and mitigate risk, while also developing innovative ways to educate consumers and businesses on cyberthreats.

Amazon plans to hire 700 in the CNY region for full-, seasonal, and part-time positions

Employee Benefits & Human Resources, Manufacturing & Engineering, Technology

A range of roles — from packing and picking to sorting and shipping — are available to applicants from all backgrounds and experience levels, per

Binghamton young professional summit planned for Oct. 13

Employee Benefits & Human Resources, Health Care, Nonprofits, Regional News, Small Business

The theme for this year’s conference is “Moving Mountains,” and the hybrid event offers a virtual attendance option as well as the traditional in-person conference.

Get our email updates

Stay up-to-date on the companies, people and issues that impact businesses in Syracuse, Central New York and beyond.

Get our email updates

What's New

Upcoming Events

Project Homecoming Job & Career Fair 2025

Annual Nonprofit Conference 2026

2026 CenterState CEO Economic Forecast Breakfast

CNYBJ Job Board

Get Instant Access to This Article

Get Instant Access to This Article

Get Instant Access to This Article

Get Instant Access to This Article

Get Instant Access to This Article

Get Instant Access to This Article

Get Instant Access to This Article

Get Instant Access to This Article

Get our email updates