Monthly Archives: August 2016

We’re Working with You to Battle Cyber Crime


Since 2013, cyber criminals have attacked over 22,000 businesses via business email scams with losses totaling over $3.1 billion. Businesses of any size are vulnerable. In the L.A. area, losses due to business email compromise alone total $14.6 million per month. Experts estimate that 80% of cyber attacks are avoidable through basic cyber hygiene.  By implementing a variety of safety and prevention measures, you can significantly reduce the chances of your business suffering losses due to cyber crime.

To help businesses understand the risks and the ways they can help protect themselves from this growing threat, we recently hosted a series of cyber security seminars in Los Angeles and Orange County. We want to share a few of the key takeaways from our panel of experts in law enforcement, information security and insurance. Here’s what we learned from Howard Miller, CRM, CIC, of L/B/W Insurance and Financial Services, Kimberly Pease, CISSP, of Citadel Information Group, Michael Sohn of the FBI’s Los Angeles Cyber Crime Outreach and Stan Stahl of Secure The Village.

  • Employee training throughout your organization is critical. Make sure you have clear policies about cyber security and that they are clearly communicated to your staff, contractors and anyone else who has the ability to expose your company to risk. Educate all of your employees about the risks of clicking on links in emails and sharing business information via phone or email with people they don’t know or trust.
  • Limit access to software to employees who really need it and make sure that each employee has their own log-in (don’t have employees share log-ins) so you can track activity back to a specific person.
  • Keep software updated regularly. Cyber thieves exploit vulnerabilities in older versions of software.
  • Use two-factor authentication to access your internet email and other sensitive applications such as online banking. Two-factor authentication requires you to use a one-time password in addition to your regular password, making it more difficult for hackers to hack.
  • Make sure your back-up files are capturing all of your critical data and that your employees are following your prescribed protocol for backing up their files. Also make sure you are backing up your files in a different physical location so you can use them in the event of a natural disaster.
  • Look at your third party vendor contracts to understand what cyber risk you might assume through your relationship with that vendor, particularly with cloud providers who typically accept little, if any, liability associated with cyber crime.
  • Take information security as seriously as operations and finance.
  • Create a VPN (virtual private network) to secure communications to your business network that are initiated by authorized employees using devices outside of your network.
  • Secure your wi-fi with a password and encryption.
  • Use different passwords for different sites and make them long and complex.
  • Check any existing cyber security insurance you may have to look for gaps or exclusions in the coverage. Business interruption is typically limited to physical causes so most insurance won’t cover business interruption due to a cyber attack.
  • Before your business is targeted by cyber criminals, establish a relationship with your local FBI office. They’re the lead federal agency for investigating these kinds of attacks.

For banking (online as well as offline), the following recommendations were made:

  • Use dual control for all ACH and wire transfers. Dual control means that another person or account has to authorize a transfer in addition to the person who initiates it.
  • Never trust wire instructions or other funds transfer instructions sent via email. Always call the person or company to verify the instructions.
  • Set up alerts that automatically notify you about log-ins, password changes, transfers, etc. This way if an unauthorized change is made, you know and can respond quickly.
  • Use Trusteer Rapport software (available free) to provide a secure web channel between your computer and the bank’s online banking site.
  • Use our ACH Fraud Protection Service, which enables business clients to review ACH transactions before they are complete and to choose to pay or return each item.
  • Use ACH blocks or restrictions, if you know you won’t be using these electronic payments, or if you want to limit ACH withdrawals to only specific vendors.

To address the risks of funds transfer fraud and cyber deception, our bank has also introduced a new way for our business banking clients to protect themselves through a first-of-its-kind cyber insurance group policy. The policy provides gap insurance, since most cyber crime insurance policies don’t cover losses for money sent out of a business banking account “voluntarily;” that is, when someone in your firm is tricked into sending funds to a cyber criminal posing as a trusted colleague or vendor. For more information on this policy, please visit

Insurance Products are:
Screen Shot 2016-06-23 at 9.12.21 AM
Insurance Products are offered through Grandpoint Insurance Services, Inc., a non-bank insurance agency affiliate of Grandpoint Bank, and facilitated through LBW Insurance & Financial Services, Inc., an unaffiliated insurance agency.



CIO John Coleman Recognized by Los Angeles Business Journal

screen-shot-2016-09-16-at-11-21-45-amEarlier this summer, Grandpoint SVP & Chief Information Officer John Coleman was honored as one of a select group of nominees for the Los Angeles Business Journal’s Chief Technology Officer Awards at a dinner in Santa Monica. The nominees were also featured in the Business Journal.

John, who has managed the Bank’s information systems and technology since 2012, was praised for his technical knowledge as well as his ability to foresee emerging trends, balance risk with growth objectives, and communicate effectively with the Bank’s leadership.

“Not only has John done a great job helping us keep pace with new technologies, he’s also played a key role in addressing the evolving risks of cyber crime,” said Loraine White, EVP and Chief Administrative Officer at Grandpoint Bank. “His involvement in numerous IT and cyber security working groups and public-private collaborations has kept us on the forefront of these developing threats and built partnerships that have been very beneficial to our bank and our clients.”

His knowledge and expertise in this area have been especially valuable as the Bank has sought out new ways to help business clients thwart the risk of cyber crime. In June, the Bank announced the availability of a new Client Cyber Crime Insurance policy, offered exclusively to its business clients through Grandpoint Insurance Services, Inc., a non-bank insurance agency affiliate of Grandpoint Bank. The policy helps protect clients against monetary losses to their Grandpoint business accounts as a result of cyber deception and wire transfer fraud.

Given his wealth of knowledge about cyber security, we asked John to share some of his top tips:

  • Understand the basics of information security and apply them
  • Practice password management, which involves using complex passwords that are changed regularly
  • Make sure to keep computers up-to-date with antivirus software and patches
  • Use common sense
  • Once a business starts employing 10 or 20 people, appoint someone to be responsible for the management of the computer and security systems. Policies and procedures should be in place and known to all.
  • Backup information! Many businesses overlook this. Backed up information should be stored somewhere offsite and offline. It should be difficult to get into the backup copies.

John also recommends these sites as good sources of information about cybersecurity threats and best practices:

Additionally, the Department of Homeland Security has designated October as National Cyber Security Awareness month and provided some helpful resources here.↗

John is very active in the business and civic community on the topic of cyber crime. Through his involvement with ISSA↗ (Information Systems Security Association), John not only spoke at one of its events, he also formed relationships with financial and security professionals, including those from the FBI,↗ Los Angeles County District Attorney’s High Tech Crime Department↗ and the Secret Service’s↗ electronic crimes taskforce. The FBI subsequently reached out to John and Grandpoint Bank to help them host a nationwide gathering of their field office representatives at the Grandpoint offices to talk about cyber crime. (John was the only non-government participant invited to attend that day.) The two-day event also included a session for tech companies, financial institutions and other law enforcement regarding the hot topic of business email compromise.

John has also been active with the California Bankers Association’s annual Risk, Cybersecurity and Technology conference↗ by serving on the planning committee, helping to arrange speakers, providing opening remarks for the conference and moderating the Incident Response panel discussion. He also serves on the advisory board and on the executive council of Secure the Village,↗ a nonprofit organization dedicated to cyber security education and awareness for small and mid-sized businesses as well as nonprofits. He has also served as a speaker for one of Secure the Village’s roundtable events.

Well-deserved congratulations on your nomination for top Chief Technology Officer, John! You’re certainly ours!

For more information on the Client Cyber Crime Insurance, visit (California Insurance License #0K82434).

Insurance Products are:
Screen Shot 2016-06-23 at 9.12.21 AM
Insurance Products are offered through Grandpoint Insurance Services, Inc., a non-bank insurance agency affiliate of Grandpoint Bank, and facilitated through LBW Insurance & Financial Services, Inc., an unaffiliated insurance agency.


↗ Linking to Non-Grandpoint Bank Websites
This icon appears next to every link that directs to a third party website not affiliated with Grandpoint Bank. Please be advised that if you click this link you will be taken to a website hosted by another party, where you will no longer be subject to, or under the protection of, the privacy and security policies of Grandpoint Bank. We recommend that you review and evaluate the privacy and security policies of the site that you are entering. Grandpoint Bank assumes no liability for the content, information, security, policies or transactions provided by these other sites.