BID® Daily Newsletter
Jan 15, 2019

BID® Daily Newsletter

Jan 15, 2019

Cybersecurity Is Everyone's Job

Summary: Bankers know cybersecurity continues to be a top priority. To protect your bank, here are some tried and true ways to do so.

A Harris Poll conducted on behalf of Glassdoor took a look at the top things job seekers want to see in any advertised position. Those ranked highest were: salary (67%), benefits (63%), location (59%), commute time (43%) and employee reviews (32%). Now you know, just in case you need to find a new employee this year.
Speaking of things to do in 2019, bankers know cybersecurity ranks right at the top. To protect your bank, here are some tried and true ways to do so.
Once a community bank determines that a bad actor has entered their system, the IT security team then must determine how to respond. The focus is on the best way to mitigate damage, limit the exfiltration of important data, and help remediate.
Even at larger banks, the volume of flagged incidents and unknown files that need to be investigated is often overwhelming. Nevertheless, community banks must continue to plan for these sorts of attacks because they will eventually happen. Taking steps now to minimize the impact of a cybersecurity breach is just a good idea. To help, consider these tips:
Develop a robust breach response plan. A critical step to minimize the impact of a cybersecurity breach is to develop a robust breach response plan that provides a step-by-step guide to assessing the threat, containing it, communicating to all stakeholders and implementing solutions. Each bank needs to tailor its breach response plan to its specific geography, customer base and risk tolerance. However, key elements typically include: the basic security framework evaluated and installed such as firewalls, intrusion detection and other security measures, and a tool to evaluate the bank's response to a breach, so the entire company can benefit from lessons learned.
Continue to support security education and training. It may be trite, but it still holds true - most banks require increased and more frequent training throughout their organization to help stave off cyber attacks. It is important to continually educate all staff, inclusive of customer-facing, the C-suite and the board of directors. For the average employee, regular IT security training keeps threats top-of-mind. For the top brass, risk education can help them better understand the breadth and enormity of the actual cybersecurity risk, and ensure buy-in.
Test the plan. A community bank, as with any business, not only needs to create an incident response plan that details how it will respond to a potential incident from start to finish, but also to test it. This should include: revamping the plan every few months to determine when and how an incident should be escalated to senior management; determining who internally has overall responsibility for the investigation and who else within the bank must be involved in the investigation; detailing the outside technical and legal advisers; communicating protocol with customers and other affected outside parties; and sharing any cybersecurity incident information with the appropriate regulators and law enforcement.
Cybersecurity is everyone's job and most issues come from humans trying to help, so be aware and prepared. Then train, train and train again, as you help keep your bank and customers safe.
Subscribe to the BID Daily Newsletter to have it delivered by email daily.

Related Articles:

Educating Customers on the Risks of Gaming Platforms
Online gaming platforms have become extremely popular in recent years, with 76% of children under 18 playing regularly and connecting their parents’ credit cards and bank cards to their gaming accounts. Financial education about the risks of online gaming payments can add value for young and older customers alike.
Spoofers Target CFI Customers
A June 2022 report from Allure Security, a cybersecurity firm that specializes in protecting financial institutions, says that about 20% of CFI’s are the targets of website impersonation attacks. Rather than simply assume that website impersonation attacks are something that happens to larger banks, CFIs should be proactive about protecting themselves and their customers from this kind of fraud. We explore a few tactics to keep your CFI and your customers safe.