Community Banks Work Hard to Protect Your Ones and Zeroes

Cyberattacks aren’t limited to just data breaches these days—there are a litany of prevalent cyber risks threatening banks.  To help illustrate the extent to which community banks go to be sure customer data is secure, reprinted below with permission is a checklist for financial institutions provided by the company Grand Rapids State Bank uses for “managed security.”  Data breaches like those affecting Visa cards used at Target stores around the country are getting the most attention, but banks face many kinds of cyber risk.  Whether it is a system outage, a distributed denial of service (DDoS) attack or any other cyber incident, banks have to be prepared to fight day and night.
 
Five Key Elements for a Strong Cybersecurity Framework*

To ensure your bank has a strong strategy for cybersecurity preparedness, the Federal Financial Institutions Examination Council (FFIEC) recommends you take a comprehensive approach to maintain the security and resilience of your technology infrastructure. And that includes establishing a robust cybersecurity framework.

To fight back against cyber threats, the FFIEC recommends your bank’s cybersecurity framework focus on five key areas:
 

  1. Cyber Risk Management and Oversight
    To strengthen management and oversight of your bank’s cybersecurity strategy, follow these four steps:
     
    1. Test your policies and procedures with regular information security reviews and IT audits
       
    2. Support your risk management program by using the FFIEC Cybersecurity Assessment Tool
       
    3. Provide training and resources to employees that are easy to understand; and ensure IT and information security staff keep up with their training, too
       
    4. Educate and engage senior management and the board to develop a strong culture of security
       
  2. Threat Intelligence and Collaboration
    To ensure you have the most updated information about industry threats, subscribe to email lists and collaboration services from reputable resources
     
  3. Cybersecurity Controls
    Implement cybersecurity controls to help your bank prevent, detect and mitigate cybersecurity events. There are three categories of cybersecurity controls:
     
    1. Physical security controls: These controls traditionally tighten perimeter building security and limit access to server rooms and network operations centers.
       
    2. Logical security controls: This is your first line of defense if a hacker breaches your physical controls. Logical controls typically include identification, authentication, authorization and accountability tools.
       
    3. Other controls: This category includes policies and procedures, training and education, and employee reaction and response.
       
  4. External Dependency Management
    Manage any external solutions that your institution uses by undergoing these three evaluations:
     
    1. Business impact analysis: Determine the likely impact to your organization if a vendor, product or service ceased to exist or function properly
       
    2. Cybersecurity risk assessment: Identify the risks for a particular vendor or service and how likely each risk is to affect that relationship so you can prepare accordingly
       
    3. Vendor management: Read the FFIEC’s new Appendix J from the Business Continuity Handbook to help determine if adequate controls are in place among external dependencies
       
  5. Incident Management and Resilience
    Update your incident response and business continuity plans (BCP) to include the words “cyber incident” and/or “cyber risks.” Be sure your plans actually contain the information needed to help you effectively respond to cyber-attacks.

*From Computer Services, Inc., Financial Services Group, Austin, TX 78730
 
 

Contact Us

or stop in and ask us for current rates and terms.