Niki NeeseNiki Neese, VP Account Management | Safe Systems

Now that the New Year is under way, we’d like to take a moment to look ahead at some of the major technology updates coming in the next 12 months.

As the first point of contact for many Safe Systems clients, the Account Management team and I spend a great deal of time working to help bankers overcome challenges in compliance and technology. As we closed out 2013, and planned ahead for 2014, our team took some time to review what’s ahead Because these changes might affect your institution, we wanted to take the opportunity to share some of the most significant items now. Whether it’s the end of life for Windows XP and other Microsoft software, or recent changes in guidance surrounding certain technologies, the five items below could affect your financial institution in the year ahead.

Microsoft Operating Systems and Applications – End of Life Dates
Microsoft makes some of the most frequently used applications in business today. So it’s no surprise that there’s a long list of Microsoft operating systems and applications that will cease to be supported within the next four years.

When an operating system or application reaches the end of its life, it’ll typically continue to work just fine. However, risk lies in the fact that the manufacturer – in this case Microsoft – is no longer providing critical patches and service packs to fix bugs and security vulnerabilities. Because of this, we recommend these systems be replaced before they reach their end of life whenever possible. In fact, the FFIEC recently published a statement covering the steps to take if you will still have Windows XP devices in use beyond the end of life date. These same steps can be employed for all the operating systems and applications to gauge and minimize risk. The best step is to completely replace unsupported software.

Here are some noteworthy end of life dates for Microsoft operating systems and software:

  • Windows XP – April 8, 2014
  • Office 2003 – April 8, 2014
  • Exchange 2003 – April 8, 2014
  • Windows Server 2003 – July 14, 2015
  • Exchange 2007 – April 11, 2017
  • Windows Vista – April 11, 2017
  • Office 2007 – October 10, 2017

Dell SonicWall – End of Life Dates
Security is a top priority for any business. Especially for financial institutions. For those of you who use Dell SonicWall appliances, there are a number of end of life dates to be aware of. The link below is SonicWall’s product lifecycle page, which provides end of life dates for these appliances as well as Dell’s five phases of product lifecycle management. The end of life is the most important phase. When Dell stops supporting a SonicWall appliance, they will no longer provide technical support, firmware updates or hardware replacements. Please reach out to your account manager if you have any questions concerning your current SonicWall model, and they will assist you in the transition to an upgrade option that is best for your institution.

Click here for Dell’s SonicWall product lifecycle page

Malware protection at the DNS server level
With each passing day, hackers are doing their best to build new and more intrusive malware, which they can then use to obtain access to sensitive personal information, account passwords and PINs, as well as data stored on server and workstation hard drives. To combat this activity, new services have been introduced to stop malware at the DNS server level which prevents the malicious connections from ever being made. Below is a link to Gladiator’s new service that runs at the DNS level to prevent malicious activity.

Gladiator “Advanced Malware Protection” Brochure

Email Archival
There is a specific FFIEC mandate for document retention. As of right now, there is no specific mandate for archiving. As Safe Systems’ VP of Compliance Tom Hinkel states, however, “the key to complying with legal and regulatory guidelines regarding retention is to consider all electronic information (including email) exactly the same as paper documents for the purposes of retention and destruction in your policies and procedures.”

A best practice, the Compliance Guru goes on, is to make sure your retention periods are the same, regardless of whether they are physical or electronic. When it comes to archiving email, however, the challenge is in being able to separate the financial emails from the loan documentation emails from the customer communication from casual conversation. Every type of email could have different retention requirements or none at all. “But there is no technology available to automatically classify each message by data type,” Hinkel says. “Lacking that, most banks simply opt to archive all email communication regardless of the nature of the message. Simply put, there are 3 potential approaches to data retention: Save everything, save selectively, and save nothing. Given the current technical limitations, the least risky of the 3 is to save everything.”

Read the full post.

Social Media Awareness
Expect your next exam to have questions concerning your social media policy. Even if you do not engage in Facebook, Twitter, LinkedIn or any of the other interactive sites that have sprung up in the last decade, you are still not out of the examiner’s reach. The FFIEC guidance concerns your institution’s presence on the internet, whether you initiate it or not. A social media policy must be taken very seriously because it is more than just another area on an exam to watch out for; it is also knowledge and awareness that will equip you to prevent attacks and threats such as social engineering.

Gladiator’s Regulatory Compliance Team has successfully guided financial institutions in their social media strategies since 2010, so if you need any help with a Social Media Policy, then Gladiator can assist by either performing a free GAP analysis on your current Social Media Policy or modify your existing one and even create a new one for you.

Read the Compliance Guru’s analysis of the FFIEC’s social media guidance.