While cybersecurity has become a major issue for the financial industry, the truth is that many financial institutions are falling complacent when it comes to protecting themselves from cyber threats. Some community banks and credit unions believe that doing the bare minimum for protection, meaning antivirus software and installing firewalls, is enough. The recent data breaches and cyberattacks in the financial industry prove that this is simply not true. The first step financial institutions must take to truly combat cybercrime is to change their cybersecurity mindsets. Let’s take a look at some common misconceptions about cybersecurity:
“We don’t need to involve our board of directors in our cybersecurity planning.”
Participation by the entire board of directors is essential to combat cybercrime. The board cannot delegate its responsibility for the consequences of unsound or imprudent policies and practices when it comes to cybersecurity and IT practices. Board engagement has become more important than ever as both the Federal Financial Institution Examination Council’s (FFIEC) Management Handbook, and the FFIEC’s Information Security Handbook focus specifically on the responsibility and accountability of the Board as it relates to information technology oversight. Boards that do not adhere to these new standards run the risk of penalties, lowered CAMELS scores and audit rankings, and in extreme circumstances, financial accountability.
“Our cybersecurity plan from last year is still enough.”
The security landscape is constantly evolving, and it is imperative to have a solid cybersecurity plan in place that accounts for this evolution. It should be a fluid document that is frequently reviewed, updated and that specifically outlines administrative, technical, and physical controls to mitigate evolving cybersecurity risks. These controls include firewalls and antivirus software, written policies and procedures and layered security defenses to protect the institution from cyber threats. It is also important to test the full plan on a regular basis to ensure all procedures can be executed successfully and verify that all regulatory requirements are met. The FFIEC’s Cybersecurity Assessment Tool provides best practices financial institutions can use to evaluate their inherent risk profile and cybersecurity maturity and develop a plan that adequately addresses their cybersecurity needs.
“We already have the latest and greatest technology in place.”
There is no single security product that will cover all of an institution’s needs and efficiently combat security breaches and attacks. It is essential to implement a layered security approach and select security defenses that fit closely with the institution’s long-term goals as well as support the IT and compliance strategies. Additionally, these security solutions will need to change over time as criminals’ strategies evolve. It is important to research, evaluate and determine when it’s the right time to upgrade software and invest in the next level of technology and software solutions.
Cybercrime is one of the greatest security challenges and concerns for financial institutions today and community banks and credit unions cannot be complacent when it comes to protecting themselves and the sensitive information they hold. Understanding cybersecurity best practices and taking a more proactive approach to creating a secure network environment is the best way to ensure your institution is secure.
For more information on cybersecurity, download our white paper, “Ransomware and the Evolving Security Landscape of Today’s Financial Institution.”