Category: Banks

Community banks continue to embrace technology and remain committed to investing in new technologies and services this year. In fact, according to the 2017 Community Bank Information Technology Outlook Study, a survey conducted by Safe Systems in the fourth quarter of 2016, nearly 77% of respondents claim they are spending more on technology today than they have in the past. The challenge however, often lies in trying to keep pace with the rapid rate of change that is influencing and impacting the banking industry.

It seems that the one constant in our industry is continuous change as new systems, new hardware and new techniques are being developed to improve uptime, increase efficiency, control costs, assist with compliance issues, and generally help banks run more smoothly. This rate of change pushes virtually every institution to regularly perform system upgrades and technology modifications to improve its IT environment. According to the survey, the driving factor for change among community banks is business strategy, with 28% of survey respondents naming this as their primary reason for investigating new resources or services to enhance their institution. However, rather than making large, wholesale changes that can deplete valuable HR energy and resources, IT administrators stand to benefit more by making targeted, incremental improvements to support their bank’s overall IT strategy.

2018 Community Bank Information
Technology Outlook

Primary Research and Analysis of Your IT Priorities
in 2018

Slow and Steady Wins The Race

The IT industry is built on innovation that fuels revolutionary change. Perhaps the most notable example, Apple^®, essentially redefined consumer electronics starting with the Macintosh^®, then the MacBook^®, the iPod^®, the iPhone^®, the iPad ^® and the Apple Watch^®, each building on the other, usually attracting lines around the block of consumers turned brand evangelists.

While technological evolution can yield incredible results, it can also be extremely hard on financial institutions by forcing them to change their entire network or IT plan to accommodate a new innovation. This is particularly relevant for small community banks with limited resources. Additionally, charting the future path of innovation can be an unreliable and unpredictable undertaking. Are you going to innovate this year, next year or in three years? It is very hard to manage and predict. On the other hand, by making smart, incremental changes, it enables the bank to set manageable goals and actually see those goals and improvements come to fruition more rapidly.

Evolutionary Change to Save Time and Improve Efficiency

One proven example of an evolutionary change is automated patch management, software updates designed to fix known vulnerabilities or security weaknesses in applications and operating systems. All software applications require updates from vendors, including third-party software programs such as Microsoft^®, Adobe^®, Adobe Reader^®, Adobe Flash^®, Chrome ™, and QuickTime^®. Too often, though, IT professionals are relying on a manual process, requiring staff to update each machine and workstation individually. This also requires them to stay abreast of all changes essentially in real-time, which is unfeasible. Increasingly, banks are automating this process, which delivers quick, accurate, and secure patch updates to all workstations and servers and mitigates the multiple risks associated with running unpatched programs. The time the IT department saves on managing patch management enables them to instead focus on more profit-generating activities for the financial institution.

Making Evolution Part of your Company Culture

Banks should make continual service improvement a key part of their overall corporate culture. These changes can be identified by a single resource or through a committee focusing on operational improvement. Allocating time and resources to focus on the right aspects of new technology and process improvement is key as even the smallest incremental changes can have the ability to provide a significant positive impact.

For more information please download our complimentary white paper, 2017 Community Bank Information Technology Outlook.

New Regulatory Trends Encourage Succession Planning for Your Bank’s IT Administrator Too

While banks are accustomed to planning for the departure of the CEO, president, vice presidents, controller and/or other senior leaders, the critical and pervasive nature of IT systems is leading many examiners to require institutions to consider expanding succession planning to include IT administrators as well.

The reality is that today, community banks must address a mounting succession problem, especially as it relates to their IT department. As technology has become more operationally and strategically important, banks must now have a plan in place to ensure that the sudden departure of a critical IT employee is a manageable event and does not present a major organizational crisis.

Understanding Regulatory Expectations

Regulators recognize the important role that IT administrators and cybersecurity personnel play in the overall success and wellbeing of the financial institution. While there have not been any formal government mandates released (yet), regulators are now looking at — and in some cases, requiring — financial institutions to have a formal succession plan in place for their key IT personnel. In fact, the new FFIEC Management Handbook requires examiners to determine that there are “provisions for management succession that provide for an acceptable transition in the event of the loss of a key IT manager or staff member”.

A community bank’s IT administrator bears a great deal of responsibility as he or she must understand the ever-growing complexity of IT operations, and work closely with the Information Security Officer to ensure the institution remains compliant with continuously changing regulatory requirements. Even though the list of duties and level of complexity has grown substantially in recent years, many community banks have just one dedicated person on staff to manage all of their IT operations.

Employees may leave for any number of reasons, and IT personnel are no exception. There are a number of risks associated with the loss of an IT manager who is the sole individual with the knowledge of how the bank’s network runs. To help mitigate this risk, the FFIEC’s Cybersecurity Assessment Tool suggests that banks build “a program for talent recruitment, retention, and succession planning for the cybersecurity and resilience staffs.” In order to consistently comply with government regulations and examiner expectations in the long term, banks should have a succession plan that outlines how the bank will continue to function in an uninterrupted manner after the loss of an important IT employee.

What the Succession Plan Should Include

Bankers must understand that a community bank’s technological assets are every bit as valuable as the money in their vault. The success of the bank relies on its IT infrastructure, which is heavily dependent (and often over-dependent) on IT personnel. Regulators want to confirm that an institution can provide a constructive response detailing exactly what the bank will do to keep IT operations running efficiently if its key IT personnel leaves.

Again, the FFIEC Management Handbook states that “…Management should have backup staff for key positions and should cross-train additional personnel. The objective is to provide for a smooth transition in the event of turnover in vital IT management or IT operations.”

While the human element cannot be replaced, using automation to supplement IT personnel bolsters a bank’s succession plan. Automated systems don’t forget, get too busy, take vacations or sick days, and aren’t subject to human error or inconsistencies. And perhaps the biggest advantage of using automated processes to augment your succession plan, is to ensure your procedures are applied in a consistent and timely manner, regardless of personnel changes.

Dispelling 5 IT Outsourcing Myths within Financial Institutions

Learn why five of the most commonly believed “facts” about IT outsourcing within community financial institutions are actually myths.

Choose a Partner To Support Your IT Department

Finding, training, and retaining qualified staff to manage an IT network can eat up considerable time and energy from your bank’s management team, taking away valuable time needed to support customers and banking operations. Not doing so quickly can open the bank up to additional security risk. In considering IT succession planning, many financial institutions are proactively turning to IT service providers to act as an extension of their organization and help augment internal IT resources.

The right solution provider can serve as a true partner and work alongside current IT staff to manage the network and streamline technology needs, while meeting regulators’ expectations and enabling the bank to meet all compliance mandates. At Safe Systems, we understand the ever-growing complexity of community banks’ IT operations and apply that knowledge to providing our customers with an in-depth view of their IT network environments and additional support in co-managing their IT operations. We want to provide bankers with assurance that their institution’s IT network is functioning efficiently, optimally, securely, and is in compliance with industry regulations.

Technology has become the lifeblood of today’s financial institution so it is imperative that all technology assets work efficiently. Modern community banks rely on their IT departments to maintain hardware and software and ensure that all systems are functioning optimally when needed. IT is also responsible for monitoring an array of on-going concerns like antivirus protection, patch management and email security, to name a few.

As a result, the network administrator position has become — both operationally and strategically — one of the most important within financial institutions. However, potential problems can occur for many community banks that find themselves with only one person running their IT departments, putting the bank at risk if that person goes on vacation, gets sick, changes jobs, or goes on extended leave. According to a CareerBuilder Job Forecast, the IT Manager/Network Administrator is one of the top five positions with the most turnover.

Strengthen your IT Department and Build Greater Continuity for Your Bank

To help ease the loss of a valuable resource, having a third-party integrated with existing IT staff to augment the department can make the transition smoother and eliminate gaps within operations should a bank’s IT manager leave for any reason. Many financial institutions are turning to IT and security service providers to act as an extension of their organization and help supplement internal IT resources. Outsourcing even a portion of IT provides a level of continuity and stability that can be difficult for smaller community financial institutions to achieve on their own. Often, banks are at the mercy of a single individual, even if there are multiple people in the department, to make sure all activities are completed. The right solution provider can serve as a true partner and work alongside current IT staff to manage the network and streamline technology needs. When the IT staff is out or unavailable, outsourcing critical IT business processes helps fill the personnel gap to provide added peace of mind and stability for the institution.

Use Checks and Balances to Stabilize Your Bank’s IT Outlook

In addition to having increased IT support, outsourcing brings a well rounded perspective to technology needs. This helps avoid a common issue among some community institutions in which the administrator’s level of influence and power can actually influence the institution’s corporate personality and approach to business. For example, a very conservative administrator may prefer not to “rock the boat,” push hard to make improvements or ask for funding and as a result, the institution might end up behind the technology curve in the long run. This creates a less than efficient organization and one that does not meet the growing demands of its customers. On the other hand, a more aggressive approach toward cutting edge technology can lead to excess spending in unproven or high risk technologies. To help balance this, it is good practice to have a trusted outside partner to offer guidance and ensure the bank implements technologies that make sense financially, will enhance current services and align with the institution’s long-term goals.

The right technology service provider should offer your bank full support for the demands of today’s banking technology requirements and truly act as an extension of your internal IT department. At Safe Systems, we understand the ever-growing complexity of community banks’ IT operations and apply that knowledge to providing our customers with an in-depth view of their IT network environments and additional support in co-managing their IT operations. We want to provide bankers with assurance that their institution’s IT network is functioning efficiently, optimally, securely, and is in compliance with industry regulations. No matter what changes an institution goes through, having an outsourced IT partner on the team can help to streamline processes and keep IT operations running smoothly.

Dispelling 5 IT Outsourcing Myths within Financial Institutions

Learn why five of the most commonly believed “facts” about IT outsourcing within community financial institutions are actually myths.

For community banks to remain competitive today, they must continually add or upgrade applications and solutions to their networks that integrate seamlessly with their core banking system, such as Jack Henry. If you are considering making a change, it is important to first understand the impact it will have on your existing IT environment (including costs associated with physical equipment, security and regulatory compliance).

To help you avoid unnecessary mistakes, we have prepared some pertinent questions to discuss before you start the project.

10 Questions to ask before Jack Henry Application Implementations:

1. What proprietary software do we have in place that will be affected by the change?
2. Is the proposed implementation of this application modular (i.e. one size fits all) or is it being implemented in a way that fits into my specific network design?
3. Are we getting the best or even competitive pricing on licensing, hardware and installation or should we seek comparison quotes?
4. Can I implement this application on a virtual platform to enhance fault tolerance, replication and recovery capabilities?
5. Is our current network sufficient and can it handle any increase in demand on existing resources?
6. How will this change affect our Business Continuity Plan and procedures?
7. How will this change impact our cybersecurity posture?
8. Can our current data replication and back up process handle this change or will we need to modify these capabilities at additional expense?
9. What amount of time, expense and other resources will it take to train our IT staff and maintain their skills to support the new application?
10. Do we need help evaluating our current IT environment to help us identify and minimize unforeseen impacts resulting from this change?

Today’s community bank IT administrators have a very challenging and time consuming role! They must stay abreast of ever changing banking applications, regulatory compliance requirements, maintain complex multibranch networks, while also meeting customer and board of director demands and expectations. Before implementing a new JHA core application, you should consider working with an outsourced IT provider who understands the Jack Henry software suite.

Safe Systems supports over 100 Jack Henry banks

Safe Systems has been providing IT, security and compliance services exclusively to community banks and credit unions for more than 20 years. We know from experience that the specific needs of financial institutions differ significantly from other network installations. Leverage our expertise to better understand:

• Best practices for implementing and supporting Jack Henry Banking core applications
• How to efficiently add banking applications in a secure environment
• Security factors and FFIEC regulations
• How to configure and install servers, backup solutions and fault tolerant host connectivity

Through our years of working with Jack Henry’s core solutions, we have built an extensive base of knowledge to effectively support banks who rely on a wide variety of Jack Henry core banking applications. We have a proven track record of implementing a diverse set of ProfitStars’ banking solutions, including Synergy Enterprise Content Management, Yellow Hammer’s BSATM compliance solution and ArgoKeys® LendingKeys™ branch sales automation platform successfully throughout our diverse Jack Henry customer base.

Working with an outsourced IT provider who truly understands Jack Henry solutions can be a huge benefit when it comes to managing your network and adding the banking applications that ensure your organization is competitive in today’s challenging financial marketplace.

Patch management is more important than ever!  The lack of an effective patch management program has contributed significantly to the increase in the number of security incidents in financial institutions. Patches are software updates designed to fix known vulnerabilities or security weaknesses in applications and operating systems.  All software applications require updates from vendors, not just operating systems. This includes software updates for third party software programs such as Microsoft, Adobe, Adobe Reader, Adobe Flash, Chrome, and QuickTime.  The most popular software products are tested by hackers for weaknesses, and vendors have to constantly release security updates to keep these applications safe and secure.

When it comes to patch management, many financial institutions today fall into one of two categories:

1. Those that don’t keep systems consistently up to date, and simply react when there is a problem or vulnerability.
2. Those that keep systems up to date, but spend a lot of time managing the patching process.

Examiner Expectations

Patch management’s importance was underscored with the recent release of the FFIEC’s Cybersecurity Assessment Tool.  This assessment tool makes multiple references to patch management, and dedicates an entire contributing component category to statements covering patching practices. The tool defines clear expectations on what banks must do in order to remain in compliance, and lays out a path for improvement beyond the basics.

In addition, the most recent Supervisory Insights edition from the FDIC references the need for effective patch management as one of 4 key areas that institutions should manage to mitigate security threats. The FDIC also stressed effective patch management in a webinar last year, and stated that 99.9% of successful hacker and malware attacks that exploited a vulnerability did so more than a year after a patch was published to plug the security hole.

All of these sources point to some best practices regarding patch management:

• Updates should be rolled out to all devices
• Timeliness of patching is critical as the longer an unpatched system is in production, the larger the risk
• Devices with patching issues need to be addressed promptly to avoid a security issue
• Updates should be tested to ensure they don’t create an issue for the institution’s applications
• Patches that are not deployed because of bank applications must be documented
• Senior Management and Board of directors should be provided with reports on patch status

Components of an effective patch management system

An effective patch management program should include policies and procedures to identify, prioritize, test, and apply patches in a timely manner.  The longer that a system remains unpatched the more vulnerable the intuition becomes. It is crucial that all systems are patched, if at all possible.  To support a comprehensive patching program, the bank should create an asset inventory cataloging all systems that require patch management oversight. This asset inventory should list all software and firmware, including every server, switch, router, firewall, operating system, printer, laptop, desktop and ATM in the bank that are subject to periodic patches from vendors.  Effective patch management is much broader than just making sure that Microsoft patches are flowing.

Bank executives should also stay abreast of possible threats by monitoring reports on identified vulnerabilities, and should ask if such vulnerabilities can be patched.  Once a vendor stops supporting a software application they typically also stop releasing patches to plug newly discovered vulnerabilities, so executives should stay informed about assets nearing end-of-life.  Management should also establish strategies to migrate from unsupported or obsolete systems and applications, and implement strategies to mitigate any risk associated with these products.

To comply with the FFIEC guidance, the board and senior management at the bank should require regular, standard reporting on the status of the patch-management program, including reports monitoring the identification and installation of available patches. Independent audits and internal reviews should validate the effectiveness of the bank’s patch management programs.

Automated Patch Management

Many financial institutions find managing the patch management process and maintaining patching solutions both challenging and time-consuming.  Working with an outsourced service provider such as Safe Systems can provide your institution with a comprehensive patching program that delivers quick, accurate, and secure patch updates to all workstations and servers. This process will help mitigate the multiple risks associated with running unpatched programs and automate the time-consuming process of testing and deploying new patches.

Dispelling 5 IT Outsourcing Myths within Financial Institutions

Learn why five of the most commonly believed “facts” about IT outsourcing within community financial institutions are actually myths.

It might have taken some time, but you have finally found what you think and hope is the right candidate to fill your bank’s IT network administrator position. Today’s community bank relies on the IT department to maintain its hardware and software and to ensure all systems are available when needed. The IT department is also responsible for monitoring an array of on-going IT concerns like antivirus status, patch compliance and email security, to name just a few, so ensuring the new IT administrator is managing all this efficiently and effectively is very important.

Once the new IT administrator has been on the job for at least several months, if not longer, how can you really measure their success and make sure they are efficiently managing this crucial aspect of the financial institution? There are a few key areas to evaluate.

How are they able to handle and recover from downtime?

Ensuring all systems are working correctly is a crucial aspect of the IT administrator position. Anytime one of the systems is down, be it the teller system, ATM network or online banking portals, it affects customer service expectations and causes a disruption in the financial institution.

Your bank’s IT administrator should be able to quickly investigate, analyze and resolve complex hardware problems on the bank’s computer systems and quickly perform advanced hardware and software repairs and support on a wide range of PC-based computers and peripherals. In addition, this individual must provide troubleshooting support for escalated software and hardware problems as well as respond to after-hours system problems in a timely and efficient manner. Financial institutions have little tolerance for downtime, so ensuring the IT administrator is able to quickly resolve technical issues and ensure the bank IT infrastructure is running smoothly is critical.

How smooth is the transition?

Ensuring a seamless transition between IT administrators is important for all banks. The new bank IT administrator should establish a new list of passwords, run a security audit and investigate and become aware of all previous processes and procedures of past administrators. These processes should be completed with little interruption for banking personnel.

Cybersecurity and Incident Response Tests

Having cyber incident response plans, policies and procedures in place is a critical aspect of compliance for financial institutions today. In addition to simply having the policies in place, a critical element is testing that these policies actually do what they claim. A comprehensive incident test can expose gaps in even robust plans and provide valuable insight into whether the incident response plan delivers its stated claims. The new bank IT administrator should perform these tests to make sure the financial institution is safe and in compliance with government regulations.

7 Reasons Why Small Community Banks Should Outsource IT Network Management

This is a free white paper that addresses key issues smaller financial institutions face when managing their networks and the benefits of outsourcing these tasks to a provider who offers IT network management solutions exclusively tailored for community banks.

You’re only as good as your last backup and disaster recovery test!

A backup and recovery test is an important process of assessing the effectiveness of a financial institution’s software and methods of replicating data, as well as its ability to reliably retrieve that data should the need arise. Backup and recovery testing is an essential part of a disaster recovery plan. In addition to ensuring the backup of mission critical data, testing also uncovers problems in software or processes that could lead to serious loss of data.

Insufficient testing leaves the bank vulnerable to data loss, downtime and redundancy of effort, not to mention in violation of government regulations. Backup and disaster recovery testing should be done at least yearly; however, this can be completed more frequently should the need arise or when changes are made to personnel and/or technology systems and procedures. The new bank IT administrator should run their own backup test to ensure they are familiar with the processes and systems.

People Skills — Are they able to work with people as well as machines?

In addition to showcasing stellar technical skills, IT administrators must also have good people skills. Good people skills have as much of an impact on the success of your IT administrator as their technical skills, and this area can be evaluated pretty quickly. They must showcase a good demeanor when they have to respond and interact with both customers and employees. When a problem arises, bank IT administrators need to be able to communicate with individuals about the problem, what has been done so far and ultimately how it will be resolved.

IT audit scores

Each year banks must go through an examination process with the Federal Reserve where the government agency evaluates the bank’s soundness, the level of risk involved in the bank’s transactions and activities and its compliance with banking laws and regulations. They also review the adequacy of corporate governance and the quality of the board of directors and management, as well as areas that must be strengthened to improve the bank and its overall compliance. Once the evaluation is complete, examiners will provide an overall rating for the bank. The rating is very important for the bank as it is proof of its success, soundness and compliance. Ultimately, it is the responsibility of the IT administrator to ensure all things are in place for a successful evaluation and rating. This is a longer-term evaluation as this is typically conducted once a year.

A community bank’s technological assets are every bit as valuable as the money in the vault! The success of today’s community bank relies on the IT department so ensuring you have the right person leading this department and all its assets is crucial.