26 Dec 2024

Banks, Credit Unions, Security, Technology Jamie Davis 0 comment

Navigating M365 Security: Insights from Our 4-Part Immersion Training

The highly anticipated and well-attended M365 Security Immersion Training event explored the nuances of Microsoft 365 (M365) security. Led by seasoned experts and M365-certified security administrator associates, this series offered critical insights into Conditional Access Policies, Azure/Entra ID tenant configurations, and the transformative role of Artificial Intelligence (AI) in community banking. For those bankers eager to strengthen their security strategies and mitigate unauthorized access threats, each webinar session was recorded and is now available to watch. Below is a summary of the valuable lessons, hands-on guidance, and actionable takeaways from each session:

Part 1: Understanding and Avoiding Misconfigurations in Conditional Access Policies

Conditional Access Policies (CAPs) are critical to safeguarding your financial institution’s sensitive data. However, when misconfigured, they pose a substantial risk. The opening session inspected the typical errors within CAP setups and explained in detail how to rectify them. Participants learned about the essential terminology—like Entra ID and Named Locations—and got acquainted with common pitfalls, which include the exclusion of Break Glass Accounts, the improper definition of Named Locations, and overlooking Multi-factor Authentication (MFA) requirements. The training emphasized the importance of ongoing CAP management and shared best practices for future-proofing these security measures against potential threats.

Part 2: Elevate Your M365 Security Game

The second session delved into Microsoft 365’s robust security infrastructure, differentiating it from Office 365 by focusing on security, identity, and compliance. Our experts unraveled M365’s key security features—like Security Defaults, Global Auditing, and the reformation of mailbox protocols—and stressed best practices for managing these components. It highlighted the significance of applications, stopping user unauthorized trials or purchases, managing administrative roles, and ensuring secure email communications. It also provided a handy infographic to explore overlooked M365 security features to help you implement everything needed under your license type. Overall, this hands-on training demonstrated why keeping pace with such security measures is vital to preventing evolving cyber threats.

Part 3: Mastering Azure Tenant Configuration: CAPs and Intune Deployment

Azure, known for its expansive capabilities, demands meticulous configuration to leverage its potential fully. This session provided guidance on managing Azure/Entra ID tenants effectively, implementing CAPs, and deploying Intune. It covered essential aspects such as user-based exceptions for CAPs, Intune objectives, and tips for device and network maintenance. Attendees gained insights into crafting and enforcing policies that address unauthorized device access and ensure compliance with application usage, alongside strategies for regular device and policy maintenance to bolster their security.

Part 4: AI Governance and Accountability in Azure

Exploring the growing role of Artificial Intelligence (AI) in banking, this concluding session emphasized understanding governance and responsibility in deploying AI tools like Microsoft Copilot. It explained Copilot’s features and architecture, the importance of access control, and the implications of global data handling. With comprehensive insights, participants were shown how to balance innovation with security and compliance, maximizing data utility while safeguarding organizational integrity.

Watch All Four Sessions

These sessions provide security best practices and strategic insights into managing M365 environments effectively. Packed with practical demonstrations, expert advice, and interactive segments, the M365 Security Immersion Training is invaluable for financial institutions seeking to strengthen their security posture. Now you can access all recordings and tap into the wealth of knowledge this series offers.

10 Oct 2024

Banks, Credit Unions, Security Eric Delgado 0 comment

Elevate Your M365 Security Game: Tips from Our Certified Pros!

In a recent webinar, our M365-certified security administrators provided an in-depth look at various Microsoft 365 building blocks such as security configurations, features, and policies. The session also covered the significance of secure email protocols, data protection, and the continuous evolution of cloud security technologies.

This blog highlights several key security features and best practices to help you protect your institution’s data and ensure that only authorized users gain access to critical systems.

Understanding Key Terminology

M365 vs. Office 365

Office 365 features familiar tools such as Exchange Online, SharePoint, OneDrive, and Teams. Microsoft 365 (M365) enhances this suite by incorporating additional technologies focused on security, identity, and compliance, offering a more comprehensive package.

Entra ID

Essential for identity management, Entra ID covers users, devices, endpoints, and service principals, forming the backbone of various security configurations.

Security, Identity, and Compliance (SIC)

These conceptual buckets guide the technological frameworks and policies that ensure data security, identity assurance, and regulatory compliance.

M365 Security Features Breakdown

Security Defaults

Security Defaults are designed to provide a pre-configured baseline level of security by enforcing numerous non-customizable policies and settings. Among the policy sets is one requiring multifactor authentication (MFA) device registration for all new Azure accounts with at least one sign-in. However, registration does not equal enforcement. Security Defaults will only enforce MFA conditionally based on Microsoft’s analysis.

Consider implementing per-user MFA policies to ensure comprehensive enforcement, closing gaps that might be exploited if only Security Defaults are relied upon.

Applications

Registered Applications and Enterprise Applications can pose significant risks if not properly managed. By default, Microsoft allows users to register applications, which could potentially introduce security vulnerabilities without an administrator’s knowledge.

Consider disabling this default feature and actively managing which applications receive permissions to ensure there is no unauthorized access.

Global Auditing

Microsoft’s Purview compliance technology includes a crucial feature—global auditing—that logs all actions within the organization. If compromised, these logs are vital for forensic investigations to determine the breach’s extent and enact proper remediation steps.

Consider enabling this setting, which is disabled by default.

Office Store and Trial Accounts

Allowing users to purchase licenses and trials with their work identities, including AI tools like Copilot, may expose sensitive data inadvertently.

Consider disabling the ability for users to make these purchases on their own, as restricting user capabilities ensures organizational oversight and protects against data breaches stemming from unauthorized applications.

Administrative Roles, Partners, and GDAP

Regular reviews of administrative roles and partner access, such as those granted through Granular Delegated Admin Privileges (GDAP) are crucial. Microsoft recommends a maximum of five global administrators and stresses the principle of least privilege even for partners.

Consider conducting these reviews regularly to ensure security and compliance.

Exchange Online and Communication Protocols

Mailbox Protocols

Various mailbox protocols (IMAP, POP3, EAS) carry different risks, such as allowance for or reliance on basic authentication.

Consider disabling unused protocols to minimize these vulnerabilities.

Receive Connectors

Email architectures that utilize Exchange Online with edge services provided by a third party have a vulnerability in the form of a public-facing, organization-specific SMTP relay that delivers mail to Exchange Online. This relay allows for direct connectivity and enables anonymous identities to deliver emails inbound to an organization, thereby allowing attackers to bypass the organization’s edge services entirely.

Consider implementing Receive Connectors to limit delivery authorization on the relay to the trusted edge service provider.

Sharing in SharePoint and OneDrive

Sharing capabilities in SharePoint and OneDrive can expose organizations to external threats if not properly managed. External users leveraging shared links can gain unauthorized access to sensitive information, posing significant security risks.

Consider restricting sharing capabilities to internal users to prevent external threats from exploiting shared links..

Teams External Communication

By default, Teams allows global communication, which can serve as a potential risk vector. Unrestricted external communication can lead to interactions with unknown and potentially malicious entities.

Consider locking down these settings to ensure interactions are limited to known, secure identities.

Advanced Levels of Security

Conditional Access Policies (CAPs)

These advanced security rules specify who can access resources and under what conditions, enhancing the security posture when combined with telemetry from services like Entra ID and Intune. CAPs help ensure that only authorized users under specific conditions can access sensitive resources.

Consider implementing Conditional Access Policies to enhance security by defining access conditions based on user and device attributes.

Hybrid Computer Identity

Synchronizing on-premises Active Directory computers with Entra ID allows CAPs to limit access to trusted devices only, offering a substantial security improvement over generic Windows access.

Consider synchronizing your on-premises Active Directory computers with Entra ID to allow CAPs to restrict access to trusted devices and improve security.

Intune for Mobile Device Management (MDM)

Organizations should use Intune to enroll and manage mobile devices, ensuring compliance with security policies. By integrating Intune’s compliance telemetry with Conditional Access Policies (CAPs), only compliant devices can sign in and access corporate resources, enhancing overall security.

Consider using Intune for device enrollment and compliance, and integrate its telemetry with Conditional Access Policies to secure sign-ins.

Modern MFA and Azure Information Protection

Emerging MFA technologies like push notifications and phishing-resistant methods (FIDO2) are encouraged over legacy MFA practices. Meanwhile, Azure Information Protection manages data encryption and user access, ensuring sensitive information is secure even when it leaves the organization.

Consider adopting modern MFA technologies to protect your users and Azure Information Protection to protect sensitive data.

Conclusion

By understanding and implementing Microsoft security measures, you can significantly enhance the security and efficiency of your institution’s digital environment. In addition, leveraging advanced MFA technologies and synchronizing on-premises Active Directory with Entra ID is a proactive way to fortify access control. It is also important to regularly review and update your security protocols to ensure they remain effective against evolving threats.

Don’t forget to download this handy infographic to explore overlooked M365 security features. This knowledge can help you implement everything needed under your license type to enhance your cybersecurity posture.

08 Oct 2024

Banks, Credit Unions, Security Jamie Davis 0 comment

Secure Our World: Join Us in Celebrating Cybersecurity Awareness Month

Cybersecurity Awareness Month, held annually in October, is a vital international initiative designed to raise awareness about the importance of being safe and secure online. This year’s theme, “Secure Our World,” continues from 2023 and highlights simple yet effective ways for individuals, families, and businesses to protect themselves from cyber threats.

The Cybersecurity and Infrastructure Security Agency (CISA) leads the federal efforts for this campaign. They work closely with the National Cybersecurity Alliance (NCA), known for their @staysafeonline initiative, to develop and disseminate resources that educate the public on key cybersecurity practices.

Cybersecurity Tips

Here are some essential tips provided from this year’s Cybersecurity Awareness Month campaign:

Recognize and Report Phishing: Learn to identify phishing attempts by familiarizing yourself with their common indicators, such as suspicious links or unexpected attachments. Resist the urge to click on these and ensure you delete phishing messages promptly.
Use Strong Passwords: Enhance your account security by choosing passwords that are long, random, and unique. This trifecta helps protect against unauthorized access.
Turn On Multi-Factor Authentication (MFA): Activate MFA on all your accounts, including email, social media, and financial services. This adds an extra layer of security, making it significantly harder for cybercriminals to gain access.
Update Software: Keeping your devices updated with the latest security patches is crucial. If automatic updates are not available, regularly check for updates to ensure your software is secure.

Throughout October, stay engaged and increase your cybersecurity awareness by visiting the National Initiative for Cybersecurity Careers and Studies (NICCS) Cybersecurity Awareness Month page for resources and tools. You can also follow updates using the #CybersecurityAwarenessMonth on social media.

Cybersecurity Resources

Safe Systems is also providing resources to help raise cybersecurity awareness, knowledge, and understanding for our community banks and credit unions.

Please explore some of our latest offerings:

M365 Immersion Training – Register for this complimentary, four-part series on Microsoft 365 (M365) security. Led by certified engineers, it covers essential topics including Conditional Access Policies (CAPs), Intune management, Azure AI governance, and more. Each session delivers practical insights and actionable knowledge, ensuring robust security practices for institutions using M365 core technologies. Reserve your spot.
MFA Quiz – When implemented correctly, MFA can be the single most effective tool to protect against remote attacks. Test your knowledge of how MFA works and why it is so important.
Cybersecurity Outlook Survey – We surveyed community banks and credit unions to gain more insight into their cybersecurity challenges, priorities, best practices, and how they manage cybersecurity preparedness. Discover their responses.

For more resources, visit our Resource Center, blog site, or our interactive Compliance Guru platform which provides reliable answers to your IT, cybersecurity, and information security questions. You can also follow us on our social media channels – Facebook and LinkedIn for timely news and helpful articles throughout the year.

When it comes to investing in security, Safe Systems understands that protecting your community bank or credit union can be complex and confusing. That’s why we offer multi-layered security solutions to protect vulnerability points both inside and outside your network and we have certified engineers who specialize in Microsoft cloud security.

Please join us this month in raising awareness and taking advantage of the many available resources to help your institution secure its digital environment and prevent cyber threats.

18 Jan 2024

Banks, Compliance, Credit Unions, Security, Technology Safe Systems 0 comment

Top Blogs of 2023

Our Top Blog Posts of 2023

As we begin the new year, it’s a great time to revisit some of the most popular blogs we published in 2023. Our top blogs from last year covered a range of topics, including a cybersecurity outlook, updated third-party risk management guidelines, using conditional access policies (CAPs) and multifactor authentication (MFA) to enhance security within Microsoft Azure Active Directory (AD), and NetConnect 2023. If you didn’t have a chance to read these posts—or simply want to review them—here is a recap of each of them. They offer unique perspectives, best practices, and a wealth of insights that can help your financial institution prepare for greater success in the year ahead.

2023 Cybersecurity Outlook for Community Banks and Credit Unions

Safe Systems’ 2023 Cybersecurity Outlook for Community Banks and Credit Unions revealed valuable peer-to-peer insights that can help financial institutions enhance their security posture. The survey highlights cyber preparedness and budget restraints as top security challenges of more than 50% of the 160 participating financial institutions. It also shared participants’ feedback on other important areas, including prevention and detection security layers; employee security awareness training and testing; and advanced firewall features. For instance, respondents use multiple layers of security, but less than 50% of them combine every security layer listed in the survey. Survey respondents also use a variety of security training—including resource-intensive individual instruction. In addition, most of the survey participants are taking advantage of advanced firewall features, although only 24% of 135 respondents leverage sandboxing technology to detect threats. Read more.

Updated Regulatory Guidelines on Third-Party Risk Management

In June, federal bank regulatory agencies issued updated guidelines to make it easier for financial institutions to manage third-party risks. This new guidance from the Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation (FDIC), and Office of the Comptroller of the Currency (OCC) impacts all banking institutions that use third parties. The majority of statements in the new guidance focus on the planning, due diligence, and contract phases with an emphasis on pre-engagement. Since auditors and examiners will be looking more closely at what happens during the pre-engagement stage, institutions need to place more emphasis on scrutinizing potential third parties. Not all statements in the guidance will apply to all institutions or relationships, so we have developed an interactive checklist designed to walk you through key regulatory requirements of the third-party relationship life cycle. Read more.

Using CAPs and MFA to Enhance Security within Microsoft Azure AD

There was a surge in successful phishing campaigns last year, including sophisticated schemes that were able to bypass MFA. MFA-resistant phishing is a significant threat since this type of attack could impact a vast segment of organizations that rely on Microsoft Azure AD (now known as Microsoft Entra ID) and Microsoft M365 services to support their operations. However, financial institutions can use a variety of measures to prevent cyberattacks, including Conditional Access Policies (CAPs). CAPs, which are foundational to safeguarding identities within Microsoft Entra ID, protect the initial step of the identification chain—the sign-in attempt. To maximize protection, institutions should stack multiple CAPs, such as requiring MFA, denying sign-ins from outside of the USA, and requiring device compliance. When designing CAP logic, they should take a broad approach to the scope of the CAP to impact as many areas as possible. Institutions can take a multi-layered approach to optimizing security by leveraging multiple security tactics, technologies, and resources. Read more.

NetConnect 2023—A Glimpse into the Future of Technology and Compliance

The 2023 NetConnect Customer User Conference brought Safe Systems’ customers, employees, and partners together in Alpharetta, Ga. to discuss banking industry trends, challenges, and innovations. NetConnect 2023 provided valuable insights into banking and technology’s vital role in shaping the industry’s future. With multiple informative sessions, the conference covered the significance of hope in business, changes relating to regulatory compliance, vulnerability management, and Microsoft Azure fundamentals. Read more.

Get the latest industry developments, insights, and trends delivered directly to your inbox. Subscribe now to the Safe Systems blog.

07 Dec 2023

Banks, Compliance, Credit Unions, Security, Technology Christine Ray 0 comment

NetConnect 2023 – A Glimpse into the Future of Technology and Compliance

Safe Systems hosted its 2023 NetConnect Customer User Conference last month in Alpharetta, GA. After taking a hiatus due to the pandemic, Safe Systems customers, employees, and partners were eager to reconvene to discuss the latest trends, challenges, and innovations. This year’s conference provided insights into the evolution of banking and the critical role technology plays in shaping the industry’s future.

Here are some key highlights and insights shared at this year’s conference.

“I have been to several vendor conferences in the last 20 years, and I would say this is one of the best, if not the best, one I have been to. The sessions were informative and on-target. The presenters were all well qualified and engaging.” – Community banking CFO

Celebrating 30 Years of Excellence

NetConnect 2023 marked the 30th anniversary of Safe Systems’ journey in the banking technology landscape. The conference began by reflecting on the early days when our services primarily focused on PC and network policies, network installations, and troubleshooting. Safe Systems highlighted that our evolution and growth were driven by customer feedback and collaboration. Customers have always been the cornerstone of our success.

Randy Ross at NetConnect 2023

Keynote speaker Dr. Randy Ross

The Power of Hope in Business

Keynote speaker, Dr. Randy Ross, shared insights on the importance of hope in the workplace. Hope is not merely wishful thinking or passive optimism; it’s a dynamic motivational system tied to inspirational goal setting. The case for hope in business was backed by impressive statistics, including lower absenteeism, increased productivity, and enhanced morale and creativity. Dr. Ross also provided guidelines on how anyone can apply hope to make life happier, healthier, and more productive.

Regulatory Compliance in a Changing Landscape

Tom Hinkel, VP of Compliance Services, delved into the dynamic world of regulatory compliance. He discussed the latest statistics, including a surge in cyber insurance claims due to zero-day attacks and ransomware. Regulatory changes like third-party risk management (TPRM) guidance and FDIC InTREx updates were highlighted. The session also touched on the cyber incident notification rules approved by the Federal Deposit Insurance Corporation (FDIC), Federal Reserve, and Office of the Comptroller of the Currency (OCC) in 2022 and the Conference of State Bank Supervisors (CSBS) updated R-SAT 2.0 (Ransomware Self-Assessment Tool).

Crowd at NetConnect

Brian Brannon, VP of Security Product Strategy, and James Minstretta, Endpoint Security Engineer, doing a live demo of Azure vulnerability settings.

Security and Vulnerability Management

Brian Brannon, VP of Security Product Strategy, addressed the critical topic of vulnerability management. He explained the proactive strategy of identifying, assessing, and mitigating network weaknesses, aligning it with the expectations of regulators. The session included a live demo to demonstrate the importance of effective vulnerability management.

Azure Security 101

Our Microsoft 365 Certified Technology DevOps Engineer took a deep dive into Azure fundamentals, including Entra ID, M365, and Resource Subscriptions. He explored how to mitigate risks using Conditional Access Policies, enabling multi-factor authentication (MFA), limiting geographic locations, and more. The session included interactive labs of the Entra ID Admin Center, SharePoint Online, and OneDrive to allow attendees to explore logs, manage settings, and review reports firsthand.

Panel Discussion on Regulatory Changes

The conference concluded with a panel of auditors and regulatory compliance specialists, who discussed topics such as the increasing importance of cyber insurance, the impact of AI on exams and audits, and third-party risk management. Attendees had the opportunity to ask questions and engage with experts on these vital topics.

Panel of experts at NetConnect 2023

Safe Systems’ former VP of Compliance Services Tom Hinkel hosting a panel of compliance experts that included Senior Compliance Specialist Paige Hembree (Safe Systems), Financial and Information Security Auditor Matthew Jones (Symphona), Wipfli’s Senior Manager Jim Rumpf, and Director for Supervision Kevin Vaughn (Georgia Department of Banking and Finance)

NetConnect 2023 offered a comprehensive overview of the current state and future prospects of banking technology and regulatory compliance. The industry continues to evolve, and staying informed and adaptable is key to success in this ever-changing landscape. Safe Systems remains committed to supporting financial institutions on their journey, as demonstrated by our 30 years of excellence and our forward-looking approach to technology and compliance.

30 Nov 2023

Banks, Compliance, Credit Unions, Security, Technology Jamie Davis 0 comment

Important Industry Insights on the Use of Anti-Malware and Advanced Features for Ransomware Protection

According to the IC3 2022 Internet Crime Report, the FBI received 2,385 complaints identified as ransomware with adjusted losses of more than $34.3 million. Moreover, 870 of these complaints indicated that organizations belonging to a critical infrastructure sector, such as financial services, were victims of a ransomware attack. This makes it imperative for banks and credit unions to employ a variety of measures to protect themselves against the growing threat of ransomware attacks. Yet many financial institutions that are leveraging anti-malware solutions are not using advanced features that can help protect against ransomware threats. According to Safe Systems’ 2023 Cybersecurity Outlook for Community Banks and Credit Unions, advanced features for anti-malware/anti-ransomware solutions such as root cause analysis, advanced machine learning algorithms, and sandbox analysis only received 12% or less of the answers among the survey participants.

With advanced features, financial institutions can more effectively monitor security threats on endpoints and ascertain the source and extent of an attack. Institutions that want to enhance their ability to detect and respond to threats might consider expanding their cybersecurity budget to increase spending on advanced anti-malware and endpoint protection features.

Recovery Strategies

As part of their recovery strategies, more than one-third of 144 survey respondents say they have implemented notification measures, including notifications to customers, regulators, and applicable insurance carriers. This is critical given the recently finalized interagency Computer-Security Incident Notification Rule. It requires banking organizations to notify their primary federal regulator about any significant “computer-security incident” as soon as possible after a cyber incident happens. (A computer-security incident, as defined by the rule, is an occurrence that results in actual harm to the confidentiality, integrity, or availability of an information system or the information that the system processes, stores, or transmits.) Nearly 30% also leverage other important recovery strategies such as monitoring for the early detection of potential incidents and eliminating intruder access points.

Other Key Security Issues

In addition to shedding light on how institutions use advanced features for anti-malware/anti-ransomware solutions, our comprehensive survey highlights several other security issues, including Microsoft 365 services, email infrastructure, advanced firewall features, vulnerability and patch management, and more. Banks and credit unions must effectively address all of these areas to stay ahead of the constantly evolving cybersecurity landscape.

Download a copy of our latest white paper to read the complete survey findings, which can provide a deeper understanding of current cybersecurity concerns and best practices to enhance your institution’s security posture.

16 Nov 2023

Banks, Compliance, Credit Unions, Security, Technology Jamie Davis 0 comment

What You Need to Know from the 2023 Cybersecurity Outlook for Community Banks and Credit Unions

As cyber threats become more complex, aggressive, and prevalent, implementing cybersecurity mitigation strategies is becoming more critical in the financial services sector. Not surprisingly, cyber preparedness and budget restraints are the top security challenges for more than half of the financial institutions that responded to the Safe Systems survey, 2023 Cybersecurity Outlook for Community Banks and Credit Unions.

Our analysis presents input from approximately 160 participants who responded to 55 questions (including multiple-choice) based on how relevant each query was to their organization.* In addition to focusing on the top security challenges, the survey highlights respondents’ input on several other critical areas, including:

Prevention and Detection Security Layers: Modern operating environments require a more robust security strategy that goes beyond implementing a basic firewall or anti-malware solution to protect their information and infrastructure from the growing number of cyber threats. Survey respondents are implementing multiple security layers, including firewall, patch management, anti-malware, email encryption, employee training and testing, vulnerability monitoring, and security log monitoring. However, less than 50% of all respondents use every security layer listed in the survey, which indicates they can do more to protect themselves against cyberattacks.
Employee Security Awareness Training and Testing: 95% of all cybersecurity issues can be linked to mistakes made by individuals, with 43% of breaches attributed to insider threats, according to the 2022 Global Risk Report by the World Economic Forum, making employee security awareness training and testing critical for financial institutions. Accordingly, survey respondents are deploying multiple types of security training, including simulated phishing attacks, self-service online training and exercises, interactive classroom training, and more. Of the 144 participants responding to this question, 60% indicate they conduct individual training based on need, which is notable because this method of instruction normally requires more time and resources.
Advanced Firewall Features: A majority of the participants responding to this question indicate that they are using one or more advanced firewall (or next-gen firewall) features, such as intrusion prevention or detection systems (IPS/IDS), transport layer security (TLS)/secure socket layers (SSL), and Geo-IT filtering. Whether managed in-house or through an outside provider, these expanded capabilities can help institutions protect their network and institution against a broad array of threats. Sandboxing, for example, provides a safe, isolated environment to execute and observe potentially malicious code from unverified programs, files, suppliers, users, or websites. Out of 135 respondents, only 24% indicate they have sandboxing despite its ability to identify threats.
Cybersecurity Preparedness: Examiners recognize the increasing volume and sophistication of cyber threats and have an increased focus on cybersecurity preparedness in assessing the effectiveness of an institution’s overall information security program. Out of 128 respondents, 52% confirm that the focus on information security, including cybersecurity, has increased during their IT audits and exams. IT examiners and auditors are also reviewing whether institutions have completed any of the common cybersecurity assessments (e.g., CAT, ACET, or CRI/NIST), and they are using them to evaluate institutions’ security posture during an exam. According to the same respondents, 43% say they had their cybersecurity assessment reviewed and used as part of their latest IT exam, and 39% indicate that they received recommendations based on it.

To access the complete survey and gain valuable peer-to-peer insights that can help your institution enhance its cybersecurity decision-making process, read “2023 Cybersecurity Outlook for Community Banks and Credit Unions“.

* The number of respondents varies per question. For multiple-choice questions, the Percent (Respondents) is calculated by dividing each answer count by the total unique respondents, and the Percent (Answers) is calculated by dividing each answer count by the total counts collected.

26 Oct 2023

Banks, Credit Unions, Security, Technology Jamie Davis 0 comment

The New Rules and Best Practices of Password Security

Passwords have always been a reliable option for digital security. In the early days, you simply provided something that only you knew to authenticate yourself, and voila, your identity would be confirmed. But the world of passwords has changed. Initially, they were easy―you had fewer of them; you often needed physical access to use them; and people were just nicer back then. At least, that’s the way I remember it.

But did people really change… or did the world just get smaller with the growth of the internet—giving bad actors greater access to our digital domains? One thing is clear, password security requires new rules and strategies to keep up with the fast-changing cyber landscape. In addition to following best practices for creating strong passwords, you also need to consider employing multifactor authentication (MFA) or adopting a password management solution.

Embracing MFA

Whenever possible, you should avoid relying solely on passwords. The better option is to implement MFA, which adds another layer of security. While there are MFA-resistant phishing attacks, enabling MFA significantly minimizes the risk of compromise. In recent years, MFA has evolved to become more robust and secure, and there are different levels of quality in MFA. For instance, Microsoft Modern MFA doesn’t merely require you to click “accept” on a device; you have to input a numerical code to confirm the login attempt. (Always use the most advanced and newest version that aligns with your user base’s tolerance.)

Using a Password Manager

There are situations where MFA is not available or does not make sense to use. In these cases, passwords may be your best or only option. This indicates the importance of using some type of password management solution. A password management tool can be an effective way to keep track of the plethora of passwords that most people have. The average person has more than 100 passwords, according to a study by Nord Pass. That’s too many passwords for anyone to remember.

As a low-tech solution, some people write their passwords down in a notebook. If the book is securely locked away, this method may be acceptable, but it’s not ideal. However, I recommend using a software-based password management system that allows the user to create one login to access all their passwords. Only use a digital password manager that offers MFA to access passwords. If you’re not sure which solution to choose, there are numerous resources to guide you like this article from CNET. However, the best option for you will depend on your specific needs and goals.

Best Practices for Creating Strong Passwords

Password best practices have changed over the years. But as a general rule, you should never—ever—recycle a password. An existing password may be easier to remember and more convenient to reuse. But it’s not worth the risk; if your password is stolen, every place you have used it could be compromised.

You should also avoid including personal details in passwords. For example, don’t create a password using your child’s initials and birth year—no matter how cleverly you format it. (I know, you’re thinking: “But I used lower and upper case and separated them with a comma.” Trust me, so did the database that is being run against your accounts.)

It’s also important to ensure that every site, application, etc. has a strong password. Here are a few techniques for crafting strong passwords:

Make them long. Aim for at least 14 characters—or even longer—since you can easily copy and paste them into your password management tool. Some sites and applications often have character restrictions for passwords. In these cases, focus more on creating a random password that will be more difficult for someone to guess.
In situations where you frequently use a password and copying it from a management program is not an option, consider using passphrases. Instead of choosing a simple password like “BillyJoe1998,” use “BillyJoeGraduatedIn1998.”
“i” and “l’s” became “1’s”
“a” became “@”
“e” became “3,” which looks similar to a backward capital “E”
Still, another option is to insert punctuation between words. If you added “!” to the previous password, it would read B111y!J03!Gr@du@+3d!1n!1998.

Using a combination of these approaches is the best way to make passwords more complex and secure. Ultimately, the key to protecting your passwords is to constantly adapt and remain vigilant in the ever-evolving world of digital security.

06 Oct 2023

Banks, Compliance, Credit Unions, Security, Technology Jamie Davis 0 comment

2024 Budgeting for Technology and Cybersecurity in Community Banks and Credit Unions

In the modern banking landscape, technology and cybersecurity are not just optional extras but fundamental necessities. For community financial institutions—which often operate with more limited resources than their larger counterparts—budgeting wisely in these areas is critical. Failure to properly invest could not only compromise efficiency and customer service but also expose institutions to potentially devastating cyber threats.

There are three categories that community banks and credit unions should consider when allocating budgets: cybersecurity, compliance along with its associated regulatory technology (RegTech), and general technology. Here are important considerations for each of these areas:

Cybersecurity

Cyber threats are ever-evolving, and no financial institutions are immune. Measures such as firewalls, encryption, and intrusion detection systems are basic requirements. Financial institutions also need to go further by investing in regular security audits and employee training. In today’s threat landscape, allocating a sufficient budget for cybersecurity measures is non-negotiable.

The best technology and cybersecurity measures are only as good as the people who use them. Community banks and credit unions should set aside funds for regular training programs to ensure staff are up to date with the latest technologies and security protocols. There are some great tools available that provide training and testing and run phishing simulations to see which employees may be your weakest links.

The odds are that at this point, your institution has an account in Microsoft’s cloud solution, Azure. OneDrive, Exchange Online, and many other Microsoft solutions are connected to Azure and may even be part of your Microsoft license. It is important to review the Azure tenant or management console to ensure you are dictating your security settings and not Microsoft. You can accomplish this through various ways including implementing conditional access policies (CAPS), which is the buzzword of 2023. If you are not using CAPs, you should immediately find out how to implement them and identify which ones are critical to your security. Also, Azure is a cloud-based management console, so if it is compromised, the ramifications can be detrimental. Monitoring key reports, accounts, and settings is critical for the long-term security of your institution.

Below are some real-life events and numbers that illustrate just how critical this type of management can be. (We discovered these events last year in our review of a small number of community financial institutions.)

Event:	Number of Times:
Successful sign-in from outside the US:	674 times
Sign in from outside the US (valid password but MFA failed):	37 times
Mailbox settings like (access to email, send on behalf of, forwarded) changed:	1,970 times
OneDrive files shared externally:	708 times
Administrative roles assigned to user:	1,607 times
Large number of failed sign-in attempts for a user:	11,116 times

While some of the numbers above represent actual intentional changes, the sheer volume indicates that a large number of these events are not approved/intended actions made by the institution. Obviously, criminals are targeting these accounts. Hence, there is no option but to be proactive in monitoring and managing the security of your account with the appropriate settings, reports, alerts, and management. Also, note the multifactor authentication (MFA) stat. It only happened 37 times, but this signifies that there were 37 times MFA was the difference between protection and compromise. This underscores the urgent need to implement and maintain MFA.

Lastly, evaluate your firewalls. At this point, a next-generation firewall (NGFW) is a must. According to Gartner, NGFW are firewalls that have moved past just port/protocol inspection and have added application-level inspection. Advanced firewalls also have integrated intrusion prevention built into the solution, along with the ability to bring in intelligence from outside the firewall. A prime example of this is the FS-ISAC intelligence feed. Other advanced features may include sandboxing, SSL inspection, and other more advanced features to improve your cybersecurity posture. If you have an older firewall not based on NGFW, you simply may not have all of the features you need to effectively protect your network.

Compliance and RegTech

Regulatory requirements are becoming increasingly complex, and failing to meet them can affect both the institution and the people in charge of managing these risks. Investing in RegTech can automate and streamline compliance processes, making it easier for community banks and credit unions to adhere to pertinent laws.

These investments may take the form of a virtual information security officer (VISO) service, which has become extremely popular lately. The workload and expectations of an ISO have intensified in recent years. Many community financial institutions are looking for a virtual solution to augment the ISO responsibilities and processes. A benefit of VISO services is they provide continuity if and/or when there is a personnel change in this critical position inside the institution.

In June of 2023, regulatory agencies released new guidance for managing third-party risk, formally or often referred to as vendor management. Expect 2024 to be a year when the agencies expect these guidelines to be implemented at financial institutions. If you manage your vendor management/third-party risk management in-house, you could have some work to do to implement these changes. It may be time to consider an application to manage these ever-changing requirements for you. If you already use an application to manage third-party risks, be sure the needed changes have been updated and you are trained on how to use them.

General Technology

A key focus for technology today concerns what to move to the Cloud and when. Moving infrastructure to the Cloud is often a trade-off between operational versus capital expenditures as well as the benefits versus the perceived risks of the Cloud. Moving servers to the Cloud in 2024 will make sense for a lot of institutions. However, it is more likely that many institutions will receive their solutions via a cloud service provider. Most services and applications vendors have found it easier to manage the server themselves and offer the solution through the Cloud rather than have it installed on different hardware across their customer base. Expect this consolidation and movement to cloud-based solutions to continue and budget accordingly. If the vendor is transferring responsibility from you and your employees to themselves by hosting the service, expect the licensing or price to increase. Even if the licensing cost goes up, you may still gain a net benefit as you no longer have to maintain, upgrade, and manage hardware.

Another technology to consider moving to the Cloud is disaster recovery. There are very few solutions that allow for redundancy, recovery time, minimization of management/ownership challenges, etc., which is why cloud-based disaster recovery is an excellent option. A fully managed cloud recovery process can decrease your recovery time objectives by significant amounts and remove a lot of duplicated hardware. If your disaster recovery solution isn’t in the Cloud or if you are not convinced that what you have in place is as robust as you need it to be, consider the Cloud as a viable alternative.

Conclusion

Budgeting for technology and cybersecurity is a complex task that requires a keen understanding of current needs, future trends, and emerging threats. By allocating resources wisely across these critical areas, community banks and credit unions can secure their operations, enhance customer experience, and stay ahead in a competitive marketplace.

14 Sep 2023

Banks, Credit Unions, Security Brian Brannon and James Mistretta 0 comment

How to Manage Vulnerability Effectively with V-Scan’s New Features

How to Manage Vulnerability Effectively with V-Scan's New Features

It’s critical for financial institutions to stay ahead of the potential vulnerabilities and risks that can jeopardize their information technology assets. But to adequately manage risks and vulnerabilities, institutions must be able to understand what they are, identify where they are, and remedy the situation.

Risk is a multifaceted concept that encompasses threat and vulnerability. The National Institute of Standards and Technology (NIST) describes risk as the probability that a particular security threat will exploit a system vulnerability. More specifically, it is a “measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of the adverse impacts that would arise if the circumstance or event occurs and the likelihood of occurrence.”

These circumstances can involve various sources and impacts. Generally, information system-related security risks arise from the loss of confidentiality, integrity, or availability of information or information systems and reflect the potential negative effects on organizational operations—including mission, functions, image, or reputation—organizational assets, individuals, and other organizations.

Managing Risks and Vulnerabilities

A vulnerability is a weakness in a system, an information system, system security, or even controls. Therefore, to manage their risks, financial institutions must also manage their vulnerabilities. To do this, institutions must know about their vulnerabilities and understand the context in which they exist.

Fortunately, financial institutions can use scanning technology to help with the daunting process of managing risks and vulnerabilities. Our V-Scan product, for example, is a comprehensive solution that analyzes IT assets, identifies vulnerabilities, and provides an extensive overview of the risks within the network environment. What’s more, V-Scan provides risk-prioritized data on all scanned IT assets.

V-Scan is designed to help institutions meet regulatory compliance. It performs weekly vulnerability scanning, which complies with the Cybersecurity Assessment Tool (CAT), developed by the Federal Financial Institutions Examination Council (FFIEC). Along with each weekly scan, the platform provides detailed reporting and a user-friendly dashboard that makes it easier to create an actionable plan to mitigate asset vulnerabilities. In addition, many cybersecurity insurance providers are requiring financial institutions to prove that they are managing known vulnerabilities. With V-Scan, institutions can provide reports that substantiate their weekly scans, assessments, and remediations.

Discovering Exploitable Vulnerabilities

Not only does V-Scan find current vulnerabilities in the environment, but it also uses numerous data points to measure the risk posed by those vulnerabilities. This information gives IT staff and oversight personnel timely details and the necessary context to maintain an effective vulnerability management program. One of the key ways institutions can use V-Scan is to discover assets that are at risk and weaknesses that should be resolved—particularly exploitable vulnerabilities. Being able to identify weaknesses that are known to have been taken advantage of allows institutions to prioritize their workload when securing their network.

For example, if the platform indicates that a Microsoft Windows security patch needs to be installed, V-Scan provides information needed to solve the problem, including which machines, devices, or assets are affected by the vulnerability. The product also allows filtered searches to be conducted based on the assets involved, such as domain controllers or printers. Having this enhanced capability further empowers IT staff to effectively manage vulnerability.

Contact us to learn more about how community banks and credit unions can leverage V-Scan to manage possible vulnerabilities and risks associated with their IT assets.

17 Aug 2023

Banks, Compliance, Credit Unions, Security, Technology Christine Ray 0 comment

The Advantages of Attending User Conferences for Banking Professionals

User conferences are dynamic events that community banks and credit unions can leverage to connect with industry experts and like-minded peers in an enriching environment. They provide a great opportunity for banking professionals to interact face-to-face with vendors; share ideas and experiences; and address their concerns about technology products, compliance, and other important industry issues. And unlike traditional industry tradeshows that are mainly designed to attract new business, user conferences have a broader purpose that translates into a host of benefits for attendees, including:

Training and education — User conferences provide access to valuable information that can help attendees keep up with the growing complexity of the financial services industry and technology. Participants can receive on-the-spot training through software demonstrations that allow them to see products in action. They can also enhance their knowledge through informative workshops, topic-based roundtable discussions, and other educational sessions. This allows them to learn from industry and subject-matter experts that can answer their questions, share insights, and impart best practices. This type of focused, in-person learning can make it easier for attendees to stay up to date with the latest technological advancements and other developments impacting their industry.
Networking opportunities — As another benefit, user conferences offer invaluable networking opportunities. Attendees can connect with their vendor’s team, ask specific questions, and learn better ways to use their products and services. They may even discover new tools for addressing some of the current challenges they are encountering. User conferences can also spark helpful interactions between colleagues who are using the same products; they can share strategies and best practices based on their respective experiences.
Relationship building — The personal connections that happen at user conferences can help reinforce the relationships that attendees have with their vendors. These events offer banking professionals a unique opportunity to learn more about the companies, products, and people they rely on to support their organization. For instance, participants can discuss the capabilities of software products directly with the people who built them and meet face-to-face with support staff they normally speak to on the phone.
Inspiration — While people often learn about their software products virtually, in-person user conferences provide a much more engaging—and inspirational alternative. Connecting with industry peers and vendors’ staff outside the daily office routine can stimulate creativity. The live interactions that unfold at conference events generate energy, excitement, and enthusiasm that can send participants home full of fresh ideas.

Meeting Regulatory Expectations

However, the incentive to take part in user conferences goes beyond the practical benefits; it is expected by regulators. Examiners are increasingly placing more focus on how financial institutions manage their vendors, including capitalizing on the influence of user groups. For example, the Federal Financial Institutions Examination Council (FFIEC) IT Examination Handbook’s Outsourcing Technology Services booklet states: “User groups are another mechanism financial institutions can use to monitor and influence their service provider. User groups can participate and influence service provider testing (i.e., security, disaster recovery, and systems) as well as promote client issues. Independent user groups can monitor and influence a service provider better than its individual clients.”

In addition, the FFIEC requires employees of financial institutions to engage in ongoing education and technical expertise to maintain compliance.

NetConnect™ User Conference

Safe Systems’ National Customer User Conference, NetConnect, creates the ideal setting for banking professionals and vendors to come together with their peers. This year’s NetConnect will take place in Alpharetta, Ga., just a few miles from our Georgia headquarters, on November 7-8, with a pre-conference training day on November 6.

NetConnect will bring together Safe Systems’ employees, customers, and strategic partners to exchange ideas and learn about the latest technology, compliance, and security trends in community banking. Each year, we hear positive feedback about the event from conference attendees.

Instructors were good about not letting folks get behind. A lot of ground covered in a day.
Instructors were top notch.

It says a lot to me that the entire conference content came directly from within Safe
Systems, and they all did a great job too!

A great time. I learned a lot and enjoyed myself while doing it.

The networking and social experience is top notch.

This conference is on my MUST ATTEND list!

So, whether you are a long-time or relatively new customer of Safe Systems, visit our NetConnect website to learn more about this year’s conference and how it can help you get educated, motivated, and up-to-date with the latest industry and technology trends.

06 Mar 2023

Banks, Credit Unions, Security, Technology Eric Delgado 0 comment

MFA—Why You Can’t Set It and Forget It

MFA - Why You Can’t Set It and Forget It

Multifactor authentication (MFA) is not a static, set-it-and-forget-it process. Financial institutions must constantly monitor—and make necessary adjustments—to ensure effectiveness so that only authorized users are accessing their network, data, and services.

MFA Methods and Risk

Some of the most common MFA methods, particularly with Microsoft Azure are:

FIDO2 security key
Microsoft Authenticator app
Windows Hello for Business
OATH hardware/software tokens
Short messaging service (SMS)
Voice calls

FIDO2—the latest and greatest MFA—enables easy and secure authentication. It takes passwords out of the equation and instead uses public key cryptography for authentication to enhance security. The Microsoft Authenticator app is also capable of passwordless authentication in Azure, which is making it an increasingly popular option. This modern multi-factor authentication method can act as a FIDO2 key, send push notifications, and support user awareness by providing location and client data within the app.

Windows Hello for Business is another form of advanced authentication that is also capable of passwordless authentication. However, institutions should be careful when implementing this approach to MFA because it can entail unique stipulations.

Two of the riskiest types of authentication are MFA facilitated by either SMS or voice calls. SMS-enabled MFA, which combines the use of a text message and code, is one of the most frequently used methods of authentication. However, since text messages are not encrypted, they are vulnerable to telecom tower relaying interference. Because of this vulnerability and its wide adoption, SMS is a major target of attackers. Voice calling, which uses telecom services to call with the code, is another risky form of MFA because it is possible that someone else could intercept the phone call.

For any TOTP-based method of MFA, there is an inherent risk of users giving away the codes. This can be accomplished via clever phishing techniques or malicious applications on mobile devices.

Combining MFA with Other Defensive Layers

Today’s sophisticated cyberattacks often attempt to exploit weaknesses that are present in the MFA workflow. Unlike traditional attacks that sought to bypass basic authentication protocols, newer schemes tend to follow normal MFA workflows to exploit human behavior. Attackers are also using other creative strategies to effectively circumvent MFA requirements. For example, they may hijack an already MFA-authenticated session to gain unauthorized access.

To evade cyberattacks, institutions must go beyond taking a relaxed, set-it-and-forget-it stance for MFA. They must enhance MFA by adopting newer more modern methods for their users. They must also be cognizant of attacks that can effectively bypass MFA, as we have seen with MFA-resistant phishing scams. To compensate for these newer styles of attacks, institutions should seek to implement multiple layers of security. In Azure, this will mean the adoption of Conditional Access Policies (CAPs). Stacking multiple CAPs targeting various combinations of MFA, apps, clients, locations, compliance status, and device types is the best way to improve an organization’s security posture. For more information about this important topic, watch our webinar on “MFA–Why You Can’t Set It and Forget It.”

23 Feb 2023

Banks, Credit Unions, Security Jamie Davis 0 comment

Mitigating Sophisticated, MFA-Resistant Phishing Scams

Phishing attacks are becoming more complex—and successful—making them more problematic for companies to combat. As a prime example, a recent phishing scam has been circumventing multifactor authentication (MFA) to successfully breach multiple companies. The attacks, which seem to be targeting banks and credit unions, are a stark reminder of the constant cyber threats that financial institutions face and the importance of following effective risk mitigation tactics.

The recent email scam is a sophisticated scheme; it exploits weaknesses in MFA and essentially bypasses them to launch an attack. The attackers deploy deceptive emails to obtain employees’ Microsoft 365 (M365) usernames, passwords, and MFA codes, and then they use this information to try to wire money outside the institution. Not only are these assaults breaching the initial targets, but they are also using the victims to infiltrate other companies.

The phishing scheme can be particularly detrimental to institutions that are not employing Azure Active Directory (Azure AD) Conditional Access Policies to bolster their security in Azure. Since Azure AD manages login credentials for users allowing them to access multiple M365 services and internal accounts from anywhere online, it is critical to apply access controls that provide another layer of protection beyond MFA.

Addressing Phishing Threats

There are various steps banks and credit unions can take to address MFA-resistant phishing attacks. Since humans are the weakest link in cybersecurity, institutions should ensure their employees are immediately informed about this particular phishing attack. They should also train employees regularly to recognize phishing emails so they can avoid being deceived. The key: Make sure employees know not to input their username and password in any link they receive by email.

Although this specific threat has the potential to exploit weaknesses in MFA, financial institutions should still implement this authentication method as it remains one of the most effective at blocking account compromises. As previously mentioned, it is also important to increase protection against attacks by adding Azure Conditional Access Policies to the Azure environment. Another preemptive step is to employ a monitoring and reporting solution for the Azure tenant. Often once a system is breached, attackers go into the tenant and create new rules to cover their tracks. Visibility into security settings through proactive reporting and alerts can make it easier for institutions to detect any suspicious activity or changes with logins and email rules, helping them stay on top of potential threats.

How Safe Systems Can Help

It can be challenging for many institutions to effectively manage their access and security settings in Azure AD and M365. However, Safe Systems offers CloudInsight™ M365 Security Basics to make the task easier. The CloudInsight™ collection of products offers a variety of reports and alerts that are specially designed to help institutions enhance their awareness of the Cloud. M365 Security Basics provides visibility into security settings for Azure AD and M365 tenants to help institutions detect targeted phishing or SPAM attacks. It can also expose other common risks like compromised user accounts, unknown users and forwarders; unapproved email access; and the unknown use of sharing tools. With M365 Security Basics, community banks, and credit unions can receive the expert insights they need to minimize, limit, or stop sophisticated phishing attacks.

27 Jan 2023

Banks, Credit Unions, Security Will McWilliams 0 comment

What to Look for in a New Firewall Vendor

If your bank or credit union needs a firewall vendor, it’s important to know what to look for to meet your security and regulatory requirements. Maybe you are proactively searching for a new firewall provider or suddenly discovered that you need to replace your current one. Whatever the case, you should search for a firewall vendor that specializes in the financial industry. This will ensure your financial institution has access to expertise and insights that are more specific to banking regulations.

In addition, you should look for a vendor that can serve as a “one-stop-shop” that covers all the security angles. The company should provide an all-inclusive solution that encompasses firewall monitoring, and management as well as intrusion detection and prevention. It’s also important to find a firewall vendor that offers concise and digestible reporting, along with meaningful insights created specifically for the banking community.

It is also equally important to search for a firewall vendor that can meet your institution’s implementation time frame. Ideally, you should plan five to six months out for a firewall implementation to compensate for hardware lead times; however, this may not always be possible. For example, your institution may have encountered an unexpected problem with renewal and need to quickly pivot to another firewall vendor. In this case, you will need to look for a vendor that is capable of deploying a firewall within a tight timeline.

As a precautionary measure, financial institutions must stay on top of contract management. Institutions should have a good relationship with their vendors and review contracts well before they are scheduled to renew. They should closely examine the contract terms and ask questions to ensure they are aware of any upcoming revisions or new developments. This can help them avoid getting caught off guard by any last-minute contractual issues that may disrupt their operation.

So how can banks and credit unions find a prospective firewall vendor? They can consult peers in the banking industry and inquire if their current service providers also offer firewalls. Ultimately, financial institutions should make sure their selected vendor has the appropriate security layers and reporting needed to check all the boxes from an examiner’s perspective. Safe Systems’ Managed Perimeter Defense (MPD), for example, employs multiple layers of advanced tools to help financial institutions protect their IT security environment. MPD’s next-generation firewall capabilities provide deeper analysis and improved detection of modern threats, which makes it easier for institutions to enhance their security posture.

12 Jan 2023

Banks, Compliance, Credit Unions, Security, Technology Jamie Davis 0 comment

Top Blogs of 2022

Last year, we covered a wide range of blog topics, including ransomware prevention and recovery; business continuity management and disaster recovery; and managing Microsoft Azure and Microsoft 365 settings. In case you missed them, here’s a synopsis of our top blogs of 2022. Reviewing these important issues can help your bank or credit union be better prepared for the challenges—and opportunities—that lie ahead in 2023:

1. Best Practices for Ransomware Prevention and Recovery

Ransomware attacks strike a new target every 14 seconds, disrupting operations, stealing information, and exploiting businesses, according to the Cybersecurity and Infrastructure Security Agency (CISA). However, financial institutions that consistently employ best practices can prevent or bounce back from a ransomware assault. As an optimal strategy for prevention, institutions should identify and address known security gaps that can allow a ransomware infection. Since human error is the primary reason for most security breaches, banks and credit unions should focus on providing ransomware awareness training to help employees identify, respond to, and minimize attacks. They can also limit cybersecurity risk by using intelligent network design and segmentation to restrict ransomware intrusions to only a portion of the network and by having overlapping security solutions to provide layered protection. If a ransomware incident does occur, financial institutions should have pre-defined procedures for response and recovery. Many smaller institutions may lack the expertise internally to implement ongoing best practices for ransomware prevention and recovery, but they can work with an external cybersecurity expert to augment their resources. Read more.

2. Your Guide to Business Continuity Management and Disaster Recovery Planning

It can be challenging for financial institutions to implement successful strategies for business continuity management (BCM) and disaster recovery (DR). But our compilation of key strategies and best practices can facilitate the process. BCM encompasses all aspects of incorporating resilience, incident response, crisis management, vendor management, disaster recovery, and business process continuity, and it is an essential requirement for avoiding and recovering from potential threats. DR—the process of restoring IT infrastructure, data, and third-party systems—should address a variety of events that could negatively impact operations, including natural disasters, cyberattacks, technology failures, and even the unavailability of personnel. For successful disaster recovery, institutions should focus on four important “Rs”: recovery time objective (RTO), recovery point objective (RPO), replication, and recurring testing. In addition, leveraging a comprehensive cloud DR service can enhance redundancy, reliability, uptime, speed, and value. Using a cloud DR solution from an external service provider can give institutions the confidence of knowing their DR plan is being thoroughly tested and will work if a real disaster happens. Read more.

3. Managing Security, Identity, and Compliance within the Microsoft Azure and M365 Ecosystem

Microsoft Azure Active Directory (Azure AD) and Microsoft 365 have a distinct ecosystem. Understanding their services and settings is critical for IT administrators to manage security, identity, and compliance within their environment. Institutions can significantly bolster security by implementing some of the basic security settings under the free license level for Azure AD. Adjusting the security default setting, for example, can have a major impact. IT administrators can enable security defaults to enforce non-configurable conditional access policies as well as require multifactor authentication (MFA) registration for all users. IT admins should also review the identity architecture for their institution to ensure all users, devices, and apps connecting to Azure have an identity. Depending on their license level, institutions may be able to modify additional settings, such as allowing global auditing, blocking open collaboration, and restricting outbound email forwarding. Microsoft is constantly revising the features of Azure AD and M365, making it vital for financial institutions to stay on top of their ever-changing ecosystem. Read more to learn how to manage the complexities of customizing your Azure AD and M365 security settings.

Read about other important topics on cybersecurity, compliance, and technology. Subscribe now to the Safe Systems blog to have the latest updates on banking trends and regulatory guidance conveniently delivered to your inbox.

09 Nov 2022

Banks, Credit Unions, Security Kai Xu 0 comment

Best Practices for Ransomware Prevention and Recovery

In the world of cybersecurity, an ounce of prevention is worth a pound of cure—especially when it comes to ransomware. Ransomware attacks hit a new target every 14 seconds, disrupting operations, stealing information, and exploiting businesses, according to the Cybersecurity and Infrastructure Security Agency (CISA). As a result of ransomware attacks, US Banks paid out nearly $1.2 billion in 2021, which is up by 188% from 2020 according to the Financial Trend Analysis report [PDF] on ransomware from the US Treasury’s Financial Crimes Enforcement Network (FinCEN). But banks and credit unions that consistently implement best practices can effectively prevent and recover from ransomware attacks.

Prevention Strategies

The ideal strategy is to keep ransomware assaults from happening in the first place, but prevention can be tedious and challenging. As a general practice, institutions should identify and address known security gaps that can enable a ransomware infection. (If there is a loophole, hackers will eventually find it.) Since human mistakes are the root cause of most security breaches, providing ransomware training for employees is a crucial step that institutions can take to reduce their cybersecurity risk. Ransomware awareness training can help staff identify, respond to, and circumvent attacks as well as test their knowledge in a safe environment. Institutions can also limit their security risk by adhering to the principle of “least access” to grant employees the minimum levels of access or permission needed for their job.

As another best practice, institutions can also take a stricter stance on the technical aspects of cybersecurity. They can employ intelligent network design and network segmentation to limit risk by restricting ransomware intrusions to a portion of the network instead of the whole system. Institutions should also have overlapping security solutions to provide layered protection for their systems and networks. Then if a single security element fails, another layer will be in place to compensate.

Response and Recovery Tactics

Even with multiple protective measures in place, there is only so much financial institutions can do to avert a ransomware attack. When a breach happens, the institution must respond immediately to mitigate the impact. This includes implementing pre-established processes for incident response, vendor management, business continuity, and other key areas. Bank management, for example, should have an incident response program to minimize damage to the institution and its customers, according to the Federal Financial Institutions Examination Council (FFIEC) IT Handbook’s Information Security booklet.

Having pre-defined procedures to declare and respond to an incident can be essential to effectively containing and recovering from a ransomware infection. While incident containment strategies can vary between different entities, they typically include the isolation of compromised systems or enhanced monitoring of intruder activities; search for additional compromised systems; collection and preservation of evidence; and communication with affected parties and often the primary regulator, information-sharing organizations, or law enforcement, according to the FFIEC.

In addition, restoration and follow-up strategies for incidents should address the:

elimination of the intruder’s means of access
restoration of systems, programs, and data to a “known good state” (using available offline or offsite backups)
the initiation of customer notification and assistance activities consistent with laws, regulations, and interagency guidance
monitoring to detect similar or further incidents

Another step in the recovery process might involve notifying an insurance carrier—if the institution has ransomware coverage. However, cyber insurance might not prove to be the ultimate remedy: A policy exclusion could keep the carrier from paying the claim. Or the settlement amount may not fully compensate for the institution’s intellectual property losses, revenue reduction, tarnished reputation, and other damages.

Augmenting Internal Resources

With the growing complexity of ransomware, it can be challenging for institutions to react to and recover from a cyberattack. However, those with limited internal resources can get help from a third-party cybersecurity expert to manage the process. Safe Systems, for instance, offers multi-layered security services that make it easier for community banks and credit unions to enhance their cybersecurity posture, so they can be better equipped to prevent, respond to, and recover from a ransomware attack. For more information about this critical topic, read our white paper on “The Changing Traits, Tactics, and Trends of Ransomware.”

27 Oct 2022

Banks, Credit Unions, Security Jamie Davis 0 comment

Social Engineering Scams – It Could Happen to You!

Many of us have heard the story about the fake printer repair person who shows up at the office to fix an issue with the intent to gain access to a secure area and collect confidential information. In reality, these things don’t really happen, right? At least not to small businesses or individuals…maybe this happened once to a large corporation and received a lot of press? This level of social engineering doesn’t really happen to someone like me, or does it?

Here’s What Happened to Me

My personal story involves a person visiting my house, a letter in the mail “from the government”, and a friend request on a popular social media platform from someone I knew 20 years ago. Each incident seemed innocent enough at the time, and on its own, did not raise any red flags. But as the events unfolded, I recognized a few mistakes that were made and realized that this was a coordinated effort and a scam!

It started with my doorbell ringing and my six-year-old yelling “Dad, someone’s at the door.” I answered the door to a well-dressed, very professional, middle-aged female with a smile and a government-issued badge around her neck. She promptly showed me the badge and explained she was there to ensure I had received a survey from the Department of Health and Human Services (DHHS). She explained it was important that I fill out the survey to provide the data needed for them to make decisions to properly serve their constituents.

I conduct many surveys at Safe Systems, so I empathized with her need for information and the effort it requires to get people to fill out surveys. I informed her that I had not received the survey she was inquiring about. She then handed me a sample copy of the survey and said that my actual form would have a randomly generated code to help them track when each family had filled out the survey. Even though the survey was anonymous, they used the code to track completion. When I stated again that I had not received the survey, she politely asked me to keep an eye out for it. She said she would check back next week to confirm I had received it. She complimented me on my house and walked away. Although I found the personal stop at my house odd, I didn’t notice any red flags at first. I simply thought this was similar to how they knock on doors for the census every 10 years.

Two days later, when checking the mail, I found a letter addressed to my wife and me. When I opened it, it included a survey that looked like the sample the lady had shown me a few days earlier, but this survey also had the randomly generated code that she told me about. I was still a little suspicious but planned on doing some research online to see if everything checked out.

A few days later, I received a friend invite on Facebook from someone I had not spoken to in 20 years. I’m not a big social media person but I do have a few accounts to keep up with different family affairs. Once I accepted the invite, this person started asking me about life and family. He didn’t ask anything personal, just general questions about how everyone is doing, jobs, etc. He seemed chattier than I remember him from 20 years ago, but we all change over time. I was cordial with my responses but not overly responsive. Over a few days, I got several short messages from him, then I get hit with this question, “have you filled out the DHHS survey?” He said he had seen my name on a list of people who had not completed it, and since he knew me, he thought he would reach out. RED FLAG!

The last I knew he didn’t work for the DHHS so how would he see my name on a DHHS survey list? And how could he be sure I was the same guy he knew 20 years ago living in a different town? Everyone who knows me, knows I go by my nickname. Very few people know my official birth certificate name, which is what was used on the DHHS survey. So, the odds of my name jumping off the page at him is unlikely. RED FLAG! I was curious about where this was going so, I continued the conversation, but guardedly. I admitted I had the survey but had not had a chance to fill it out yet.

Not wanting to let on that I was suspicious of him and the survey, I lied and said I would get around to it at some point. His response was the clincher for me that this was a scam. He said, “Great, just don’t want you to miss out on all the money I got from doing it.” Suddenly, there is money involved with filling out this survey which had not been mentioned anywhere. BIG RED FLAG! Also, it is very unlikely that someone filling out the survey would see a list of others who had received it, especially if it was supposed to be anonymous. RED FLAG!

I decided at this point, I wanted to know how far they would take this scam. I started chatting with him about some trip we went on years ago and how great it would be to do it again (but the truth was we never went on any trip). I never heard from him again, and his Facebook account was deleted and removed 2 days later.

It is important to discuss his Facebook page, as it not only had pictures of him and his family but also indicated that we had a single “mutual friend.” This was meant to convince me of his authenticity but should have also raised a RED FLAG considering how much overlap there was in the people we knew. Apparently, someone had stolen the pictures from his Facebook page and created a new account. I later recalled I was already friends with him on Facebook and compared his actual page to what I had seen on the fake account. They were identical if you just looked at the profile picture and the last post or two. There was almost no history on the fake account, but I had not paid attention to this RED FLAG at the time.

Social Engineering Can Happen to Anyone

In the grand scheme of things, I’m your average American stereotype. I live in a small neighborhood in suburbia with a minimal presence on the internet. Why would anyone have any interest in me? Yet, with no reason to target me, someone came to my house, mailed me a letter, set up a fake profile of someone I knew 20 years ago, and created an elaborate scheme to get me to fill out a survey that asked for personal information.

The moral of the story is if it can happen to me, it can happen to you, your family, and your business! Don’t assume these things only happen to others or large corporations. Social engineering schemes are very real, and they can work if you don’t have your guard up!

As we reach the end of Cybersecurity Awareness Month 2022, I thought this would be an appropriate story to share. As you can see from my story, social engineering can be very elaborate and can use means that are outside of the internet to deceive you into providing access to confidential or personal information and/or your computer systems. So, awareness is key. In the spirit of this month, I hope my story serves as a reminder to talk to your employees and customers about recognizing red flags and staying safe online.

25 Oct 2022

Banks, Compliance, Credit Unions, Security, Technology Jamie Davis 0 comment

Tips from Cybersecurity Awareness Month 2022

Cybersecurity Awareness Month 2022 is reminding individuals and organizations that there are a variety of ways to protect their data—and practicing the basics of cybersecurity can make a huge difference. This year’s campaign centers around an overarching theme that promotes self-empowerment: See Yourself in Cyber. The initiative’s co-leaders, the National Cybersecurity Alliance (NCA) and the Cybersecurity and Infrastructure Security Agency (CISA), are encouraging people to focus on four key behaviors:

Enabling multi-factor authentication (MFA) — Often called two-step verification, MFA is an effective security measure because it requires anyone logging into an account to verify their identity in multiple ways. Typically, it asks the individual to enter their username and password and then prove who they are through some other means, such as providing their fingerprint or responding to a text message.
Using strong passwords and a password manager — All passwords should be created so that they are long (consisting of at least 12 characters), complex (including a combination of upper case letters, lower case letters, numbers, and special characters), and unique. This approach should be implemented with all accounts. Because we do more online today, it is possible to have hundreds of passwords to manage. And, if your passwords are long, unique, and complex as they should be, it can be impossible to remember and track them all. Using a secure and encrypted password manager is not only safer than using a physical notebook or a notes app to store your passwords, but it can also provide benefits such as alerting you of potential compromises and auto-generating new hyper-strong passwords that are stored along with the others.

A quality password manager should encrypt all passwords, require multi-factor authentication on your password vault, and not store the keys needed to decrypt the main password that unlocks your vault.

Updating software — Updates resolve general software issues and provide new security patches where criminals might get in and cause problems. You should update software often, obtain the patch from a known trusted source, and make the updates automatic if available.
Recognizing and reporting phishing — With the right training, you and your employees can learn to identify phishing, a scheme where criminals use fake emails, social media posts, or direct messages to trick unwitting victims to click on a bad link or download a malicious attachment. The signs can be subtle, but once suspect a phishing scam, you should report it immediately, and the sender’s address should be blocked.

Cybersecurity Resources

Cybersecurity Awareness Month is dedicated to providing resources to help individuals and organizations stay safe online. Businesses that need additional resources to address their specific needs can partner with an external cybersecurity expert. For example, Safe Systems offers a wide variety of compliance, technology, and security solutions to help community banks and credit unions safeguard their data.

Some of our cybersecurity products and services include:

Cybersecurity RADAR™: A web-based application combined with a team of compliance experts to help you assess your cybersecurity risk and maturity, using the standards set by the FFIEC’s Cybersecurity Assessment Tool (CAT) or the NCUA’s Automated Cybersecurity Examination Tool (ACET).
Information Security Program: A solution that allows you to build a customized, interactive, and FFIEC-compliant Information Security Program, complete with notifications, reporting, collaboration, approval processes, and regulatory updates.
NetInsight^®: A cyber risk reporting solution that runs independently of your existing network and security tools to provide “insight” into information technology and information security KPIs and controls.
Layered Security: Build a basic layered approach including a perimeter firewall with content filtering, email threat filters, an endpoint malware solution, and a robust patch management process, or add more sophisticated layers depending on your security needs.

In addition, we continue to provide access to trusted information related to technology trends, regulatory updates, and security best practices on our Resource Center. Our latest white paper focuses on the leading security risk to businesses today, ransomware. Download a copy of “The Changing Traits, Tactics, and Trends of Ransomware” to discover how to better position your institution to prevent and recover from a ransomware attack.

20 Oct 2022

Banks, Compliance, Credit Unions, Security, Technology Jamie Davis 0 comment

Special Guest Speakers Share their Expertise on Key Banking Systems and Compliance Trends

Our first Customer Success Summer Series offered live webinars with special guest speakers who shared their industry knowledge to help our customers and other financial institutions enhance internal processes and key areas of their banking operations.

In August, we hosted Cary Parris, Co-Founder and CTO at iTransit Solutions who presented “The Evolution of Phone Systems: Which is Right for You?”.
In September, we presented “2 Guys and a Microphone: Matt and Tom Chat About Compliance Trends and Rumors” where Matthew Jones, Partner and Financial and Information Security Auditor at Symphona, and Thomas Hinkel, the Compliance Guru at Safe Systems discussed recent developments and trends in regulations and shared their insights on current findings from examiners and auditors.

The Evolution of Phone Systems

Today businesses are facing the acceleration of remote working—Voice over internet protocol (VoIP), Virtual Private Networks (VPN), virtual meetings, and dynamic routing of phone systems based on the user’s location—all have become must-have requirements. Legacy telephone services are becoming more obsolete as some telecoms decommission analog technologies in favor of fiber pots and other alternatives. The old telephone system is evolving into a more modern option: unified communications as a service (UCaaS), which merges communication channels into a single cloud-based system. UCaaS offers all the necessary infrastructure, applications, and resources businesses need in an easily scalable solution. Unified communications tools can include chat, VoIP, text messaging, and online video conferencing.

UCaaS gives institutions the benefit of advanced functionality which allows employees to work remotely more efficiently, including things like the ability to check other users’ availability, reach people whether they are in the office or out in the field, and access the platform from anywhere. Another evolving facet in telecommunications is call center as a service (CCaaS), which also streamlines omnichannel communication and allows remote employees to work together as a call center team.

Given its flexibility and efficiency, it is easy to see why UCaaS is moving to the forefront of communications. There is a wide range of unified communications features, equipment, and prices and it is important for your institution to clearly define its unique needs to find a solution that will satisfy its requirements. It is also important to continue to evaluate your equipment and services every few years as technology and pricing continue to change.

Watch the recording of this webinar to gain a better understanding of UCaaS and other options so you can make the right choice for your institution.

2 Guys and a Microphone

Matt and Tom have both spent most of their careers focused on risk and regulatory compliance for financial institutions. We recorded their recent conversation which spans many topics including increased scrutiny on vendor management, continued focus on ransomware, and more.

Recent audit and exam trends continue to have a strong focus on third parties and proper vendor management. Examiners are considering the preponderance of fintechs, how much the average financial institution is outsourcing, and the inherent risk that originates from third-party vendors. Interestingly, their increased scrutiny may extend to any significant sub-service vendors that institutions may have. In addition, we are seeing questions arise about vendor management in the context of insurance. Cyber liability insurance applications are requesting more details about the management of vendors and other third parties.

There have also been some interesting audit and exam findings. For instance, one institution was encouraged to complete a post-pandemic/walk-through test or “dry run” of their pandemic procedures. This is curious considering all institutions have been in a “live exercise” for the past few years with the pandemic. Regardless, there is a good chance that the pandemic verbiage in your disaster recovery plan needs to be updated based on what has or has not been done in response to the current pandemic. And it is important to consider that an annual pandemic test will be a part of examiner expectations going forward along with the traditional business continuity, natural disaster, and cyber incident tests.

On the regulatory front, the new Computer-Incident Notification Rule went into effect on April 1, 2022, which is designed to give regulators early awareness of emerging threats to banking organizations and the broader financial system, including potentially systemic cyber events. The rule has two components:

The first part requires a banking organization to promptly notify its primary federal regulator of any “computer-security incident” that rises to the level of a “notification incident.”
The second part requires a bank service provider to notify each affected banking organization customer as soon as possible when the bank service provider determines that it has experienced a “computer-security incident” that has caused, or is reasonably likely to cause, a material service disruption or degradation for four or more hours.

In March, we hosted an in-depth webinar on understanding the requirements, recognizing gray areas, and preparing for unknowns. To help intuitions meet these requirements, we also created a detailed flowchart to understand when an event is severe enough to activate your Incident Response Team (IRT) and when regulators and customers should be notified.

Another regulatory trend to keep your eyes on is the increasing focus on ransomware industry-wide is prompting some state banking organizations to require institutions to use the Ransomware Self-Assessment Tool (R-SAT). The 16-question R-SAT is designed to help institutions evaluate their general cybersecurity preparedness and reduce ransomware risks. The R-SAT supplements the Cybersecurity Assessment Tool developed by the Federal Financial Institutions Examination Council (FFIEC). It will be interesting to see if more states begin requiring this additional diagnostic tool.

Watch the recording to hear more insights about INTrex, SOC Reports, and SSAE 21.

08 Sep 2022

Banks, Compliance, Credit Unions, Security, Technology Jamie Davis 0 comment

What to Budget for in 2023

Marty McFly (the lead character in “Back to the Future”) could not have predicted the world we live in today. Though the movie’s portrayal of flying cars, floating hoverboards, and shoes that lace themselves may have been a little far-fetched, we now have IoT, the Internet of Things. This powerful networking capability connects everything in our lives to a single electronic device that can be held in the palm of our hands. I can open my garage door, adjust the temperature of my house, set my alarm system, and even check the status of the clothes in my dryer—all from my mobile phone. Predictions are always a synthesis of art, science—and uncertainty. None of us truly knows what tomorrow will bring. We just know it will look a little different than it did today. With that in mind, it’s almost budgeting season, so here are my predictions for the top areas your bank or credit union should consider budgeting for in 2023:

1. Compliance Services

Compliance continues to be a strong focus for many community financial institutions. It’s important to be able to evaluate all your policies and programs to see where you may need assistance before your next exam. If you aren’t sure if your policies and programs are keeping up with regulations, you may want to hire a third party to provide an objective perspective. Companies like Safe Systems will often conduct a review as a courtesy or for a nominal fee.

You should also consider investing in these two popular compliance services that have gained traction in recent years:

Virtual ISO: There are several service models available, so make sure you find the one that matches your institution’s needs. (Check out our recent webinar that walks you through the pros and cons of three virtual ISO models.) For instance, Safe Systems’ ISOversight service includes a dedicated compliance specialist, along with a suite of online compliance applications to help you develop and manage your vendors, business continuity plan, Cybersecurity Assessment Tool, and information security program.
Vendor Management: Your assessment of a vendor should define what controls are needed to effectively mitigate risks posed by each vendor. Some critical or high-risk vendors may require reviewing documents like contracts, financials, or SOC 2 audit reports. Evaluating these documents can feel daunting because it can be time-consuming and understanding each type of document can require a different skill set. Many institutions are offloading the document review process to third-party companies to help them identify the key information in each document and better manage risk.

2. Supply Chain Issues

The supply chain issues that started during the middle of the pandemic have continued through 2022. Servers, switches, firewalls, and other hardware devices are still in limited supply. For 2023, continue to plan and order hardware well in advance of your needs. If you wait until you need it, you may encounter delays. Six months is the current lead time for certain devices. Also, when replacing a workstation in 2023, evaluate whether a laptop or desktop computer would be the best replacement. While laptops introduce some new risks due to their mobility, they also allow flexibility for users. If a laptop will enable an employee to work remotely during a disaster or pandemic, it may be more beneficial to switch to this laptop to optimize your hardware investment.

3. Cloud Security

Cloud security should continue to be top of mind. Although the Cloud offers plenty of advantages, it comes with numerous control settings, management tools, and security options that must be effectively configured and maintained to ensure the highest level of protection. This should be a key area of concern for not only institutions with infrastructure in the Cloud, but also those with M365 licenses—which include Exchange Online, SharePoint, OneDrive—or those using Microsoft Azure Active Directory as an authentication platform through a third-party provider. Too often institutions only think about hosting servers in the Cloud when it comes to cloud security. While moving infrastructure to the Cloud is a current trend, almost all institutions store some information there. Safe Systems has worked with several institutions with assets ranging from $100 million to multi-billion dollars and found that almost all of them had gaps in their cloud security when it comes to their cloud tenants. Some institutions had their email or user accounts compromised while others had the wrong M365 security settings in place, which left the door open to future compromises. Safe Systems’ CloudInsight suite of products includes M365 Security and Utility Basics solutions to detect common risks and help institutions better manage the increasing array of M365 security settings and controls. These reasonably priced options deliver a substantial amount of value, so contact us for a quote to determine if our CloudInsight solution will fit into your budget next year.

4. Cybersecurity

Cybersecurity must stay top of mind for both your institution and its employees. If you do not have a solution to train and test your staff on information security best practices, consider investing in one next year. These are typically not expensive solutions, and they provide exceptional value—as well as critical protection. It is estimated that cyberattacks are 300 times more likely to be targeted against financial services firms than other companies. If that isn’t enough to keep you up at night, then consider that Cybersecurity Ventures expects global cybercrime costs to reach $10.5 trillion annually by 2025—and will be more profitable than the global trade of all major illegal drugs combined. Remember, where the money is, the crooks will follow. Every year you must evaluate your current security layers and decide if they are still effective and if you have enough of them in place.

“If it were measured as a country, then cybercrime—which is thought to have inflicted damages totaling $6 trillion USD globally in 2021—would be the world’s third-largest economy after the U.S. and China.”

Preparing for next year requires you to first evaluate where you are this year. You could decide to simply “rinse and repeat” what you did this year, but that would be a missed opportunity to really understand what is working, what isn’t, and what can be improved. Also, consider your institution’s short- and long-term plans. Sometimes what makes sense today doesn’t make sense when compared to your future plans for growth, increased redundancy, and more. While you can’t predict the future, you can at least ensure your 2023 budget reflects your best guess for where your institution is headed.

01 Sep 2022

Banks, Credit Unions, Security Kai Xu 0 comment

Addressing the Growing Ransomware Problem

Ransomware has become the leading cyber threat to businesses today—and it is growing at an alarming rate. Threat actors, who often work in groups, continue to evolve and create different ransomware strains. They rebrand themselves and resurface under new identities, making it difficult to curtail their criminal activities. Ransomware has continued its upward trend with an almost 13% rise—an increase as big as the last five years combined, according to the 2022 Verizon “2022 Data Breach Investigations Report.” And the FBI’s Internet Crime Complaint Center Annual Report stated recorded 3,729 ransomware complaints in 2021 with adjusted losses of more than $49.2 million.

The pervasive nature of the ransomware problem affects all types of companies, sectors, and industries worldwide. Approximately 37 percent of global organizations were targeted by a ransomware attack in 2021, based on the IDC’s “2021 Ransomware Study.” And in February 2022, the Cybersecurity and Infrastructure Security Agency (CISA) reported that fourteen of the 16 US critical infrastructure sectors had ransomware incidents.

The Impact

Ransomware is malicious software or malware that locks victims out of their computing devices or blocks access to files until they pay a ransom. More sophisticated versions can encrypt files and folders on attached drives and even networked computers, raising the stakes even higher. (In all cases, the FBI does not support paying a ransom in response to a ransomware attack.)

Typically, ransomware gets installed on a workstation using a social engineering technique such as phishing. It tricks people into clicking on a link or opening an attachment and disclosing their login information or even financial data. Regardless of the threat vector used, a ransomware infection can wreak havoc on victims, causing extensive business interruptions, legal expenses, and reputational damage. According to IBM’s Cost of a Data Breach 2022 report, the average cost of a ransomware breach, not including the ransom payment, declined slightly, from USD 4.62 million to USD 4.54 million. However, the frequency of ransomware breaches has increased — from 7.8% of breaches in the 2021 report to 11% in the 2022 study. In certain industries, an attack may be considered a data breach and involve even more negative consequences. For instance, financial institutions and other critical infrastructure agencies may be required to pay fines for an attack due to their failure to protect clients’ data.

Cybercriminals are shifting away from ransomware attacks that merely demand a payment to unlock the victim’s data or device. They are focusing on more multidimensional extortion methods to extract a larger reward. IBM Security’s 2022 “X-Force Threat Intelligence Index” report indicates that virtually all ransomware assaults today are “double extortion” attacks that demand a ransom to unlock data and prevent its theft. Some attackers opt to exfiltrate sensitive data, so they can present additional ransom demands in the future. They may also sell personal data—credit card numbers, email addresses, online credentials, or bank account information—to make the fraud even more lucrative.

Best Practices

Security is a complicated issue, which makes staying on top of threats and vulnerabilities challenging. Financial institutions must complete a myriad of time-consuming and complex tasks to maintain a strong security posture. Addressing ransomware can be particularly difficult for community banking institutions with limited internal technical expertise and resources. And there is only so much an institution can do to stay vigilant against ransomware threats.

However, institutions can reduce their risk by implementing some key security strategies such as:

Having a well-trained staff because most ransomware intrusions are caused by human error.
Having overlapping security products and or services to cover the protection of systems and networks.
Having well-designed network infrastructure with security in mind.
Having a proper incident response plan that can be adhered to in the event of a breach.

Using a Managed Service Provider

Financial institutions that put mitigating systems, processes, and practices in place will be better positioned to prevent, detect, and recover from a ransomware breach. However, many smaller institutions may lack the resources and knowledge in-house to close security gaps and circumvent attacks. They can remedy the situation by employing the products and services of a managed service provider to strengthen their security posture.

Safe Systems provides a wide range of layered security solutions to help institutions address the risk of ransomware. Our security offerings include behavior-based vulnerability monitoring, advanced endpoint protection, vulnerable systems patching, next-generation firewalls, email software security, and staff training. These products and services deliver essential overlapping protection, and they are specially designed to meet the needs of community banks and credit unions.

Also, stay tuned for our upcoming white paper that will provide more data on the current state of ransomware and how banking institutions can better minimize the risks of an attack.

14 Jul 2022

Banks, Credit Unions, Security Safe Systems 0 comment

How to Always Be Prepared for a Cyberattack

Cybersecurity attacks have been ramping up nationwide, and the FBI expects the trend to continue. Americans reported 847,376 complaints in 2021, a 7-percent increase from 2020, according to the FBI’s Internet Crime Complaint Center’s 2021 Internet Crime Report. Many of the complaints filed in 2021 involved ransomware, phishing, data breach, and business email compromise. Financial services is one of the critical infrastructure sectors that are most frequently targeted by ransomware attacks.

However, here are five best practices that if effectively implemented, managed, and monitored can ensure that your financial institution is always prepared for a cyberattack:

1. Authentication

Passwords have become more complicated to create, remember, and maintain. Twenty years ago, passwords consisted of a simple string of characters. Now they are more complex, requiring a combination of numbers, symbols, and upper- and lower-case letters. Increasingly, user management tools allow institutions to take advantage of robust authentication options like multifactor authentication (MFA). MFA adds extra elements and more security to the sign-on process, which is why users should employ it whenever possible to log in to any network or system at your institution. This is especially important for higher-risk situations that involve network administrator accounts, virtual private network access, and critical management applications.

MFA is one of the most important cybersecurity practices to reduce the risk of intrusions. Users who enable MFA are up to 99 percent less likely to have an account compromised, according to a joint advisory issued by the FBI and Cybersecurity and Infrastructure Security Agency. “Every organization should enforce MFA for all employees and customers, and every user should sign up for MFA when available,” the advisory states.

2. Patch Management

Patching can be a constant and tedious process as it requires keeping up with updates from numerous sources and applications. This can entail patching a plethora of Microsoft products, along with banking and lending applications, PDF readers, virtualization applications, database applications, ATM software, and more. Not patching a security hole in any of these could lead to a massive security breach with catastrophic implications for institutions. It’s imperative to maintain a list of all approved applications and monitoring software on the network as well as have an update policy and a clearly defined process for each application. Major breaches have happened because a single patch was missing on a single device. Patch management cannot be ignored or treated as an afterthought.

3. Email Security and End User Best Practices

Understanding email, specifically phishing techniques, is one of the most critical aspects of being prepared for a cyberattack. While financial institutions are frequently targeted by phishing attacks, following these best practices can help to prevent business email compromise:

Augment your email solution with effective scanning software. This can help identify SPAM and phishing emails before they reach employees.
Train employees to recognize phony phishing emails, so they can “think before they click.” These bogus emails can be difficult to spot unless you know what you are looking for; e.g., poor grammar and spelling, links that don’t match the domain, unsolicited attachments, etc.
Test employees to see how well they respond to a realistic phishing attempt. Invest in a program that lets you send fake phishing messages and track which employees fail the test, so you can offer additional training to those who need it.

4. Backups

Backups play a crucial role in file recovery, disaster recovery, and ransomware attacks. To successfully bounce back from a cyberattack, institutions need to have all backup scenarios sufficiently covered, including file-level backups, disaster recovery backups, Veeam backups (for virtual servers), and SQL/database backups. While most institutions use a combination of different backup solutions, the key objective is to back up files offline or in the cloud, so they are not connected to your network. Then if a ransomware attack strikes the network, your offline and cloud backups will not be affected.

5. Vendor Risk Management

Vendor management can have a dramatic impact on the overall success of your information security plan. If you outsource to a vendor with inadequate security protocols, their weakness essentially becomes your weakness. The first step in vendor risk management is to perform a risk assessment to evaluate your level of inherent risk. This must always be done first so that you can then identify and implement the proper controls. If the controls selected do not completely offset the risks identified, then alternate or compensating controls would need to be identified to achieve a level of residual risk that is within your risk appetite.

There’s no silver bullet when it comes to resisting a cyberattack but focusing on the five areas above can significantly increase your institution’s cyber resiliency. Safe Systems offers a range of technology, compliance, and security solutions that are exclusively designed for community banks and credit unions. Contact us to learn how we can help you implement these five and other best practices.

30 Dec 2021

Banks, Compliance, Credit Unions, Security, Technology Christine Ray 0 comment

Our Top Blog Posts of 2021

With a new year approaching, it’s a good time to review some of the key discussions from the past year. Read these highlights from our top blog posts of 2021, to help your financial institution refine key operational strategies for 2022 and beyond:

1. 2021 Hot Topics in Compliance: Mid-Year Update

Although the COVID-19 pandemic isn’t over, financial institutions have learned valuable lessons so far. Key impacts have been primarily operational, involving risks related to temporary measures taken to weather the crisis. In addition, there are important compliance trends and new regulatory guidance institutions should anticipate going forward. Ransomware cybersecurity has been a key area of focus for regulators, and given the recent high-profile cyber events affecting the industry, their scrutiny will likely increase in the future. This will be reflected, in part, by the number of (and types of) assessments that regulators might expect institutions to perform annually. These assessments from various state and federal entities include the Cybersecurity Assessment Tool (CAT), the optional Ransomware Self-Assessment Tool (R-SAT), the Cybersecurity Evaluation Tool, and the modified Information Technology Risk Examination for Credit Unions (InTREx-CU). In addition, there have been major shifts with cyber insurance, and the FFIEC released a new Architecture, Infrastructure, and Operations booklet in its Information Technology Examination Handbook series. Read more.

2. The 4 “R’s” of Disaster Recovery

Maintaining an effective approach to disaster recovery can help financial institutions satisfy regulatory requirements, better protect themselves from the effects of negative events, and improve their ability to continue operating after a disaster. There are four important “R’s” that institutions should concentrate on for disaster recovery: recovery time objective ( RTO ), recovery point objective ( RPO ), replication , and recurring testing .

RTO is the longest acceptable length of time a computer, system, network, or application can be down after a disaster happens. When establishing RTOs, prioritizations must be made based on the significance of the business function and budgetary constraints. The RPO is the amount of time between a disaster occurring and a financial institution’s most recent backup. Essentially, the RPO will be determined by the institution’s technology solution and risk tolerance. DR replication entails having an exact copy of an institution’s data available and remotely accessible when an adverse event transpires. The best practice is to keep one backup copy onsite and another offsite in a different geographic location that’s not impacted by the disaster. Recurring testing allows institutions to identify key aspects of their DR strategy and adjust as needed to accomplish their objectives. Regular testing can expose potential problems in their DR plan so they can address these issues immediately. Read more.

3. Segregation of ISO Duties Critical to Network Security and Regulatory Compliance for FIs

It’s crucial for financial institutions to maintain distinct duties between their information security officer (ISO) and network administrator to ensure network security, regulatory compliance, and the health of their operations. There should be at least one designated ISO who is responsible for implementing and monitoring the information security program and who reports directly to the board or senior management—not to IT operations management. The significance of segregating the ISO’s duties comes down to oversight: Separating ISO and network administrator tasks helps to create a clear audit trail and ensures risk is being accurately assessed and reported to senior management . It also allows the ISO to provide another “set of eyes” that help to maintain a level of accountability to management, the board, and other stakeholders. The ISO’s independent role primarily serves to ensure the integrity of an institution’s information security program . Financial institutions can also use a virtual ISO to create an additional layer of oversight on top of what they have in place internally. Read more.

Discover these and other key topics about banking compliance, security, and technology on the Safe Systems blog.

Or, subscribe now to be the first to receive the latest updates on banking trends and regulatory guidance directly to your inbox.

28 Dec 2021

Banks, Credit Unions, Security Jamie Davis 0 comment

Cybersecurity Insurance and Multi-Factor Authentication

Financial institutions are increasingly embracing cybersecurity insurance as an important aspect of their information security program. Cyber insurance can offer vital coverage to protect businesses from various technology-related risks. Data breach insurance, for example, helps companies respond if personally identifiable information gets lost or stolen from their computers—whether intentionally by a hacker or accidentally by an employee. Cyber liability insurance offers expanded protection to help businesses prepare for, respond to, and recover from cyberattacks.

As cybercrimes continue to intensify, more cybersecurity insurance companies are calling for organizations to employ multi-factor authentication (MFA). Some carriers are even refusing to provide insurance quotes to companies that are not using this authentication method. From their perspective, MFA adoption makes perfect sense; it keeps unauthorized individuals from accessing sensitive information, reducing ransomware, data breaches, and other cyberattacks. This, in turn, minimizes insurance claims and saves carriers money.

For insurance providers, MFA is appealing because it lowers cyber risk by requiring users to verify who they are. The individual must furnish valid identification data followed by at least one other credential: a password, one-time passcode, or physical characteristics like their fingerprint or face. This strict authentication system allows organizations to certify people’s identity—before granting them access to sensitive information, an account, or other assets—and this can significantly strengthen their security.

While MFA is heavily promoted by many cyber insurance companies, an institution’s regulators may not require financial institutions to use multi-factor authentication. However, implementing MFA for a whole internal network may not be a simple task. Depending on the solution, it may require installing agent software to all the endpoints requiring MFA and configuring appropriate “break-glass” accounts for emergency use, which creates more infrastructure to be monitored and managed.

MFA Implementation Tips

To simplify MFA implementation, Banks and credit unions can apply a sequenced strategy instead of jumping straight to the internal network. As a first step, institutions can ensure MFA is turned on for all remote-access users, including creating endpoint control policies for their devices. The next logical step would be to lock down MFA for cloud applications. This includes Microsoft Online services like M365 (formerly Office 365) and Azure Active Directory (Azure AD). These solutions come with a variety of free security features that organizations can customize to their business requirements. Even at low licensing levels, these products allow MFA to be turned on for all users—which can be highly effective for averting business email compromise and ransomware attacks. But institutions will need higher-level licensing if they want to make conditional access policies based on the specific location, identity, or device of users. Azure AD Premium P1 and M365 Enterprise E3, for example, have a variety of advanced features that allow conditional access policies to be established to enhance security.

MFA is just one layer of security for banks and credit unions to consider. We hope this post provided some insight into applying MFA for both security and insurance purposes. To learn more about this topic and other security layers, listen to our recent “Ransomware, Cybersecurity, and MFA” webinar, hosted by our Chief Technology Officer, Brendan McGowan.

06 Dec 2021

Banks, Credit Unions, Security Jamie Davis 0 comment

How Layered Security Can Address Growing Cyberthreats

With the increasing complexity of cyberattacks, financial institutions need to implement more effective—and comprehensive—security measures. They need a variety of elements to create a layered approach to secure their data, infrastructure, and other resources from potential cyberthreats.

Many organizations rely on a castle-and-moat network security model where everyone inside the network is trusted by default. (Think of the network as the castle and the network perimeter as the moat.) No one outside the network is able to access data on the inside, but everyone inside the network can. However, security gaps may still exist in this model and others. The best approach to compensate for gaps is to surround the network with layers of security.

The basic “table stakes” for a layered security approach include a perimeter firewall with content filtering, email threat filters, an endpoint malware solution, and a robust patch management process. Banks and credit unions could also invest in additional and more sophisticated layers but each one will have associated acquisition and management costs, along with ongoing maintenance. So, it’s prudent for institutions to invest only in the number of layers/solutions they can competently manage.

Key Concerns

Today the top IT security concern for many organizations is ransomware. Due to the proactive measures many financial institutions have taken, the banking industry has fewer security breaches than health care and some other industries thus far. However, when a breach does happen to a financial institution, the impact is more costly than breaches occurring in other industries.

Four-Layer Security Formula

With these concerns in mind, here’s a four-layer “recipe” organizations can employ to improve their security posture:

Training and Testing: Using email phishing tests can serve as a good foundation for minimizing BEC and other social engineering threats.
Network Design: Institutions should refresh older networks to segment their components into different zones. It’s no longer sufficient to have servers, workstations, and printers sitting in one IP space together.
Domain Name System (DNS) filtering: DNS filtering prevents potentially damaging traffic from ever reaching the network. Because it proactively blocks threats, this makes it one of the most effective and affordable security layers institutions can apply.
Endpoint Protection: Institutions should have this type of protection on each of their endpoints, and the best endpoint protection tools have built-in ransomware solutions.

Other Important Considerations

It’s important to back up data regularly and ensure that those backups are well beyond the reach of ransomware and other threats. (Backups done to a local server that’s on-site and are still on the network may be susceptible to ransomware.) One way to address this issue is to have immutable backups, which are backup files that can’t be altered in any way and can deploy to production servers immediately in case of ransomware attacks or other data loss. Another option is to send backups to a cloud solution like Microsoft Azure Storage, which is affordable and easy to integrate because there are no servers to manage.

Another crucial element in security is Transport Layer Security/Secure Sockets Layer (TLS/SSL) encryption protocol, which can be somewhat of a double-edged sword. About 80 percent of website traffic is encrypted to protect it from unauthorized users during transmission. Traditional firewalls don’t have the ability to scrutinize traffic against a content filtering engine, which means savvy hackers can hide ransomware and other dangerous content inside. But firewalls with advanced features are capable of TLS/SSL inspection; they can decrypt content, analyze it for threats, and then re-encrypt the traffic before entering or leaving the network.

There’s an array of security solutions that institutions can implement to establish layered protection against cyber threats. For more insights about this topic, listen to our webinar on “Cyber Threats, Why You Need a Layered Approach.”

23 Nov 2021

Banks, Credit Unions, Security Brendan McGowan 0 comment

Importance of Security Layers

In the past, it wasn’t uncommon for organizations to maintain basic information security: a firewall, anti-malware software, and maybe a few other resources. But modern operating environments require financial institutions to go beyond limited measures and implement multiple security layers to protect their sensitive information, infrastructure, and other assets.

Today banks and credit unions have a variety of elements that comprise their computer networks, and these components require numerous security solutions for them to operate securely. There’s no such thing as having too many solutions—although some entities invest in more resources than they can competently manage. The most appropriate approach is for institutions to employ all the security layers they can afford to pay for and oversee effectively.

The security landscape has changed significantly over the years. With the evolution of technology, cybercriminals are launching more frequent and sophisticated attacks against organizations. (The bad guys have it easy; they only have to get it right once. Security professionals, on the other hand, have to get it right all the time.) Currently, the top security threats for financial institutions are a remote workforce, ransomware, and the Internet of Things devices like webcams, Amazon Alexa, and Google Chromecast.

Security Considerations

Financial institutions often select security products based on what their security posture requires to pass exams. But the emergence of new threats is motivating more institutions to select solutions not just based on examiner expectations, but to also consider what is essential for operational safety. Generally, the security products that institutions invest in are determined by their cost and ability to mitigate risk.

For the most part, the financial services industry is interested in solutions that require minimal management involvement and customization to be effective. The industry also tends to adopt solutions once they’ve reached a certain level of commoditization and are priced lower. For example, well-commoditized solutions like anti-virus agents and anti-ransomware tools allow institutions to protect against expensive threats for the minimum cost. An effective anti-malware agent—especially one with some specific anti-ransomware technology—is another essential layer for endpoint protection.

Ultimately, increased competition leads to technology innovation and consolidation. A good example of this is what’s happened with firewalls. Implementing a firewall used to equate to a simple router that separated public and private networks. Things evolved when people began adding dedicated appliances like intrusion detection and prevention systems, antivirus gateways, web content filters, and other technologies. Through commoditization, these different elements became consolidated into the firewall to create a unified threat management system. More recent innovations that allow institutions to inspect encrypted traffic and sandbox potentially hazardous traffic have ushered in the next-generation firewall.

Going Beyond Basic Requirements

A fundamental requirement for layered security is multi-factor authentication (MFA), which involves several elements for validating the identity of users. While some organizations have concerns about MFA negatively impacting user experience, the technology provides an advanced level of protection that strengthens security.

Transport Layer Security is now implemented to secure over 80% of web traffic. The TLS protocol is used to encrypt data between a web browser and a website. While this is great for user privacy, it prevents institutions from inspecting all user traffic for threats. Transport Layer Security (TLS) Inspection has become a more common—and critical—security tactic for financial institutions. TLS inspection allows institutions to decrypt and inspect TLS traffic, so they can filter out malicious information and protect their network.

The increased adoption of endpoint security and other innovative technologies is making it easier for financial institutions to implement a layered approach to security. Safe Systems offers a wide range of security solutions to help community banks and credit unions incorporate multiple levels of protection to enhance their security posture.

11 Oct 2021

Banks, Compliance, Credit Unions, Security, Technology Jamie Davis 0 comment

What Financial Institutions Should Budget for in 2022

Many of us thought 2021 was going to be the downhill side of the pandemic. I recall working on a webinar presentation that we hosted last summer and including the words, “Now that the pandemic is behind us…” Obviously, I was overly optimistic. As we look ahead to 2022, we must acknowledge that the COVID-19 pandemic will continue to affect us to one degree or another. With that said, these budgeting ideas for 2022 may look somewhat similar to those for 2021, but there are slight variations based on current banking technology, compliance, and security issues.

1. Multifactor Authentication

Implement multifactor authentication (MFA) on all your email accounts wherever it is possible and appropriate. MFA can reduce the risk of having account credentials compromised by as much as 99.9%, making it one of the most effective measures you can use to protect your institution. There is typically a small cost for licensing and implementing MFA software. So, you can add MFA to your email accounts for a nominal cost and with minimal effort in most cases. If you are using Microsoft’s cloud email solution, for instance, implementing MFA can be as easy as changing a few minor settings. Another area to consider for MFA is logging into the domain account. There can be a cost associated with this as you will probably want to use a tool to help you manage the process. You can apply MFA only on accounts with administrator rights or on all users. But since many cybersecurity insurance companies are requiring MFA for accounts with administrator rights, using this stronger type of authentication might be your only option.

2. Laptops

With different variants of COVID-19 or other viruses popping up, remote work may still be an option for certain employees. Remote capabilities may even be necessary to keep the institution operating smoothly at times. Be sure you have the infrastructure in place for a partial remote workforce because the need could develop at any point. For this reason, you should consider providing laptops for all employees who could conceivably work from home. Start with those who need new devices. Then prioritize based on those doing the highest-level work necessary to keep the institution running. Laptops and encryption software, required for mobile devices, may cost slightly more but should not cause a huge increase in expenditures. In some cases, you may be able to reuse a desktop computer to replace an older workstation for an employee whose duties cannot be performed remotely.

And don’t forget… There is a chip shortage and high demand for laptops, which means it can take months to secure computers and other hardware. So, order any equipment you need well in advance to ensure you have the appropriate infrastructure in place to support staff that may need to work from home.

3. Moving to the Cloud

Having infrastructure in the cloud can be extremely beneficial, so slowly start moving your infrastructure to the cloud. Cloud infrastructure decreases the need for an employee to be onsite with the hardware, and cloud computing increases uptime. In addition, disaster recovery becomes easier and faster with cloud infrastructure. More than 90% of Fortune 500 companies are running at least some infrastructure in the cloud, primarily through Microsoft’s cloud computing platform: Azure. The cloud is the future of IT and infrastructure, and it makes sense for institutions that need reliable and resilient infrastructures. So, if you need to purchase a server next year, consider getting a quote for moving the server to the cloud instead.

4. Cloud Security

While the cloud offers plenty of advantages, it comes with settings, management tools, and security options that must be effectively configured and managed to ensure the highest level of security in the cloud. Cloud security is a concern for not only institutions with infrastructure in the cloud, but also for M365 Windows/Office licensees with OneDrive enabled, email in the cloud, or using Microsoft as an authentication mechanism with a third-party application. Earlier this year, the FDIC released a letter outlining the need to secure cloud configurations. Their cloud-security concerns are warranted. Safe Systems has worked with several institutions ranging from a hundred million in assets up to multibillion dollars in assets and found that almost every institution had gaps in their cloud security. Some institutions had indications of their email or user accounts being compromised; others had settings that could open the door to future compromises. Safe Systems worked closely with these institutions to develop an innovative M365 Security solution to address these issues with reports, alerts, and reviews. This unique product is specifically designed to help financial institutions manage their cloud setup now and in the future. In addition, it is a reasonably priced option for the substantial amount of value that it delivers. Institutions should reach out for a quote to determine if M365 Security could fit into their budget next year.

5. Virtual ISO

Another item to consider for your budget is virtual Information Security Officer or VISO services, which we also mentioned last year. These services have become increasingly popular as the landscape of information security has grown more extensive and complex. In many cases, institutions are finding it harder to keep up with the latest information security expectations, regulations, and trends. Safe Systems’ ISOversight service addresses this problem by combining applications for self-management with assistance from compliance experts to offer a VISO service at a competitive price. This type of service can be beneficial in many ways as it can provide structure, automation, accountability, assistance, and consistency throughout your information security program. It can also enable your institution to stay engaged, which is critical when an exam or audit occurs. VISO services, which vary in price depending on the work being performed by the third-party provider, are ideal for any institution with limited access to security expertise in-house.

6. Cybersecurity

You cannot have a conversation about budgets for next year without addressing the issue of cybersecurity. Consider this: Cyber-attacks are 300 times more likely to hit financial services firms than other companies, a recent Boston Consulting Group report indicates. Cyber-attacks continue to climb each year, with the global cybersecurity market expected to eclipse $300 billion by 2024, according to Global Insights. And cybersecurity has become even more precarious during the COVID-19 pandemic. The pandemic has created new opportunities for security breaches as the increase in remote work makes information security more challenging to manage. Unfortunately, institutions will need to increase their security layers and annual spending to address this issue. According to Computer Services Inc. (CSI), 59% of financial institutions will increase spending for cybersecurity this year.

In Conclusion

The threat to your institution’s data is as real today as it ever has been. Therefore, make sure you are applying these measures to strengthen your security:

Employee training to ensure adequate, effective, and safe practices
Perimeter protection to ensure the appropriate layers are enabled and all traffic is being handled correctly, including encrypted traffic
Advanced threat protection and logging to be able to identify how, if at all, malware or an intrusion created an incident
Backup and data redundancy to ensure ransomware cannot wipe out your data

Have a conversation with a security company you trust to ensure that, if you are the target of a ransomware attack, your business won’t sustain long-term damage. In other words, invest in cybersecurity now, so your institution won’t end up paying more later.

As you contemplate your budget for 2022, don’t just think about the items that others have put on your plate. Be sure to consider the changes that may have occurred at your institution—and the ones that may be coming—and have a plan to address these. All these changes can be exciting and make a major difference for your institution. But they can often be hard to get implemented if they are not budgeted for ahead of time.

10 Jun 2021

Banks, Compliance, Credit Unions, Security, Technology Christine Ray 0 comment

Technology, Compliance, and Security Best Practices – All in One Place

Resource Center

A few years have passed since we launched the Safe Systems online Resource Center, which provides community banks and credit unions access to a centralized knowledge base of materials that help you learn more about technology, compliance, and security best practices.

With a wide variety of content, ranging from videos to white papers to case studies, the Resource Center allows you to stay current with the latest trends and insights in the industry. For example, visit the Resource Center to view our latest webinar, infographic, or a short and timely blog. Come back often, as we add new content every week!

Just in case you missed our Resource Center reveal, or you would like a few more details on what it has to offer, please view the original blog post here.

08 Apr 2021

Why Security Solutions Fail and What Your Financial Institution Can Do to Stay Safe Featured Blog Image_Header Image

Banks, Credit Unions, Security Safe Systems 0 comment

Proven Security Solutions to Keep Your Financial Institution Safe from Cybersecurity Threats

Why Security Solutions Fail and What Your Financial Institution Can Do to Stay Safe Featured Blog Image_Header Image

Like many other professional industries, the financial sector of business was forced to work from home due to the COVID-19 pandemic. With an unprecedented number of employees still working remotely, now more than ever financial institutions are susceptible to a cyberattack. The increased threat of a security compromise has prompted financial institutions and other organizations across the country to increase their cybersecurity posture to help prevent a future attack.

In a recent post, Safe System’s guest blogger, Keith Haskett, president and CEO of Rebyc Security, discusses 5 reasons security solutions fail, such as lack of multi-factor authentication or improperly configured spam filtering and what you can do to keep your institution safe. In case you missed the full blog, view it here.

02 Apr 2021

Banks, Credit Unions, Security Brian Brannon 0 comment

Is Cybersecurity Your Weakest Link?

SKIP AHEAD:

Importance of Being Secure
Malware and Ransomware
Internet of Things (IoT) Attacks
Phishing Scams
Lack of Third-Party Vendor Security
Insider Threats
Lack of Employee Training and Security Expertise
Combating Security Threats and Ensuring Institution Security
Managing Security Needs

Is Cybersecurity Your Weakest Link?

The financial landscape has changed drastically in the last 20 years, one of the most notable changes being the variety of financial services now being offered online. Although the wide-spread use of internet has made it possible to receive financial guidance from anywhere in the world, it has also created an environment where sensitive information and data could potentially be compromised by cybercriminals.

Today, professional hackers are spending more time and money than ever before to gain access to personal information for both monetary gain and “professional” recognition. The sensitive information that the financial services industry has access to continues to make them a prime target for hackers and other cybercriminals. Attacks can range from malware threats, DDOS attacks, phishing attempts and data breaches – all of which bad actors can use to commit fraud themselves or sell to a third-party.

Importance of Being Secure

Cybercrime continues to be a growing problem for banks and credit unions across the country. The impact of a cybercrime can be very costly for a financial institution, both financially and from a reputational standpoint. The main risks include theft or unauthorized access to sensitive customer information along with the disruption of normal business operations.

In addition, as the number of security threats continues to increase in the financial services industry, regulators are taking a closer look at financial institutions’ policies and procedures to ensure that they can effectively safeguard confidential and non-public information. As an example, the Federal Financial Institutions Examination Council’s (FFIEC) Cybersecurity Assessment Tool (CAT) is designed to ensure financial institutions are prepared in the event of a cybersecurity attack. The FFIEC CAT is now the guide regulators are using to examine institutions and determine their level of cybersecurity preparedness.

Some of the most common security threats financial institutions face today include:

Malware and Ransomware

Ransomware has established itself as one of the leading cyber threats for many organizations, but especially financial institutions. Using ransomware technologies, hackers can gain complete access and control over legitimate websites, often by encrypting data or programs, and extort ransom payments from victims in exchange for restoring access to the individual or business. Malicious software, or “malware”, is no longer characterized by simple aggravating popups and sluggish computer performance, but rather the encryption of all data on a machine, rendering it unusable.

Internet of Things (IoT) Attacks

Unsecured Internet of Things (IoT) devices such as DVRs, home routers, printers and IP cameras are vulnerable to attack since they are not required to have the same level of security as computers. To breach a financial institution, attackers will target insecure devices to create a pathway to other systems. Unsecure IoT devices are also used to launch distributed denial-of-service attacks (DDoS) against institutions. These DDoS attacks prevent legitimate users from accessing computer systems, devices or other online resources. The perpetrator floods the victim’s machine or network with false requests from various sources to overload the system and prevent legitimate access. A well-executed attack can interrupt a host of banking services including website access, ATM networks, and online banking platforms, in addition to internal systems and functions.

Phishing Scams

Phishing scams that specifically target financial institutions’ employees, attempting to obtain sensitive information such as usernames and passwords, have become increasingly common within the last few years. The goal of phishing is to direct employees to a fraudulent website where they are asked to share login credentials and other personal information. The information that employees are tricked into providing then allow for cybercriminals to read a bank or credit union’s critical information, hack into the employee’s bank and social media accounts, send emails on an employees’ behalf, and gain access to internal documents and customer financial information.

Lack of Third-Party Vendor Security

While a financial institution might have the right security systems and policies in place to protect itself and its customers from a cyber-attack, its third-party providers may not have the same level of security and diligence. This creates a major vulnerability for the financial institution. Without a proactive approach to vendor management, financial institutions are opening themselves up to increased levels of risk that can have a negative impact on the institution’s financial standing, compliance posture and overall ability to serve its customers. Federal regulators have issued guidelines to help institutions better understand and manage the risks associated with outsourcing a bank activity to a service provider. The FFIEC IT Examination Handbook was revised to help guide banks to properly establish and maintain effective vendor and third-party management programs.

Insider Threats

Often, all it takes is a disgruntled employee or ex-employee to release valuable security information and compromise system and data security. Additionally, cybercriminals are increasingly realizing success through bribery as a means to entice bank employees to give up their login credentials or other security information, allowing direct access to internal systems.

Lack of Employee Training and Security Expertise

The COVID-19 pandemic has certainly brought its share of challenges to the financial sector of business, including increased network vulnerability and internal threats as employees transitioned to a remote work environment. These changes required cybersecurity personnel to change their online security baseline and continuously adapt to the changing IT security landscape. With the increased popularity of remote work, company IT staff are encouraging employees to take charge of their own online security through testing and training. The training includes topics like the importance of password security and multi-factor authentication and helps employees understand their roles and responsibilities in protecting against security threats. Until this learning gap is resolved, financial institutions will continue to struggle to efficiently manage cybersecurity threats.

Combating Security Threats and Ensuring Institution Security

While cybersecurity has become a major point of discussion among professionals within the financial industry, the truth is that many financial institutions are too complacent when it comes to protecting themselves. With hackers using advanced technology, the “bare minimum protection” is no longer enough to keep sensitive information safe. To adequately protect against security threats, financial institutions must ensure that every device on the network has up-to-date antivirus software, adequate firewall protections and that all patches are up-to-date as a minimum requirement. In addition, financial institutions should also employ a layered security strategy, from the end-user to the internet to establish a secure IT environment. Adding preventive, detective and responsive layers to IT security strategy will help strengthen an institution’s approach and build an effective security foundation.

A uniquely tailored layered security approach enables financial institutions to:

Monitor antivirus for servers, workstations, and off-site laptops
Use services that evaluate site lookups to avoid exposure to compromised websites
Scan the network for vulnerabilities and detect unusual activity against hackers and rogue employees
Block access to all external ports while also monitoring the access of various machines
Meet government regulations and requirements
Counter extortion threats by preventing a hacker from holding your customer’s personal data for ransom with special customized software for stopping ransomware
Patch machines, encrypt laptops, and install alerts on new devices plugged into the network

The security landscape is constantly evolving, and it is imperative to have a solid security plan in place that accounts for this evolution. It should be a fluid document that is frequently reviewed, updated and that specifically outlines administrative, technical, and physical controls that mitigate evolving risks. It is also important to test the full plan on a regular basis to ensure all procedures can be executed successfully and verify that all regulatory requirements are met.

Managing Security Needs

Many community banks and credit unions find that managing the security needs of their organization can be a time-consuming and challenging task. To help augment the security responsibilities, these institutions are turning to financial industry-specific IT and security service providers to act as an extension of their organization, provide timely support, and help the financial institution successfully design and execute a comprehensive security strategy. The right solution provider couples security measures with an understanding of and support for the unique security and compliance demands of the financial industry.

At Safe Systems, we believe that proactively protecting customer data will always be more cost effective than falling victim to malicious activity. To that end, we have the unique expertise to ensure that financial institutions employ the right combination of both broad and specific security products to create an ecosystem of protection. Safe Systems helps secure an organization’s endpoints, devices, and users by assessing vulnerabilities, detecting unwanted network activity, safeguarding against data loss, and preventing known threats while staying ahead of developing ones.

18 Mar 2021

Banks, Credit Unions, Security Jamie Davis 0 comment

Top Phishing Scams and Emerging Trends Your Bank or Credit Union Staff Should Be Aware of

Phishing—the practice of using fake emails and other schemes to obtain sensitive information or data, such as usernames, passwords, or credit card details—continues to be one of the most prevalent security threats today. This blog covers some of the top phishing scams, as well as some new trends, that banks and credit unions should know about, so they can better protect themselves.

Top Scams

One of the most widespread and potentially devastating types of phishing scams is “impersonation phishing,” according to the Q1 2021 Financial Crime Report by Feedzai, a data science company that prevents, detects, and remediates fraud risk for financial institutions. With this tactic, cybercriminals target people by a phone, text, or email claiming to be from a financial institution or government agency. The objective: Convince the potential victim to make some kind of payment, which will enable the culprit to access the person’s credit card or financial account. Or the impersonator might send a “Suspicious Account Activity”’ email from a financial institution, asking the targeted individual to log into their online account and verify a transaction. Then when the person logs in using the button or link provided in the email, the attack ensues.

Spear phishing is another common con that financial institutions should have on their radar. Almost two-thirds of all known groups carrying out targeted cyber attacks use spear-phishing emails, according to Symantec’s 2019 Internet Security Threat Report. Many of these attacks originate from hijacked business email accounts, and as a result, can be quite effective. The perpetrator normally already knows some information about the recipient, so the fake emails appear to be legitimate.

Clone phishing, a variation of spear phishing, involves the attacker recreating or cloning a legitimate and previously opened email with a new attachment or link included. The duplicated email is then sent with an infected attachment that can be used to control or steal information once clicked or downloaded.

Top Emerging Trends

A new approach that banks and credit unions should know about is “vishing” (or voice phishing). Cybercriminals are now using Voice over Internet Protocol (VoIP) platforms to launch vishing attacks against employees worldwide, the FBI warns. In these cases, vishers try to get users of VoIP platforms to pick up the phone and authenticate themselves on a phishing website designed to steal their credentials. Vishing scams have now evolved to the point where perpetrators are successfully faking caller IDs and pretending to be someone else.

We are also seeing phishing scammers modifying their basic tactics. Many are now sending emails that simply ask for “urgent attention” rather than payment transfers, which suggests they are altering their approach to bypass standard fraud-prevention methods. They’re also using strategies like the “Zombie Phish” which involves taking over an email account and responding to an old email conversation with a new phishing link. Additionally, phishers have started using shortened URLs, which have an easier time getting past filters and vigilant employees.

As an evasive strategy, attackers link potential victims to the websites of trusted cloud filesharing services like SharePoint and OneDrive. Consider this: More than 5,200 SharePoint phishing emails were reported in a 12-month period, along with almost 2,000 attacks involving OneDrive, according to Cofense Intelligence’s Q3 2020 Phishing Review. More advanced phishing campaigns are also employing unusual attachment types to elude the controls imposed by secure email gateways. For example, .iso files are being renamed to .img files to sneak malware through a gateway.

Ultimately, the best defense against phishing is human intelligence, so training employees to detect this type of fraud is essential. Financial institutions can also take advantage of third-party information security services to strengthen their security posture against phishing attacks. Safe Systems, a national provider of fully compliant IT and security services, is enabling institutions to win the cyber battle against phishing through a full spectrum of solutions specifically designed to help community banks and credit unions enhance their security posture.

11 Feb 2021

Banks, Credit Unions, Security Jordan Hendrix 0 comment

Using Advanced Firewall Features and Other Technologies to Strengthen Network Security

A traditional firewall can only do so much to protect a network against the invasive security threats that financial institutions are facing. Add to that, cybercriminals are becoming more sophisticated and creative with their schemes, meaning banks and credit unions need more advanced defensive measures in place.

Malware and other cyber threats have been steadily increasing—especially against financial institutions, which are 300 times more likely than other companies to be targeted by a cyberattack, according to research by Boston Consulting Group. Institutions can capitalize on next-generation firewall (NGFW) features and other advanced technologies to increase the likelihood of warding off attacks, including:

Antimalware Scanning

Malware is intentionally designed for a perverse purpose: to damage a computer, server, client, or computer network. To keep malware at bay, banks and credit unions can use antimalware to thoroughly scan their computer network and detect and remove malicious ransomware, spyware, and other software that might be lurking on the system. Taking this proactive step can help institutions keep their network from being damaged, disrupted or compromised and overall improve the delivery of their services in a safe and secure manner.

Dynamic Threat Feeds

Threat intelligence data feeds can provide institutions with constantly updated information about potential sources of attack. Industry-specific feeds deliver up-to-date information on the latest security threats in the banking industry. Dynamic threat feeds make it easy for institutions to permit “good” network traffic in and “bad” traffic out while ensuring critical processes continue to work.

Dynamic threat feeds, essentially, take valuable parts of the information related to establishing connections and find similarities within them to act on potential or current threats. A key type of threat intelligence feed that institutions can implement are GEO-IP threat feeds. With this technology, a bank can map an IP address to the geographic location of an Internet-connected computing device. Then, they can analyze the Geo-IP data to detect threats from high-risk locations to improve their security posture. This analysis can be accomplished with processing times equal to less than a few milliseconds.

Another effective threat feed that institutions can use is IBM X-Force Exchange. This cloud-based threat intelligence platform allows banks to consume, share, and act on a variety of threat intelligences. IBM X-Force enables users to quickly research the latest security threats, gather actionable intelligence, consult with experts, and collaborate with peers. They can also integrate other tools to facilitate configuring feeds, providing a major benefit for smaller institutions with fewer resources. With dynamic threat feeds, banks and credit unions can have greater peace of mind with their firewall and security posture.

TLS/SSL Inspection

NGFWs offer capabilities that go beyond traditional firewalls, including inspecting TLS/SSL encrypted traffic. TLS/SSL technology helps protect online traffic; it creates an encrypted link between a web server and browser, ensuring the privacy of the data being transmitted. TLS/SSL inspection is important because it allows firewalls to scrutinize this encrypted web traffic and close holes in security. These security gaps could be exploited by would-be cybercriminals who attempt to use encrypted traffic for malware to circumvent the firewall’s inspections.

TLS/SSL traffic inspection allows institutions to decrypt traffic, inspect the decrypted payload for threats, then re-encrypt the traffic before it enters or leaves the network. Such deep content inspection can better protect institutions from internal and external risks. This makes TLS/SSL inspection the ideal defensive weapon against menacing malware and other security issues.

Sandboxing

Sandboxing can also help institutions augment their network security efforts. Traditional firewalls evaluate traffic based on static factors like where it originated, it is destination going, and the port being used. However, these are no longer sufficient for combating modern security threats. Sandboxing—physically or virtually segmenting a system, network, or entire environment—creates a secure location to test and neutralize potential hazards. Having a safe space to “detonate” payloads for analysis results in less risk and damage to the production environment, and, ultimately, enhances network security.

For more information about using advanced firewall features and other technology to strengthen network security, read our “Improving Security Posture Through Next-Generation Firewall Features” white paper.

04 Feb 2021

Banks, Credit Unions, Security Greg Batore 0 comment

Does Your Financial Institution Have the Right Security Layers in Place to Combat Today’s Threats?

In 2020, 80 percent of firms experienced an increase in cyberattacks, and the pandemic was at the root of a 238-percent spike in attacks on banks, according to Fintech News. In a world of ever-increasing cyberattacks, does your bank or credit union have the appropriate security layers in place to effectively thwart these threats?

There are some proven, preemptive measures that financial institutions should take, including:

Effective Log Analysis

Logs record every activity and event that occurs on a network, providing valuable clues about potential performance, compliance, and security issues. But it can be challenging for an institution to analyze, manage, and tailor all the log data that it receives—which can exceed millions of lines in just a 24-hour period. Without sufficient data analysis tools, information technology (IT) professionals are severely limited. They have to depend on their own processing capabilities to manually analyze data, which can be a labor-intensive, mistake-prone task.

Effectively managing log analysis has become more problematic with shifts in the security landscape: the expansion of security features, increase in firewall complexity, rapid emergence of new security threats, and constant growth in endpoints. This creates a situation that no security team can effectively manage on its own without some level of automated log collection and analysis.

With this technology, firewall logs are sent to a device that deftly collects and interprets the data. Information is then displayed in a format that is more readable, searchable, and useful for security engineers. While this process can go a long way toward improving the gathering of raw data, institutions can do even more to enhance their log management by building in additional security layers through the automated threat identification.

Log analysis automation equips security professionals to more effectively receive alerts about current and possible threats. Many banks and credit unions have limited personnel and expertise available to analyze their vast amount of traffic logs manually. But automated log analysis allows institutions to maximize their resources by leveraging more advanced technologies, like artificial intelligence (AI), cloud-based computing, and big data to collect alerts more efficiently.

Improved Education and Continuous Improvement

Staff training and education are also an important aspect of solidifying an institution’s security posture, and institutions can employ a variety of tactics to ensure their employees are better able to interpret and respond to alerts. Bank tellers, loan officers, and administrative staff all benefit from informative seminars, brochures, and other learning opportunities. Information security operations personnel can improve simply by calling on experienced colleagues to share their expertise in a more informal exchange of information. These combined efforts can help institutions minimize the number of threats and manage their operations more efficiently on a daily basis.

Financial institutions must also commit to continuous improvement in regard to their firewall security. While enhancing log analysis is not an exact science, there is value in institutions asking targeted questions to help determine the need for specific enhancements to help ensure that the most actionable and best information is being presented to the individuals who need to review it.

Integrating Advanced Technologies

Additionally, banks and credit unions should leverage next-generation firewall (NGFW) features and other advanced technologies – like dynamic threat feeds – to optimize their security initiatives, helping ensure they allow “good” traffic in and keep “bad” traffic out while maintaining critical processes.

NGFWs also enable financial institutions to perform functions beyond that of a traditional firewall, including deeper inspections of transport layer security (TLS) and secure socket layer (SSL) encrypted traffic. The practice of “sandboxing” to physically or virtually segment a system, network, or entire environment creates a secure location to test and neutralize potential threats.

Learn more about how your institution can incorporate the right security layers to combat today’s threats by downloading our “Improving Security Posture Through Next-Generation Firewall Features” white paper.

31 Dec 2020

Banks, Credit Unions, Security Jamie Davis 0 comment

The Importance of a Layered Approach to Financial Institution Security: Best Practices in Leveraging Firewalls and Encryption

What You Need to Know About Securing Azure AD

Over the last decade, we have seen major advances in the world of online security, mainly with the development of firewalls and encrypted data options.

Safe Systems hosted a live webinar earlier this month discussing how firewalls, encryption and other online security measures work; why a layered security approach is best in all situations; possible threats to each security measure; and what your financial institution can do to keep your information secure and uncompromised. In case you missed it, here are a few key points from the webinar.

What are firewalls and how did we get to where we are today?

Firewalls became a necessity when banks and credit unions started connecting all of their computers to the same network that was then connected to the internet. Firewalls functioned as the first line of defense – but were nowhere near the caliber of defense we have available today.

When attacks started to occur, it put company computers and the data stored on them in a compromised position. A need arose to come up with appliances that were either in line with the firewall or were an additive to the firewall’s system. The new appliances included IDS/IPS systems, AV Gateways and Web filters – all of which added new layers of security to the firewall.

Today, the latest generation of firewalls, known as Next Generation Firewalls, combines earlier firewall models and offers multiple layers of protection as part of the firewall service. However, some of the additional layers may be included by default and some require extra licensing to take advantage of specific features.

What is the layered security approach and how do today’s firewalls implement that strategy?

What we have learned over the last several years is that security solutions may be incredibly strong in some regards but have gaping holes in others. A layered security approach assists in closing those gaps and lessens the potential risks for an online attack.

What is encryption, how does it work and what can we do better?

Encryption is another aspect of the layered security approach. The two encryption types highlighted in the webinar are Secure Socket Layer (SSL) and Transport Layer Security (TLS), and while they use different nomenclature, the two encryption types are essentially the same – TLS is just a slightly new version.

The goals of TLS:

Encrypt Data
Authentication
Data Integrity

In the last 5 years, there has been major growth in website encryption. It has expanded from being used only when a user types in their username and password to include approximately 90% of the most visited websites today encrypting all of their webpages.

Although having encrypted sites gives users a more secure experience, encryption has some unintended consequences. When traffic is encrypted between the website and the desktop browsing the site, the firewall cannot evaluate the traversing traffic. This means, in the past, a firewall could evaluate a large majority of web traffic. Now, the firewall can only evaluate about 10% of web traffic, because the rest is encrypted.

Bad actors have focused on these security holes and have built their malware to navigate encrypted traffic to get through the firewall and to the workstation. To fight this issue, TLS inspection can be implemented on a Next Generation Firewall to inspect the encrypted traffic passing through on a daily basis.

Today, with TLS inspection, firewalls can get back to inspecting a majority of web traffic farther than just 10% that isn’t encrypted today. This closes a major security gap many institutions may not even know they have.

What steps can you take to increase your online security?

Although there are several ways you can increase your level of online security, as of now, there is no software that guarantees you will not be compromised. However, in addition to encryption, you can take several steps to keep your online presence safe and secure.

A few of the steps you can take to fight malware are:

Anti-Malware Scanning – an anti-virus engine that came about in the Universal Threat Management (UTM) devices. Anti-malware is a software program designed to prevent, detect and remove malicious software on IT systems.
Sandbox Analysis Piece – an additive that enables a firewall to analyze a file and determine its risks level. If the file is determined to possibly be malicious, the file can be sent to the sandbox where the file can be detonated. If the file appears malicious after detonation, the file is blocked from being downloaded to the end user. If the sandbox determines the file is likely safe, the file is allowed to pass through the firewall to the end user for us.

To learn more ways to protect your institution, watch our recorded webinar, “Why You Shouldn’t Ignore Encryption.”

22 Dec 2020

Banks, Credit Unions, Security Brendan McGowan 0 comment

3 Top Security Threats Financial Institutions Must Defend Against

Security remains one of the primary areas of concern for community banks and credit unions, according to our recent sentiment survey and based on responses, the top three security threats that keep survey respondents up at night are cybersecurity, information security and ransomware.

Here’s a synopsis of each of these security categories as well as some proven best practices that can help institutions address them:

#1: Cybersecurity

Cybersecurity is a broad area for financial institutions to truly master, especial smaller community banks and credit unions with fewer resources to devote to defending themselves – something that National Credit Union Administration Chairman Rodney Hood has even acknowledged.
In today’s world, cybersecurity threats are ubiquitous, with cyberattacks 300 times more likely to hit financial services firms than other companies, according to a recent Boston Consulting Group report. However, banks and credit unions can take advantage of a number of resources to strengthen their security efforts. Two valuable tools include the Cybersecurity Assessment Tool (CAT) from the Federal Financial Institutions Examination Council (FFIEC) and the Automated Cybersecurity Examination Tool (ACET) from the NCUA.

Institutions can also capitalize on the National Institute of Standards and Technology (NIST) Cybersecurity Framework to address cybersecurity issues. Not only can the Cybersecurity Framework help institutions properly evaluate their defensive capabilities, but it provides policies and procedures that can help them identify and even resolve security issues.

#2: Information Security

The goal of information security is to prevent electronic and physical data from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction. More specifically, information security is a set of strategies for managing the processes, tools and policies that are necessary to defend data when it is being stored and transmitted between different machine or physical locations.

The three basic principles of information security are what are known as the “CIA” triad: Confidentiality, Integrity, and Availability. “Confidentiality” relates to being able to identify who is trying to access data and block attempts by unauthorized individuals. “Integrity” entails maintaining data in its correct state and preventing it from being improperly modified—either by accident or maliciously. “Availability,” like confidentiality, equates to ensuring data can only be accessed only by users with the proper permissions.

Today, institutions face a variety of threats to their data security, including breaches, malware, and deceptive phishing emails that trick victims into divulging their private information. These types of attacks can have a detrimental and long-lasting effect on companies, such as a loss of customers, reputation, revenues, and profits.

Financial institutions are common targets of malware, phishing scams, and data breaches. About 50 percent of all unique organizations impacted by “observed” phishing domains were from the financial services sector, according to Akamai Technologies’ 2019 State of the Internet/Security Financial Services Attack Economy Report.

As a defensive tactic, organizations should implement a layered approach to preventing information security threats. This means employing multiple security measures, policies, and procedures, from patch management to secure software development. However, people can be the first—and best—line of defense, so educating employees about potential cybersecurity threats is crucial.

#3: Ransomware

As the name implies, ransomware is malicious software that is designed to block access to a computer system until the victim pays a sum of money. The ransomware threatens to publish the data or deny access to it either temporarily or permanently.

Regardless of how the attack is initially perpetrated, ransomware presents a serious threat to all types of organizations. It typically begins when someone downloads a malicious email attachment or visits an infected website. The ruse is often undetectable, so most victims are not aware the data breach is happening—until it is too late. Unfortunately, ransomware is difficult to stop, and it can take a huge toll on consumers and organizations, causing frustration, disruption, data loss, and financial damage.

The problem with ransomware is that it is both widespread in nature and costly to address. And ransomware attacks—along with other cyber scams—began surging during the COVID-19 pandemic, according to the July 2020 McAfee COVID-19 Threat Report. A recent example is Ransomware-GVZ, which displays a note and demands payment in return for decrypting the company’s compromised computer systems and the data they contain.

Fortunately, there are actionable steps financial institutions can take to defend their data against ransomware attacks. Some of the most practical measures include keeping operating systems patched and maintaining up-to-date malware software to detect potential threats. Another good practice: keep files backed up, so the data can be replaced if a hacker ever holds it hostage. However, the time to implement defensive data security strategies is before a cyberattack happens.

For more insight about these top three security threats and best practices to defend against them, download our Top 10 Banking, Security, Technology and Compliance Concerns white paper.

10 Dec 2020

Banks, Credit Unions, Security Christine Ray 0 comment

Bank of Wrightsville Enhances Security a Next-Gen Firewall Solution

A firewall is a key defense measure to combat cyber threats and having the right firewall solution can provide financial institutions with top-rate protection to meet regulatory requirements as well as useful security tools to identify, analyze, and thwart malicious activity. But does your current firewall security meet these expectations and prepare your institution to scale and reach its IT strategic goals?

Challenge

Leesa Anderson, Chief Technology Officer at Bank of Wrightsville, wanted to ensure her institution had the right tools in place to ensure network security, meet compliance requirements, and keep banking operations running smoothly. After an IT audit and third-party vulnerability assessment, it was recommended for the bank to update its firewall to include Secure Sockets Layer (SSL) inspection. However, at the time, this feature was not available on the bank’s current firewall solution. The bank knew it needed to find a new firewall product to improve the bank’s security posture and meet regulatory expectations.

“We needed to have SSL inspection set up on our firewall solution, but our provider at the time wasn’t offering this capability,” said Anderson. “We began looking for a solution that met all of the basic requirements for firewall protection but also included more of the next-gen features that could help us be more proactive and stay ahead of the curve with our perimeter security.”

Solution

After attending Safe Systems’ user conference, Anderson decided to take a closer look at Safe Systems’ Managed Perimeter Defense (MPD) next-gen firewall solution. The solution deploys powerful machine learning algorithms, SSL inspection capabilities, advanced reporting, and alerts to help financial institutions detect and combat malicious activity on the network. After careful consideration, Anderson selected and implemented MPD as the bank was looking to enhance its network security and needed new hardware as well.

Managed Perimeter Defense has provided many benefits to Anderson and her team. Read the full case study to learn how this next-gen firewall solution transformed Bank of Wrightsville’s firewall security and improved its compliance posture.

03 Dec 2020

Banks, Credit Unions, Security Jordan Hendrix 0 comment

How to Improve Network Security With Cyber Threat Intelligence Feeds

While industry-specific threat intelligence feeds keep financial institutions up to date on the latest security threats in the banking industry, the sheer amount of information collected can be challenging for community banks and credit unions to process efficiently. In this blog post, we outline three key information-sharing organizations that community banks and credit unions should consider utilizing and offer a few tips to improve cybersecurity processes as well.

Types of Threat Intelligence Feeds

According to the Federal Financial Institution Examination Council’s (FFIEC) Cybersecurity Assessment Tool (CAT), it is important for financial institutions to have processes in place to effectively discover, analyze, and understand cyber threats. Implementing bank-specific threat intelligence feeds provides financial institutions with industry-specific security information needed to meet this requirement. Here are a few of the top threat intelligence feeds:

1. Geo-IP Threat Feed

IP-based geolocation is a mapping of an IP address to the geographic location of an Internet connected computing device. Financial institutions can use IP geolocation data to monitor threats from high-risk locations and use this data to strengthen their cybersecurity posture.

2. FS-ISAC

FS-ISAC is an information sharing organization designed specifically for financial services organizations and financial institutions. The organization leverages its intelligence platform, resiliency resources, and a trusted peer-to-peer network of experts to anticipate, mitigate and respond to cyberthreats.

3. IBM X-Force

IBM X-Force Exchange is a cloud-based threat intelligence platform that allows organizations to consume, share and act on threat intelligence. With this platform, you can quickly research the latest global security threats, collect actionable intelligence, consult with experts and collaborate with peers.

Strengthening Your Cybersecurity Posture

Regulators expect financial institutions to belong to an information sharing organization or utilize a crowdsourced security feed because they believe that if institutions can share threat information they’re seeing in the industry, then other financial institutions of similar size and complexity will know how to deal with new and emerging security threats. However, there are two key issues with this concept:

Financial institutions are receiving large amounts of information and don’t know what to do with it
Financial institutions are consuming threat information but are not sharing security threats they’ve encountered with their peers

For smaller financial institutions with limited resources, engaging with a knowledgeable third-party provider that has a solid methodology in place to analyze all of the data disseminated from threat intelligence feeds and filter the information to identify key threats can be a great benefit to the institution’s cybersecurity efforts. It is equally important for these institutions to share cybersecurity threats or incidents they’ve encountered with information sharing organizations to ensure other financial institutions are informed, strengthening the banking industry as a whole.

For more information on enhancing your cybersecurity posture, view our cybersecurity resources.

15 Oct 2020

Top 4 Security Solutions for a Layered Approach to Cyber Incident Response

Banks, Credit Unions, Security Brendan McGowan 0 comment

1. Network Firewall

We often reach for this tool when a financial institution is working to determine if one of their employees may have received a phishing email or clicked a malicious link. They want to know: who got the email; which user was an entry point for a piece of malware; or when did they connect to it? Relying on the memory of the user often doesn’t provide the detailed information needed to take action and find the true source of the problem. Logs, however, offer deeper insights. If we know the specific workstation or outside IP address, we can then look it up and decipher the entire transaction.

Firewalls, by their nature of design, generate a significant number of logs. The downside is that the sheer volume of logged content is very high and it’s difficult for any human to monitor and manage this amount of data effectively on their own without automated tools. Many community financial institutions are outsourcing firewall management to third-party providers that have created logging infrastructure just for the firewall to store the logs and make the data searchable and readable.

Antimalware - Top 4 Security Solutions for a Layered Approach to Cyber Incident Response

2. Endpoint: Antimalware

Antimalware and antivirus agent tools help financial institutions track down the precise point from which malware and viruses originated. Some of these have better logging capabilities than others, but many of them feature impressive investigative tools. We often reference this tool when a customer says: “I think someone might have opened an attachment they weren’t supposed to,” or “I think we might have some sort of infection that might be spreading, can you check it out for us?” With our antimalware tools, we’re able to track down exactly where it originated; who clicked what; and identify the actual origin point. The tool also enables us to break up the data and show a graphical representation of events.

Server Security Logs - Top 4 Security Solutions for a Layered Approach to Cyber Incident Response

3. Server Security Event Logs

Security event logs record user logins and network access. We reach for these tools when we get questions from customers wanting to know which user logged into a certain application or who may have access to information that they shouldn’t. One of the most important areas to monitor are administrative logging events. If a bad actor gets into your network and gains access to your active directory, they then have the proverbial “keys to the kingdom” with the ability to create accounts, or even worse, admin accounts. However, the one thing they can’t hide is all of the activity they’ve done on the network as long as you’re monitoring these logs.

IT personnel are required to have some mastery of security event logs on the servers and especially on domain controllers to meet examiner expectations, but it requires expertise and research to understand which events are important. For example, with each new version of Windows comes a new set of alerts and often, alerts that were important in a previous version get replaced by something new. This is very challenging to manage along with other important IT activities. Working with a third-party provider can help you stay on top of the latest Windows updates and emerging threats with alerts and reports to proactively monitor the network and effectively thwart attacks.

Cloud - Top 4 Security Solutions for a Layered Approach to Cyber Incident Response

4. Cloud – O365

Most financial institutions use Microsoft O365, but they may not be taking full advantage of all the capabilities it has to offer as there is a host of fantastic logging and audit capabilities that are not turned on by default. So, if you’re an O365 subscriber, you need to review all security settings and make sure you have them turned on.

At Safe Systems, we do this when we onboard customers to our managed O365 offering to protect against e-mail-borne threats. A few key items we make sure our customers are monitoring include:

Email Forwarding – IT admins should make sure that user mailboxes don’t have forwarders set up that point to any other mailbox, especially not an external email address. Without multi-factor authentication turned on, bad actors can access your mailbox; set up forwarding; and monitor correspondence between you and a customer undetected.
Delegated Permissions – IT admins should also check delegated permissions to look for unauthorized access to employee mailboxes. Bad actors often use this tactic to spy on email communications between financial institution staff and customers.

We encourage all financial institutions to implement these four tools for cyber incident response and make sure you understand how to collect important logging information to have conclusive evidence right when you need it.

For more information, watch our recorded webinar, “Not If, But When: Best Practices for Cyber Incident Response.”

01 Oct 2020

Banks, Compliance, Credit Unions, Security, Technology Jamie Davis 0 comment

After a Year Unlike Any Other, What Community Banks and Credit Unions Should Budget for in 2021

In 2020 we’ve learned a lot about ourselves, and whether the general population realizes it or not, they have learned a lot about something often relegated just to banking: Risk Tolerance. And with that in mind, here are seven key items that your institution should consider while budgeting for 2021:

1. Laptops

Supply is down, demand is up, so from a pricing standpoint, you are unlikely to find great deals on laptops, but their portability has been a key component to companies and employees being successful during the pandemic. Remote work is a great option for employees who do not need face-to-face interactions with customers or members, but not every department can work successfully outside of the main office or branch.

When planning for next year, each position in the institution needs to be evaluated, if it hasn’t already, to determine the ability and effectiveness of remote working. When possible, consider having remote employees use a company laptop going forward. In a recent Safe Systems survey of community financial institutions, 1/3 of respondents have already decided that they will be purchasing more laptops this year.

2. Hardware Management Software

How many of the controls you use to secure your institution’s devices require the device to physically be in the office? As the work environment changes and more people make the shift to working from home offices, your current controls need to be evaluated to ensure they work just as effectively outside of the branch. For years, the push for “agentless” controls has been popular, but many of these controls assumed the office was a well-defined building where all devices used the financial institution’s network. As the home office becomes the new standard for many banks and credit unions, the need for agent-based controls is greater than ever. Controls/security measures are no longer effective if they require the device to be on premise.

3. Business Continuity Plan (BCP) Update

Having an updated pandemic plan as part of your BCP is still likely a need for many institutions. Because it has been more than a century since a full-scale pandemic hit the U.S., many of the assumptions and concepts that pandemic plans were based on have proven to be incorrect. For instance, many plans outlined operational changes based on only 50% staff for just a week or two. Much of the concern before 2020 was making sure staff members were properly cross trained in the event key individuals were unavailable for days or perhaps a few weeks. While this is still very important, it represents only a tiny portion of truly being ready for a pandemic.

Pandemic plans often did not address managing operations for a long duration or important measures like social distancing, security measures, consumer access, etc. Financial institutions must take a hard look at key lessons learned so far during the COVID-19 pandemic and update their plans accordingly.

4. Moving to the Cloud

Recognizing that having employees working outside of the office is a real possibility moving forward, investing in new servers and putting them in offices is becoming an antiquated idea. The cloud provides a level of redundancy, scalability, and accessibility that cannot be matched by buying a single server. It also means no one has to be in the office to manage the infrastructure. As servers need to be replaced, banks and credit unions should seriously consider the process of moving to the cloud.

5. Client Experience

One question every institution should be asking itself is: “how can we better enhance the customer experience?” While IT is usually seen as a cost center, the events of the past year may have opened a door for IT to step up and offer solutions that directly affect the customer experience. The pandemic has forced many people, some maybe for the first time, to adopt digital banking solutions. If IT can offer specific tools and/or insight into how to improve the customer experience, this may be the opening that IT has hoped for to secure a “seat at the table” among their institution’s leadership.

6. Cybersecurity

Garmin, the GPS and active wear company, reportedly paid $10 million in 2020 to counter a ransomware attack. Their customers were without the services for over a week while Garmin’s data was held hostage. All of the information about their case is not available yet, but the sad reality is that they likely could have prevented the entire situation with just a few technology solutions and security settings being implemented correctly. The threat to your data is as real today as it ever has been. Be sure to have a conversation with a security company you trust to ensure that even if you are the target of a ransomware attack, it won’t be able to hurt your business long-term. Invest in cybersecurity now, so that your institution won’t end up paying much more later.

Consider this: Cyber-attacks are 300 times more likely to hit financial services firms than other companies, according to a recent Boston Consulting Group report, and cyber-attacks continue to climb each year, with the global cybersecurity market expected to eclipse $300 billion by 2024, according to Global Insights.

Unfortunately spend and layers of protection most likely need to increase annually to address this issue.

Employee training – to ensure adequate and effective
Perimeter protection – to ensure the appropriate layers are enabled and all traffic is being handled correctly including encrypted traffic
Advance threat protection and logging – to be able to identify how, if at all, malware or an intrusion created an incident
Backup and data redundancy – to ensure ransomware can’t wipe out your data

Per Computer Services, Inc (CSI), 59% of financial institutions will increase spending for cybersecurity this year.

7. ISO

With the increase in responsibilities of the Information Security Officer and the focus on separation/segregation of duties, there has been an uptick in the number of institutions looking for virtual ISO (VISO)-type solutions. These solutions can help by taking some level of burden off of internal resources, provide staff with templates or toolsets when needed, and oversight to ensure nothing is falling through the cracks.

For 2021, there are a lot of things to consider. One focus should be to look at the changes your institution had to make because of the pandemic and what changes you should consider making in the future to improve cybersecurity, information security, and as always, your customers’ and members’ experience.

09 Sep 2020

Banks, Credit Unions, Security Keith Haskett 0 comment

Why Security Solutions Fail and What Your Financial Institution Can Do to Stay Safe

Why Security Solutions Fail and What Your Financial Institution Can Do to Stay Safe Featured Blog Image_Header Image

From the beginning of the pandemic, the financial sector has seen a rising number of security threats. With more employees working remotely and increasing their online activity, cybercriminals are finding success using attacks like phishing and social engineering to take advantage during these uncertain times. These attacks have prompted financial institutions and other organizations to improve their cybersecurity posture and protect against future attacks.

Financial institutions make significant investments to protect their networks especially as their workforce has turned to digital channels for remote work. However, there are a few additional security measures that often get overlooked.

In this blog post, we discuss 5 reasons why security solutions fail and what you can do to keep your institution safe and combat malicious attacks.

Improperly configured spam filtering/web filtering solutions

Every financial institution uses some form of spam filtering and web filtering solutions. However, IT personnel often set these solutions up, configure them, and then may not test them again, which creates vulnerabilities over time. Financial institutions must check to make sure these solutions are configured properly and understand all of the security features available to them to use these tools at full capacity.

Lack of multi-factor authentication for ALL accounts

Multifactor authentication (MFA) is crucial for financial institutions to protect against unauthorized access to the network and email accounts. In fact, a report from Microsoft has determined that 99.9% of account compromises can be blocked with MFA, but the overall adoption rate remains low.

Financial institutions often experience difficulties implementing an MFA program for their staff because it can be a time-consuming project and often requires staff to use their own personal devices. It is important to understand the different types of MFA solutions available and identify the one that works best for your staff. While there is variance among MFA solutions in terms of strength and security, having at least some form of MFA greatly enhances your security posture.

Lack of security coverage enterprise-wide

Not just IT, but everyone within the organization, should be practicing cybersecurity best practices to keep the network safe. Employees are often the weakest link when it comes to security and cybercriminals prey on these individuals to gain access to non-public information. Without proper training, your staff may not have the skills and awareness to spot security threats and handle them in the appropriate manner. Investing in security awareness training can provide them with the knowledge and expertise to combat malicious threats and ensure that the entire enterprise is working towards this goal.

Accessing external resources (Gmail/Dropbox)

When employees use external resources like Google Drive or Dropbox for file sharing, it can be difficult for IT personnel to control “what” data is going “where.” Cybercriminals are also using these file sharing tools to trick users into clicking links to fake websites to steal login credentials and then slip by corporate security protections.

To mitigate these issues, financial institutions can use credential theft protection tools to block usernames and passwords from leaving the organization. Even if a user fails to recognize the threat, these tools provide protection on the backend to keep the information safe.

Utilizing corporate resources remotely

With many employees working from home during the pandemic, financial institutions must take extra care to ensure the network is protected. It is important to understand how employees are connecting to the network; what devices they are using; and ensure that those devices are secured. Some employees may be using personal devices or public Wi-Fi to access the network. These are high risk behaviors that can have detrimental impact on the institutions if attackers are able to exploit vulnerabilities through these entry points.

As employees continue to work remotely, they should be using corporate devices; avoiding public Wi-Fi; and accessing the network through a virtual private network or another secure remote access device. Ultimately, it will be staff’s ability to reference remote access policies and practice appropriate cyber hygiene on remote devices that helps keep their institution secure.

Keith Haskett is the president and CEO of Rebyc Security and is responsible for executing their strategic plan. After several years leading the Risk and Information Security Consulting Services practice at CSI, he co-founded Rebyc to deliver offensive security solutions customized to meet the needs of the highly regulated, financial services industry. His teams have delivered over 2,000 engagements to financial institutions nationwide.

For more information on protecting your institution from security threats, view Rebyc Security’s recent blogs.

04 Aug 2020

Banks, Credit Unions, Security Brian Brannon 0 comment

Maintaining Information Security to Combat Cyber Attacks

As banks and credit unions continue to work to keep all employees and customers/members safe during the pandemic, information security should be a top priority. Because many businesses and consumers have shifted towards digital channels, threat actors have launched a new wave of attacks specifically targeting financial institutions and other financial activities. According to VMware Carbon Black, attacks against the financial sector increased 238% globally from the beginning of February to the end of April. Protecting your institution’s nonpublic personal information is critical as we continue to move forward in a heightened security threat landscape. Here are a few things to keep in mind:

CIA of Information Security

Information security focuses on ensuring the Confidentiality, Integrity, and Availability of virtually all forms of information. It involves protecting digital and physical data from unauthorized access, use, disclosure, disruption, modification, inspection, recording, or destruction. Some of the most serious—and alarming—threats to information security are data breaches, malware, and phishing.

Data Breaches

With data breaches, sensitive, confidential, or otherwise protected information is accessed or inappropriately disclosed. The negative impact of such a breach can result in diminished customer loyalty, a tarnished brand image, and loss revenues and profits. These adverse effects can last for years—with some companies never recovering.

Malware

Malware is any piece of software that was written with the intent of damaging devices and/or stealing data. There are many different types of malware including, viruses, trojans, spyware, and ransomware. Fintech holds a special interest from the malware community-at-large. According to cyber threat intelligence company Intsights, 25 percent of all malware targets financial institutions.

Phishing

With phishing, cyber attackers use fraudulent emails and websites to solicit people’s credit card numbers, passwords, account data, and other personal information. Financial institutions are common targets of phishing scams that are engineered to trick victims into disclosing their information.

Best Practices for Information Security

Security threats can affect financial institutions through numerous weaknesses. So institutions should take a layered approach by using a combination of security measures, policies, and procedures. According to the FFIEC IT Handbook’s Information Security booklet, common layers in security controls should include:

Patch management
Asset and configuration management
Vulnerability scanning and penetration testing
Endpoint security
Resilience controls
Logging and monitoring

However, since humans are often considered to be the first—and best—line of defense for preventing cyber-attacks, employees need to receive the proper education and training on the latest scams and techniques. By teaching staff how to detect suspicious emails, links, and websites, financial institutions can significantly strengthen their security and avoid unnecessary trouble. The more user training an institution provides, the lower the success rate of phishing attacks against that institution. Ultimately, an institution’s approach to security will depend on the assets it is protecting, along with its unique vulnerabilities, operation, and strategic objectives.

For more information, download our complimentary white paper, “Top 10 Banking Security, Technology, and Compliance Concerns.”

23 Jul 2020

Banks, Credit Unions, Security Marshall Jones 0 comment

Securing Microsoft 365: Using Multifactor Authentication to Combat Business Email Compromise

Securing Microsoft 365

In today’s security landscape, business email compromise (BEC) is one of the most prolific online crimes, and these attacks are often aimed at financial institutions. In a BEC scam, cybercriminals send email messages to bank staff that looks like a legitimate request in an attempt to gain access to non-public information. To mitigate this threat, community banks and credit unions should take advantage of the security settings offered in Microsoft 365.

Microsoft has multiple service offerings to secure against all kinds of attack vectors. However, the easiest security setting financial institutions often overlook is multifactor authentication (MFA), which requires more than one method of authentication to verify a user’s identity for a login or other transaction. The methods typically include something you know (pin); something you have (phone) and/or something you are (biometrics).

Microsoft’s analysis has determined that 99.9% of account compromises can be blocked with MFA, but the overall adoption rate is only 46%. Why is this the case? Financial institutions run into two key pain points that prevent them from implementing MFA:

1. Time

Many IT administrators are tasked with having to set up their users on MFA, and simply don’t have the resources to do this all on their own. Let’s face it, this can be a time-consuming task to complete in addition to the other daily IT activities IT admins have on their plate. One option is to identify who your early adopters will be and let them become technology champions. This can be branch managers or team leads across your locations that can offer assistance to less experienced users. Another option is to work with a third-party provider that can handle the implementation process, enabling IT staff to work on more pressing tasks for the institution.

2. Bring Your Own Device (BYOD)

Most organizations have a BYOD policy in place, but it is normally in regard to accessing company resources, like email, teams or SharePoint where it is clear that the user is attempting to access company data for business-related activity. However, employee-owned devices can make MFA trickier to navigate since IT administrators may find themselves in a position where they are asking users to complete the MFA process on a personal device in order to access these company resources. Regardless, when MFA is added to the BYOD policy, it can effectively make BYOD safer.

MFA Options to Fit Your Institution’s Needs
There are many MFA options and some of them do not require the use of a personal device to verify a user’s identity. Many employees do not like the idea of having to install a mobile app on their phone, but they have no issues with an occasional text message or phone call. When implementing MFA for your institution, the best thing you can do for your users is to go over all of the available options and highlight the option your institution prefers them to use. For instance, when setting up MFA for our customers, we recommend the Microsoft Authenticator App.

Here are a few options to consider:

Microsoft Authenticator App – A user will use a one-time passcode or simply approve logins using the free Microsoft Authenticator app.
Call to Phone – This option is for landline phones. If your employees have a direct line, this is a good option to try. If the user does not have a direct line, keep in mind you would have to work out a procedural system for whoever is answering the phone to give the MFA information to the intended target.
Text message to phone – Sends a text message to the user’s mobile phone number containing a one-time code whenever you sign in from a new device.
Notification through desktop – Allows users to have MFA one-time passcode generation on their work desktop which helps to avoid use of personal devices.
Verification code from hardware token –User uses a one-time passcode generated from a hardware token. Microsoft provides the technology to implement this method, but you have to buy the hardware tokens and manage them. This is the only MFA method that comes with direct costs.

Not all MFA options are the same in terms of strength of security. However, your overall security posture is still enhanced by enabling MFA with any of these options. MFA is a low-cost option that protects your financial institution from cyber-attacks and other malicious activity. If you’re interested in implementing MFA for your financial institution, please reach out to Safe Systems to find an option that fits best with your institution’s unique needs.

27 Mar 2020

Banks, Compliance, Credit Unions, Security, Technology Jamie Davis 0 comment

Facing a Pandemic: What Community Banks and Credit Unions Should Do to Combat COVID-19

What Community Banks and Credit Unions Should Do to Combat COVID-19

As the Coronavirus pandemic continues to rise throughout the world, it is important for community banks and credit unions to effectively carry out their pandemic plans to stop the spread of the virus and implement alternative ways to serve customers or members during this critical time. Safe Systems held a webinar last week covering five things all community banks and credit unions need to do during a pandemic. In this blog, we’ll cover a few of the key points from the webinar.

Pandemic Testing

According to the Federal Financial Institution Examination Council (FFIEC) guidelines, financial institutions need to have a “testing program designed to validate the effectiveness of the facilities, systems, and procedures identified” in their business continuity plan. In a pandemic, it is the people who are affected more than the facilities, so your systems and processes become more impacted than anything else.

A preventative program has to address:

Monitoring outbreaks
Educating and providing appropriate hygiene training and tools to employees
Communicating with customers and members
Coordinating with critical providers and suppliers

With the pandemic already underway, it can feel counterproductive to conduct a pandemic test for your financial institution. However, we’ve found it’s never too late to test and improve your pandemic plan, even in the midst of a crisis. Make sure you are validating your succession plan and cross training measures by purposely excluding certain key individuals from actively participating in the testing exercises you conduct for your institution. During a pandemic, important individuals may not be in the branch or available every day, so it’s important that you test your plan to make sure the institution can still operate efficiently.

Social Distancing

Social distancing is a term that’s come out of this global pandemic to stop the spread of the virus. The Center for Disease Control (CDC) states that individuals should keep a six-foot minimum distance from others to limit the spread of the virus, but how does this impact the way your financial institution does business? Think of how your teller line, customer service areas, lending offices, etc. are set up. For these more personal, face-to-face interactions, it is important for you to change the location set up to ensure the 6-foot distance is achieved to protect both the customer and employee. Here are some tips from the American Bankers Association® to consider:

Require non-customer facing personnel work from home and try limiting interactions of personnel as much as possible in offices.
Have staff sign in when they arrive and leave.
Designate times for “at risk” customers (because of age or condition) to visit the lobby when no others are allowed.
Make loans or open new accounts by appointment only. When you close a lobby, designate one drive-thru for business customers and one for consumers, as their transactions are very different and differentiating the two can help speed transactions.
Keep your messaging positive. Don’t not use the word “Closed” on your door or website; instead use “Appointments Available.” Remind customers that banks are never truly closed, thanks to online and digital platforms that provide customers with 24/7 access to their accounts.

We are posting tips, resources, and FAQs from ABA, FDIC, NCUA, and our own Safe Systems’ experts on the homepage of our website.

Security in Social Distancing

For employees that are able to work from home, providing resources for working outside of the institution is another great option to keep staff and the public protected. If your staff members are working from home, here are a few things to consider to ensure the institution maintains both security and productivity.

Do your employees have enough bandwidth at home?
Do you have a dedicated VPN device?
Do you have a firewall to allow this connection?
Can the firewall/device handle the number of devices actively connecting remotely at one time?
Do you have enough licenses (if needed) for each user to connect remotely?

When your staff is working from home, you still must worry about security. You will need to decide how they connect to your network, what device they use, and how that device is secured. For instance, if you are allowing an employee to use their personal computer, then reference your remote access policy. It should include rules for the appropriate cyber hygiene of the remote device (patching, antimalware, etc.), and should be signed by the end-user. OpenDNS offers free security options for DNS lookups on home computers, which is also a good consideration should you need to update or create a home PC access policy and requirements. You may also require multi-factor authentication as an additional precaution to keep the network secure.

Financial institutions provide critical services to their communities and must be able to support customers and have alternate ways of doing business during a pandemic.

If you would like to gain more insights on COVID-19 and listen to a brief Q&A from our compliance team and information security officer, download our recorded webinar, “5 Things Community Banks and Credit Unions Need to do During a pandemic.”

As many community banks and credit unions are still formulating their responses to the pandemic, we’d like to collect and share what steps financial institutions are actively taking to protect employees and customers while maintaining business operations. Please take a few minutes to complete this survey and tell us how your institution is responding to the novel coronavirus (COVID-19) pandemic.

How are you responding to the Pandemic? Take the Quiz

10 Feb 2020

Banks, Compliance, Credit Unions, Security, Technology Christine Ray 0 comment

The Value of User Conferences for Banks and Credit Unions

The Value of User Conferences For Banks and Credit Unions

As the financial services industry has become more technology-driven and more complex operationally, user conferences have become key events along with industry association conferences. By providing a venue for banking professionals to collaborate directly with their technology providers and other peer institutions, user conferences represent a proven way for banks and credit unions to extend the ROI of their technology investments. Examiners and auditors recognize the importance of participation in these events and many now expect attendance to gain industry knowledge and strengthen existing vendor relationships.

Regulatory Expectations – Vendor Management

Examiners are increasingly focused on how a financial institution manages their vendors. According to the Federal Financial Institutions Examination Council (FFIEC) IT Examination Handbook, “User groups are another mechanism financial institutions can use to monitor and influence their service provider. User groups can participate and influence service provider testing (i.e., security, disaster recovery, and systems) as well as promote client issues. Independent user groups can monitor and influence a service provider better than its individual clients. Collectively, the group will constitute a significant portion of the service provider’s business. User groups offer advantages to both the service provider and the serviced institution by allowing customers to discuss and prioritize their concerns…service providers should obtain customer feedback though user groups or customer surveys.”

In addition to effective vendor management requirements, the FFIEC also requires employees of financial institutions to participate in ongoing education and technical expertise to remain in compliance.

Educational Benefits of a Users’ Conference

Regulatory and compliance issues aside, user conferences offer a host of benefits to participating banks and credit unions, such as:

Classroom Training

Well-designed webinars or online training sessions are great resources, but focused, in-person learning, and networking allows attendees to remain current on the latest technology solutions and enhancements, industry developments, and specific products and functionality that your vendor is working on. The opportunity to learn first-hand from industry and subject matter experts, as well as share your own experiences and expertise, really should not be underestimated.
User conference learning opportunities often consist of:

Basic and advanced workshops or sessions
Issue-focused roundtable discussions
Networking opportunities with peers
Software demonstrations
Professional development courses
Hands-on training and consultations with vendors

Best Practices

Many find the greatest value in user conference participation through peer discussions and open Q&A sessions on best practices. These sessions give customers access to some of the best information and insight on how other institutions are utilizing the vendor’s solutions to solve problems and drive efficiencies and profitability.

Networking

We know from experience that peer groups serve as the perfect environment to share and exchange ideas, concerns, successes and failures tied to the industry. Many community banks and credit unions share the same worries about technology, compliance, security, and business issues. These events provide a venue for you to hear others’ experiences and tap into their knowledge, providing you the opportunity to make industry friends and gain a trusted group of individuals you can rely on in the future.

The Safe Systems National Customer User Conference, NetConnect™, is less than a month away. This event will bring Safe Systems’ employees and strategic partners together with a variety of banking professionals representing technology, compliance, operations and management roles.

We understand the value of user conferences and we use that opportunity to meet with a selection of customers (Customer Advisory Board) to discuss existing and new products and services that will meet their future business goals.

If you’ve never been to a user conference, don’t take our word for it. Here’s what a few of our customers have said:

“Every time I attend, I come away with knowledge and information that can help me do a better job in my organization.”

“It was good to hear feedback from other bankers about Safe Systems as well as make connections and contacts.”

“This is the best opportunity to get a pulse on exactly what’s happening in the IT Banker’s world.”

09 Jan 2020

Top Bank Technology, Security, and Compliance Concerns in 2020

Banks, Compliance, Credit Unions, Security, Technology Darren Bridges 0 comment

Less Worrying. More Banking.™ Top Banking Technology, Security, and Compliance Concerns in 2020

Top Banking Technology, Security, and Compliance Concerns in 2020

The constant evolution of technology, the ever-changing compliance landscape, and increased security threats have fundamentally changed the way financial institutions operate today and the key concerns they are facing on a daily basis. In our 26 years of experience serving the community banking industry, we have not seen a more difficult landscape for our clients to navigate.

The risks associated with security, compliance and technology have never been more challenging than they are today. As the responsibilities of community financial institutions continue to grow and evolve, it is not uncommon to worry about limited resources, keeping up with new technologies, or simply maintaining a competitive advantage in the industry. We believe that all financial institutions, regardless of size and location, should be able to leverage the best technology solutions available so they can focus on serving the financial needs of their communities. It is our mission to provide peace of mind and value for our customers in these areas so banking professionals can get back to doing what they do best and spend less time worrying.

Through the years we have developed and offered compliance centric IT services designed exclusively for community banks and credit unions, ensuring that they are kept up to date on the current technologies, security risks, regulatory changes, and FFIEC guidelines. We strive to listen to our customers to ensure our solutions continue to support the changing needs of the industry and meet their expectations in addressing key concerns. We recently surveyed a group of our community bank and credit union customers to gain a better understanding of the top worries and concerns they have for 2020 as they relate to technology, compliance and security. Through that survey we uncovered the following:

Technology Challenges

Financial institutions of all sizes continue to depend on their IT network infrastructure and technology solutions for nearly all functions of the institution, which makes it crucial that all solutions work efficiently. While community banks and credit unions have been utilizing technology for quite some time now, they continue to face certain technology challenges heading into 2020. According to survey respondents, the expense of technology solutions, keeping up with rapid changes, and truly understanding the technology solutions are top concerns. In addition, many continue to struggle with network management and connectivity, patch management, and training employees on IT solutions.

Compliance

While banks and credit unions have adjusted to the frequent and strenuous regulatory reviews, they continue to struggle with meeting examiner expectations across critical areas such as vendor management, business continuity planning, and risk management and assessment. In addition, many struggle with adequately defining the requirements of the Information Security Officer (ISO), as this role has become more involved and the expertise needed has grown. The ISO has one of the most crucial roles in a financial institution. In fact, it is one of the few positions that are required by guidance. The FFIEC covers various issues related to information security in great detail, including the expectations and requirements for the ISO. According to the FFIEC IT Examination Handbook’s Information Security booklet, financial institutions should have at least one person who is dedicated to serving as an in-house ISO.

Security

Over the past several years, the industry has been impacted by a marked increase in data breaches, ransomware, card fraud and other malicious attacks. Additionally, an increase in devices connected to networks has made it critical for financial institutions to strengthen their security strategies and policies and ensure all systems are up to date and able to effectively combat today’s threats. Cybersecurity-related attacks on the financial sector continue to increase at an alarming rate, making cybersecurity a top area of concern for financial institutions. Additional areas of concern include ransomware, phishing, malware, disaster recovery, and network security.

Managing these challenges alone can be a daunting task to undertake. As a trusted resource for financial IT and regulatory support, Safe Systems is here to serve as a true extension of your team, providing you with access to technology professionals who are specifically trained in the banking industry. Safe Systems offers cost effective solutions such as IT support and managed services, internal network/cloud design and installation, hosted email, business continuity and disaster recovery, compliance consulting, security services, and IT and compliance training. Our services help financial institutions significantly decrease costs, increase performance, and improve compliance posture.

Let us help you get back to what you do best. Less worrying. More banking.™

05 Dec 2019

Banks, Compliance, Credit Unions, Security, Technology Jamie Davis 0 comment

How to Maintain Bank Compliance and Security During the Holiday Season

The holiday season is in full swing, which means many employees are heading out of the office to enjoy some vacation time. However, just because it’s the holiday season, it doesn’t mean that cybercriminals are taking time off. Cybersecurity attacks continue to increase and are becoming more sophisticated. Institutions are expected to maintain bank compliance with regulatory guidelines and ensure all technology assets are working properly so operations continue to run smoothly during the holidays.

This can be a challenging time for many community banks and credit unions that have a small staff and rely on key individuals to make sure all activities related to technology, compliance, security, and regulatory requirements are taken care of. Today’s community financial institution relies on the IT department to maintain its hardware and software and to ensure all systems are available when needed. The department is also responsible for monitoring an array of ongoing IT concerns like anti-malware, cybersecurity issues, service-related touch points, compliance updates, and email security, to name just a few. So, what happens when the people responsible for these crucial aspects of the institution go on vacation?

Partner Up

Many financial institutions are turning to an industry-specific managed services provider to act as an extension of their organization and help augment internal technology and compliance resources and responsibilities. The right managed services provider, who is familiar with the banking industry, can serve as a true partner and work alongside current staff to provide timely support, and manage the technology, security, and regulatory compliance aspects for the institution.

A managed services provider can help automate and manage many of the administrative functions that normally fall to the technology or compliance department, making it less daunting for employees to get away. In addition, while this not only saves time and improves efficiencies, it also helps the bank or credit union extend its support hours beyond the traditional 9 to 5 retail hours, which is key for IT departments with limited staff.

Managing IT resources, bank compliance-related issues and combatting cybercrime are some of the greatest challenges and concerns for financial institutions today. When IT and security staff are out or unavailable, outsourcing these processes helps fill the personnel gap and provides added stability for the institution and peace of mind to all.

What To Do When Your Bank’s IT Administrator Leaves (Checklist)

10 Oct 2019

Banks, Compliance, Credit Unions, Security, Technology Jamie Davis 0 comment

5 Things Community Banks and Credit Unions Should Budget for in 2020

The final months of the year signal the beginning of many traditions. For community banks and credit unions, the Fall marks the start of budget season. Financial institutions use this time to assess the year’s performance, make necessary adjustments—or full upgrades—for 2020 and beyond.

As you know, technology and security are constantly evolving, and compliance continues to be a moving target, so it’s time to consider important areas your institution needs to budget for in the next year. To ensure that your institution heads into 2020 on an upward trajectory, here are five key items to include on your list.

Hardware

Every year hardware should be evaluated to see if it is under warranty; in good working condition; and that the operating system hasn’t reached end of life.

Two dates to be aware of:

SQL Server 2008 R2 reached end of life on 7/9/2019
Windows Server 2008 and 2008 R2 reach end of life on January 14, 2020

These items will need to be upgraded or replaced as soon as possible with supported software. If the decision is to replace a server based on these products being end of life, there are options to consider as covered in number 2 in this article.

Cloud vs. In-house Infrastructure

Everything You Need to Know About the Cloud Get a Copy

Moving internal infrastructure out of the office is the new trend. This move feels similar to the move to virtualization, in that everyone agrees this is the next logical step in the evolution of computing. You should be asking the same question about cloud infrastructure as you did about virtualization—when is the right time for your institution to make the move and what are the pros and cons of this move? When the time comes to replace pieces of your infrastructure, start to gather information about the benefits of moving to the cloud and the costs associated with it. Remember, each server has both direct and indirect costs.

Direct:

Server Hardware
Warranty
Software

Indirect:

Electricity
Cooling
Storage/physical space
Maintenance
Backup
Disaster Recovery

Each year as hardware becomes outdated and needs to be replaced, evaluate whether moving that server to the Cloud makes sense. Be sure that the functions of the server can be accomplished in a cloud environment. Once a presence in the cloud is established, future growth and changes become much easier and quicker.

Firewalls

Moving Beyond Traditional Firewall Protection to Develop an Integrated Security Ecosystem Get a Copy

Firewalls continue to evolve as network and cybersecurity threats evolve and change. Ten years ago, adding intrusion prevention systems (IPS) to firewalls became commonplace in the industry. Now there are a host of new features that can be added to your firewall to improve your institution’s security posture. Many of these fall under products using the term next-gen firewalls. A few key features to consider include:

Secure Sockets Layer, or SSL, is the industry standard for transmitting secure data over the internet. The good news is most websites on the internet now use SSL to secure the traffic between the PC and the website. The bad news is, your firewall may be protecting your institution from fewer sites than ever before. Google researchers found that 85% of the websites visited by people using the Chrome browser are sites encrypted with SSL. This means that for many firewalls, 85% of web traffic cannot be inspected by the firewall. Many firewalls can perform SSL inspection but may require a model with more capacity; a new license to activate the feature; and configuration changes to enable this feature to work.
Sandbox analysis is a security mechanism used to analyze suspect data and execute it in a sandbox environment to evaluate its behavior. This is a great feature to introduce to your infrastructure because it provides more testing and insight into the data coming into your institution.
Threat intelligence feeds (like FS ISAC), built-in network automation, and correlation alerting are also important features that can help you keep track of emerging security threats; automate key processes; and improve your institution’s cybersecurity posture.

Consider enhancing your firewall features or upgrading to a next-gen firewall to ensure the traffic traversing your firewall is truly being evaluated and inspected.

Virtual Information Security Officer (VISO)

A newer service that has grown in popularity over the last year is the Virtual ISO or VISO role. While services like this have been available for a while, this is the first year we have heard so much talk from community financial institutions. As the job of Information Security Officer (ISO) has become more involved the expertise needed has grown as well. These VISO services offer a way to supplement the internal staff with external expertise to accomplish the tasks of the ISO. Budgeting for a service like this becomes critical if one of the following is true:

No one else in the institution has the needed knowledge base and finding this knowledge set in your area is difficult or expensive;
Your current ISO does not have a background in the field or is wearing too many hats to do it well;
Your current ISO is likely to retire or leave due to predictable life change events; or
The role of ISO and Network Administrator or other IT personnel do not provide adequate separation of duties at the institution.

Disaster Recovery (DR)

Many institutions do not have a fully actionable or testable disaster recovery process. A verified DR process is a critical element of meeting business continuity planning (BCP) requirements. Therefore, this can be a significant reputational risk for the financial institution, if not done correctly. If your institution hasn’t completed a thorough and successful DR test in the last 12 months, it is time to evaluate your current DR process. Using a managed site recovery service can ensure you have the proper technology and support to thoroughly test your DR plan and recover quickly in the event of a disaster.

Budget season is a time to address needs and wants, but also a time to seek improvement or evaluate key changes for the new year and beyond. For example, moving your infrastructure to the cloud may not make sense for the coming year, but the insight gained by evaluating it this budget season improves your knowledge-base for when it is time to make that decision. As we conclude 2019, we hope these insights position your institution for a productive budget season and a successful 2020.

25 Jul 2019

Banks, Compliance, Credit Unions, Security, Technology Christine Ray 0 comment

New Resource Center Features Banking Technology, Security, and Compliance Insights for Financial Institutions

Resource Center

In today’s fast-paced environment, it’s important for financial institutions to have access to trusted information related to technology, compliance, and security trends. To help facilitate this, Safe Systems has launched a new online Resource Center which provides community banks and credit unions with access to a centralized knowledge base of free materials. The Resource Center can easily be reached from any page of our website in the top navigation bar.

Meeting Your Interests and Needs

What is currently top of mind for your institution? What is keeping you awake at night? What are you most interested in learning to help you improve your performance?

Whether you are searching for information that will help your institution understand how to stop a cybersecurity attack; identify what to do when your IT administrator leaves; or recognize the top compliance and security areas where you should focus; our new online Resource Center can help. You’ll find the relevant information you need to help you worry less and focus more on banking.

Key Features and Benefits

Our Resource Center is designed to not only be useful but easy to use. There is a wide variety of content, ranging from videos to white papers to case studies. You have the freedom to search by topic and browse at your own pace to find the information most valuable to you, in the format you most prefer. When you make a selection, you’re taken to a secure page where you can choose to view the material instantly in our online environment or download it to your computer to view later at your convenience.

Whether you are trying to find a solution to a specific problem, stay on top of the latest trends and industry regulations, or simply discover new insights, our Resource Center allows you to conduct your research in an easy and meaningful way. Here are five features to help you find what you are looking for:

Categories – Assets are grouped in three main categories, compliance, technology, and security, allowing you to dive into specific pieces based on these themes.
Search box – You can conduct a search by category, keyword, or title to find your desired content faster.
Suggested content – Recommendations for related materials are highlighted on each page to help you find the most relevant content based on your search.
Dynamic environment – The Resource Center is updated frequently with new materials to provide timely and up-to-date information.
Archiving – Most materials remain in the center permanently allowing you to access relevant content on an ongoing basis as your needs change.

An Ever-evolving Resource

The Resource Center will continue to evolve as a virtual library. Website visitors can look forward to encountering a constantly-expanding cache of information making it a worthwhile experience for any financial institution.

18 Jul 2019

Banks, Credit Unions, Security Brendan McGowan 0 comment

Security Layers – 4 Key Areas All Bank and Credit Union CEOs Should Consider

In today’s world of escalating cyber-attacks, the importance of security layers can never be overemphasized. This is especially true for financial institutions, which are obligated to safeguard customer information, prevent identity theft, and protect their operations. No entity, computer network, or individual is unaffected by cyber threats, but a layered approach to security can significantly minimize cybercrimes.

While the IT department and security officers typically determine and recommend security measures, it is ultimately the CEO who is responsible for the overall health and well-being of the bank or credit union. Therefore, CEOs of financial institutions should be thinking about and asking the following questions in this area:

Is there a security layer that most networks are missing?

Monitoring the internal network, outside of the endpoints, is important and an area that many banks and credit unions don’t focus on. While most organizations have perimeter defense technologies, such as firewalls and intrusion prevention systems and endpoint technologies like anti-malware software, many don’t pay close enough attention to the internal network itself. Having stronger internal network security is vital to prevent breaches and internal attacks and makes for a stronger overall network.

What is the single most effective layer?

User training is hands down the most effective layer. Users are considered to be the first line of defense, and sadly are often seen as the weakest link in the security chain. To strengthen this link and prevent attacks, user education and training is important.

What are some security layers all banks and credit unions should have?

Security layers represent multiple levels of defense against potential bad actors and cyber-attacks. As such, a layered security program should involve a variety of components, depending on the assets protected, vulnerabilities, and the institution’s operations. A layered security program entails using different controls at different points in a transaction process. The underlying strategy is that a weakness in one control is generally compensated for by the strength of another control.

According to the Federal Financial Institutions Examination Council (FFIEC), some effective controls that can support layered security are:

fraud detection and monitoring systems that include consideration of customer history and behavior and enable a timely and effective institution response;
using dual customer authorization through different access devices;
using out-of-band verification for transaction;
a thorough and up-to-date patch management system;
vulnerability scanning and penetration testing; and
end-point security and resilience controls.

What are the three main types of controls?

Security controls generally fall into three types: protective, detective, and reactive (or corrective). Protective controls are tactics a bank or credit union can implement to prepare for and prevent a cyberattack. They encompass things like dual controls, segregation of duties, system password policies, access control lists, training, and physical access controls. Detective controls indicate that a cyberattack is taking place. Even the audit process can be detective because it uncovers control weaknesses by looking for failures after they have happened. Reactive controls are implemented to respond to an attack in progress. Essentially, they’re intended to mitigate exposure after something happens.

New types of cyber-threats and incidents are constantly emerging, and CEOs need to be prepared to protect their institutions and the data they house. With the proper controls, layered security can be an effective way for financial institutions to defend network perimeters and endpoints against potential cyber threats. There are many other areas related to security layers that CEOs and senior management should be considering. To gain more insight into those areas, as well as other key topics for CEOs to be aware of, download our white paper, Top IT Areas Where CEOs of Financial Institutions Should Focus: Important Questions and Answers.

Strengthen Your Strategy: Why a Layered Defense is the Best Choice for Your Bank’s IT Security Program

Learn why a single layer of security, such as antivirus, is no longer enough in the current risk environment.

16 May 2019

Don’t be the Next Victim of a Data Breach: Evaluate Your Security Layers and Add the Extra Protection You Need

Banks, Credit Unions, Security Jamie Davis 0 comment

Major Antimalware Companies are Being Compromised: Now is the Time to Evaluate Your Security Layers

Antivirus and Antimalware solutions are designed to protect computer and servers from becoming victims of bad actors (aka hackers). The entire purpose of these solutions is to provide protection, security, and assurance that your machines are safe. Antimalware solutions are considered an essential or basic part of every person’s and business’s computer security. Other than security experts who have their own ideas on protecting their own machines, it is recommended by just about everyone to have antimalware solutions on computers as a rule.

Think about it, antimalware tools might be the ultimate applications. They are installed on a large percentage of computers across the world, they require access to all files to work, and they are trusted. But they can also be used as a backdoor into computers and workstations.

In the news this week, three major US players in the antimalware software game may have all fallen victim to being compromised. Symantec Antivirus, Trend Micro, and McAfee all have been rumored to have been compromised. As of the posting of this article, Symantec has denied any breach, McAfee has said they are investigating the situation, and Trend Micro admits some non-critical data has likely been compromised.

Whether these companies were breached, or critical data was taken, we may or may not find out in the near future. What we do know is no company nor data is safe. RSA which was and may still be considered one of the leaders in digital risk management and cybersecurity solutions including dual factor authentication tools was compromised a few years ago.

Is the answer to switch antimalware solutions? Or, stop using them anyway since they offer backdoors into your systems? No, not at all. These incidents simply reinforce the need for layers of security protection. Many businesses and people on personal computers say, “well I have antimalware software installed, what else can I do?” The reality is this comparable to asking, “I put a door on my house, what else can I do.?” On your house, you don’t stop at the door; you add door locks, deadbolts, security systems, cameras, etc. You must do the same with cybersecurity. There isn’t a buy one fits all option.

It’s time to look for solutions that augment your standard antimalware solution. This can include solutions that look at behavioral characteristics of your network above and beyond antimalware’s traditional signature method. Another great solution is to add honeypots to your infrastructure with appropriate alerting built in. In one of the articles sourced for this blog, the publication captured dialog between the bad actors in a chat log. Within that dialog, the few lines below reveal the bad actors are using products that are used by employees:

“their network defense does not see us b/c TeamViewer and AnyDesk are legit software, and admins also use it there. That is why no questions (about their remotely moving around the network).”

“no, you can only move laterally via credentialed net shares or RDP”

Please note, these logs are translated from Russian and the English translation might sound awkward. Basically, the bad actors will use things like RDP, which almost all institutions utilize, plus some other applications that may be more specific to each individual business. To make a long story short, these guys are smart and navigate your network with the same tools your employees use. This is known as living off the land.

On average, it takes organizations 200 days or more to learn that they have been breached. The longer a bad actor has access to a network, the more damage they can inflict.

However, what if there were folders, servers, and databases on your network that were accessible via RDP or other technologies, but they served no business purpose? These assets would serve as bait for the bad actors. Suddenly, you can identify the traffic as likely snooping and not normal activities. This is the beauty of honeypots. It helps isolate suspicious traffic from normal activity based on the interest in the material, not the method of accessing it.

It is always important to keep up with the latest news about cybersecurity. If you use one of these solutions, be sure to keep up with the latest news from the company. If you don’t use one of these companies, you could be next. Stay vigilant as every company is one nightmare away from having a breach, including yours. In the meantime, evaluate the layers you have in place. Heavily consider some type of honeypot solution, as it might be one of the few solutions that can catch true covert snooping. As always, Safe Systems is here to help evaluate the layers you have in place to help ensure you have the extra protection.

12 Next →