Category: Security

09 Sep 2020
Why Security Solutions Fail and What Your Financial Institution Can Do to Stay Safe Featured Blog Image_Header Image

Why Security Solutions Fail and What Your Financial Institution Can Do to Stay Safe

Why Security Solutions Fail and What Your Financial Institution Can Do to Stay Safe Featured Blog Image_Header Image

From the beginning of the pandemic, the financial sector has seen a rising number of security threats. With more employees working remotely and increasing their online activity, cybercriminals are finding success using attacks like phishing and social engineering to take advantage during these uncertain times. These attacks have prompted financial institutions and other organizations to improve their cybersecurity posture and protect against future attacks.

Financial institutions make significant investments to protect their networks especially as their workforce has turned to digital channels for remote work. However, there are a few additional security measures that often get overlooked.

In this blog post, we discuss 5 reasons why security solutions fail and what you can do to keep your institution safe and combat malicious attacks.

Improperly configured spam filtering/web filtering solutions

Every financial institution uses some form of spam filtering and web filtering solutions. However, IT personnel often set these solutions up, configure them, and then may not test them again, which creates vulnerabilities over time. Financial institutions must check to make sure these solutions are configured properly and understand all of the security features available to them to use these tools at full capacity.

Lack of multi-factor authentication for ALL accounts

Multifactor authentication (MFA) is crucial for financial institutions to protect against unauthorized access to the network and email accounts. In fact, a report from Microsoft has determined that 99.9% of account compromises can be blocked with MFA, but the overall adoption rate remains low.

Financial institutions often experience difficulties implementing an MFA program for their staff because it can be a time-consuming project and often requires staff to use their own personal devices. It is important to understand the different types of MFA solutions available and identify the one that works best for your staff. While there is variance among MFA solutions in terms of strength and security, having at least some form of MFA greatly enhances your security posture.

Lack of security coverage enterprise-wide

Not just IT, but everyone within the organization, should be practicing cybersecurity best practices to keep the network safe. Employees are often the weakest link when it comes to security and cybercriminals prey on these individuals to gain access to non-public information. Without proper training, your staff may not have the skills and awareness to spot security threats and handle them in the appropriate manner. Investing in security awareness training can provide them with the knowledge and expertise to combat malicious threats and ensure that the entire enterprise is working towards this goal.

Accessing external resources (Gmail/Dropbox)

When employees use external resources like Google Drive or Dropbox for file sharing, it can be difficult for IT personnel to control “what” data is going “where.” Cybercriminals are also using these file sharing tools to trick users into clicking links to fake websites to steal login credentials and then slip by corporate security protections.

To mitigate these issues, financial institutions can use credential theft protection tools to block usernames and passwords from leaving the organization. Even if a user fails to recognize the threat, these tools provide protection on the backend to keep the information safe.

Utilizing corporate resources remotely

With many employees working from home during the pandemic, financial institutions must take extra care to ensure the network is protected. It is important to understand how employees are connecting to the network; what devices they are using; and ensure that those devices are secured. Some employees may be using personal devices or public Wi-Fi to access the network. These are high risk behaviors that can have detrimental impact on the institutions if attackers are able to exploit vulnerabilities through these entry points.

As employees continue to work remotely, they should be using corporate devices; avoiding public Wi-Fi; and accessing the network through a virtual private network or another secure remote access device. Ultimately, it will be staff’s ability to reference remote access policies and practice appropriate cyber hygiene on remote devices that helps keep their institution secure.

Keith HaskettKeith Haskett is the president and CEO of Rebyc Security and is responsible for executing their strategic plan. After several years leading the Risk and Information Security Consulting Services practice at CSI, he co-founded Rebyc to deliver offensive security solutions customized to meet the needs of the highly regulated, financial services industry. His teams have delivered over 2,000 engagements to financial institutions nationwide.

For more information on protecting your institution from security threats, view Rebyc Security’s recent blogs.

04 Aug 2020
Maintaining Information Security to Combat Cyber Attacks

Maintaining Information Security to Combat Cyber Attacks

Maintaining Information Security to Combat Cyber Attacks

As banks and credit unions continue to work to keep all employees and customers/members safe during the pandemic, information security should be a top priority. Because many businesses and consumers have shifted towards digital channels, threat actors have launched a new wave of attacks specifically targeting financial institutions and other financial activities. According to VMware Carbon Black, attacks against the financial sector increased 238% globally from the beginning of February to the end of April. Protecting your institution’s nonpublic personal information is critical as we continue to move forward in a heightened security threat landscape. Here are a few things to keep in mind:

CIA of Information Security

Information security focuses on ensuring the Confidentiality, Integrity, and Availability of virtually all forms of information. It involves protecting digital and physical data from unauthorized access, use, disclosure, disruption, modification, inspection, recording, or destruction. Some of the most serious—and alarming—threats to information security are data breaches, malware, and phishing.

  • Data Breaches
  • With data breaches, sensitive, confidential, or otherwise protected information is accessed or inappropriately disclosed. The negative impact of such a breach can result in diminished customer loyalty, a tarnished brand image, and loss revenues and profits. These adverse effects can last for years—with some companies never recovering.

  • Malware
  • Malware is any piece of software that was written with the intent of damaging devices and/or stealing data. There are many different types of malware including, viruses, trojans, spyware, and ransomware. Fintech holds a special interest from the malware community-at-large. According to cyber threat intelligence company Intsights, 25 percent of all malware targets financial institutions.

  • Phishing
  • With phishing, cyber attackers use fraudulent emails and websites to solicit people’s credit card numbers, passwords, account data, and other personal information. Financial institutions are common targets of phishing scams that are engineered to trick victims into disclosing their information.

Best Practices for Information Security

Security threats can affect financial institutions through numerous weaknesses. So institutions should take a layered approach by using a combination of security measures, policies, and procedures. According to the FFIEC IT Handbook’s Information Security booklet, common layers in security controls should include:

  • Patch management
  • Asset and configuration management
  • Vulnerability scanning and penetration testing
  • Endpoint security
  • Resilience controls
  • Logging and monitoring

However, since humans are often considered to be the first—and best—line of defense for preventing cyber-attacks, employees need to receive the proper education and training on the latest scams and techniques. By teaching staff how to detect suspicious emails, links, and websites, financial institutions can significantly strengthen their security and avoid unnecessary trouble. The more user training an institution provides, the lower the success rate of phishing attacks against that institution. Ultimately, an institution’s approach to security will depend on the assets it is protecting, along with its unique vulnerabilities, operation, and strategic objectives.

For more information, download our complimentary white paper, “Top 10 Banking Security, Technology, and Compliance Concerns.”

23 Jul 2020
Securing Microsoft O365

Securing Microsoft 365: Using Multifactor Authentication to Combat Business Email Compromise

Securing Microsoft 365

In today’s security landscape, business email compromise (BEC) is one of the most prolific online crimes, and these attacks are often aimed at financial institutions. In a BEC scam, cybercriminals send email messages to bank staff that looks like a legitimate request in an attempt to gain access to non-public information. To mitigate this threat, community banks and credit unions should take advantage of the security settings offered in Microsoft 365.

Microsoft has multiple service offerings to secure against all kinds of attack vectors. However, the easiest security setting financial institutions often overlook is multifactor authentication (MFA), which requires more than one method of authentication to verify a user’s identity for a login or other transaction. The methods typically include something you know (pin); something you have (phone) and/or something you are (biometrics).

Microsoft’s analysis has determined that 99.9% of account compromises can be blocked with MFA, but the overall adoption rate is only 46%. Why is this the case? Financial institutions run into two key pain points that prevent them from implementing MFA:

1. Time

Many IT administrators are tasked with having to set up their users on MFA, and simply don’t have the resources to do this all on their own. Let’s face it, this can be a time-consuming task to complete in addition to the other daily IT activities IT admins have on their plate. One option is to identify who your early adopters will be and let them become technology champions. This can be branch managers or team leads across your locations that can offer assistance to less experienced users. Another option is to work with a third-party provider that can handle the implementation process, enabling IT staff to work on more pressing tasks for the institution.

2. Bring Your Own Device (BYOD)

Most organizations have a BYOD policy in place, but it is normally in regard to accessing company resources, like email, teams or SharePoint where it is clear that the user is attempting to access company data for business-related activity. However, employee-owned devices can make MFA trickier to navigate since IT administrators may find themselves in a position where they are asking users to complete the MFA process on a personal device in order to access these company resources. Regardless, when MFA is added to the BYOD policy, it can effectively make BYOD safer.

MFA Options to Fit Your Institution’s Needs
There are many MFA options and some of them do not require the use of a personal device to verify a user’s identity. Many employees do not like the idea of having to install a mobile app on their phone, but they have no issues with an occasional text message or phone call. When implementing MFA for your institution, the best thing you can do for your users is to go over all of the available options and highlight the option your institution prefers them to use. For instance, when setting up MFA for our customers, we recommend the Microsoft Authenticator App.

Here are a few options to consider:

  • Microsoft Authenticator App – A user will use a one-time passcode or simply approve logins using the free Microsoft Authenticator app.
  • Call to Phone – This option is for landline phones. If your employees have a direct line, this is a good option to try. If the user does not have a direct line, keep in mind you would have to work out a procedural system for whoever is answering the phone to give the MFA information to the intended target.
  • Text message to phone – Sends a text message to the user’s mobile phone number containing a one-time code whenever you sign in from a new device.
  • Notification through desktop – Allows users to have MFA one-time passcode generation on their work desktop which helps to avoid use of personal devices.
  • Verification code from hardware token –User uses a one-time passcode generated from a hardware token. Microsoft provides the technology to implement this method, but you have to buy the hardware tokens and manage them. This is the only MFA method that comes with direct costs.

Not all MFA options are the same in terms of strength of security. However, your overall security posture is still enhanced by enabling MFA with any of these options. MFA is a low-cost option that protects your financial institution from cyber-attacks and other malicious activity. If you’re interested in implementing MFA for your financial institution, please reach out to Safe Systems to find an option that fits best with your institution’s unique needs.

27 Mar 2020
What Community Banks and Credit Unions Should Do to Combat COVID-19

Facing a Pandemic: What Community Banks and Credit Unions Should Do to Combat COVID-19

What Community Banks and Credit Unions Should Do to Combat COVID-19

As the Coronavirus pandemic continues to rise throughout the world, it is important for community banks and credit unions to effectively carry out their pandemic plans to stop the spread of the virus and implement alternative ways to serve customers or members during this critical time. Safe Systems held a webinar last week covering five things all community banks and credit unions need to do during a pandemic. In this blog, we’ll cover a few of the key points from the webinar.

  1. Pandemic Testing
  2. According to the Federal Financial Institution Examination Council (FFIEC) guidelines, financial institutions need to have a “testing program designed to validate the effectiveness of the facilities, systems, and procedures identified” in their business continuity plan. In a pandemic, it is the people who are affected more than the facilities, so your systems and processes become more impacted than anything else.

    A preventative program has to address:

    • Monitoring outbreaks
    • Educating and providing appropriate hygiene training and tools to employees
    • Communicating with customers and members
    • Coordinating with critical providers and suppliers

    With the pandemic already underway, it can feel counterproductive to conduct a pandemic test for your financial institution. However, we’ve found it’s never too late to test and improve your pandemic plan, even in the midst of a crisis. Make sure you are validating your succession plan and cross training measures by purposely excluding certain key individuals from actively participating in the testing exercises you conduct for your institution. During a pandemic, important individuals may not be in the branch or available every day, so it’s important that you test your plan to make sure the institution can still operate efficiently.

  3. Social Distancing
  4. Social distancing is a term that’s come out of this global pandemic to stop the spread of the virus. The Center for Disease Control (CDC) states that individuals should keep a six-foot minimum distance from others to limit the spread of the virus, but how does this impact the way your financial institution does business? Think of how your teller line, customer service areas, lending offices, etc. are set up. For these more personal, face-to-face interactions, it is important for you to change the location set up to ensure the 6-foot distance is achieved to protect both the customer and employee. Here are some tips from the American Bankers Association® to consider:

    • Require non-customer facing personnel work from home and try limiting interactions of personnel as much as possible in offices.
    • Have staff sign in when they arrive and leave.
    • Designate times for “at risk” customers (because of age or condition) to visit the lobby when no others are allowed.
    • Make loans or open new accounts by appointment only. When you close a lobby, designate one drive-thru for business customers and one for consumers, as their transactions are very different and differentiating the two can help speed transactions.
    • Keep your messaging positive. Don’t not use the word “Closed” on your door or website; instead use “Appointments Available.” Remind customers that banks are never truly closed, thanks to online and digital platforms that provide customers with 24/7 access to their accounts.

    We are posting tips, resources, and FAQs from ABA, FDIC, NCUA, and our own Safe Systems’ experts on the homepage of our website.

  5. Security in Social Distancing
  6. For employees that are able to work from home, providing resources for working outside of the institution is another great option to keep staff and the public protected. If your staff members are working from home, here are a few things to consider to ensure the institution maintains both security and productivity.

    • Do your employees have enough bandwidth at home?
    • Do you have a dedicated VPN device?
    • Do you have a firewall to allow this connection?
    • Can the firewall/device handle the number of devices actively connecting remotely at one time?
    • Do you have enough licenses (if needed) for each user to connect remotely?

    When your staff is working from home, you still must worry about security. You will need to decide how they connect to your network, what device they use, and how that device is secured. For instance, if you are allowing an employee to use their personal computer, then reference your remote access policy. It should include rules for the appropriate cyber hygiene of the remote device (patching, antimalware, etc.), and should be signed by the end-user. OpenDNS offers free security options for DNS lookups on home computers, which is also a good consideration should you need to update or create a home PC access policy and requirements. You may also require multi-factor authentication as an additional precaution to keep the network secure.

Financial institutions provide critical services to their communities and must be able to support customers and have alternate ways of doing business during a pandemic.

If you would like to gain more insights on COVID-19 and listen to a brief Q&A from our compliance team and information security officer, download our recorded webinar, “5 Things Community Banks and Credit Unions Need to do During a pandemic.”

 

Watch Recorded Webinar


 

As many community banks and credit unions are still formulating their responses to the pandemic, we’d like to collect and share what steps financial institutions are actively taking to protect employees and customers while maintaining business operations. Please take a few minutes to complete this survey and tell us how your institution is responding to the novel coronavirus (COVID-19) pandemic.

 

How are you responding to the Pandemic? Take the Quiz


 

10 Feb 2020
The Value of User Conferences For Banks and Credit Unions

The Value of User Conferences for Banks and Credit Unions

The Value of User Conferences For Banks and Credit Unions

As the financial services industry has become more technology-driven and more complex operationally, user conferences have become key events along with industry association conferences. By providing a venue for banking professionals to collaborate directly with their technology providers and other peer institutions, user conferences represent a proven way for banks and credit unions to extend the ROI of their technology investments. Examiners and auditors recognize the importance of participation in these events and many now expect attendance to gain industry knowledge and strengthen existing vendor relationships.

Regulatory Expectations – Vendor Management

Examiners are increasingly focused on how a financial institution manages their vendors. According to the Federal Financial Institutions Examination Council (FFIEC) IT Examination Handbook, “User groups are another mechanism financial institutions can use to monitor and influence their service provider. User groups can participate and influence service provider testing (i.e., security, disaster recovery, and systems) as well as promote client issues. Independent user groups can monitor and influence a service provider better than its individual clients. Collectively, the group will constitute a significant portion of the service provider’s business. User groups offer advantages to both the service provider and the serviced institution by allowing customers to discuss and prioritize their concerns…service providers should obtain customer feedback though user groups or customer surveys.”

In addition to effective vendor management requirements, the FFIEC also requires employees of financial institutions to participate in ongoing education and technical expertise to remain in compliance.

Educational Benefits of a Users’ Conference

Regulatory and compliance issues aside, user conferences offer a host of benefits to participating banks and credit unions, such as:

Classroom Training

Well-designed webinars or online training sessions are great resources, but focused, in-person learning, and networking allows attendees to remain current on the latest technology solutions and enhancements, industry developments, and specific products and functionality that your vendor is working on. The opportunity to learn first-hand from industry and subject matter experts, as well as share your own experiences and expertise, really should not be underestimated.
User conference learning opportunities often consist of:

  • Basic and advanced workshops or sessions
  • Issue-focused roundtable discussions
  • Networking opportunities with peers
  • Software demonstrations
  • Professional development courses
  • Hands-on training and consultations with vendors

Best Practices

Many find the greatest value in user conference participation through peer discussions and open Q&A sessions on best practices. These sessions give customers access to some of the best information and insight on how other institutions are utilizing the vendor’s solutions to solve problems and drive efficiencies and profitability.

Networking

We know from experience that peer groups serve as the perfect environment to share and exchange ideas, concerns, successes and failures tied to the industry. Many community banks and credit unions share the same worries about technology, compliance, security, and business issues. These events provide a venue for you to hear others’ experiences and tap into their knowledge, providing you the opportunity to make industry friends and gain a trusted group of individuals you can rely on in the future.

The Safe Systems National Customer User Conference, NetConnect™, is less than a month away. This event will bring Safe Systems’ employees and strategic partners together with a variety of banking professionals representing technology, compliance, operations and management roles.

We understand the value of user conferences and we use that opportunity to meet with a selection of customers (Customer Advisory Board) to discuss existing and new products and services that will meet their future business goals.

If you’ve never been to a user conference, don’t take our word for it. Here’s what a few of our customers have said:

“Every time I attend, I come away with knowledge and information that can help me do a better job in my organization.”
“It was good to hear feedback from other bankers about Safe Systems as well as make connections and contacts.”
“This is the best opportunity to get a pulse on exactly what’s happening in the IT Banker’s world.”
09 Jan 2020
Top Bank Technology, Security, and Compliance Concerns in 2020

Less Worrying. More Banking.™ Top Banking Technology, Security, and Compliance Concerns in 2020

Top Banking Technology, Security, and Compliance Concerns in 2020

The constant evolution of technology, the ever-changing compliance landscape, and increased security threats have fundamentally changed the way financial institutions operate today and the key concerns they are facing on a daily basis. In our 26 years of experience serving the community banking industry, we have not seen a more difficult landscape for our clients to navigate.

The risks associated with security, compliance and technology have never been more challenging than they are today. As the responsibilities of community financial institutions continue to grow and evolve, it is not uncommon to worry about limited resources, keeping up with new technologies, or simply maintaining a competitive advantage in the industry. We believe that all financial institutions, regardless of size and location, should be able to leverage the best technology solutions available so they can focus on serving the financial needs of their communities. It is our mission to provide peace of mind and value for our customers in these areas so banking professionals can get back to doing what they do best and spend less time worrying.

Through the years we have developed and offered compliance centric IT services designed exclusively for community banks and credit unions, ensuring that they are kept up to date on the current technologies, security risks, regulatory changes, and FFIEC guidelines. We strive to listen to our customers to ensure our solutions continue to support the changing needs of the industry and meet their expectations in addressing key concerns. We recently surveyed a group of our community bank and credit union customers to gain a better understanding of the top worries and concerns they have for 2020 as they relate to technology, compliance and security. Through that survey we uncovered the following:

Technology Challenges

Financial institutions of all sizes continue to depend on their IT network infrastructure and technology solutions for nearly all functions of the institution, which makes it crucial that all solutions work efficiently. While community banks and credit unions have been utilizing technology for quite some time now, they continue to face certain technology challenges heading into 2020. According to survey respondents, the expense of technology solutions, keeping up with rapid changes, and truly understanding the technology solutions are top concerns. In addition, many continue to struggle with network management and connectivity, patch management, and training employees on IT solutions.

Compliance

While banks and credit unions have adjusted to the frequent and strenuous regulatory reviews, they continue to struggle with meeting examiner expectations across critical areas such as vendor management, business continuity planning, and risk management and assessment. In addition, many struggle with adequately defining the requirements of the Information Security Officer (ISO), as this role has become more involved and the expertise needed has grown. The ISO has one of the most crucial roles in a financial institution. In fact, it is one of the few positions that are required by guidance. The FFIEC covers various issues related to information security in great detail, including the expectations and requirements for the ISO. According to the FFIEC IT Examination Handbook’s Information Security booklet, financial institutions should have at least one person who is dedicated to serving as an in-house ISO.

Security

Over the past several years, the industry has been impacted by a marked increase in data breaches, ransomware, card fraud and other malicious attacks. Additionally, an increase in devices connected to networks has made it critical for financial institutions to strengthen their security strategies and policies and ensure all systems are up to date and able to effectively combat today’s threats. Cybersecurity-related attacks on the financial sector continue to increase at an alarming rate, making cybersecurity a top area of concern for financial institutions. Additional areas of concern include ransomware, phishing, malware, disaster recovery, and network security.

Managing these challenges alone can be a daunting task to undertake. As a trusted resource for financial IT and regulatory support, Safe Systems is here to serve as a true extension of your team, providing you with access to technology professionals who are specifically trained in the banking industry. Safe Systems offers cost effective solutions such as IT support and managed services, internal network/cloud design and installation, hosted email, business continuity and disaster recovery, compliance consulting, security services, and IT and compliance training. Our services help financial institutions significantly decrease costs, increase performance, and improve compliance posture.

Let us help you get back to what you do best. Less worrying. More banking.™

 
05 Dec 2019
How to Maintain Bank Compliance and Security During the Holiday Season

How to Maintain Bank Compliance and Security During the Holiday Season

How to Maintain Bank Compliance and Security During the Holiday Season

The holiday season is in full swing, which means many employees are heading out of the office to enjoy some vacation time. However, just because it’s the holiday season, it doesn’t mean that cybercriminals are taking time off. Cybersecurity attacks continue to increase and are becoming more sophisticated. Institutions are expected to maintain bank compliance with regulatory guidelines and ensure all technology assets are working properly so operations continue to run smoothly during the holidays.

This can be a challenging time for many community banks and credit unions that have a small staff and rely on key individuals to make sure all activities related to technology, compliance, security, and regulatory requirements are taken care of. Today’s community financial institution relies on the IT department to maintain its hardware and software and to ensure all systems are available when needed. The department is also responsible for monitoring an array of ongoing IT concerns like anti-malware, cybersecurity issues, service-related touch points, compliance updates, and email security, to name just a few. So, what happens when the people responsible for these crucial aspects of the institution go on vacation?

Partner Up

Many financial institutions are turning to an industry-specific managed services provider to act as an extension of their organization and help augment internal technology and compliance resources and responsibilities. The right managed services provider, who is familiar with the banking industry, can serve as a true partner and work alongside current staff to provide timely support, and manage the technology, security, and regulatory compliance aspects for the institution.

A managed services provider can help automate and manage many of the administrative functions that normally fall to the technology or compliance department, making it less daunting for employees to get away. In addition, while this not only saves time and improves efficiencies, it also helps the bank or credit union extend its support hours beyond the traditional 9 to 5 retail hours, which is key for IT departments with limited staff.

Managing IT resources, bank compliance-related issues and combatting cybercrime are some of the greatest challenges and concerns for financial institutions today. When IT and security staff are out or unavailable, outsourcing these processes helps fill the personnel gap and provides added stability for the institution and peace of mind to all.

10 Oct 2019
5 Things Community Banks and Credit Unions Should Budget for in 2020

5 Things Community Banks and Credit Unions Should Budget for in 2020

5 Things Community Banks and Credit Unions Should Budget for in 2020

The final months of the year signal the beginning of many traditions. For community banks and credit unions, the Fall marks the start of budget season. Financial institutions use this time to assess the year’s performance, make necessary adjustments—or full upgrades—for 2020 and beyond.

As you know, technology and security are constantly evolving, and compliance continues to be a moving target, so it’s time to consider important areas your institution needs to budget for in the next year. To ensure that your institution heads into 2020 on an upward trajectory, here are five key items to include on your list.

  1. Hardware
  2. Every year hardware should be evaluated to see if it is under warranty; in good working condition; and that the operating system hasn’t reached end of life.

    Two dates to be aware of:

    • SQL Server 2008 R2 reached end of life on 7/9/2019
    • Windows Server 2008 and 2008 R2 reach end of life on January 14, 2020

    These items will need to be upgraded or replaced as soon as possible with supported software. If the decision is to replace a server based on these products being end of life, there are options to consider as covered in number 2 in this article.

  3. Cloud vs. In-house Infrastructure
  4. Free eBookEverything You Need to Know About the Cloud Get a Copy

    Moving internal infrastructure out of the office is the new trend. This move feels similar to the move to virtualization, in that everyone agrees this is the next logical step in the evolution of computing. You should be asking the same question about cloud infrastructure as you did about virtualization—when is the right time for your institution to make the move and what are the pros and cons of this move? When the time comes to replace pieces of your infrastructure, start to gather information about the benefits of moving to the cloud and the costs associated with it. Remember, each server has both direct and indirect costs.

    Direct:

    • Server Hardware
    • Warranty
    • Software

    Indirect:

    • Electricity
    • Cooling
    • Storage/physical space
    • Maintenance
    • Backup
    • Disaster Recovery

    Each year as hardware becomes outdated and needs to be replaced, evaluate whether moving that server to the Cloud makes sense. Be sure that the functions of the server can be accomplished in a cloud environment. Once a presence in the cloud is established, future growth and changes become much easier and quicker.

  5. Firewalls
  6. Download Free PDFMoving Beyond Traditional Firewall Protection to Develop an Integrated  Security Ecosystem Get a Copy

    Firewalls continue to evolve as network and cybersecurity threats evolve and change. Ten years ago, adding intrusion prevention systems (IPS) to firewalls became commonplace in the industry. Now there are a host of new features that can be added to your firewall to improve your institution’s security posture. Many of these fall under products using the term next-gen firewalls. A few key features to consider include:

    • Secure Sockets Layer, or SSL, is the industry standard for transmitting secure data over the internet. The good news is most websites on the internet now use SSL to secure the traffic between the PC and the website. The bad news is, your firewall may be protecting your institution from fewer sites than ever before. Google researchers found that 85% of the websites visited by people using the Chrome browser are sites encrypted with SSL. This means that for many firewalls, 85% of web traffic cannot be inspected by the firewall. Many firewalls can perform SSL inspection but may require a model with more capacity; a new license to activate the feature; and configuration changes to enable this feature to work.
    • Sandbox analysis is a security mechanism used to analyze suspect data and execute it in a sandbox environment to evaluate its behavior. This is a great feature to introduce to your infrastructure because it provides more testing and insight into the data coming into your institution.
    • Threat intelligence feeds (like FS ISAC), built-in network automation, and correlation alerting are also important features that can help you keep track of emerging security threats; automate key processes; and improve your institution’s cybersecurity posture.

    Consider enhancing your firewall features or upgrading to a next-gen firewall to ensure the traffic traversing your firewall is truly being evaluated and inspected.

  7. Virtual Information Security Officer (VISO)
  8. A newer service that has grown in popularity over the last year is the Virtual ISO or VISO role. While services like this have been available for a while, this is the first year we have heard so much talk from community financial institutions. As the job of Information Security Officer (ISO) has become more involved the expertise needed has grown as well. These VISO services offer a way to supplement the internal staff with external expertise to accomplish the tasks of the ISO. Budgeting for a service like this becomes critical if one of the following is true:

    • No one else in the institution has the needed knowledge base and finding this knowledge set in your area is difficult or expensive;
    • Your current ISO does not have a background in the field or is wearing too many hats to do it well;
    • Your current ISO is likely to retire or leave due to predictable life change events; or
    • The role of ISO and Network Administrator or other IT personnel do not provide adequate separation of duties at the institution.

  9. Disaster Recovery (DR)
  10. Many institutions do not have a fully actionable or testable disaster recovery process. A verified DR process is a critical element of meeting business continuity planning (BCP) requirements. Therefore, this can be a significant reputational risk for the financial institution, if not done correctly. If your institution hasn’t completed a thorough and successful DR test in the last 12 months, it is time to evaluate your current DR process. Using a managed site recovery service can ensure you have the proper technology and support to thoroughly test your DR plan and recover quickly in the event of a disaster.

    Budget season is a time to address needs and wants, but also a time to seek improvement or evaluate key changes for the new year and beyond. For example, moving your infrastructure to the cloud may not make sense for the coming year, but the insight gained by evaluating it this budget season improves your knowledge-base for when it is time to make that decision. As we conclude 2019, we hope these insights position your institution for a productive budget season and a successful 2020.

25 Jul 2019
Resource Center

New Resource Center Features Banking Technology, Security, and Compliance Insights for Financial Institutions

Resource Center

In today’s fast-paced environment, it’s important for financial institutions to have access to trusted information related to technology, compliance, and security trends. To help facilitate this, Safe Systems has launched a new online Resource Center which provides community banks and credit unions with access to a centralized knowledge base of free materials. The Resource Center can easily be reached from any page of our website in the top navigation bar.

Meeting Your Interests and Needs

What is currently top of mind for your institution? What is keeping you awake at night? What are you most interested in learning to help you improve your performance?

Whether you are searching for information that will help your institution understand how to stop a cybersecurity attack; identify what to do when your IT administrator leaves; or recognize the top compliance and security areas where you should focus; our new online Resource Center can help. You’ll find the relevant information you need to help you worry less and focus more on banking.

 

Browse Our Resouces

Key Features and Benefits

Our Resource Center is designed to not only be useful but easy to use. There is a wide variety of content, ranging from videos to white papers to case studies. You have the freedom to search by topic and browse at your own pace to find the information most valuable to you, in the format you most prefer. When you make a selection, you’re taken to a secure page where you can choose to view the material instantly in our online environment or download it to your computer to view later at your convenience.

Whether you are trying to find a solution to a specific problem, stay on top of the latest trends and industry regulations, or simply discover new insights, our Resource Center allows you to conduct your research in an easy and meaningful way. Here are five features to help you find what you are looking for:

  • Categories – Assets are grouped in three main categories, compliance, technology, and security, allowing you to dive into specific pieces based on these themes.
  • Search box – You can conduct a search by category, keyword, or title to find your desired content faster.
  • Suggested content – Recommendations for related materials are highlighted on each page to help you find the most relevant content based on your search.
  • Dynamic environment – The Resource Center is updated frequently with new materials to provide timely and up-to-date information.
  • Archiving – Most materials remain in the center permanently allowing you to access relevant content on an ongoing basis as your needs change.

An Ever-evolving Resource

The Resource Center will continue to evolve as a virtual library. Website visitors can look forward to encountering a constantly-expanding cache of information making it a worthwhile experience for any financial institution.

 

Browse Our Resouces

18 Jul 2019
Security Layers – 4 Key Areas All Bank and Credit Union CEOs Should Consider

Security Layers – 4 Key Areas All Bank and Credit Union CEOs Should Consider

Security Layers – 4 Key Areas All Bank and Credit Union CEOs Should Consider

In today’s world of escalating cyber-attacks, the importance of security layers can never be overemphasized. This is especially true for financial institutions, which are obligated to safeguard customer information, prevent identity theft, and protect their operations. No entity, computer network, or individual is unaffected by cyber threats, but a layered approach to security can significantly minimize cybercrimes.

While the IT department and security officers typically determine and recommend security measures, it is ultimately the CEO who is responsible for the overall health and well-being of the bank or credit union. Therefore, CEOs of financial institutions should be thinking about and asking the following questions in this area:

  1. Is there a security layer that most networks are missing?
  2. Monitoring the internal network, outside of the endpoints, is important and an area that many banks and credit unions don’t focus on. While most organizations have perimeter defense technologies, such as firewalls and intrusion prevention systems and endpoint technologies like anti-malware software, many don’t pay close enough attention to the internal network itself. Having stronger internal network security is vital to prevent breaches and internal attacks and makes for a stronger overall network.

  3. What is the single most effective layer?
  4. User training is hands down the most effective layer. Users are considered to be the first line of defense, and sadly are often seen as the weakest link in the security chain. To strengthen this link and prevent attacks, user education and training is important.

  5. What are some security layers all banks and credit unions should have?
  6. Security layers represent multiple levels of defense against potential bad actors and cyber-attacks. As such, a layered security program should involve a variety of components, depending on the assets protected, vulnerabilities, and the institution’s operations. A layered security program entails using different controls at different points in a transaction process. The underlying strategy is that a weakness in one control is generally compensated for by the strength of another control.

    According to the Federal Financial Institutions Examination Council (FFIEC), some effective controls that can support layered security are:

    • fraud detection and monitoring systems that include consideration of customer history and behavior and enable a timely and effective institution response;
    • using dual customer authorization through different access devices;
    • using out-of-band verification for transaction;
    • a thorough and up-to-date patch management system;
    • vulnerability scanning and penetration testing; and
    • end-point security and resilience controls.

  7. What are the three main types of controls?
  8. Security controls generally fall into three types: protective, detective, and reactive (or corrective). Protective controls are tactics a bank or credit union can implement to prepare for and prevent a cyberattack. They encompass things like dual controls, segregation of duties, system password policies, access control lists, training, and physical access controls. Detective controls indicate that a cyberattack is taking place. Even the audit process can be detective because it uncovers control weaknesses by looking for failures after they have happened. Reactive controls are implemented to respond to an attack in progress. Essentially, they’re intended to mitigate exposure after something happens.

New types of cyber-threats and incidents are constantly emerging, and CEOs need to be prepared to protect their institutions and the data they house. With the proper controls, layered security can be an effective way for financial institutions to defend network perimeters and endpoints against potential cyber threats. There are many other areas related to security layers that CEOs and senior management should be considering. To gain more insight into those areas, as well as other key topics for CEOs to be aware of, download our white paper, Top IT Areas Where CEOs of Financial Institutions Should Focus: Important Questions and Answers.

White Paper Download

Strengthen Your Strategy: Why a Layered Defense is the Best Choice for Your Bank’s IT Security Program

Learn why a single layer of security, such as antivirus, is no longer enough in the current risk environment.
Free White Paper