Category: Security

14 Sep 2023
How to Manage Vulnerability Effectively with V-Scan's New Features

How to Manage Vulnerability Effectively with V-Scan’s New Features

How to Manage Vulnerability Effectively with V-Scan's New Features

It’s critical for financial institutions to stay ahead of the potential vulnerabilities and risks that can jeopardize their information technology assets. But to adequately manage risks and vulnerabilities, institutions must be able to understand what they are, identify where they are, and remedy the situation.

Risk is a multifaceted concept that encompasses threat and vulnerability. The National Institute of Standards and Technology (NIST) describes risk as the probability that a particular security threat will exploit a system vulnerability. More specifically, it is a “measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of the adverse impacts that would arise if the circumstance or event occurs and the likelihood of occurrence.”

These circumstances can involve various sources and impacts. Generally, information system-related security risks arise from the loss of confidentiality, integrity, or availability of information or information systems and reflect the potential negative effects on organizational operations—including mission, functions, image, or reputation—organizational assets, individuals, and other organizations.

Managing Risks and Vulnerabilities

A vulnerability is a weakness in a system, an information system, system security, or even controls. Therefore, to manage their risks, financial institutions must also manage their vulnerabilities. To do this, institutions must know about their vulnerabilities and understand the context in which they exist.

Fortunately, financial institutions can use scanning technology to help with the daunting process of managing risks and vulnerabilities. Our V-Scan product, for example, is a comprehensive solution that analyzes IT assets, identifies vulnerabilities, and provides an extensive overview of the risks within the network environment. What’s more, V-Scan provides risk-prioritized data on all scanned IT assets.

V-Scan is designed to help institutions meet regulatory compliance. It performs weekly vulnerability scanning, which complies with the Cybersecurity Assessment Tool (CAT), developed by the Federal Financial Institutions Examination Council (FFIEC). Along with each weekly scan, the platform provides detailed reporting and a user-friendly dashboard that makes it easier to create an actionable plan to mitigate asset vulnerabilities. In addition, many cybersecurity insurance providers are requiring financial institutions to prove that they are managing known vulnerabilities. With V-Scan, institutions can provide reports that substantiate their weekly scans, assessments, and remediations.

Discovering Exploitable Vulnerabilities

Not only does V-Scan find current vulnerabilities in the environment, but it also uses numerous data points to measure the risk posed by those vulnerabilities. This information gives IT staff and oversight personnel timely details and the necessary context to maintain an effective vulnerability management program. One of the key ways institutions can use V-Scan is to discover assets that are at risk and weaknesses that should be resolved—particularly exploitable vulnerabilities. Being able to identify weaknesses that are known to have been taken advantage of allows institutions to prioritize their workload when securing their network.

For example, if the platform indicates that a Microsoft Windows security patch needs to be installed, V-Scan provides information needed to solve the problem, including which machines, devices, or assets are affected by the vulnerability. The product also allows filtered searches to be conducted based on the assets involved, such as domain controllers or printers. Having this enhanced capability further empowers IT staff to effectively manage vulnerability.

Contact us to learn more about how community banks and credit unions can leverage V-Scan to manage possible vulnerabilities and risks associated with their IT assets.

17 Aug 2023
The Advantages of Attending User Conferences for Banking Professionals

The Advantages of Attending User Conferences for Banking Professionals

The Advantages of Attending User Conferences for Banking Professionals

User conferences are dynamic events that community banks and credit unions can leverage to connect with industry experts and like-minded peers in an enriching environment. They provide a great opportunity for banking professionals to interact face-to-face with vendors; share ideas and experiences; and address their concerns about technology products, compliance, and other important industry issues. And unlike traditional industry tradeshows that are mainly designed to attract new business, user conferences have a broader purpose that translates into a host of benefits for attendees, including:

  • Training and education — User conferences provide access to valuable information that can help attendees keep up with the growing complexity of the financial services industry and technology. Participants can receive on-the-spot training through software demonstrations that allow them to see products in action. They can also enhance their knowledge through informative workshops, topic-based roundtable discussions, and other educational sessions. This allows them to learn from industry and subject-matter experts that can answer their questions, share insights, and impart best practices. This type of focused, in-person learning can make it easier for attendees to stay up to date with the latest technological advancements and other developments impacting their industry.
  • Networking opportunities — As another benefit, user conferences offer invaluable networking opportunities. Attendees can connect with their vendor’s team, ask specific questions, and learn better ways to use their products and services. They may even discover new tools for addressing some of the current challenges they are encountering. User conferences can also spark helpful interactions between colleagues who are using the same products; they can share strategies and best practices based on their respective experiences.
  • Relationship building — The personal connections that happen at user conferences can help reinforce the relationships that attendees have with their vendors. These events offer banking professionals a unique opportunity to learn more about the companies, products, and people they rely on to support their organization. For instance, participants can discuss the capabilities of software products directly with the people who built them and meet face-to-face with support staff they normally speak to on the phone.
  • Inspiration While people often learn about their software products virtually, in-person user conferences provide a much more engaging—and inspirational alternative. Connecting with industry peers and vendors’ staff outside the daily office routine can stimulate creativity. The live interactions that unfold at conference events generate energy, excitement, and enthusiasm that can send participants home full of fresh ideas.

Meeting Regulatory Expectations

However, the incentive to take part in user conferences goes beyond the practical benefits; it is expected by regulators. Examiners are increasingly placing more focus on how financial institutions manage their vendors, including capitalizing on the influence of user groups. For example, the Federal Financial Institutions Examination Council (FFIEC) IT Examination Handbook’s Outsourcing Technology Services booklet states: “User groups are another mechanism financial institutions can use to monitor and influence their service provider. User groups can participate and influence service provider testing (i.e., security, disaster recovery, and systems) as well as promote client issues. Independent user groups can monitor and influence a service provider better than its individual clients.”

In addition, the FFIEC requires employees of financial institutions to engage in ongoing education and technical expertise to maintain compliance.

NetConnect™ User Conference

Safe Systems’ National Customer User Conference, NetConnect, creates the ideal setting for banking professionals and vendors to come together with their peers. This year’s NetConnect will take place in Alpharetta, Ga., just a few miles from our Georgia headquarters, on November 7-8, with a pre-conference training day on November 6.

NetConnect will bring together Safe Systems’ employees, customers, and strategic partners to exchange ideas and learn about the latest technology, compliance, and security trends in community banking. Each year, we hear positive feedback about the event from conference attendees.

Instructors were good about not letting folks get behind. A lot of ground covered in a day.
Instructors were top notch.
It says a lot to me that the entire conference content came directly from within Safe
Systems, and they all did a great job too!
A great time. I learned a lot and enjoyed myself while doing it.
The networking and social experience is top notch.
This conference is on my MUST ATTEND list!

So, whether you are a long-time or relatively new customer of Safe Systems, visit our NetConnect website to learn more about this year’s conference and how it can help you get educated, motivated, and up-to-date with the latest industry and technology trends.

06 Mar 2023
MFA - Why You Can’t Set It and Forget It

MFA—Why You Can’t Set It and Forget It

MFA - Why You Can’t Set It and Forget It

Multifactor authentication (MFA) is not a static, set-it-and-forget-it process. Financial institutions must constantly monitor—and make necessary adjustments—to ensure effectiveness so that only authorized users are accessing their network, data, and services.

MFA Methods and Risk

Some of the most common MFA methods, particularly with Microsoft Azure are:

  • FIDO2 security key
  • Microsoft Authenticator app
  • Windows Hello for Business
  • OATH hardware/software tokens
  • Short messaging service (SMS)
  • Voice calls

FIDO2—the latest and greatest MFA—enables easy and secure authentication. It takes passwords out of the equation and instead uses public key cryptography for authentication to enhance security. The Microsoft Authenticator app is also capable of passwordless authentication in Azure, which is making it an increasingly popular option. This modern multi-factor authentication method can act as a FIDO2 key, send push notifications, and support user awareness by providing location and client data within the app.

Windows Hello for Business is another form of advanced authentication that is also capable of passwordless authentication. However, institutions should be careful when implementing this approach to MFA because it can entail unique stipulations.

Two of the riskiest types of authentication are MFA facilitated by either SMS or voice calls. SMS-enabled MFA, which combines the use of a text message and code, is one of the most frequently used methods of authentication. However, since text messages are not encrypted, they are vulnerable to telecom tower relaying interference. Because of this vulnerability and its wide adoption, SMS is a major target of attackers. Voice calling, which uses telecom services to call with the code, is another risky form of MFA because it is possible that someone else could intercept the phone call.

For any TOTP-based method of MFA, there is an inherent risk of users giving away the codes. This can be accomplished via clever phishing techniques or malicious applications on mobile devices.

Combining MFA with Other Defensive Layers

Today’s sophisticated cyberattacks often attempt to exploit weaknesses that are present in the MFA workflow. Unlike traditional attacks that sought to bypass basic authentication protocols, newer schemes tend to follow normal MFA workflows to exploit human behavior. Attackers are also using other creative strategies to effectively circumvent MFA requirements. For example, they may hijack an already MFA-authenticated session to gain unauthorized access.

To evade cyberattacks, institutions must go beyond taking a relaxed, set-it-and-forget-it stance for MFA. They must enhance MFA by adopting newer more modern methods for their users. They must also be cognizant of attacks that can effectively bypass MFA, as we have seen with MFA-resistant phishing scams. To compensate for these newer styles of attacks, institutions should seek to implement multiple layers of security. In Azure, this will mean the adoption of Conditional Access Policies (CAPs). Stacking multiple CAPs targeting various combinations of MFA, apps, clients, locations, compliance status, and device types is the best way to improve an organization’s security posture. For more information about this important topic, watch our webinar on “MFA–Why You Can’t Set It and Forget It.”

23 Feb 2023
Mitigating Sophisticated, MFA-Resistant Phishing Scams

Mitigating Sophisticated, MFA-Resistant Phishing Scams

Mitigating Sophisticated, MFA-Resistant Phishing Scams

Phishing attacks are becoming more complex—and successful—making them more problematic for companies to combat. As a prime example, a recent phishing scam has been circumventing multifactor authentication (MFA) to successfully breach multiple companies. The attacks, which seem to be targeting banks and credit unions, are a stark reminder of the constant cyber threats that financial institutions face and the importance of following effective risk mitigation tactics.

The recent email scam is a sophisticated scheme; it exploits weaknesses in MFA and essentially bypasses them to launch an attack. The attackers deploy deceptive emails to obtain employees’ Microsoft 365 (M365) usernames, passwords, and MFA codes, and then they use this information to try to wire money outside the institution. Not only are these assaults breaching the initial targets, but they are also using the victims to infiltrate other companies.

The phishing scheme can be particularly detrimental to institutions that are not employing Azure Active Directory (Azure AD) Conditional Access Policies to bolster their security in Azure. Since Azure AD manages login credentials for users allowing them to access multiple M365 services and internal accounts from anywhere online, it is critical to apply access controls that provide another layer of protection beyond MFA.

Addressing Phishing Threats

There are various steps banks and credit unions can take to address MFA-resistant phishing attacks. Since humans are the weakest link in cybersecurity, institutions should ensure their employees are immediately informed about this particular phishing attack. They should also train employees regularly to recognize phishing emails so they can avoid being deceived. The key: Make sure employees know not to input their username and password in any link they receive by email.

Although this specific threat has the potential to exploit weaknesses in MFA, financial institutions should still implement this authentication method as it remains one of the most effective at blocking account compromises. As previously mentioned, it is also important to increase protection against attacks by adding Azure Conditional Access Policies to the Azure environment. Another preemptive step is to employ a monitoring and reporting solution for the Azure tenant. Often once a system is breached, attackers go into the tenant and create new rules to cover their tracks. Visibility into security settings through proactive reporting and alerts can make it easier for institutions to detect any suspicious activity or changes with logins and email rules, helping them stay on top of potential threats.

How Safe Systems Can Help

It can be challenging for many institutions to effectively manage their access and security settings in Azure AD and M365. However, Safe Systems offers CloudInsight™ M365 Security Basics to make the task easier. The CloudInsight™ collection of products offers a variety of reports and alerts that are specially designed to help institutions enhance their awareness of the Cloud. M365 Security Basics provides visibility into security settings for Azure AD and M365 tenants to help institutions detect targeted phishing or SPAM attacks. It can also expose other common risks like compromised user accounts, unknown users and forwarders; unapproved email access; and the unknown use of sharing tools. With M365 Security Basics, community banks, and credit unions can receive the expert insights they need to minimize, limit, or stop sophisticated phishing attacks.

27 Jan 2023
What to Look for in a New Firewall Vendor

What to Look for in a New Firewall Vendor

What to Look for in a New Firewall Vendor

If your bank or credit union needs a firewall vendor, it’s important to know what to look for to meet your security and regulatory requirements. Maybe you are proactively searching for a new firewall provider or suddenly discovered that you need to replace your current one. Whatever the case, you should search for a firewall vendor that specializes in the financial industry. This will ensure your financial institution has access to expertise and insights that are more specific to banking regulations.

In addition, you should look for a vendor that can serve as a “one-stop-shop” that covers all the security angles. The company should provide an all-inclusive solution that encompasses firewall monitoring, and management as well as intrusion detection and prevention. It’s also important to find a firewall vendor that offers concise and digestible reporting, along with meaningful insights created specifically for the banking community.

It is also equally important to search for a firewall vendor that can meet your institution’s implementation time frame. Ideally, you should plan five to six months out for a firewall implementation to compensate for hardware lead times; however, this may not always be possible. For example, your institution may have encountered an unexpected problem with renewal and need to quickly pivot to another firewall vendor. In this case, you will need to look for a vendor that is capable of deploying a firewall within a tight timeline.

As a precautionary measure, financial institutions must stay on top of contract management. Institutions should have a good relationship with their vendors and review contracts well before they are scheduled to renew. They should closely examine the contract terms and ask questions to ensure they are aware of any upcoming revisions or new developments. This can help them avoid getting caught off guard by any last-minute contractual issues that may disrupt their operation.

So how can banks and credit unions find a prospective firewall vendor? They can consult peers in the banking industry and inquire if their current service providers also offer firewalls. Ultimately, financial institutions should make sure their selected vendor has the appropriate security layers and reporting needed to check all the boxes from an examiner’s perspective. Safe Systems’ Managed Perimeter Defense (MPD), for example, employs multiple layers of advanced tools to help financial institutions protect their IT security environment. MPD’s next-generation firewall capabilities provide deeper analysis and improved detection of modern threats, which makes it easier for institutions to enhance their security posture.

12 Jan 2023
Top Blogs of 2022

Top Blogs of 2022

Top Blogs of 2022

Last year, we covered a wide range of blog topics, including ransomware prevention and recovery; business continuity management and disaster recovery; and managing Microsoft Azure and Microsoft 365 settings. In case you missed them, here’s a synopsis of our top blogs of 2022. Reviewing these important issues can help your bank or credit union be better prepared for the challenges—and opportunities—that lie ahead in 2023:

1. Best Practices for Ransomware Prevention and Recovery

Ransomware attacks strike a new target every 14 seconds, disrupting operations, stealing information, and exploiting businesses, according to the Cybersecurity and Infrastructure Security Agency (CISA). However, financial institutions that consistently employ best practices can prevent or bounce back from a ransomware assault. As an optimal strategy for prevention, institutions should identify and address known security gaps that can allow a ransomware infection. Since human error is the primary reason for most security breaches, banks and credit unions should focus on providing ransomware awareness training to help employees identify, respond to, and minimize attacks. They can also limit cybersecurity risk by using intelligent network design and segmentation to restrict ransomware intrusions to only a portion of the network and by having overlapping security solutions to provide layered protection. If a ransomware incident does occur, financial institutions should have pre-defined procedures for response and recovery. Many smaller institutions may lack the expertise internally to implement ongoing best practices for ransomware prevention and recovery, but they can work with an external cybersecurity expert to augment their resources. Read more.

2. Your Guide to Business Continuity Management and Disaster Recovery Planning

It can be challenging for financial institutions to implement successful strategies for business continuity management (BCM) and disaster recovery (DR). But our compilation of key strategies and best practices can facilitate the process. BCM encompasses all aspects of incorporating resilience, incident response, crisis management, vendor management, disaster recovery, and business process continuity, and it is an essential requirement for avoiding and recovering from potential threats. DR—the process of restoring IT infrastructure, data, and third-party systems—should address a variety of events that could negatively impact operations, including natural disasters, cyberattacks, technology failures, and even the unavailability of personnel. For successful disaster recovery, institutions should focus on four important “Rs”: recovery time objective (RTO), recovery point objective (RPO), replication, and recurring testing. In addition, leveraging a comprehensive cloud DR service can enhance redundancy, reliability, uptime, speed, and value. Using a cloud DR solution from an external service provider can give institutions the confidence of knowing their DR plan is being thoroughly tested and will work if a real disaster happens. Read more.

3. Managing Security, Identity, and Compliance within the Microsoft Azure and M365 Ecosystem

Microsoft Azure Active Directory (Azure AD) and Microsoft 365 have a distinct ecosystem. Understanding their services and settings is critical for IT administrators to manage security, identity, and compliance within their environment. Institutions can significantly bolster security by implementing some of the basic security settings under the free license level for Azure AD. Adjusting the security default setting, for example, can have a major impact. IT administrators can enable security defaults to enforce non-configurable conditional access policies as well as require multifactor authentication (MFA) registration for all users. IT admins should also review the identity architecture for their institution to ensure all users, devices, and apps connecting to Azure have an identity. Depending on their license level, institutions may be able to modify additional settings, such as allowing global auditing, blocking open collaboration, and restricting outbound email forwarding. Microsoft is constantly revising the features of Azure AD and M365, making it vital for financial institutions to stay on top of their ever-changing ecosystem. Read more to learn how to manage the complexities of customizing your Azure AD and M365 security settings.

Read about other important topics on cybersecurity, compliance, and technology. Subscribe now to the Safe Systems blog to have the latest updates on banking trends and regulatory guidance conveniently delivered to your inbox.

09 Nov 2022
Best Practices for Ransomware Prevention and Recovery

Best Practices for Ransomware Prevention and Recovery

Best Practices for Ransomware Prevention and Recovery

In the world of cybersecurity, an ounce of prevention is worth a pound of cure—especially when it comes to ransomware. Ransomware attacks hit a new target every 14 seconds, disrupting operations, stealing information, and exploiting businesses, according to the Cybersecurity and Infrastructure Security Agency (CISA). As a result of ransomware attacks, US Banks paid out nearly $1.2 billion in 2021, which is up by 188% from 2020 according to the Financial Trend Analysis report [PDF] on ransomware from the US Treasury’s Financial Crimes Enforcement Network (FinCEN). But banks and credit unions that consistently implement best practices can effectively prevent and recover from ransomware attacks.

Prevention Strategies

The ideal strategy is to keep ransomware assaults from happening in the first place, but prevention can be tedious and challenging. As a general practice, institutions should identify and address known security gaps that can enable a ransomware infection. (If there is a loophole, hackers will eventually find it.) Since human mistakes are the root cause of most security breaches, providing ransomware training for employees is a crucial step that institutions can take to reduce their cybersecurity risk. Ransomware awareness training can help staff identify, respond to, and circumvent attacks as well as test their knowledge in a safe environment. Institutions can also limit their security risk by adhering to the principle of “least access” to grant employees the minimum levels of access or permission needed for their job.

As another best practice, institutions can also take a stricter stance on the technical aspects of cybersecurity. They can employ intelligent network design and network segmentation to limit risk by restricting ransomware intrusions to a portion of the network instead of the whole system. Institutions should also have overlapping security solutions to provide layered protection for their systems and networks. Then if a single security element fails, another layer will be in place to compensate.

Response and Recovery Tactics

Even with multiple protective measures in place, there is only so much financial institutions can do to avert a ransomware attack. When a breach happens, the institution must respond immediately to mitigate the impact. This includes implementing pre-established processes for incident response, vendor management, business continuity, and other key areas. Bank management, for example, should have an incident response program to minimize damage to the institution and its customers, according to the Federal Financial Institutions Examination Council (FFIEC) IT Handbook’s Information Security booklet.

Having pre-defined procedures to declare and respond to an incident can be essential to effectively containing and recovering from a ransomware infection. While incident containment strategies can vary between different entities, they typically include the isolation of compromised systems or enhanced monitoring of intruder activities; search for additional compromised systems; collection and preservation of evidence; and communication with affected parties and often the primary regulator, information-sharing organizations, or law enforcement, according to the FFIEC.

In addition, restoration and follow-up strategies for incidents should address the:

  • elimination of the intruder’s means of access
  • restoration of systems, programs, and data to a “known good state” (using available offline or offsite backups)
  • the initiation of customer notification and assistance activities consistent with laws, regulations, and interagency guidance
  • monitoring to detect similar or further incidents

Another step in the recovery process might involve notifying an insurance carrier—if the institution has ransomware coverage. However, cyber insurance might not prove to be the ultimate remedy: A policy exclusion could keep the carrier from paying the claim. Or the settlement amount may not fully compensate for the institution’s intellectual property losses, revenue reduction, tarnished reputation, and other damages.

Augmenting Internal Resources

With the growing complexity of ransomware, it can be challenging for institutions to react to and recover from a cyberattack. However, those with limited internal resources can get help from a third-party cybersecurity expert to manage the process. Safe Systems, for instance, offers multi-layered security services that make it easier for community banks and credit unions to enhance their cybersecurity posture, so they can be better equipped to prevent, respond to, and recover from a ransomware attack. For more information about this critical topic, read our white paper on “The Changing Traits, Tactics, and Trends of Ransomware.”

27 Oct 2022
Social Engineering Scams - It Could Happen to You

Social Engineering Scams – It Could Happen to You!

Social Engineering Scams - It Could Happen to You

Many of us have heard the story about the fake printer repair person who shows up at the office to fix an issue with the intent to gain access to a secure area and collect confidential information. In reality, these things don’t really happen, right? At least not to small businesses or individuals…maybe this happened once to a large corporation and received a lot of press? This level of social engineering doesn’t really happen to someone like me, or does it?

Here’s What Happened to Me

My personal story involves a person visiting my house, a letter in the mail “from the government”, and a friend request on a popular social media platform from someone I knew 20 years ago. Each incident seemed innocent enough at the time, and on its own, did not raise any red flags. But as the events unfolded, I recognized a few mistakes that were made and realized that this was a coordinated effort and a scam!

It started with my doorbell ringing and my six-year-old yelling “Dad, someone’s at the door.” I answered the door to a well-dressed, very professional, middle-aged female with a smile and a government-issued badge around her neck. She promptly showed me the badge and explained she was there to ensure I had received a survey from the Department of Health and Human Services (DHHS). She explained it was important that I fill out the survey to provide the data needed for them to make decisions to properly serve their constituents.

I conduct many surveys at Safe Systems, so I empathized with her need for information and the effort it requires to get people to fill out surveys. I informed her that I had not received the survey she was inquiring about. She then handed me a sample copy of the survey and said that my actual form would have a randomly generated code to help them track when each family had filled out the survey. Even though the survey was anonymous, they used the code to track completion. When I stated again that I had not received the survey, she politely asked me to keep an eye out for it. She said she would check back next week to confirm I had received it. She complimented me on my house and walked away. Although I found the personal stop at my house odd, I didn’t notice any red flags at first. I simply thought this was similar to how they knock on doors for the census every 10 years.

Two days later, when checking the mail, I found a letter addressed to my wife and me. When I opened it, it included a survey that looked like the sample the lady had shown me a few days earlier, but this survey also had the randomly generated code that she told me about. I was still a little suspicious but planned on doing some research online to see if everything checked out.

A few days later, I received a friend invite on Facebook from someone I had not spoken to in 20 years. I’m not a big social media person but I do have a few accounts to keep up with different family affairs. Once I accepted the invite, this person started asking me about life and family. He didn’t ask anything personal, just general questions about how everyone is doing, jobs, etc. He seemed chattier than I remember him from 20 years ago, but we all change over time. I was cordial with my responses but not overly responsive. Over a few days, I got several short messages from him, then I get hit with this question, “have you filled out the DHHS survey?” He said he had seen my name on a list of people who had not completed it, and since he knew me, he thought he would reach out. RED FLAG!

The last I knew he didn’t work for the DHHS so how would he see my name on a DHHS survey list? And how could he be sure I was the same guy he knew 20 years ago living in a different town? Everyone who knows me, knows I go by my nickname. Very few people know my official birth certificate name, which is what was used on the DHHS survey. So, the odds of my name jumping off the page at him is unlikely. RED FLAG! I was curious about where this was going so, I continued the conversation, but guardedly. I admitted I had the survey but had not had a chance to fill it out yet.

Not wanting to let on that I was suspicious of him and the survey, I lied and said I would get around to it at some point. His response was the clincher for me that this was a scam. He said, “Great, just don’t want you to miss out on all the money I got from doing it.” Suddenly, there is money involved with filling out this survey which had not been mentioned anywhere. BIG RED FLAG! Also, it is very unlikely that someone filling out the survey would see a list of others who had received it, especially if it was supposed to be anonymous. RED FLAG!

I decided at this point, I wanted to know how far they would take this scam. I started chatting with him about some trip we went on years ago and how great it would be to do it again (but the truth was we never went on any trip). I never heard from him again, and his Facebook account was deleted and removed 2 days later.

It is important to discuss his Facebook page, as it not only had pictures of him and his family but also indicated that we had a single “mutual friend.” This was meant to convince me of his authenticity but should have also raised a RED FLAG considering how much overlap there was in the people we knew. Apparently, someone had stolen the pictures from his Facebook page and created a new account. I later recalled I was already friends with him on Facebook and compared his actual page to what I had seen on the fake account. They were identical if you just looked at the profile picture and the last post or two. There was almost no history on the fake account, but I had not paid attention to this RED FLAG at the time.

Social Engineering Can Happen to Anyone

In the grand scheme of things, I’m your average American stereotype. I live in a small neighborhood in suburbia with a minimal presence on the internet. Why would anyone have any interest in me? Yet, with no reason to target me, someone came to my house, mailed me a letter, set up a fake profile of someone I knew 20 years ago, and created an elaborate scheme to get me to fill out a survey that asked for personal information.

The moral of the story is if it can happen to me, it can happen to you, your family, and your business! Don’t assume these things only happen to others or large corporations. Social engineering schemes are very real, and they can work if you don’t have your guard up!

As we reach the end of Cybersecurity Awareness Month 2022, I thought this would be an appropriate story to share. As you can see from my story, social engineering can be very elaborate and can use means that are outside of the internet to deceive you into providing access to confidential or personal information and/or your computer systems. So, awareness is key. In the spirit of this month, I hope my story serves as a reminder to talk to your employees and customers about recognizing red flags and staying safe online.

25 Oct 2022
Tips from Cybersecurity Awareness Month 2022

Tips from Cybersecurity Awareness Month 2022

Tips from Cybersecurity Awareness Month 2022

Cybersecurity Awareness Month 2022 is reminding individuals and organizations that there are a variety of ways to protect their data—and practicing the basics of cybersecurity can make a huge difference. This year’s campaign centers around an overarching theme that promotes self-empowerment: See Yourself in Cyber. The initiative’s co-leaders, the National Cybersecurity Alliance (NCA) and the Cybersecurity and Infrastructure Security Agency (CISA), are encouraging people to focus on four key behaviors:

  • Enabling multi-factor authentication (MFA) — Often called two-step verification, MFA is an effective security measure because it requires anyone logging into an account to verify their identity in multiple ways. Typically, it asks the individual to enter their username and password and then prove who they are through some other means, such as providing their fingerprint or responding to a text message.
  • Using strong passwords and a password manager — All passwords should be created so that they are long (consisting of at least 12 characters), complex (including a combination of upper case letters, lower case letters, numbers, and special characters), and unique. This approach should be implemented with all accounts. Because we do more online today, it is possible to have hundreds of passwords to manage. And, if your passwords are long, unique, and complex as they should be, it can be impossible to remember and track them all. Using a secure and encrypted password manager is not only safer than using a physical notebook or a notes app to store your passwords, but it can also provide benefits such as alerting you of potential compromises and auto-generating new hyper-strong passwords that are stored along with the others.

A quality password manager should encrypt all passwords, require multi-factor authentication on your password vault, and not store the keys needed to decrypt the main password that unlocks your vault.

  • Updating software — Updates resolve general software issues and provide new security patches where criminals might get in and cause problems. You should update software often, obtain the patch from a known trusted source, and make the updates automatic if available.
  • Recognizing and reporting phishing — With the right training, you and your employees can learn to identify phishing, a scheme where criminals use fake emails, social media posts, or direct messages to trick unwitting victims to click on a bad link or download a malicious attachment. The signs can be subtle, but once suspect a phishing scam, you should report it immediately, and the sender’s address should be blocked.

Cybersecurity Resources

Cybersecurity Awareness Month is dedicated to providing resources to help individuals and organizations stay safe online. Businesses that need additional resources to address their specific needs can partner with an external cybersecurity expert. For example, Safe Systems offers a wide variety of compliance, technology, and security solutions to help community banks and credit unions safeguard their data.

Some of our cybersecurity products and services include:

  • Cybersecurity RADAR™: A web-based application combined with a team of compliance experts to help you assess your cybersecurity risk and maturity, using the standards set by the FFIEC’s Cybersecurity Assessment Tool (CAT) or the NCUA’s Automated Cybersecurity Examination Tool (ACET).
  • Information Security Program: A solution that allows you to build a customized, interactive, and FFIEC-compliant Information Security Program, complete with notifications, reporting, collaboration, approval processes, and regulatory updates.
  • NetInsight®: A cyber risk reporting solution that runs independently of your existing network and security tools to provide “insight” into information technology and information security KPIs and controls.
  • Security Awareness Training: Safe Systems has partnered with KnowBe4, a market leader who is in the business of training employees to make smarter security
  • Layered Security: Build a basic layered approach including a perimeter firewall with content filtering, email threat filters, an endpoint malware solution, and a robust patch management process, or add more sophisticated layers depending on your security needs.

In addition, we continue to provide access to trusted information related to technology trends, regulatory updates, and security best practices on our Resource Center. Our latest white paper focuses on the leading security risk to businesses today, ransomware. Download a copy of “The Changing Traits, Tactics, and Trends of Ransomware” to discover how to better position your institution to prevent and recover from a ransomware attack.

20 Oct 2022
Special Guest Speakers Share their Expertise on Key Banking Systems and Compliance Trends

Special Guest Speakers Share their Expertise on Key Banking Systems and Compliance Trends

Special Guest Speakers Share their Expertise on Key Banking Systems and Compliance Trends

Our first Customer Success Summer Series offered live webinars with special guest speakers who shared their industry knowledge to help our customers and other financial institutions enhance internal processes and key areas of their banking operations.

The Evolution of Phone Systems

Today businesses are facing the acceleration of remote working—Voice over internet protocol (VoIP), Virtual Private Networks (VPN), virtual meetings, and dynamic routing of phone systems based on the user’s location—all have become must-have requirements. Legacy telephone services are becoming more obsolete as some telecoms decommission analog technologies in favor of fiber pots and other alternatives. The old telephone system is evolving into a more modern option: unified communications as a service (UCaaS), which merges communication channels into a single cloud-based system. UCaaS offers all the necessary infrastructure, applications, and resources businesses need in an easily scalable solution. Unified communications tools can include chat, VoIP, text messaging, and online video conferencing.

UCaaS gives institutions the benefit of advanced functionality which allows employees to work remotely more efficiently, including things like the ability to check other users’ availability, reach people whether they are in the office or out in the field, and access the platform from anywhere. Another evolving facet in telecommunications is call center as a service (CCaaS), which also streamlines omnichannel communication and allows remote employees to work together as a call center team.

Given its flexibility and efficiency, it is easy to see why UCaaS is moving to the forefront of communications. There is a wide range of unified communications features, equipment, and prices and it is important for your institution to clearly define its unique needs to find a solution that will satisfy its requirements. It is also important to continue to evaluate your equipment and services every few years as technology and pricing continue to change.

Watch the recording of this webinar to gain a better understanding of UCaaS and other options so you can make the right choice for your institution.

2 Guys and a Microphone

Matt and Tom have both spent most of their careers focused on risk and regulatory compliance for financial institutions. We recorded their recent conversation which spans many topics including increased scrutiny on vendor management, continued focus on ransomware, and more.

Recent audit and exam trends continue to have a strong focus on third parties and proper vendor management. Examiners are considering the preponderance of fintechs, how much the average financial institution is outsourcing, and the inherent risk that originates from third-party vendors. Interestingly, their increased scrutiny may extend to any significant sub-service vendors that institutions may have. In addition, we are seeing questions arise about vendor management in the context of insurance. Cyber liability insurance applications are requesting more details about the management of vendors and other third parties.

There have also been some interesting audit and exam findings. For instance, one institution was encouraged to complete a post-pandemic/walk-through test or “dry run” of their pandemic procedures. This is curious considering all institutions have been in a “live exercise” for the past few years with the pandemic. Regardless, there is a good chance that the pandemic verbiage in your disaster recovery plan needs to be updated based on what has or has not been done in response to the current pandemic. And it is important to consider that an annual pandemic test will be a part of examiner expectations going forward along with the traditional business continuity, natural disaster, and cyber incident tests.

On the regulatory front, the new Computer-Incident Notification Rule went into effect on April 1, 2022, which is designed to give regulators early awareness of emerging threats to banking organizations and the broader financial system, including potentially systemic cyber events. The rule has two components:

  • The first part requires a banking organization to promptly notify its primary federal regulator of any “computer-security incident” that rises to the level of a “notification incident.”
  • The second part requires a bank service provider to notify each affected banking organization customer as soon as possible when the bank service provider determines that it has experienced a “computer-security incident” that has caused, or is reasonably likely to cause, a material service disruption or degradation for four or more hours.

In March, we hosted an in-depth webinar on understanding the requirements, recognizing gray areas, and preparing for unknowns. To help intuitions meet these requirements, we also created a detailed flowchart to understand when an event is severe enough to activate your Incident Response Team (IRT) and when regulators and customers should be notified.

Another regulatory trend to keep your eyes on is the increasing focus on ransomware industry-wide is prompting some state banking organizations to require institutions to use the Ransomware Self-Assessment Tool (R-SAT). The 16-question R-SAT is designed to help institutions evaluate their general cybersecurity preparedness and reduce ransomware risks. The R-SAT supplements the Cybersecurity Assessment Tool developed by the Federal Financial Institutions Examination Council (FFIEC). It will be interesting to see if more states begin requiring this additional diagnostic tool.

Watch the recording to hear more insights about INTrex, SOC Reports, and SSAE 21.

08 Sep 2022
What to Budget for in 2023

What to Budget for in 2023

What to Budget for in 2023

Marty McFly (the lead character in “Back to the Future”) could not have predicted the world we live in today. Though the movie’s portrayal of flying cars, floating hoverboards, and shoes that lace themselves may have been a little far-fetched, we now have IoT, the Internet of Things. This powerful networking capability connects everything in our lives to a single electronic device that can be held in the palm of our hands. I can open my garage door, adjust the temperature of my house, set my alarm system, and even check the status of the clothes in my dryer—all from my mobile phone. Predictions are always a synthesis of art, science—and uncertainty. None of us truly knows what tomorrow will bring. We just know it will look a little different than it did today. With that in mind, it’s almost budgeting season, so here are my predictions for the top areas your bank or credit union should consider budgeting for in 2023:

1. Compliance Services

Compliance continues to be a strong focus for many community financial institutions. It’s important to be able to evaluate all your policies and programs to see where you may need assistance before your next exam. If you aren’t sure if your policies and programs are keeping up with regulations, you may want to hire a third party to provide an objective perspective. Companies like Safe Systems will often conduct a review as a courtesy or for a nominal fee.

You should also consider investing in these two popular compliance services that have gained traction in recent years:

  • Virtual ISO: There are several service models available, so make sure you find the one that matches your institution’s needs. (Check out our recent webinar that walks you through the pros and cons of three virtual ISO models.) For instance, Safe Systems’ ISOversight service includes a dedicated compliance specialist, along with a suite of online compliance applications to help you develop and manage your vendors, business continuity plan, Cybersecurity Assessment Tool, and information security program.
  • Vendor Management: Your assessment of a vendor should define what controls are needed to effectively mitigate risks posed by each vendor. Some critical or high-risk vendors may require reviewing documents like contracts, financials, or SOC 2 audit reports. Evaluating these documents can feel daunting because it can be time-consuming and understanding each type of document can require a different skill set. Many institutions are offloading the document review process to third-party companies to help them identify the key information in each document and better manage risk.

2. Supply Chain Issues

The supply chain issues that started during the middle of the pandemic have continued through 2022. Servers, switches, firewalls, and other hardware devices are still in limited supply. For 2023, continue to plan and order hardware well in advance of your needs. If you wait until you need it, you may encounter delays. Six months is the current lead time for certain devices. Also, when replacing a workstation in 2023, evaluate whether a laptop or desktop computer would be the best replacement. While laptops introduce some new risks due to their mobility, they also allow flexibility for users. If a laptop will enable an employee to work remotely during a disaster or pandemic, it may be more beneficial to switch to this laptop to optimize your hardware investment.

3. Cloud Security

Cloud security should continue to be top of mind. Although the Cloud offers plenty of advantages, it comes with numerous control settings, management tools, and security options that must be effectively configured and maintained to ensure the highest level of protection. This should be a key area of concern for not only institutions with infrastructure in the Cloud, but also those with M365 licenses—which include Exchange Online, SharePoint, OneDrive—or those using Microsoft Azure Active Directory as an authentication platform through a third-party provider. Too often institutions only think about hosting servers in the Cloud when it comes to cloud security. While moving infrastructure to the Cloud is a current trend, almost all institutions store some information there. Safe Systems has worked with several institutions with assets ranging from $100 million to multi-billion dollars and found that almost all of them had gaps in their cloud security when it comes to their cloud tenants. Some institutions had their email or user accounts compromised while others had the wrong M365 security settings in place, which left the door open to future compromises. Safe Systems’ CloudInsight suite of products includes M365 Security and Utility Basics solutions to detect common risks and help institutions better manage the increasing array of M365 security settings and controls. These reasonably priced options deliver a substantial amount of value, so contact us for a quote to determine if our CloudInsight solution will fit into your budget next year.

4. Cybersecurity

Cybersecurity must stay top of mind for both your institution and its employees. If you do not have a solution to train and test your staff on information security best practices, consider investing in one next year. These are typically not expensive solutions, and they provide exceptional value—as well as critical protection. It is estimated that cyberattacks are 300 times more likely to be targeted against financial services firms than other companies. If that isn’t enough to keep you up at night, then consider that Cybersecurity Ventures expects global cybercrime costs to reach $10.5 trillion annually by 2025—and will be more profitable than the global trade of all major illegal drugs combined. Remember, where the money is, the crooks will follow. Every year you must evaluate your current security layers and decide if they are still effective and if you have enough of them in place.

“If it were measured as a country, then cybercrime—which is thought to have inflicted damages totaling $6 trillion USD globally in 2021—would be the world’s third-largest economy after the U.S. and China.”

Preparing for next year requires you to first evaluate where you are this year. You could decide to simply “rinse and repeat” what you did this year, but that would be a missed opportunity to really understand what is working, what isn’t, and what can be improved. Also, consider your institution’s short- and long-term plans. Sometimes what makes sense today doesn’t make sense when compared to your future plans for growth, increased redundancy, and more. While you can’t predict the future, you can at least ensure your 2023 budget reflects your best guess for where your institution is headed.

01 Sep 2022
Addressing the Growing Ransomware Problem

Addressing the Growing Ransomware Problem

Addressing the Growing Ransomware Problem

Ransomware has become the leading cyber threat to businesses today—and it is growing at an alarming rate. Threat actors, who often work in groups, continue to evolve and create different ransomware strains. They rebrand themselves and resurface under new identities, making it difficult to curtail their criminal activities. Ransomware has continued its upward trend with an almost 13% rise—an increase as big as the last five years combined, according to the 2022 Verizon “2022 Data Breach Investigations Report.” And the FBI’s Internet Crime Complaint Center Annual Report stated recorded 3,729 ransomware complaints in 2021 with adjusted losses of more than $49.2 million.

The pervasive nature of the ransomware problem affects all types of companies, sectors, and industries worldwide. Approximately 37 percent of global organizations were targeted by a ransomware attack in 2021, based on the IDC’s “2021 Ransomware Study.” And in February 2022, the Cybersecurity and Infrastructure Security Agency (CISA) reported that fourteen of the 16 US critical infrastructure sectors had ransomware incidents.

The Impact

Ransomware is malicious software or malware that locks victims out of their computing devices or blocks access to files until they pay a ransom. More sophisticated versions can encrypt files and folders on attached drives and even networked computers, raising the stakes even higher. (In all cases, the FBI does not support paying a ransom in response to a ransomware attack.)

Typically, ransomware gets installed on a workstation using a social engineering technique such as phishing. It tricks people into clicking on a link or opening an attachment and disclosing their login information or even financial data. Regardless of the threat vector used, a ransomware infection can wreak havoc on victims, causing extensive business interruptions, legal expenses, and reputational damage. According to IBM’s Cost of a Data Breach 2022 report, the average cost of a ransomware breach, not including the ransom payment, declined slightly, from USD 4.62 million to USD 4.54 million. However, the frequency of ransomware breaches has increased — from 7.8% of breaches in the 2021 report to 11% in the 2022 study. In certain industries, an attack may be considered a data breach and involve even more negative consequences. For instance, financial institutions and other critical infrastructure agencies may be required to pay fines for an attack due to their failure to protect clients’ data.

Cybercriminals are shifting away from ransomware attacks that merely demand a payment to unlock the victim’s data or device. They are focusing on more multidimensional extortion methods to extract a larger reward. IBM Security’s 2022 “X-Force Threat Intelligence Index” report indicates that virtually all ransomware assaults today are “double extortion” attacks that demand a ransom to unlock data and prevent its theft. Some attackers opt to exfiltrate sensitive data, so they can present additional ransom demands in the future. They may also sell personal data—credit card numbers, email addresses, online credentials, or bank account information—to make the fraud even more lucrative.

Best Practices

Security is a complicated issue, which makes staying on top of threats and vulnerabilities challenging. Financial institutions must complete a myriad of time-consuming and complex tasks to maintain a strong security posture. Addressing ransomware can be particularly difficult for community banking institutions with limited internal technical expertise and resources. And there is only so much an institution can do to stay vigilant against ransomware threats.

However, institutions can reduce their risk by implementing some key security strategies such as:

  • Having a well-trained staff because most ransomware intrusions are caused by human error.
  • Having overlapping security products and or services to cover the protection of systems and networks.
  • Having well-designed network infrastructure with security in mind.
  • Having a proper incident response plan that can be adhered to in the event of a breach.

Using a Managed Service Provider

Financial institutions that put mitigating systems, processes, and practices in place will be better positioned to prevent, detect, and recover from a ransomware breach. However, many smaller institutions may lack the resources and knowledge in-house to close security gaps and circumvent attacks. They can remedy the situation by employing the products and services of a managed service provider to strengthen their security posture.

Safe Systems provides a wide range of layered security solutions to help institutions address the risk of ransomware. Our security offerings include behavior-based vulnerability monitoring, advanced endpoint protection, vulnerable systems patching, next-generation firewalls, email software security, and staff training. These products and services deliver essential overlapping protection, and they are specially designed to meet the needs of community banks and credit unions.

Also, stay tuned for our upcoming white paper that will provide more data on the current state of ransomware and how banking institutions can better minimize the risks of an attack.

14 Jul 2022
How to Always Be Prepared for a Cyberattack

How to Always Be Prepared for a Cyberattack

How to Always Be Prepared for a Cyberattack

Cybersecurity attacks have been ramping up nationwide, and the FBI expects the trend to continue. Americans reported 847,376 complaints in 2021, a 7-percent increase from 2020, according to the FBI’s Internet Crime Complaint Center’s 2021 Internet Crime Report. Many of the complaints filed in 2021 involved ransomware, phishing, data breach, and business email compromise. Financial services is one of the critical infrastructure sectors that are most frequently targeted by ransomware attacks.

However, here are five best practices that if effectively implemented, managed, and monitored can ensure that your financial institution is always prepared for a cyberattack:

1. Authentication

Passwords have become more complicated to create, remember, and maintain. Twenty years ago, passwords consisted of a simple string of characters. Now they are more complex, requiring a combination of numbers, symbols, and upper- and lower-case letters. Increasingly, user management tools allow institutions to take advantage of robust authentication options like multifactor authentication (MFA). MFA adds extra elements and more security to the sign-on process, which is why users should employ it whenever possible to log in to any network or system at your institution. This is especially important for higher-risk situations that involve network administrator accounts, virtual private network access, and critical management applications.

MFA is one of the most important cybersecurity practices to reduce the risk of intrusions. Users who enable MFA are up to 99 percent less likely to have an account compromised, according to a joint advisory issued by the FBI and Cybersecurity and Infrastructure Security Agency. “Every organization should enforce MFA for all employees and customers, and every user should sign up for MFA when available,” the advisory states.

2. Patch Management

Patching can be a constant and tedious process as it requires keeping up with updates from numerous sources and applications. This can entail patching a plethora of Microsoft products, along with banking and lending applications, PDF readers, virtualization applications, database applications, ATM software, and more. Not patching a security hole in any of these could lead to a massive security breach with catastrophic implications for institutions. It’s imperative to maintain a list of all approved applications and monitoring software on the network as well as have an update policy and a clearly defined process for each application. Major breaches have happened because a single patch was missing on a single device. Patch management cannot be ignored or treated as an afterthought.

3. Email Security and End User Best Practices

Understanding email, specifically phishing techniques, is one of the most critical aspects of being prepared for a cyberattack. While financial institutions are frequently targeted by phishing attacks, following these best practices can help to prevent business email compromise:

  • Augment your email solution with effective scanning software. This can help identify SPAM and phishing emails before they reach employees.
  • Train employees to recognize phony phishing emails, so they can “think before they click.” These bogus emails can be difficult to spot unless you know what you are looking for; e.g., poor grammar and spelling, links that don’t match the domain, unsolicited attachments, etc.
  • Test employees to see how well they respond to a realistic phishing attempt. Invest in a program that lets you send fake phishing messages and track which employees fail the test, so you can offer additional training to those who need it.

4. Backups

Backups play a crucial role in file recovery, disaster recovery, and ransomware attacks. To successfully bounce back from a cyberattack, institutions need to have all backup scenarios sufficiently covered, including file-level backups, disaster recovery backups, Veeam backups (for virtual servers), and SQL/database backups. While most institutions use a combination of different backup solutions, the key objective is to back up files offline or in the cloud, so they are not connected to your network. Then if a ransomware attack strikes the network, your offline and cloud backups will not be affected.

5. Vendor Risk Management

Vendor management can have a dramatic impact on the overall success of your information security plan. If you outsource to a vendor with inadequate security protocols, their weakness essentially becomes your weakness. The first step in vendor risk management is to perform a risk assessment to evaluate your level of inherent risk. This must always be done first so that you can then identify and implement the proper controls. If the controls selected do not completely offset the risks identified, then alternate or compensating controls would need to be identified to achieve a level of residual risk that is within your risk appetite.

There’s no silver bullet when it comes to resisting a cyberattack but focusing on the five areas above can significantly increase your institution’s cyber resiliency. Safe Systems offers a range of technology, compliance, and security solutions that are exclusively designed for community banks and credit unions. Contact us to learn how we can help you implement these five and other best practices.

30 Dec 2021
Our Top Blog Posts of 2021

Our Top Blog Posts of 2021

Our Top Blog Posts of 2021

With a new year approaching, it’s a good time to review some of the key discussions from the past year. Read these highlights from our top blog posts of 2021, to help your financial institution refine key operational strategies for 2022 and beyond:

1. 2021 Hot Topics in Compliance: Mid-Year Update

Although the COVID-19 pandemic isn’t over, financial institutions have learned valuable lessons so far. Key impacts have been primarily operational, involving risks related to temporary measures taken to weather the crisis. In addition, there are important compliance trends and new regulatory guidance institutions should anticipate going forward. Ransomware cybersecurity has been a key area of focus for regulators, and given the recent high-profile cyber events affecting the industry, their scrutiny will likely increase in the future. This will be reflected, in part, by the number of (and types of) assessments that regulators might expect institutions to perform annually. These assessments from various state and federal entities include the Cybersecurity Assessment Tool (CAT), the optional Ransomware Self-Assessment Tool (R-SAT), the Cybersecurity Evaluation Tool, and the modified Information Technology Risk Examination for Credit Unions (InTREx-CU). In addition, there have been major shifts with cyber insurance, and the FFIEC released a new Architecture, Infrastructure, and Operations booklet in its Information Technology Examination Handbook series. Read more.

2. The 4 “R’s” of Disaster Recovery

Maintaining an effective approach to disaster recovery can help financial institutions satisfy regulatory requirements, better protect themselves from the effects of negative events, and improve their ability to continue operating after a disaster. There are four important “R’s” that institutions should concentrate on for disaster recovery: recovery time objective ( RTO ), recovery point objective ( RPO ), replication , and recurring testing .

RTO is the longest acceptable length of time a computer, system, network, or application can be down after a disaster happens. When establishing RTOs, prioritizations must be made based on the significance of the business function and budgetary constraints. The RPO is the amount of time between a disaster occurring and a financial institution’s most recent backup. Essentially, the RPO will be determined by the institution’s technology solution and risk tolerance. DR replication entails having an exact copy of an institution’s data available and remotely accessible when an adverse event transpires. The best practice is to keep one backup copy onsite and another offsite in a different geographic location that’s not impacted by the disaster. Recurring testing allows institutions to identify key aspects of their DR strategy and adjust as needed to accomplish their objectives. Regular testing can expose potential problems in their DR plan so they can address these issues immediately. Read more.

3. Segregation of ISO Duties Critical to Network Security and Regulatory Compliance for FIs

It’s crucial for financial institutions to maintain distinct duties between their information security officer (ISO) and network administrator to ensure network security, regulatory compliance, and the health of their operations. There should be at least one designated ISO who is responsible for implementing and monitoring the information security program and who reports directly to the board or senior management—not to IT operations management. The significance of segregating the ISO’s duties comes down to oversight: Separating ISO and network administrator tasks helps to create a clear audit trail and ensures risk is being accurately assessed and reported to senior management . It also allows the ISO to provide another “set of eyes” that help to maintain a level of accountability to management, the board, and other stakeholders. The ISO’s independent role primarily serves to ensure the integrity of an institution’s information security program . Financial institutions can also use a virtual ISO to create an additional layer of oversight on top of what they have in place internally. Read more.

Discover these and other key topics about banking compliance, security, and technology on the Safe Systems blog.

Or, subscribe now to be the first to receive the latest updates on banking trends and regulatory guidance directly to your inbox.

Subscribe to our blog


28 Dec 2021
Cybersecurity Insurance and Multi-Factor Authentication

Cybersecurity Insurance and Multi-Factor Authentication

Cybersecurity Insurance and Multi-Factor Authentication

Financial institutions are increasingly embracing cybersecurity insurance as an important aspect of their information security program. Cyber insurance can offer vital coverage to protect businesses from various technology-related risks. Data breach insurance, for example, helps companies respond if personally identifiable information gets lost or stolen from their computers—whether intentionally by a hacker or accidentally by an employee. Cyber liability insurance offers expanded protection to help businesses prepare for, respond to, and recover from cyberattacks.

As cybercrimes continue to intensify, more cybersecurity insurance companies are calling for organizations to employ multi-factor authentication (MFA). Some carriers are even refusing to provide insurance quotes to companies that are not using this authentication method. From their perspective, MFA adoption makes perfect sense; it keeps unauthorized individuals from accessing sensitive information, reducing ransomware, data breaches, and other cyberattacks. This, in turn, minimizes insurance claims and saves carriers money.

For insurance providers, MFA is appealing because it lowers cyber risk by requiring users to verify who they are. The individual must furnish valid identification data followed by at least one other credential: a password, one-time passcode, or physical characteristics like their fingerprint or face. This strict authentication system allows organizations to certify people’s identity—before granting them access to sensitive information, an account, or other assets—and this can significantly strengthen their security.

While MFA is heavily promoted by many cyber insurance companies, an institution’s regulators may not require financial institutions to use multi-factor authentication. However, implementing MFA for a whole internal network may not be a simple task. Depending on the solution, it may require installing agent software to all the endpoints requiring MFA and configuring appropriate “break-glass” accounts for emergency use, which creates more infrastructure to be monitored and managed.

MFA Implementation Tips

To simplify MFA implementation, Banks and credit unions can apply a sequenced strategy instead of jumping straight to the internal network. As a first step, institutions can ensure MFA is turned on for all remote-access users, including creating endpoint control policies for their devices. The next logical step would be to lock down MFA for cloud applications. This includes Microsoft Online services like M365 (formerly Office 365) and Azure Active Directory (Azure AD). These solutions come with a variety of free security features that organizations can customize to their business requirements. Even at low licensing levels, these products allow MFA to be turned on for all users—which can be highly effective for averting business email compromise and ransomware attacks. But institutions will need higher-level licensing if they want to make conditional access policies based on the specific location, identity, or device of users. Azure AD Premium P1 and M365 Enterprise E3, for example, have a variety of advanced features that allow conditional access policies to be established to enhance security.

MFA is just one layer of security for banks and credit unions to consider. We hope this post provided some insight into applying MFA for both security and insurance purposes. To learn more about this topic and other security layers, listen to our recent “Ransomware, Cybersecurity, and MFA” webinar, hosted by our Chief Technology Officer, Brendan McGowan.

06 Dec 2021
How Layered Security Can Address Growing Cyberthreats

How Layered Security Can Address Growing Cyberthreats

How Layered Security Can Address Growing Cyberthreats

With the increasing complexity of cyberattacks, financial institutions need to implement more effective—and comprehensive—security measures. They need a variety of elements to create a layered approach to secure their data, infrastructure, and other resources from potential cyberthreats.

Many organizations rely on a castle-and-moat network security model where everyone inside the network is trusted by default. (Think of the network as the castle and the network perimeter as the moat.) No one outside the network is able to access data on the inside, but everyone inside the network can. However, security gaps may still exist in this model and others. The best approach to compensate for gaps is to surround the network with layers of security.

The basic “table stakes” for a layered security approach include a perimeter firewall with content filtering, email threat filters, an endpoint malware solution, and a robust patch management process. Banks and credit unions could also invest in additional and more sophisticated layers but each one will have associated acquisition and management costs, along with ongoing maintenance. So, it’s prudent for institutions to invest only in the number of layers/solutions they can competently manage.

Key Concerns

Today the top IT security concern for many organizations is ransomware. Due to the proactive measures many financial institutions have taken, the banking industry has fewer security breaches than health care and some other industries thus far. However, when a breach does happen to a financial institution, the impact is more costly than breaches occurring in other industries.

Four-Layer Security Formula

With these concerns in mind, here’s a four-layer “recipe” organizations can employ to improve their security posture:

  • Training and Testing: Using email phishing tests can serve as a good foundation for minimizing BEC and other social engineering threats.
  • Network Design: Institutions should refresh older networks to segment their components into different zones. It’s no longer sufficient to have servers, workstations, and printers sitting in one IP space together.
  • Domain Name System (DNS) filtering: DNS filtering prevents potentially damaging traffic from ever reaching the network. Because it proactively blocks threats, this makes it one of the most effective and affordable security layers institutions can apply.
  • Endpoint Protection: Institutions should have this type of protection on each of their endpoints, and the best endpoint protection tools have built-in ransomware solutions.

Other Important Considerations

It’s important to back up data regularly and ensure that those backups are well beyond the reach of ransomware and other threats. (Backups done to a local server that’s on-site and are still on the network may be susceptible to ransomware.) One way to address this issue is to have immutable backups, which are backup files that can’t be altered in any way and can deploy to production servers immediately in case of ransomware attacks or other data loss. Another option is to send backups to a cloud solution like Microsoft Azure Storage, which is affordable and easy to integrate because there are no servers to manage.

Another crucial element in security is Transport Layer Security/Secure Sockets Layer (TLS/SSL) encryption protocol, which can be somewhat of a double-edged sword. About 80 percent of website traffic is encrypted to protect it from unauthorized users during transmission. Traditional firewalls don’t have the ability to scrutinize traffic against a content filtering engine, which means savvy hackers can hide ransomware and other dangerous content inside. But firewalls with advanced features are capable of TLS/SSL inspection; they can decrypt content, analyze it for threats, and then re-encrypt the traffic before entering or leaving the network.

There’s an array of security solutions that institutions can implement to establish layered protection against cyber threats. For more insights about this topic, listen to our webinar on “Cyber Threats, Why You Need a Layered Approach.”

23 Nov 2021
Importance of Security Layers

Importance of Security Layers

Importance of Security Layers

In the past, it wasn’t uncommon for organizations to maintain basic information security: a firewall, anti-malware software, and maybe a few other resources. But modern operating environments require financial institutions to go beyond limited measures and implement multiple security layers to protect their sensitive information, infrastructure, and other assets.

Today banks and credit unions have a variety of elements that comprise their computer networks, and these components require numerous security solutions for them to operate securely. There’s no such thing as having too many solutions—although some entities invest in more resources than they can competently manage. The most appropriate approach is for institutions to employ all the security layers they can afford to pay for and oversee effectively.

The security landscape has changed significantly over the years. With the evolution of technology, cybercriminals are launching more frequent and sophisticated attacks against organizations. (The bad guys have it easy; they only have to get it right once. Security professionals, on the other hand, have to get it right all the time.) Currently, the top security threats for financial institutions are a remote workforce, ransomware, and the Internet of Things devices like webcams, Amazon Alexa, and Google Chromecast.

Security Considerations

Financial institutions often select security products based on what their security posture requires to pass exams. But the emergence of new threats is motivating more institutions to select solutions not just based on examiner expectations, but to also consider what is essential for operational safety. Generally, the security products that institutions invest in are determined by their cost and ability to mitigate risk.

For the most part, the financial services industry is interested in solutions that require minimal management involvement and customization to be effective. The industry also tends to adopt solutions once they’ve reached a certain level of commoditization and are priced lower. For example, well-commoditized solutions like anti-virus agents and anti-ransomware tools allow institutions to protect against expensive threats for the minimum cost. An effective anti-malware agent—especially one with some specific anti-ransomware technology—is another essential layer for endpoint protection.

Ultimately, increased competition leads to technology innovation and consolidation. A good example of this is what’s happened with firewalls. Implementing a firewall used to equate to a simple router that separated public and private networks. Things evolved when people began adding dedicated appliances like intrusion detection and prevention systems, antivirus gateways, web content filters, and other technologies. Through commoditization, these different elements became consolidated into the firewall to create a unified threat management system. More recent innovations that allow institutions to inspect encrypted traffic and sandbox potentially hazardous traffic have ushered in the next-generation firewall.

Going Beyond Basic Requirements

A fundamental requirement for layered security is multi-factor authentication (MFA), which involves several elements for validating the identity of users. While some organizations have concerns about MFA negatively impacting user experience, the technology provides an advanced level of protection that strengthens security.

Transport Layer Security is now implemented to secure over 80% of web traffic. The TLS protocol is used to encrypt data between a web browser and a website. While this is great for user privacy, it prevents institutions from inspecting all user traffic for threats. Transport Layer Security (TLS) Inspection has become a more common—and critical—security tactic for financial institutions. TLS inspection allows institutions to decrypt and inspect TLS traffic, so they can filter out malicious information and protect their network.

The increased adoption of endpoint security and other innovative technologies is making it easier for financial institutions to implement a layered approach to security. Safe Systems offers a wide range of security solutions to help community banks and credit unions incorporate multiple levels of protection to enhance their security posture.

11 Oct 2021
What Financial Institutions Should Budget for in 2022

What Financial Institutions Should Budget for in 2022

What Financial Institutions Should Budget for in 2022

Many of us thought 2021 was going to be the downhill side of the pandemic. I recall working on a webinar presentation that we hosted last summer and including the words, “Now that the pandemic is behind us…” Obviously, I was overly optimistic. As we look ahead to 2022, we must acknowledge that the COVID-19 pandemic will continue to affect us to one degree or another. With that said, these budgeting ideas for 2022 may look somewhat similar to those for 2021, but there are slight variations based on current banking technology, compliance, and security issues.

1. Multifactor Authentication

Implement multifactor authentication (MFA) on all your email accounts wherever it is possible and appropriate. MFA can reduce the risk of having account credentials compromised by as much as 99.9%, making it one of the most effective measures you can use to protect your institution. There is typically a small cost for licensing and implementing MFA software. So, you can add MFA to your email accounts for a nominal cost and with minimal effort in most cases. If you are using Microsoft’s cloud email solution, for instance, implementing MFA can be as easy as changing a few minor settings. Another area to consider for MFA is logging into the domain account. There can be a cost associated with this as you will probably want to use a tool to help you manage the process. You can apply MFA only on accounts with administrator rights or on all users. But since many cybersecurity insurance companies are requiring MFA for accounts with administrator rights, using this stronger type of authentication might be your only option.

2. Laptops

With different variants of COVID-19 or other viruses popping up, remote work may still be an option for certain employees. Remote capabilities may even be necessary to keep the institution operating smoothly at times. Be sure you have the infrastructure in place for a partial remote workforce because the need could develop at any point. For this reason, you should consider providing laptops for all employees who could conceivably work from home. Start with those who need new devices. Then prioritize based on those doing the highest-level work necessary to keep the institution running. Laptops and encryption software, required for mobile devices, may cost slightly more but should not cause a huge increase in expenditures. In some cases, you may be able to reuse a desktop computer to replace an older workstation for an employee whose duties cannot be performed remotely.

And don’t forget… There is a chip shortage and high demand for laptops, which means it can take months to secure computers and other hardware. So, order any equipment you need well in advance to ensure you have the appropriate infrastructure in place to support staff that may need to work from home.

3. Moving to the Cloud

Having infrastructure in the cloud can be extremely beneficial, so slowly start moving your infrastructure to the cloud. Cloud infrastructure decreases the need for an employee to be onsite with the hardware, and cloud computing increases uptime. In addition, disaster recovery becomes easier and faster with cloud infrastructure. More than 90% of Fortune 500 companies are running at least some infrastructure in the cloud, primarily through Microsoft’s cloud computing platform: Azure. The cloud is the future of IT and infrastructure, and it makes sense for institutions that need reliable and resilient infrastructures. So, if you need to purchase a server next year, consider getting a quote for moving the server to the cloud instead.

4. Cloud Security

While the cloud offers plenty of advantages, it comes with settings, management tools, and security options that must be effectively configured and managed to ensure the highest level of security in the cloud. Cloud security is a concern for not only institutions with infrastructure in the cloud, but also for M365 Windows/Office licensees with OneDrive enabled, email in the cloud, or using Microsoft as an authentication mechanism with a third-party application. Earlier this year, the FDIC released a letter outlining the need to secure cloud configurations. Their cloud-security concerns are warranted. Safe Systems has worked with several institutions ranging from a hundred million in assets up to multibillion dollars in assets and found that almost every institution had gaps in their cloud security. Some institutions had indications of their email or user accounts being compromised; others had settings that could open the door to future compromises. Safe Systems worked closely with these institutions to develop an innovative M365 Security solution to address these issues with reports, alerts, and reviews. This unique product is specifically designed to help financial institutions manage their cloud setup now and in the future. In addition, it is a reasonably priced option for the substantial amount of value that it delivers. Institutions should reach out for a quote to determine if M365 Security could fit into their budget next year.

5. Virtual ISO

Another item to consider for your budget is virtual Information Security Officer or VISO services, which we also mentioned last year. These services have become increasingly popular as the landscape of information security has grown more extensive and complex. In many cases, institutions are finding it harder to keep up with the latest information security expectations, regulations, and trends. Safe Systems’ ISOversight service addresses this problem by combining applications for self-management with assistance from compliance experts to offer a VISO service at a competitive price. This type of service can be beneficial in many ways as it can provide structure, automation, accountability, assistance, and consistency throughout your information security program. It can also enable your institution to stay engaged, which is critical when an exam or audit occurs. VISO services, which vary in price depending on the work being performed by the third-party provider, are ideal for any institution with limited access to security expertise in-house.

6. Cybersecurity

You cannot have a conversation about budgets for next year without addressing the issue of cybersecurity. Consider this: Cyber-attacks are 300 times more likely to hit financial services firms than other companies, a recent Boston Consulting Group report indicates. Cyber-attacks continue to climb each year, with the global cybersecurity market expected to eclipse $300 billion by 2024, according to Global Insights. And cybersecurity has become even more precarious during the COVID-19 pandemic. The pandemic has created new opportunities for security breaches as the increase in remote work makes information security more challenging to manage. Unfortunately, institutions will need to increase their security layers and annual spending to address this issue. According to Computer Services Inc. (CSI), 59% of financial institutions will increase spending for cybersecurity this year.

In Conclusion

The threat to your institution’s data is as real today as it ever has been. Therefore, make sure you are applying these measures to strengthen your security:

  • Employee training to ensure adequate, effective, and safe practices
  • Perimeter protection to ensure the appropriate layers are enabled and all traffic is being handled correctly, including encrypted traffic
  • Advanced threat protection and logging to be able to identify how, if at all, malware or an intrusion created an incident
  • Backup and data redundancy to ensure ransomware cannot wipe out your data

Have a conversation with a security company you trust to ensure that, if you are the target of a ransomware attack, your business won’t sustain long-term damage. In other words, invest in cybersecurity now, so your institution won’t end up paying more later.

As you contemplate your budget for 2022, don’t just think about the items that others have put on your plate. Be sure to consider the changes that may have occurred at your institution—and the ones that may be coming—and have a plan to address these. All these changes can be exciting and make a major difference for your institution. But they can often be hard to get implemented if they are not budgeted for ahead of time.

10 Jun 2021
Resource Center

Technology, Compliance, and Security Best Practices – All in One Place

Resource Center

A few years have passed since we launched the Safe Systems online Resource Center, which provides community banks and credit unions access to a centralized knowledge base of materials that help you learn more about technology, compliance, and security best practices.

With a wide variety of content, ranging from videos to white papers to case studies, the Resource Center allows you to stay current with the latest trends and insights in the industry. For example, visit the Resource Center to view our latest webinar, infographic, or a short and timely blog. Come back often, as we add new content every week!

Just in case you missed our Resource Center reveal, or you would like a few more details on what it has to offer, please view the original blog post here.

08 Apr 2021
Why Security Solutions Fail and What Your Financial Institution Can Do to Stay Safe Featured Blog Image_Header Image

Proven Security Solutions to Keep Your Financial Institution Safe from Cybersecurity Threats

Why Security Solutions Fail and What Your Financial Institution Can Do to Stay Safe Featured Blog Image_Header Image

Like many other professional industries, the financial sector of business was forced to work from home due to the COVID-19 pandemic. With an unprecedented number of employees still working remotely, now more than ever financial institutions are susceptible to a cyberattack. The increased threat of a security compromise has prompted financial institutions and other organizations across the country to increase their cybersecurity posture to help prevent a future attack.

In a recent post, Safe System’s guest blogger, Keith Haskett, president and CEO of Rebyc Security, discusses 5 reasons security solutions fail, such as lack of multi-factor authentication or improperly configured spam filtering and what you can do to keep your institution safe. In case you missed the full blog, view it here.

02 Apr 2021
Is Cybersecurity Your Weakest Link

Is Cybersecurity Your Weakest Link?

Is Cybersecurity Your Weakest Link

Is Cybersecurity Your Weakest Link?

The financial landscape has changed drastically in the last 20 years, one of the most notable changes being the variety of financial services now being offered online. Although the wide-spread use of internet has made it possible to receive financial guidance from anywhere in the world, it has also created an environment where sensitive information and data could potentially be compromised by cybercriminals.

Today, professional hackers are spending more time and money than ever before to gain access to personal information for both monetary gain and “professional” recognition. The sensitive information that the financial services industry has access to continues to make them a prime target for hackers and other cybercriminals. Attacks can range from malware threats, DDOS attacks, phishing attempts and data breaches – all of which bad actors can use to commit fraud themselves or sell to a third-party.

Importance of Being Secure


Cybercrime continues to be a growing problem for banks and credit unions across the country. The impact of a cybercrime can be very costly for a financial institution, both financially and from a reputational standpoint. The main risks include theft or unauthorized access to sensitive customer information along with the disruption of normal business operations.

In addition, as the number of security threats continues to increase in the financial services industry, regulators are taking a closer look at financial institutions’ policies and procedures to ensure that they can effectively safeguard confidential and non-public information. As an example, the Federal Financial Institutions Examination Council’s (FFIEC) Cybersecurity Assessment Tool (CAT) is designed to ensure financial institutions are prepared in the event of a cybersecurity attack. The FFIEC CAT is now the guide regulators are using to examine institutions and determine their level of cybersecurity preparedness.

Some of the most common security threats financial institutions face today include:

Malware and Ransomware


Ransomware has established itself as one of the leading cyber threats for many organizations, but especially financial institutions. Using ransomware technologies, hackers can gain complete access and control over legitimate websites, often by encrypting data or programs, and extort ransom payments from victims in exchange for restoring access to the individual or business. Malicious software, or “malware”, is no longer characterized by simple aggravating popups and sluggish computer performance, but rather the encryption of all data on a machine, rendering it unusable.

Internet of Things (IoT) Attacks


Unsecured Internet of Things (IoT) devices such as DVRs, home routers, printers and IP cameras are vulnerable to attack since they are not required to have the same level of security as computers. To breach a financial institution, attackers will target insecure devices to create a pathway to other systems. Unsecure IoT devices are also used to launch distributed denial-of-service attacks (DDoS) against institutions. These DDoS attacks prevent legitimate users from accessing computer systems, devices or other online resources. The perpetrator floods the victim’s machine or network with false requests from various sources to overload the system and prevent legitimate access. A well-executed attack can interrupt a host of banking services including website access, ATM networks, and online banking platforms, in addition to internal systems and functions.

Phishing Scams


Phishing scams that specifically target financial institutions’ employees, attempting to obtain sensitive information such as usernames and passwords, have become increasingly common within the last few years. The goal of phishing is to direct employees to a fraudulent website where they are asked to share login credentials and other personal information. The information that employees are tricked into providing then allow for cybercriminals to read a bank or credit union’s critical information, hack into the employee’s bank and social media accounts, send emails on an employees’ behalf, and gain access to internal documents and customer financial information.

Lack of Third-Party Vendor Security


While a financial institution might have the right security systems and policies in place to protect itself and its customers from a cyber-attack, its third-party providers may not have the same level of security and diligence. This creates a major vulnerability for the financial institution. Without a proactive approach to vendor management, financial institutions are opening themselves up to increased levels of risk that can have a negative impact on the institution’s financial standing, compliance posture and overall ability to serve its customers. Federal regulators have issued guidelines to help institutions better understand and manage the risks associated with outsourcing a bank activity to a service provider. The FFIEC IT Examination Handbook was revised to help guide banks to properly establish and maintain effective vendor and third-party management programs.

Insider Threats


Often, all it takes is a disgruntled employee or ex-employee to release valuable security information and compromise system and data security. Additionally, cybercriminals are increasingly realizing success through bribery as a means to entice bank employees to give up their login credentials or other security information, allowing direct access to internal systems.

Lack of Employee Training and Security Expertise


The COVID-19 pandemic has certainly brought its share of challenges to the financial sector of business, including increased network vulnerability and internal threats as employees transitioned to a remote work environment. These changes required cybersecurity personnel to change their online security baseline and continuously adapt to the changing IT security landscape. With the increased popularity of remote work, company IT staff are encouraging employees to take charge of their own online security through testing and training. The training includes topics like the importance of password security and multi-factor authentication and helps employees understand their roles and responsibilities in protecting against security threats. Until this learning gap is resolved, financial institutions will continue to struggle to efficiently manage cybersecurity threats.

Combating Security Threats and Ensuring Institution Security


While cybersecurity has become a major point of discussion among professionals within the financial industry, the truth is that many financial institutions are too complacent when it comes to protecting themselves. With hackers using advanced technology, the “bare minimum protection” is no longer enough to keep sensitive information safe. To adequately protect against security threats, financial institutions must ensure that every device on the network has up-to-date antivirus software, adequate firewall protections and that all patches are up-to-date as a minimum requirement. In addition, financial institutions should also employ a layered security strategy, from the end-user to the internet to establish a secure IT environment. Adding preventive, detective and responsive layers to IT security strategy will help strengthen an institution’s approach and build an effective security foundation.

A uniquely tailored layered security approach enables financial institutions to:

  • Monitor antivirus for servers, workstations, and off-site laptops
  • Use services that evaluate site lookups to avoid exposure to compromised websites
  • Scan the network for vulnerabilities and detect unusual activity against hackers and rogue employees
  • Block access to all external ports while also monitoring the access of various machines
  • Meet government regulations and requirements
  • Counter extortion threats by preventing a hacker from holding your customer’s personal data for ransom with special customized software for stopping ransomware
  • Patch machines, encrypt laptops, and install alerts on new devices plugged into the network

The security landscape is constantly evolving, and it is imperative to have a solid security plan in place that accounts for this evolution. It should be a fluid document that is frequently reviewed, updated and that specifically outlines administrative, technical, and physical controls that mitigate evolving risks. It is also important to test the full plan on a regular basis to ensure all procedures can be executed successfully and verify that all regulatory requirements are met.

Managing Security Needs


Many community banks and credit unions find that managing the security needs of their organization can be a time-consuming and challenging task. To help augment the security responsibilities, these institutions are turning to financial industry-specific IT and security service providers to act as an extension of their organization, provide timely support, and help the financial institution successfully design and execute a comprehensive security strategy. The right solution provider couples security measures with an understanding of and support for the unique security and compliance demands of the financial industry.

At Safe Systems, we believe that proactively protecting customer data will always be more cost effective than falling victim to malicious activity. To that end, we have the unique expertise to ensure that financial institutions employ the right combination of both broad and specific security products to create an ecosystem of protection. Safe Systems helps secure an organization’s endpoints, devices, and users by assessing vulnerabilities, detecting unwanted network activity, safeguarding against data loss, and preventing known threats while staying ahead of developing ones.

18 Mar 2021
Top Phishing Scams and Emerging Trends Your Bank or Credit Union Staff Should Be Aware of

Top Phishing Scams and Emerging Trends Your Bank or Credit Union Staff Should Be Aware of

Top Phishing Scams and Emerging Trends Your Bank or Credit Union Staff Should Be Aware of

Phishing—the practice of using fake emails and other schemes to obtain sensitive information or data, such as usernames, passwords, or credit card details—continues to be one of the most prevalent security threats today. This blog covers some of the top phishing scams, as well as some new trends, that banks and credit unions should know about, so they can better protect themselves.

Top Scams

One of the most widespread and potentially devastating types of phishing scams is “impersonation phishing,” according to the Q1 2021 Financial Crime Report by Feedzai, a data science company that prevents, detects, and remediates fraud risk for financial institutions. With this tactic, cybercriminals target people by a phone, text, or email claiming to be from a financial institution or government agency. The objective: Convince the potential victim to make some kind of payment, which will enable the culprit to access the person’s credit card or financial account. Or the impersonator might send a “Suspicious Account Activity”’ email from a financial institution, asking the targeted individual to log into their online account and verify a transaction. Then when the person logs in using the button or link provided in the email, the attack ensues.

Spear phishing is another common con that financial institutions should have on their radar. Almost two-thirds of all known groups carrying out targeted cyber attacks use spear-phishing emails, according to Symantec’s 2019 Internet Security Threat Report. Many of these attacks originate from hijacked business email accounts, and as a result, can be quite effective. The perpetrator normally already knows some information about the recipient, so the fake emails appear to be legitimate.

Clone phishing, a variation of spear phishing, involves the attacker recreating or cloning a legitimate and previously opened email with a new attachment or link included. The duplicated email is then sent with an infected attachment that can be used to control or steal information once clicked or downloaded.

Top Emerging Trends

A new approach that banks and credit unions should know about is “vishing” (or voice phishing). Cybercriminals are now using Voice over Internet Protocol (VoIP) platforms to launch vishing attacks against employees worldwide, the FBI warns. In these cases, vishers try to get users of VoIP platforms to pick up the phone and authenticate themselves on a phishing website designed to steal their credentials. Vishing scams have now evolved to the point where perpetrators are successfully faking caller IDs and pretending to be someone else.

We are also seeing phishing scammers modifying their basic tactics. Many are now sending emails that simply ask for “urgent attention” rather than payment transfers, which suggests they are altering their approach to bypass standard fraud-prevention methods. They’re also using strategies like the “Zombie Phish” which involves taking over an email account and responding to an old email conversation with a new phishing link. Additionally, phishers have started using shortened URLs, which have an easier time getting past filters and vigilant employees.

As an evasive strategy, attackers link potential victims to the websites of trusted cloud filesharing services like SharePoint and OneDrive. Consider this: More than 5,200 SharePoint phishing emails were reported in a 12-month period, along with almost 2,000 attacks involving OneDrive, according to Cofense Intelligence’s Q3 2020 Phishing Review. More advanced phishing campaigns are also employing unusual attachment types to elude the controls imposed by secure email gateways. For example, .iso files are being renamed to .img files to sneak malware through a gateway.

Ultimately, the best defense against phishing is human intelligence, so training employees to detect this type of fraud is essential. Financial institutions can also take advantage of third-party information security services to strengthen their security posture against phishing attacks. Safe Systems, a national provider of fully compliant IT and security services, is enabling institutions to win the cyber battle against phishing through a full spectrum of solutions specifically designed to help community banks and credit unions enhance their security posture.

11 Feb 2021
Using Advanced Firewall Features and Other Technologies to Strengthen Network Security

Using Advanced Firewall Features and Other Technologies to Strengthen Network Security

Using Advanced Firewall Features and Other Technologies to Strengthen Network Security

A traditional firewall can only do so much to protect a network against the invasive security threats that financial institutions are facing. Add to that, cybercriminals are becoming more sophisticated and creative with their schemes, meaning banks and credit unions need more advanced defensive measures in place.

Malware and other cyber threats have been steadily increasing—especially against financial institutions, which are 300 times more likely than other companies to be targeted by a cyberattack, according to research by Boston Consulting Group. Institutions can capitalize on next-generation firewall (NGFW) features and other advanced technologies to increase the likelihood of warding off attacks, including:

Antimalware Scanning

Malware is intentionally designed for a perverse purpose: to damage a computer, server, client, or computer network. To keep malware at bay, banks and credit unions can use antimalware to thoroughly scan their computer network and detect and remove malicious ransomware, spyware, and other software that might be lurking on the system. Taking this proactive step can help institutions keep their network from being damaged, disrupted or compromised and overall improve the delivery of their services in a safe and secure manner.

Dynamic Threat Feeds

Threat intelligence data feeds can provide institutions with constantly updated information about potential sources of attack. Industry-specific feeds deliver up-to-date information on the latest security threats in the banking industry. Dynamic threat feeds make it easy for institutions to permit “good” network traffic in and “bad” traffic out while ensuring critical processes continue to work.

Dynamic threat feeds, essentially, take valuable parts of the information related to establishing connections and find similarities within them to act on potential or current threats. A key type of threat intelligence feed that institutions can implement are GEO-IP threat feeds. With this technology, a bank can map an IP address to the geographic location of an Internet-connected computing device. Then, they can analyze the Geo-IP data to detect threats from high-risk locations to improve their security posture. This analysis can be accomplished with processing times equal to less than a few milliseconds.

Another effective threat feed that institutions can use is IBM X-Force Exchange. This cloud-based threat intelligence platform allows banks to consume, share, and act on a variety of threat intelligences. IBM X-Force enables users to quickly research the latest security threats, gather actionable intelligence, consult with experts, and collaborate with peers. They can also integrate other tools to facilitate configuring feeds, providing a major benefit for smaller institutions with fewer resources. With dynamic threat feeds, banks and credit unions can have greater peace of mind with their firewall and security posture.

TLS/SSL Inspection

NGFWs offer capabilities that go beyond traditional firewalls, including inspecting TLS/SSL encrypted traffic. TLS/SSL technology helps protect online traffic; it creates an encrypted link between a web server and browser, ensuring the privacy of the data being transmitted. TLS/SSL inspection is important because it allows firewalls to scrutinize this encrypted web traffic and close holes in security. These security gaps could be exploited by would-be cybercriminals who attempt to use encrypted traffic for malware to circumvent the firewall’s inspections.

TLS/SSL traffic inspection allows institutions to decrypt traffic, inspect the decrypted payload for threats, then re-encrypt the traffic before it enters or leaves the network. Such deep content inspection can better protect institutions from internal and external risks. This makes TLS/SSL inspection the ideal defensive weapon against menacing malware and other security issues.


Sandboxing can also help institutions augment their network security efforts. Traditional firewalls evaluate traffic based on static factors like where it originated, it is destination going, and the port being used. However, these are no longer sufficient for combating modern security threats. Sandboxing—physically or virtually segmenting a system, network, or entire environment—creates a secure location to test and neutralize potential hazards. Having a safe space to “detonate” payloads for analysis results in less risk and damage to the production environment, and, ultimately, enhances network security.

For more information about using advanced firewall features and other technology to strengthen network security, read our “Improving Security Posture Through Next-Generation Firewall Features” white paper.

04 Feb 2021
Does Your Financial Institution Have the Right Security Layers in Place to Combat Today’s Threats?

Does Your Financial Institution Have the Right Security Layers in Place to Combat Today’s Threats?

Does Your Financial Institution Have the Right Security Layers in Place to Combat Today’s Threats?

In 2020, 80 percent of firms experienced an increase in cyberattacks, and the pandemic was at the root of a 238-percent spike in attacks on banks, according to Fintech News. In a world of ever-increasing cyberattacks, does your bank or credit union have the appropriate security layers in place to effectively thwart these threats?

There are some proven, preemptive measures that financial institutions should take, including:

Effective Log Analysis

Logs record every activity and event that occurs on a network, providing valuable clues about potential performance, compliance, and security issues. But it can be challenging for an institution to analyze, manage, and tailor all the log data that it receives—which can exceed millions of lines in just a 24-hour period. Without sufficient data analysis tools, information technology (IT) professionals are severely limited. They have to depend on their own processing capabilities to manually analyze data, which can be a labor-intensive, mistake-prone task.

Effectively managing log analysis has become more problematic with shifts in the security landscape: the expansion of security features, increase in firewall complexity, rapid emergence of new security threats, and constant growth in endpoints. This creates a situation that no security team can effectively manage on its own without some level of automated log collection and analysis.

With this technology, firewall logs are sent to a device that deftly collects and interprets the data. Information is then displayed in a format that is more readable, searchable, and useful for security engineers. While this process can go a long way toward improving the gathering of raw data, institutions can do even more to enhance their log management by building in additional security layers through the automated threat identification.

Log analysis automation equips security professionals to more effectively receive alerts about current and possible threats. Many banks and credit unions have limited personnel and expertise available to analyze their vast amount of traffic logs manually. But automated log analysis allows institutions to maximize their resources by leveraging more advanced technologies, like artificial intelligence (AI), cloud-based computing, and big data to collect alerts more efficiently.

Improved Education and Continuous Improvement

Staff training and education are also an important aspect of solidifying an institution’s security posture, and institutions can employ a variety of tactics to ensure their employees are better able to interpret and respond to alerts. Bank tellers, loan officers, and administrative staff all benefit from informative seminars, brochures, and other learning opportunities. Information security operations personnel can improve simply by calling on experienced colleagues to share their expertise in a more informal exchange of information. These combined efforts can help institutions minimize the number of threats and manage their operations more efficiently on a daily basis.

Financial institutions must also commit to continuous improvement in regard to their firewall security. While enhancing log analysis is not an exact science, there is value in institutions asking targeted questions to help determine the need for specific enhancements to help ensure that the most actionable and best information is being presented to the individuals who need to review it.

Integrating Advanced Technologies

Additionally, banks and credit unions should leverage next-generation firewall (NGFW) features and other advanced technologies – like dynamic threat feeds – to optimize their security initiatives, helping ensure they allow “good” traffic in and keep “bad” traffic out while maintaining critical processes.

NGFWs also enable financial institutions to perform functions beyond that of a traditional firewall, including deeper inspections of transport layer security (TLS) and secure socket layer (SSL) encrypted traffic. The practice of “sandboxing” to physically or virtually segment a system, network, or entire environment creates a secure location to test and neutralize potential threats.

Learn more about how your institution can incorporate the right security layers to combat today’s threats by downloading our “Improving Security Posture Through Next-Generation Firewall Features” white paper.

31 Dec 2020
Best Practices in Leveraging Firewalls and Encryption

The Importance of a Layered Approach to Financial Institution Security: Best Practices in Leveraging Firewalls and Encryption

What You Need to Know About Securing Azure AD

Over the last decade, we have seen major advances in the world of online security, mainly with the development of firewalls and encrypted data options.

Safe Systems hosted a live webinar earlier this month discussing how firewalls, encryption and other online security measures work; why a layered security approach is best in all situations; possible threats to each security measure; and what your financial institution can do to keep your information secure and uncompromised. In case you missed it, here are a few key points from the webinar.

What are firewalls and how did we get to where we are today?

Firewalls became a necessity when banks and credit unions started connecting all of their computers to the same network that was then connected to the internet. Firewalls functioned as the first line of defense – but were nowhere near the caliber of defense we have available today.

When attacks started to occur, it put company computers and the data stored on them in a compromised position. A need arose to come up with appliances that were either in line with the firewall or were an additive to the firewall’s system. The new appliances included IDS/IPS systems, AV Gateways and Web filters – all of which added new layers of security to the firewall.

Today, the latest generation of firewalls, known as Next Generation Firewalls, combines earlier firewall models and offers multiple layers of protection as part of the firewall service. However, some of the additional layers may be included by default and some require extra licensing to take advantage of specific features.

What is the layered security approach and how do today’s firewalls implement that strategy?

What we have learned over the last several years is that security solutions may be incredibly strong in some regards but have gaping holes in others. A layered security approach assists in closing those gaps and lessens the potential risks for an online attack.

What is encryption, how does it work and what can we do better?

Encryption is another aspect of the layered security approach. The two encryption types highlighted in the webinar are Secure Socket Layer (SSL) and Transport Layer Security (TLS), and while they use different nomenclature, the two encryption types are essentially the same – TLS is just a slightly new version.

The goals of TLS:

  1. Encrypt Data
  2. Authentication
  3. Data Integrity

In the last 5 years, there has been major growth in website encryption. It has expanded from being used only when a user types in their username and password to include approximately 90% of the most visited websites today encrypting all of their webpages.

Although having encrypted sites gives users a more secure experience, encryption has some unintended consequences. When traffic is encrypted between the website and the desktop browsing the site, the firewall cannot evaluate the traversing traffic. This means, in the past, a firewall could evaluate a large majority of web traffic. Now, the firewall can only evaluate about 10% of web traffic, because the rest is encrypted.

Bad actors have focused on these security holes and have built their malware to navigate encrypted traffic to get through the firewall and to the workstation. To fight this issue, TLS inspection can be implemented on a Next Generation Firewall to inspect the encrypted traffic passing through on a daily basis.

Today, with TLS inspection, firewalls can get back to inspecting a majority of web traffic farther than just 10% that isn’t encrypted today. This closes a major security gap many institutions may not even know they have.

What steps can you take to increase your online security?

Although there are several ways you can increase your level of online security, as of now, there is no software that guarantees you will not be compromised. However, in addition to encryption, you can take several steps to keep your online presence safe and secure.

A few of the steps you can take to fight malware are:

  1. Anti-Malware Scanning – an anti-virus engine that came about in the Universal Threat Management (UTM) devices. Anti-malware is a software program designed to prevent, detect and remove malicious software on IT systems.
  2. Sandbox Analysis Piece – an additive that enables a firewall to analyze a file and determine its risks level. If the file is determined to possibly be malicious, the file can be sent to the sandbox where the file can be detonated. If the file appears malicious after detonation, the file is blocked from being downloaded to the end user. If the sandbox determines the file is likely safe, the file is allowed to pass through the firewall to the end user for us.

To learn more ways to protect your institution, watch our recorded webinar, “Why You Shouldn’t Ignore Encryption.”

22 Dec 2020
3 Top Security Threats Financial Institutions Must Defend Against

3 Top Security Threats Financial Institutions Must Defend Against

3 Top Security Threats Financial Institutions Must Defend Against

Security remains one of the primary areas of concern for community banks and credit unions, according to our recent sentiment survey and based on responses, the top three security threats that keep survey respondents up at night are cybersecurity, information security and ransomware.

Here’s a synopsis of each of these security categories as well as some proven best practices that can help institutions address them:

#1: Cybersecurity

Cybersecurity is a broad area for financial institutions to truly master, especial smaller community banks and credit unions with fewer resources to devote to defending themselves – something that National Credit Union Administration Chairman Rodney Hood has even acknowledged.
In today’s world, cybersecurity threats are ubiquitous, with cyberattacks 300 times more likely to hit financial services firms than other companies, according to a recent Boston Consulting Group report. However, banks and credit unions can take advantage of a number of resources to strengthen their security efforts. Two valuable tools include the Cybersecurity Assessment Tool (CAT) from the Federal Financial Institutions Examination Council (FFIEC) and the Automated Cybersecurity Examination Tool (ACET) from the NCUA.

Institutions can also capitalize on the National Institute of Standards and Technology (NIST) Cybersecurity Framework to address cybersecurity issues. Not only can the Cybersecurity Framework help institutions properly evaluate their defensive capabilities, but it provides policies and procedures that can help them identify and even resolve security issues.

#2: Information Security

The goal of information security is to prevent electronic and physical data from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction. More specifically, information security is a set of strategies for managing the processes, tools and policies that are necessary to defend data when it is being stored and transmitted between different machine or physical locations.

The three basic principles of information security are what are known as the “CIA” triad: Confidentiality, Integrity, and Availability. “Confidentiality” relates to being able to identify who is trying to access data and block attempts by unauthorized individuals. “Integrity” entails maintaining data in its correct state and preventing it from being improperly modified—either by accident or maliciously. “Availability,” like confidentiality, equates to ensuring data can only be accessed only by users with the proper permissions.

Today, institutions face a variety of threats to their data security, including breaches, malware, and deceptive phishing emails that trick victims into divulging their private information. These types of attacks can have a detrimental and long-lasting effect on companies, such as a loss of customers, reputation, revenues, and profits.

Financial institutions are common targets of malware, phishing scams, and data breaches. About 50 percent of all unique organizations impacted by “observed” phishing domains were from the financial services sector, according to Akamai Technologies’ 2019 State of the Internet/Security Financial Services Attack Economy Report.

As a defensive tactic, organizations should implement a layered approach to preventing information security threats. This means employing multiple security measures, policies, and procedures, from patch management to secure software development. However, people can be the first—and best—line of defense, so educating employees about potential cybersecurity threats is crucial.

#3: Ransomware

As the name implies, ransomware is malicious software that is designed to block access to a computer system until the victim pays a sum of money. The ransomware threatens to publish the data or deny access to it either temporarily or permanently.

Regardless of how the attack is initially perpetrated, ransomware presents a serious threat to all types of organizations. It typically begins when someone downloads a malicious email attachment or visits an infected website. The ruse is often undetectable, so most victims are not aware the data breach is happening—until it is too late. Unfortunately, ransomware is difficult to stop, and it can take a huge toll on consumers and organizations, causing frustration, disruption, data loss, and financial damage.

The problem with ransomware is that it is both widespread in nature and costly to address. And ransomware attacks—along with other cyber scams—began surging during the COVID-19 pandemic, according to the July 2020 McAfee COVID-19 Threat Report. A recent example is Ransomware-GVZ, which displays a note and demands payment in return for decrypting the company’s compromised computer systems and the data they contain.

Fortunately, there are actionable steps financial institutions can take to defend their data against ransomware attacks. Some of the most practical measures include keeping operating systems patched and maintaining up-to-date malware software to detect potential threats. Another good practice: keep files backed up, so the data can be replaced if a hacker ever holds it hostage. However, the time to implement defensive data security strategies is before a cyberattack happens.

For more insight about these top three security threats and best practices to defend against them, download our Top 10 Banking, Security, Technology and Compliance Concerns white paper.

10 Dec 2020
Bank of Wrightsville Enhances Security a Next-Gen Firewall Solution

Bank of Wrightsville Enhances Security a Next-Gen Firewall Solution

Bank of Wrightsville Enhances Security a Next-Gen Firewall Solution

A firewall is a key defense measure to combat cyber threats and having the right firewall solution can provide financial institutions with top-rate protection to meet regulatory requirements as well as useful security tools to identify, analyze, and thwart malicious activity. But does your current firewall security meet these expectations and prepare your institution to scale and reach its IT strategic goals?


Leesa Anderson, Chief Technology Officer at Bank of Wrightsville, wanted to ensure her institution had the right tools in place to ensure network security, meet compliance requirements, and keep banking operations running smoothly. After an IT audit and third-party vulnerability assessment, it was recommended for the bank to update its firewall to include Secure Sockets Layer (SSL) inspection. However, at the time, this feature was not available on the bank’s current firewall solution. The bank knew it needed to find a new firewall product to improve the bank’s security posture and meet regulatory expectations.

“We needed to have SSL inspection set up on our firewall solution, but our provider at the time wasn’t offering this capability,” said Anderson. “We began looking for a solution that met all of the basic requirements for firewall protection but also included more of the next-gen features that could help us be more proactive and stay ahead of the curve with our perimeter security.”


After attending Safe Systems’ user conference, Anderson decided to take a closer look at Safe Systems’ Managed Perimeter Defense (MPD) next-gen firewall solution. The solution deploys powerful machine learning algorithms, SSL inspection capabilities, advanced reporting, and alerts to help financial institutions detect and combat malicious activity on the network. After careful consideration, Anderson selected and implemented MPD as the bank was looking to enhance its network security and needed new hardware as well.

Managed Perimeter Defense has provided many benefits to Anderson and her team. Read the full case study to learn how this next-gen firewall solution transformed Bank of Wrightsville’s firewall security and improved its compliance posture.

03 Dec 2020
How to Improve Network Security With Cyber Threat Intelligence Feeds

How to Improve Network Security With Cyber Threat Intelligence Feeds

How to Improve Network Security With Cyber Threat Intelligence Feeds

While industry-specific threat intelligence feeds keep financial institutions up to date on the latest security threats in the banking industry, the sheer amount of information collected can be challenging for community banks and credit unions to process efficiently. In this blog post, we outline three key information-sharing organizations that community banks and credit unions should consider utilizing and offer a few tips to improve cybersecurity processes as well.

Types of Threat Intelligence Feeds

According to the Federal Financial Institution Examination Council’s (FFIEC) Cybersecurity Assessment Tool (CAT), it is important for financial institutions to have processes in place to effectively discover, analyze, and understand cyber threats. Implementing bank-specific threat intelligence feeds provides financial institutions with industry-specific security information needed to meet this requirement. Here are a few of the top threat intelligence feeds:

1. Geo-IP Threat Feed

IP-based geolocation is a mapping of an IP address to the geographic location of an Internet connected computing device. Financial institutions can use IP geolocation data to monitor threats from high-risk locations and use this data to strengthen their cybersecurity posture.


FS-ISAC is an information sharing organization designed specifically for financial services organizations and financial institutions. The organization leverages its intelligence platform, resiliency resources, and a trusted peer-to-peer network of experts to anticipate, mitigate and respond to cyberthreats.

3. IBM X-Force

IBM X-Force Exchange is a cloud-based threat intelligence platform that allows organizations to consume, share and act on threat intelligence. With this platform, you can quickly research the latest global security threats, collect actionable intelligence, consult with experts and collaborate with peers.

Strengthening Your Cybersecurity Posture

Regulators expect financial institutions to belong to an information sharing organization or utilize a crowdsourced security feed because they believe that if institutions can share threat information they’re seeing in the industry, then other financial institutions of similar size and complexity will know how to deal with new and emerging security threats. However, there are two key issues with this concept:

  1. Financial institutions are receiving large amounts of information and don’t know what to do with it
  2. Financial institutions are consuming threat information but are not sharing security threats they’ve encountered with their peers

For smaller financial institutions with limited resources, engaging with a knowledgeable third-party provider that has a solid methodology in place to analyze all of the data disseminated from threat intelligence feeds and filter the information to identify key threats can be a great benefit to the institution’s cybersecurity efforts. It is equally important for these institutions to share cybersecurity threats or incidents they’ve encountered with information sharing organizations to ensure other financial institutions are informed, strengthening the banking industry as a whole.

For more information on enhancing your cybersecurity posture, view our cybersecurity resources.

15 Oct 2020
Top 4 Security Solutions for a Layered Approach to Cyber Incident Response

Top 4 Security Solutions for a Layered Approach to Cyber Incident Response

Top 4 Security Solutions for a Layered Approach to Cyber Incident Response

When an incident occurs, it is critical for financial institutions to have proper logging tools in place to contain and control the incident and provide evidence to key external stakeholders such as law enforcement, third-party forensics teams, cyber insurance companies, etc. However, not all financial institutions have an advanced centralized logging system to perform perfect, historical investigations to understand malicious activity on their networks.

Ideally, community banks and credit unions embrace the fundamentals of a layered approach to security and understand the capabilities and tools that they already have at their disposal that can prove useful and actionable.

In this blog post, we’ll discuss some of the most common questions our customers have when investigating threats and the key tools we reach for that provide the evidence and conclusive answers to those questions.

Firewall - Top 4 Security Solutions for a Layered Approach to Cyber Incident Response

1. Network Firewall

We often reach for this tool when a financial institution is working to determine if one of their employees may have received a phishing email or clicked a malicious link. They want to know: who got the email; which user was an entry point for a piece of malware; or when did they connect to it? Relying on the memory of the user often doesn’t provide the detailed information needed to take action and find the true source of the problem. Logs, however, offer deeper insights. If we know the specific workstation or outside IP address, we can then look it up and decipher the entire transaction.

Firewalls, by their nature of design, generate a significant number of logs. The downside is that the sheer volume of logged content is very high and it’s difficult for any human to monitor and manage this amount of data effectively on their own without automated tools. Many community financial institutions are outsourcing firewall management to third-party providers that have created logging infrastructure just for the firewall to store the logs and make the data searchable and readable.

Antimalware - Top 4 Security Solutions for a Layered Approach to Cyber Incident Response

2. Endpoint: Antimalware

Antimalware and antivirus agent tools help financial institutions track down the precise point from which malware and viruses originated. Some of these have better logging capabilities than others, but many of them feature impressive investigative tools. We often reference this tool when a customer says: “I think someone might have opened an attachment they weren’t supposed to,” or “I think we might have some sort of infection that might be spreading, can you check it out for us?” With our antimalware tools, we’re able to track down exactly where it originated; who clicked what; and identify the actual origin point. The tool also enables us to break up the data and show a graphical representation of events.

Server Security Logs - Top 4 Security Solutions for a Layered Approach to Cyber Incident Response

3. Server Security Event Logs

Security event logs record user logins and network access. We reach for these tools when we get questions from customers wanting to know which user logged into a certain application or who may have access to information that they shouldn’t. One of the most important areas to monitor are administrative logging events. If a bad actor gets into your network and gains access to your active directory, they then have the proverbial “keys to the kingdom” with the ability to create accounts, or even worse, admin accounts. However, the one thing they can’t hide is all of the activity they’ve done on the network as long as you’re monitoring these logs.

IT personnel are required to have some mastery of security event logs on the servers and especially on domain controllers to meet examiner expectations, but it requires expertise and research to understand which events are important. For example, with each new version of Windows comes a new set of alerts and often, alerts that were important in a previous version get replaced by something new. This is very challenging to manage along with other important IT activities. Working with a third-party provider can help you stay on top of the latest Windows updates and emerging threats with alerts and reports to proactively monitor the network and effectively thwart attacks.

Cloud - Top 4 Security Solutions for a Layered Approach to Cyber Incident Response

4. Cloud – O365

Most financial institutions use Microsoft O365, but they may not be taking full advantage of all the capabilities it has to offer as there is a host of fantastic logging and audit capabilities that are not turned on by default. So, if you’re an O365 subscriber, you need to review all security settings and make sure you have them turned on.

At Safe Systems, we do this when we onboard customers to our managed O365 offering to protect against e-mail-borne threats. A few key items we make sure our customers are monitoring include:

  1. Email Forwarding – IT admins should make sure that user mailboxes don’t have forwarders set up that point to any other mailbox, especially not an external email address. Without multi-factor authentication turned on, bad actors can access your mailbox; set up forwarding; and monitor correspondence between you and a customer undetected.
  2. Delegated Permissions – IT admins should also check delegated permissions to look for unauthorized access to employee mailboxes. Bad actors often use this tactic to spy on email communications between financial institution staff and customers.

We encourage all financial institutions to implement these four tools for cyber incident response and make sure you understand how to collect important logging information to have conclusive evidence right when you need it.

For more information, watch our recorded webinar, “Not If, But When: Best Practices for Cyber Incident Response.”

01 Oct 2020
After a Year Unlike Any Other, What Community Banks and Credit Unions Should Budget for in 2021

After a Year Unlike Any Other, What Community Banks and Credit Unions Should Budget for in 2021

After a Year Unlike Any Other, What Community Banks and Credit Unions Should Budget for in 2021

In 2020 we’ve learned a lot about ourselves, and whether the general population realizes it or not, they have learned a lot about something often relegated just to banking: Risk Tolerance. And with that in mind, here are seven key items that your institution should consider while budgeting for 2021:

1. Laptops

Supply is down, demand is up, so from a pricing standpoint, you are unlikely to find great deals on laptops, but their portability has been a key component to companies and employees being successful during the pandemic. Remote work is a great option for employees who do not need face-to-face interactions with customers or members, but not every department can work successfully outside of the main office or branch.

When planning for next year, each position in the institution needs to be evaluated, if it hasn’t already, to determine the ability and effectiveness of remote working. When possible, consider having remote employees use a company laptop going forward. In a recent Safe Systems survey of community financial institutions, 1/3 of respondents have already decided that they will be purchasing more laptops this year.

2. Hardware Management Software

How many of the controls you use to secure your institution’s devices require the device to physically be in the office? As the work environment changes and more people make the shift to working from home offices, your current controls need to be evaluated to ensure they work just as effectively outside of the branch. For years, the push for “agentless” controls has been popular, but many of these controls assumed the office was a well-defined building where all devices used the financial institution’s network. As the home office becomes the new standard for many banks and credit unions, the need for agent-based controls is greater than ever. Controls/security measures are no longer effective if they require the device to be on premise.

3. Business Continuity Plan (BCP) Update

Having an updated pandemic plan as part of your BCP is still likely a need for many institutions. Because it has been more than a century since a full-scale pandemic hit the U.S., many of the assumptions and concepts that pandemic plans were based on have proven to be incorrect. For instance, many plans outlined operational changes based on only 50% staff for just a week or two. Much of the concern before 2020 was making sure staff members were properly cross trained in the event key individuals were unavailable for days or perhaps a few weeks. While this is still very important, it represents only a tiny portion of truly being ready for a pandemic.

Pandemic plans often did not address managing operations for a long duration or important measures like social distancing, security measures, consumer access, etc. Financial institutions must take a hard look at key lessons learned so far during the COVID-19 pandemic and update their plans accordingly.

4. Moving to the Cloud

Recognizing that having employees working outside of the office is a real possibility moving forward, investing in new servers and putting them in offices is becoming an antiquated idea. The cloud provides a level of redundancy, scalability, and accessibility that cannot be matched by buying a single server. It also means no one has to be in the office to manage the infrastructure. As servers need to be replaced, banks and credit unions should seriously consider the process of moving to the cloud.

5. Client Experience

One question every institution should be asking itself is: “how can we better enhance the customer experience?” While IT is usually seen as a cost center, the events of the past year may have opened a door for IT to step up and offer solutions that directly affect the customer experience. The pandemic has forced many people, some maybe for the first time, to adopt digital banking solutions. If IT can offer specific tools and/or insight into how to improve the customer experience, this may be the opening that IT has hoped for to secure a “seat at the table” among their institution’s leadership.

6. Cybersecurity

Garmin, the GPS and active wear company, reportedly paid $10 million in 2020 to counter a ransomware attack. Their customers were without the services for over a week while Garmin’s data was held hostage. All of the information about their case is not available yet, but the sad reality is that they likely could have prevented the entire situation with just a few technology solutions and security settings being implemented correctly. The threat to your data is as real today as it ever has been. Be sure to have a conversation with a security company you trust to ensure that even if you are the target of a ransomware attack, it won’t be able to hurt your business long-term. Invest in cybersecurity now, so that your institution won’t end up paying much more later.

Consider this: Cyber-attacks are 300 times more likely to hit financial services firms than other companies, according to a recent Boston Consulting Group report, and cyber-attacks continue to climb each year, with the global cybersecurity market expected to eclipse $300 billion by 2024, according to Global Insights.

Unfortunately spend and layers of protection most likely need to increase annually to address this issue.

  • Employee training – to ensure adequate and effective
  • Perimeter protection – to ensure the appropriate layers are enabled and all traffic is being handled correctly including encrypted traffic
  • Advance threat protection and logging – to be able to identify how, if at all, malware or an intrusion created an incident
  • Backup and data redundancy – to ensure ransomware can’t wipe out your data

Per Computer Services, Inc (CSI), 59% of financial institutions will increase spending for cybersecurity this year.

7. ISO

With the increase in responsibilities of the Information Security Officer and the focus on separation/segregation of duties, there has been an uptick in the number of institutions looking for virtual ISO (VISO)-type solutions. These solutions can help by taking some level of burden off of internal resources, provide staff with templates or toolsets when needed, and oversight to ensure nothing is falling through the cracks.

For 2021, there are a lot of things to consider. One focus should be to look at the changes your institution had to make because of the pandemic and what changes you should consider making in the future to improve cybersecurity, information security, and as always, your customers’ and members’ experience.

09 Sep 2020
Why Security Solutions Fail and What Your Financial Institution Can Do to Stay Safe Featured Blog Image_Header Image

Why Security Solutions Fail and What Your Financial Institution Can Do to Stay Safe

Why Security Solutions Fail and What Your Financial Institution Can Do to Stay Safe Featured Blog Image_Header Image

From the beginning of the pandemic, the financial sector has seen a rising number of security threats. With more employees working remotely and increasing their online activity, cybercriminals are finding success using attacks like phishing and social engineering to take advantage during these uncertain times. These attacks have prompted financial institutions and other organizations to improve their cybersecurity posture and protect against future attacks.

Financial institutions make significant investments to protect their networks especially as their workforce has turned to digital channels for remote work. However, there are a few additional security measures that often get overlooked.

In this blog post, we discuss 5 reasons why security solutions fail and what you can do to keep your institution safe and combat malicious attacks.

Improperly configured spam filtering/web filtering solutions

Every financial institution uses some form of spam filtering and web filtering solutions. However, IT personnel often set these solutions up, configure them, and then may not test them again, which creates vulnerabilities over time. Financial institutions must check to make sure these solutions are configured properly and understand all of the security features available to them to use these tools at full capacity.

Lack of multi-factor authentication for ALL accounts

Multifactor authentication (MFA) is crucial for financial institutions to protect against unauthorized access to the network and email accounts. In fact, a report from Microsoft has determined that 99.9% of account compromises can be blocked with MFA, but the overall adoption rate remains low.

Financial institutions often experience difficulties implementing an MFA program for their staff because it can be a time-consuming project and often requires staff to use their own personal devices. It is important to understand the different types of MFA solutions available and identify the one that works best for your staff. While there is variance among MFA solutions in terms of strength and security, having at least some form of MFA greatly enhances your security posture.

Lack of security coverage enterprise-wide

Not just IT, but everyone within the organization, should be practicing cybersecurity best practices to keep the network safe. Employees are often the weakest link when it comes to security and cybercriminals prey on these individuals to gain access to non-public information. Without proper training, your staff may not have the skills and awareness to spot security threats and handle them in the appropriate manner. Investing in security awareness training can provide them with the knowledge and expertise to combat malicious threats and ensure that the entire enterprise is working towards this goal.

Accessing external resources (Gmail/Dropbox)

When employees use external resources like Google Drive or Dropbox for file sharing, it can be difficult for IT personnel to control “what” data is going “where.” Cybercriminals are also using these file sharing tools to trick users into clicking links to fake websites to steal login credentials and then slip by corporate security protections.

To mitigate these issues, financial institutions can use credential theft protection tools to block usernames and passwords from leaving the organization. Even if a user fails to recognize the threat, these tools provide protection on the backend to keep the information safe.

Utilizing corporate resources remotely

With many employees working from home during the pandemic, financial institutions must take extra care to ensure the network is protected. It is important to understand how employees are connecting to the network; what devices they are using; and ensure that those devices are secured. Some employees may be using personal devices or public Wi-Fi to access the network. These are high risk behaviors that can have detrimental impact on the institutions if attackers are able to exploit vulnerabilities through these entry points.

As employees continue to work remotely, they should be using corporate devices; avoiding public Wi-Fi; and accessing the network through a virtual private network or another secure remote access device. Ultimately, it will be staff’s ability to reference remote access policies and practice appropriate cyber hygiene on remote devices that helps keep their institution secure.

Keith HaskettKeith Haskett is the president and CEO of Rebyc Security and is responsible for executing their strategic plan. After several years leading the Risk and Information Security Consulting Services practice at CSI, he co-founded Rebyc to deliver offensive security solutions customized to meet the needs of the highly regulated, financial services industry. His teams have delivered over 2,000 engagements to financial institutions nationwide.

For more information on protecting your institution from security threats, view Rebyc Security’s recent blogs.

04 Aug 2020
Maintaining Information Security to Combat Cyber Attacks

Maintaining Information Security to Combat Cyber Attacks

Maintaining Information Security to Combat Cyber Attacks

As banks and credit unions continue to work to keep all employees and customers/members safe during the pandemic, information security should be a top priority. Because many businesses and consumers have shifted towards digital channels, threat actors have launched a new wave of attacks specifically targeting financial institutions and other financial activities. According to VMware Carbon Black, attacks against the financial sector increased 238% globally from the beginning of February to the end of April. Protecting your institution’s nonpublic personal information is critical as we continue to move forward in a heightened security threat landscape. Here are a few things to keep in mind:

CIA of Information Security

Information security focuses on ensuring the Confidentiality, Integrity, and Availability of virtually all forms of information. It involves protecting digital and physical data from unauthorized access, use, disclosure, disruption, modification, inspection, recording, or destruction. Some of the most serious—and alarming—threats to information security are data breaches, malware, and phishing.

  • Data Breaches
  • With data breaches, sensitive, confidential, or otherwise protected information is accessed or inappropriately disclosed. The negative impact of such a breach can result in diminished customer loyalty, a tarnished brand image, and loss revenues and profits. These adverse effects can last for years—with some companies never recovering.

  • Malware
  • Malware is any piece of software that was written with the intent of damaging devices and/or stealing data. There are many different types of malware including, viruses, trojans, spyware, and ransomware. Fintech holds a special interest from the malware community-at-large. According to cyber threat intelligence company Intsights, 25 percent of all malware targets financial institutions.

  • Phishing
  • With phishing, cyber attackers use fraudulent emails and websites to solicit people’s credit card numbers, passwords, account data, and other personal information. Financial institutions are common targets of phishing scams that are engineered to trick victims into disclosing their information.

Best Practices for Information Security

Security threats can affect financial institutions through numerous weaknesses. So institutions should take a layered approach by using a combination of security measures, policies, and procedures. According to the FFIEC IT Handbook’s Information Security booklet, common layers in security controls should include:

  • Patch management
  • Asset and configuration management
  • Vulnerability scanning and penetration testing
  • Endpoint security
  • Resilience controls
  • Logging and monitoring

However, since humans are often considered to be the first—and best—line of defense for preventing cyber-attacks, employees need to receive the proper education and training on the latest scams and techniques. By teaching staff how to detect suspicious emails, links, and websites, financial institutions can significantly strengthen their security and avoid unnecessary trouble. The more user training an institution provides, the lower the success rate of phishing attacks against that institution. Ultimately, an institution’s approach to security will depend on the assets it is protecting, along with its unique vulnerabilities, operation, and strategic objectives.

For more information, download our complimentary white paper, “Top 10 Banking Security, Technology, and Compliance Concerns.”

23 Jul 2020
Securing Microsoft O365

Securing Microsoft 365: Using Multifactor Authentication to Combat Business Email Compromise

Securing Microsoft 365

In today’s security landscape, business email compromise (BEC) is one of the most prolific online crimes, and these attacks are often aimed at financial institutions. In a BEC scam, cybercriminals send email messages to bank staff that looks like a legitimate request in an attempt to gain access to non-public information. To mitigate this threat, community banks and credit unions should take advantage of the security settings offered in Microsoft 365.

Microsoft has multiple service offerings to secure against all kinds of attack vectors. However, the easiest security setting financial institutions often overlook is multifactor authentication (MFA), which requires more than one method of authentication to verify a user’s identity for a login or other transaction. The methods typically include something you know (pin); something you have (phone) and/or something you are (biometrics).

Microsoft’s analysis has determined that 99.9% of account compromises can be blocked with MFA, but the overall adoption rate is only 46%. Why is this the case? Financial institutions run into two key pain points that prevent them from implementing MFA:

1. Time

Many IT administrators are tasked with having to set up their users on MFA, and simply don’t have the resources to do this all on their own. Let’s face it, this can be a time-consuming task to complete in addition to the other daily IT activities IT admins have on their plate. One option is to identify who your early adopters will be and let them become technology champions. This can be branch managers or team leads across your locations that can offer assistance to less experienced users. Another option is to work with a third-party provider that can handle the implementation process, enabling IT staff to work on more pressing tasks for the institution.

2. Bring Your Own Device (BYOD)

Most organizations have a BYOD policy in place, but it is normally in regard to accessing company resources, like email, teams or SharePoint where it is clear that the user is attempting to access company data for business-related activity. However, employee-owned devices can make MFA trickier to navigate since IT administrators may find themselves in a position where they are asking users to complete the MFA process on a personal device in order to access these company resources. Regardless, when MFA is added to the BYOD policy, it can effectively make BYOD safer.

MFA Options to Fit Your Institution’s Needs
There are many MFA options and some of them do not require the use of a personal device to verify a user’s identity. Many employees do not like the idea of having to install a mobile app on their phone, but they have no issues with an occasional text message or phone call. When implementing MFA for your institution, the best thing you can do for your users is to go over all of the available options and highlight the option your institution prefers them to use. For instance, when setting up MFA for our customers, we recommend the Microsoft Authenticator App.

Here are a few options to consider:

  • Microsoft Authenticator App – A user will use a one-time passcode or simply approve logins using the free Microsoft Authenticator app.
  • Call to Phone – This option is for landline phones. If your employees have a direct line, this is a good option to try. If the user does not have a direct line, keep in mind you would have to work out a procedural system for whoever is answering the phone to give the MFA information to the intended target.
  • Text message to phone – Sends a text message to the user’s mobile phone number containing a one-time code whenever you sign in from a new device.
  • Notification through desktop – Allows users to have MFA one-time passcode generation on their work desktop which helps to avoid use of personal devices.
  • Verification code from hardware token –User uses a one-time passcode generated from a hardware token. Microsoft provides the technology to implement this method, but you have to buy the hardware tokens and manage them. This is the only MFA method that comes with direct costs.

Not all MFA options are the same in terms of strength of security. However, your overall security posture is still enhanced by enabling MFA with any of these options. MFA is a low-cost option that protects your financial institution from cyber-attacks and other malicious activity. If you’re interested in implementing MFA for your financial institution, please reach out to Safe Systems to find an option that fits best with your institution’s unique needs.

27 Mar 2020
What Community Banks and Credit Unions Should Do to Combat COVID-19

Facing a Pandemic: What Community Banks and Credit Unions Should Do to Combat COVID-19

What Community Banks and Credit Unions Should Do to Combat COVID-19

As the Coronavirus pandemic continues to rise throughout the world, it is important for community banks and credit unions to effectively carry out their pandemic plans to stop the spread of the virus and implement alternative ways to serve customers or members during this critical time. Safe Systems held a webinar last week covering five things all community banks and credit unions need to do during a pandemic. In this blog, we’ll cover a few of the key points from the webinar.

  1. Pandemic Testing
  2. According to the Federal Financial Institution Examination Council (FFIEC) guidelines, financial institutions need to have a “testing program designed to validate the effectiveness of the facilities, systems, and procedures identified” in their business continuity plan. In a pandemic, it is the people who are affected more than the facilities, so your systems and processes become more impacted than anything else.

    A preventative program has to address:

    • Monitoring outbreaks
    • Educating and providing appropriate hygiene training and tools to employees
    • Communicating with customers and members
    • Coordinating with critical providers and suppliers

    With the pandemic already underway, it can feel counterproductive to conduct a pandemic test for your financial institution. However, we’ve found it’s never too late to test and improve your pandemic plan, even in the midst of a crisis. Make sure you are validating your succession plan and cross training measures by purposely excluding certain key individuals from actively participating in the testing exercises you conduct for your institution. During a pandemic, important individuals may not be in the branch or available every day, so it’s important that you test your plan to make sure the institution can still operate efficiently.

  3. Social Distancing
  4. Social distancing is a term that’s come out of this global pandemic to stop the spread of the virus. The Center for Disease Control (CDC) states that individuals should keep a six-foot minimum distance from others to limit the spread of the virus, but how does this impact the way your financial institution does business? Think of how your teller line, customer service areas, lending offices, etc. are set up. For these more personal, face-to-face interactions, it is important for you to change the location set up to ensure the 6-foot distance is achieved to protect both the customer and employee. Here are some tips from the American Bankers Association® to consider:

    • Require non-customer facing personnel work from home and try limiting interactions of personnel as much as possible in offices.
    • Have staff sign in when they arrive and leave.
    • Designate times for “at risk” customers (because of age or condition) to visit the lobby when no others are allowed.
    • Make loans or open new accounts by appointment only. When you close a lobby, designate one drive-thru for business customers and one for consumers, as their transactions are very different and differentiating the two can help speed transactions.
    • Keep your messaging positive. Don’t not use the word “Closed” on your door or website; instead use “Appointments Available.” Remind customers that banks are never truly closed, thanks to online and digital platforms that provide customers with 24/7 access to their accounts.

    We are posting tips, resources, and FAQs from ABA, FDIC, NCUA, and our own Safe Systems’ experts on the homepage of our website.

  5. Security in Social Distancing
  6. For employees that are able to work from home, providing resources for working outside of the institution is another great option to keep staff and the public protected. If your staff members are working from home, here are a few things to consider to ensure the institution maintains both security and productivity.

    • Do your employees have enough bandwidth at home?
    • Do you have a dedicated VPN device?
    • Do you have a firewall to allow this connection?
    • Can the firewall/device handle the number of devices actively connecting remotely at one time?
    • Do you have enough licenses (if needed) for each user to connect remotely?

    When your staff is working from home, you still must worry about security. You will need to decide how they connect to your network, what device they use, and how that device is secured. For instance, if you are allowing an employee to use their personal computer, then reference your remote access policy. It should include rules for the appropriate cyber hygiene of the remote device (patching, antimalware, etc.), and should be signed by the end-user. OpenDNS offers free security options for DNS lookups on home computers, which is also a good consideration should you need to update or create a home PC access policy and requirements. You may also require multi-factor authentication as an additional precaution to keep the network secure.

Financial institutions provide critical services to their communities and must be able to support customers and have alternate ways of doing business during a pandemic.

If you would like to gain more insights on COVID-19 and listen to a brief Q&A from our compliance team and information security officer, download our recorded webinar, “5 Things Community Banks and Credit Unions Need to do During a pandemic.”


Watch Recorded Webinar


As many community banks and credit unions are still formulating their responses to the pandemic, we’d like to collect and share what steps financial institutions are actively taking to protect employees and customers while maintaining business operations. Please take a few minutes to complete this survey and tell us how your institution is responding to the novel coronavirus (COVID-19) pandemic.


How are you responding to the Pandemic? Take the Quiz


10 Feb 2020
The Value of User Conferences For Banks and Credit Unions

The Value of User Conferences for Banks and Credit Unions

The Value of User Conferences For Banks and Credit Unions

As the financial services industry has become more technology-driven and more complex operationally, user conferences have become key events along with industry association conferences. By providing a venue for banking professionals to collaborate directly with their technology providers and other peer institutions, user conferences represent a proven way for banks and credit unions to extend the ROI of their technology investments. Examiners and auditors recognize the importance of participation in these events and many now expect attendance to gain industry knowledge and strengthen existing vendor relationships.

Regulatory Expectations – Vendor Management

Examiners are increasingly focused on how a financial institution manages their vendors. According to the Federal Financial Institutions Examination Council (FFIEC) IT Examination Handbook, “User groups are another mechanism financial institutions can use to monitor and influence their service provider. User groups can participate and influence service provider testing (i.e., security, disaster recovery, and systems) as well as promote client issues. Independent user groups can monitor and influence a service provider better than its individual clients. Collectively, the group will constitute a significant portion of the service provider’s business. User groups offer advantages to both the service provider and the serviced institution by allowing customers to discuss and prioritize their concerns…service providers should obtain customer feedback though user groups or customer surveys.”

In addition to effective vendor management requirements, the FFIEC also requires employees of financial institutions to participate in ongoing education and technical expertise to remain in compliance.

Educational Benefits of a Users’ Conference

Regulatory and compliance issues aside, user conferences offer a host of benefits to participating banks and credit unions, such as:

Classroom Training

Well-designed webinars or online training sessions are great resources, but focused, in-person learning, and networking allows attendees to remain current on the latest technology solutions and enhancements, industry developments, and specific products and functionality that your vendor is working on. The opportunity to learn first-hand from industry and subject matter experts, as well as share your own experiences and expertise, really should not be underestimated.
User conference learning opportunities often consist of:

  • Basic and advanced workshops or sessions
  • Issue-focused roundtable discussions
  • Networking opportunities with peers
  • Software demonstrations
  • Professional development courses
  • Hands-on training and consultations with vendors

Best Practices

Many find the greatest value in user conference participation through peer discussions and open Q&A sessions on best practices. These sessions give customers access to some of the best information and insight on how other institutions are utilizing the vendor’s solutions to solve problems and drive efficiencies and profitability.


We know from experience that peer groups serve as the perfect environment to share and exchange ideas, concerns, successes and failures tied to the industry. Many community banks and credit unions share the same worries about technology, compliance, security, and business issues. These events provide a venue for you to hear others’ experiences and tap into their knowledge, providing you the opportunity to make industry friends and gain a trusted group of individuals you can rely on in the future.

The Safe Systems National Customer User Conference, NetConnect™, is less than a month away. This event will bring Safe Systems’ employees and strategic partners together with a variety of banking professionals representing technology, compliance, operations and management roles.

We understand the value of user conferences and we use that opportunity to meet with a selection of customers (Customer Advisory Board) to discuss existing and new products and services that will meet their future business goals.

If you’ve never been to a user conference, don’t take our word for it. Here’s what a few of our customers have said:

“Every time I attend, I come away with knowledge and information that can help me do a better job in my organization.”
“It was good to hear feedback from other bankers about Safe Systems as well as make connections and contacts.”
“This is the best opportunity to get a pulse on exactly what’s happening in the IT Banker’s world.”
09 Jan 2020
Top Bank Technology, Security, and Compliance Concerns in 2020

Less Worrying. More Banking.™ Top Banking Technology, Security, and Compliance Concerns in 2020

Top Banking Technology, Security, and Compliance Concerns in 2020

The constant evolution of technology, the ever-changing compliance landscape, and increased security threats have fundamentally changed the way financial institutions operate today and the key concerns they are facing on a daily basis. In our 26 years of experience serving the community banking industry, we have not seen a more difficult landscape for our clients to navigate.

The risks associated with security, compliance and technology have never been more challenging than they are today. As the responsibilities of community financial institutions continue to grow and evolve, it is not uncommon to worry about limited resources, keeping up with new technologies, or simply maintaining a competitive advantage in the industry. We believe that all financial institutions, regardless of size and location, should be able to leverage the best technology solutions available so they can focus on serving the financial needs of their communities. It is our mission to provide peace of mind and value for our customers in these areas so banking professionals can get back to doing what they do best and spend less time worrying.

Through the years we have developed and offered compliance centric IT services designed exclusively for community banks and credit unions, ensuring that they are kept up to date on the current technologies, security risks, regulatory changes, and FFIEC guidelines. We strive to listen to our customers to ensure our solutions continue to support the changing needs of the industry and meet their expectations in addressing key concerns. We recently surveyed a group of our community bank and credit union customers to gain a better understanding of the top worries and concerns they have for 2020 as they relate to technology, compliance and security. Through that survey we uncovered the following:

Technology Challenges

Financial institutions of all sizes continue to depend on their IT network infrastructure and technology solutions for nearly all functions of the institution, which makes it crucial that all solutions work efficiently. While community banks and credit unions have been utilizing technology for quite some time now, they continue to face certain technology challenges heading into 2020. According to survey respondents, the expense of technology solutions, keeping up with rapid changes, and truly understanding the technology solutions are top concerns. In addition, many continue to struggle with network management and connectivity, patch management, and training employees on IT solutions.


While banks and credit unions have adjusted to the frequent and strenuous regulatory reviews, they continue to struggle with meeting examiner expectations across critical areas such as vendor management, business continuity planning, and risk management and assessment. In addition, many struggle with adequately defining the requirements of the Information Security Officer (ISO), as this role has become more involved and the expertise needed has grown. The ISO has one of the most crucial roles in a financial institution. In fact, it is one of the few positions that are required by guidance. The FFIEC covers various issues related to information security in great detail, including the expectations and requirements for the ISO. According to the FFIEC IT Examination Handbook’s Information Security booklet, financial institutions should have at least one person who is dedicated to serving as an in-house ISO.


Over the past several years, the industry has been impacted by a marked increase in data breaches, ransomware, card fraud and other malicious attacks. Additionally, an increase in devices connected to networks has made it critical for financial institutions to strengthen their security strategies and policies and ensure all systems are up to date and able to effectively combat today’s threats. Cybersecurity-related attacks on the financial sector continue to increase at an alarming rate, making cybersecurity a top area of concern for financial institutions. Additional areas of concern include ransomware, phishing, malware, disaster recovery, and network security.

Managing these challenges alone can be a daunting task to undertake. As a trusted resource for financial IT and regulatory support, Safe Systems is here to serve as a true extension of your team, providing you with access to technology professionals who are specifically trained in the banking industry. Safe Systems offers cost effective solutions such as IT support and managed services, internal network/cloud design and installation, hosted email, business continuity and disaster recovery, compliance consulting, security services, and IT and compliance training. Our services help financial institutions significantly decrease costs, increase performance, and improve compliance posture.

Let us help you get back to what you do best. Less worrying. More banking.™

05 Dec 2019
How to Maintain Bank Compliance and Security During the Holiday Season

How to Maintain Bank Compliance and Security During the Holiday Season

How to Maintain Bank Compliance and Security During the Holiday Season

The holiday season is in full swing, which means many employees are heading out of the office to enjoy some vacation time. However, just because it’s the holiday season, it doesn’t mean that cybercriminals are taking time off. Cybersecurity attacks continue to increase and are becoming more sophisticated. Institutions are expected to maintain bank compliance with regulatory guidelines and ensure all technology assets are working properly so operations continue to run smoothly during the holidays.

This can be a challenging time for many community banks and credit unions that have a small staff and rely on key individuals to make sure all activities related to technology, compliance, security, and regulatory requirements are taken care of. Today’s community financial institution relies on the IT department to maintain its hardware and software and to ensure all systems are available when needed. The department is also responsible for monitoring an array of ongoing IT concerns like anti-malware, cybersecurity issues, service-related touch points, compliance updates, and email security, to name just a few. So, what happens when the people responsible for these crucial aspects of the institution go on vacation?

Partner Up

Many financial institutions are turning to an industry-specific managed services provider to act as an extension of their organization and help augment internal technology and compliance resources and responsibilities. The right managed services provider, who is familiar with the banking industry, can serve as a true partner and work alongside current staff to provide timely support, and manage the technology, security, and regulatory compliance aspects for the institution.

A managed services provider can help automate and manage many of the administrative functions that normally fall to the technology or compliance department, making it less daunting for employees to get away. In addition, while this not only saves time and improves efficiencies, it also helps the bank or credit union extend its support hours beyond the traditional 9 to 5 retail hours, which is key for IT departments with limited staff.

Managing IT resources, bank compliance-related issues and combatting cybercrime are some of the greatest challenges and concerns for financial institutions today. When IT and security staff are out or unavailable, outsourcing these processes helps fill the personnel gap and provides added stability for the institution and peace of mind to all.

What To Do When Your Bank's IT Administrator Leaves

What To Do When Your Bank’s IT Administrator Leaves (Checklist)

10 Oct 2019
5 Things Community Banks and Credit Unions Should Budget for in 2020

5 Things Community Banks and Credit Unions Should Budget for in 2020

5 Things Community Banks and Credit Unions Should Budget for in 2020

The final months of the year signal the beginning of many traditions. For community banks and credit unions, the Fall marks the start of budget season. Financial institutions use this time to assess the year’s performance, make necessary adjustments—or full upgrades—for 2020 and beyond.

As you know, technology and security are constantly evolving, and compliance continues to be a moving target, so it’s time to consider important areas your institution needs to budget for in the next year. To ensure that your institution heads into 2020 on an upward trajectory, here are five key items to include on your list.

  1. Hardware
  2. Every year hardware should be evaluated to see if it is under warranty; in good working condition; and that the operating system hasn’t reached end of life.

    Two dates to be aware of:

    • SQL Server 2008 R2 reached end of life on 7/9/2019
    • Windows Server 2008 and 2008 R2 reach end of life on January 14, 2020

    These items will need to be upgraded or replaced as soon as possible with supported software. If the decision is to replace a server based on these products being end of life, there are options to consider as covered in number 2 in this article.

  3. Cloud vs. In-house Infrastructure
  4. Free eBookEverything You Need to Know About the Cloud Get a Copy

    Moving internal infrastructure out of the office is the new trend. This move feels similar to the move to virtualization, in that everyone agrees this is the next logical step in the evolution of computing. You should be asking the same question about cloud infrastructure as you did about virtualization—when is the right time for your institution to make the move and what are the pros and cons of this move? When the time comes to replace pieces of your infrastructure, start to gather information about the benefits of moving to the cloud and the costs associated with it. Remember, each server has both direct and indirect costs.


    • Server Hardware
    • Warranty
    • Software


    • Electricity
    • Cooling
    • Storage/physical space
    • Maintenance
    • Backup
    • Disaster Recovery

    Each year as hardware becomes outdated and needs to be replaced, evaluate whether moving that server to the Cloud makes sense. Be sure that the functions of the server can be accomplished in a cloud environment. Once a presence in the cloud is established, future growth and changes become much easier and quicker.

  5. Firewalls
  6. Download Free PDFMoving Beyond Traditional Firewall Protection to Develop an Integrated  Security Ecosystem Get a Copy

    Firewalls continue to evolve as network and cybersecurity threats evolve and change. Ten years ago, adding intrusion prevention systems (IPS) to firewalls became commonplace in the industry. Now there are a host of new features that can be added to your firewall to improve your institution’s security posture. Many of these fall under products using the term next-gen firewalls. A few key features to consider include:

    • Secure Sockets Layer, or SSL, is the industry standard for transmitting secure data over the internet. The good news is most websites on the internet now use SSL to secure the traffic between the PC and the website. The bad news is, your firewall may be protecting your institution from fewer sites than ever before. Google researchers found that 85% of the websites visited by people using the Chrome browser are sites encrypted with SSL. This means that for many firewalls, 85% of web traffic cannot be inspected by the firewall. Many firewalls can perform SSL inspection but may require a model with more capacity; a new license to activate the feature; and configuration changes to enable this feature to work.
    • Sandbox analysis is a security mechanism used to analyze suspect data and execute it in a sandbox environment to evaluate its behavior. This is a great feature to introduce to your infrastructure because it provides more testing and insight into the data coming into your institution.
    • Threat intelligence feeds (like FS ISAC), built-in network automation, and correlation alerting are also important features that can help you keep track of emerging security threats; automate key processes; and improve your institution’s cybersecurity posture.

    Consider enhancing your firewall features or upgrading to a next-gen firewall to ensure the traffic traversing your firewall is truly being evaluated and inspected.

  7. Virtual Information Security Officer (VISO)
  8. A newer service that has grown in popularity over the last year is the Virtual ISO or VISO role. While services like this have been available for a while, this is the first year we have heard so much talk from community financial institutions. As the job of Information Security Officer (ISO) has become more involved the expertise needed has grown as well. These VISO services offer a way to supplement the internal staff with external expertise to accomplish the tasks of the ISO. Budgeting for a service like this becomes critical if one of the following is true:

    • No one else in the institution has the needed knowledge base and finding this knowledge set in your area is difficult or expensive;
    • Your current ISO does not have a background in the field or is wearing too many hats to do it well;
    • Your current ISO is likely to retire or leave due to predictable life change events; or
    • The role of ISO and Network Administrator or other IT personnel do not provide adequate separation of duties at the institution.

  9. Disaster Recovery (DR)
  10. Many institutions do not have a fully actionable or testable disaster recovery process. A verified DR process is a critical element of meeting business continuity planning (BCP) requirements. Therefore, this can be a significant reputational risk for the financial institution, if not done correctly. If your institution hasn’t completed a thorough and successful DR test in the last 12 months, it is time to evaluate your current DR process. Using a managed site recovery service can ensure you have the proper technology and support to thoroughly test your DR plan and recover quickly in the event of a disaster.

    Budget season is a time to address needs and wants, but also a time to seek improvement or evaluate key changes for the new year and beyond. For example, moving your infrastructure to the cloud may not make sense for the coming year, but the insight gained by evaluating it this budget season improves your knowledge-base for when it is time to make that decision. As we conclude 2019, we hope these insights position your institution for a productive budget season and a successful 2020.

25 Jul 2019
Resource Center

New Resource Center Features Banking Technology, Security, and Compliance Insights for Financial Institutions

Resource Center

In today’s fast-paced environment, it’s important for financial institutions to have access to trusted information related to technology, compliance, and security trends. To help facilitate this, Safe Systems has launched a new online Resource Center which provides community banks and credit unions with access to a centralized knowledge base of free materials. The Resource Center can easily be reached from any page of our website in the top navigation bar.

Meeting Your Interests and Needs

What is currently top of mind for your institution? What is keeping you awake at night? What are you most interested in learning to help you improve your performance?

Whether you are searching for information that will help your institution understand how to stop a cybersecurity attack; identify what to do when your IT administrator leaves; or recognize the top compliance and security areas where you should focus; our new online Resource Center can help. You’ll find the relevant information you need to help you worry less and focus more on banking.


Browse Our Resouces

Key Features and Benefits

Our Resource Center is designed to not only be useful but easy to use. There is a wide variety of content, ranging from videos to white papers to case studies. You have the freedom to search by topic and browse at your own pace to find the information most valuable to you, in the format you most prefer. When you make a selection, you’re taken to a secure page where you can choose to view the material instantly in our online environment or download it to your computer to view later at your convenience.

Whether you are trying to find a solution to a specific problem, stay on top of the latest trends and industry regulations, or simply discover new insights, our Resource Center allows you to conduct your research in an easy and meaningful way. Here are five features to help you find what you are looking for:

  • Categories – Assets are grouped in three main categories, compliance, technology, and security, allowing you to dive into specific pieces based on these themes.
  • Search box – You can conduct a search by category, keyword, or title to find your desired content faster.
  • Suggested content – Recommendations for related materials are highlighted on each page to help you find the most relevant content based on your search.
  • Dynamic environment – The Resource Center is updated frequently with new materials to provide timely and up-to-date information.
  • Archiving – Most materials remain in the center permanently allowing you to access relevant content on an ongoing basis as your needs change.

An Ever-evolving Resource

The Resource Center will continue to evolve as a virtual library. Website visitors can look forward to encountering a constantly-expanding cache of information making it a worthwhile experience for any financial institution.


Browse Our Resouces

18 Jul 2019
Security Layers – 4 Key Areas All Bank and Credit Union CEOs Should Consider

Security Layers – 4 Key Areas All Bank and Credit Union CEOs Should Consider

Security Layers – 4 Key Areas All Bank and Credit Union CEOs Should Consider

In today’s world of escalating cyber-attacks, the importance of security layers can never be overemphasized. This is especially true for financial institutions, which are obligated to safeguard customer information, prevent identity theft, and protect their operations. No entity, computer network, or individual is unaffected by cyber threats, but a layered approach to security can significantly minimize cybercrimes.

While the IT department and security officers typically determine and recommend security measures, it is ultimately the CEO who is responsible for the overall health and well-being of the bank or credit union. Therefore, CEOs of financial institutions should be thinking about and asking the following questions in this area:

  1. Is there a security layer that most networks are missing?
  2. Monitoring the internal network, outside of the endpoints, is important and an area that many banks and credit unions don’t focus on. While most organizations have perimeter defense technologies, such as firewalls and intrusion prevention systems and endpoint technologies like anti-malware software, many don’t pay close enough attention to the internal network itself. Having stronger internal network security is vital to prevent breaches and internal attacks and makes for a stronger overall network.

  3. What is the single most effective layer?
  4. User training is hands down the most effective layer. Users are considered to be the first line of defense, and sadly are often seen as the weakest link in the security chain. To strengthen this link and prevent attacks, user education and training is important.

  5. What are some security layers all banks and credit unions should have?
  6. Security layers represent multiple levels of defense against potential bad actors and cyber-attacks. As such, a layered security program should involve a variety of components, depending on the assets protected, vulnerabilities, and the institution’s operations. A layered security program entails using different controls at different points in a transaction process. The underlying strategy is that a weakness in one control is generally compensated for by the strength of another control.

    According to the Federal Financial Institutions Examination Council (FFIEC), some effective controls that can support layered security are:

    • fraud detection and monitoring systems that include consideration of customer history and behavior and enable a timely and effective institution response;
    • using dual customer authorization through different access devices;
    • using out-of-band verification for transaction;
    • a thorough and up-to-date patch management system;
    • vulnerability scanning and penetration testing; and
    • end-point security and resilience controls.

  7. What are the three main types of controls?
  8. Security controls generally fall into three types: protective, detective, and reactive (or corrective). Protective controls are tactics a bank or credit union can implement to prepare for and prevent a cyberattack. They encompass things like dual controls, segregation of duties, system password policies, access control lists, training, and physical access controls. Detective controls indicate that a cyberattack is taking place. Even the audit process can be detective because it uncovers control weaknesses by looking for failures after they have happened. Reactive controls are implemented to respond to an attack in progress. Essentially, they’re intended to mitigate exposure after something happens.

New types of cyber-threats and incidents are constantly emerging, and CEOs need to be prepared to protect their institutions and the data they house. With the proper controls, layered security can be an effective way for financial institutions to defend network perimeters and endpoints against potential cyber threats. There are many other areas related to security layers that CEOs and senior management should be considering. To gain more insight into those areas, as well as other key topics for CEOs to be aware of, download our white paper, Top IT Areas Where CEOs of Financial Institutions Should Focus: Important Questions and Answers.

White Paper Download

Strengthen Your Strategy: Why a Layered Defense is the Best Choice for Your Bank’s IT Security Program

Learn why a single layer of security, such as antivirus, is no longer enough in the current risk environment.
Free White Paper

16 May 2019
Don’t be the Next Victim of a Data Breach: Evaluate Your Security Layers and Add the Extra Protection You Need

Major Antimalware Companies are Being Compromised: Now is the Time to Evaluate Your Security Layers

Major Antimalware Companies are Being Compromised: Now is the Time to Evaluate Your Security Layers

Antivirus and Antimalware solutions are designed to protect computer and servers from becoming victims of bad actors (aka hackers). The entire purpose of these solutions is to provide protection, security, and assurance that your machines are safe. Antimalware solutions are considered an essential or basic part of every person’s and business’s computer security. Other than security experts who have their own ideas on protecting their own machines, it is recommended by just about everyone to have antimalware solutions on computers as a rule.

Think about it, antimalware tools might be the ultimate applications. They are installed on a large percentage of computers across the world, they require access to all files to work, and they are trusted. But they can also be used as a backdoor into computers and workstations.

In the news this week, three major US players in the antimalware software game may have all fallen victim to being compromised. Symantec Antivirus, Trend Micro, and McAfee all have been rumored to have been compromised. As of the posting of this article, Symantec has denied any breach, McAfee has said they are investigating the situation, and Trend Micro admits some non-critical data has likely been compromised.

Whether these companies were breached, or critical data was taken, we may or may not find out in the near future. What we do know is no company nor data is safe. RSA which was and may still be considered one of the leaders in digital risk management and cybersecurity solutions including dual factor authentication tools was compromised a few years ago.

Is the answer to switch antimalware solutions? Or, stop using them anyway since they offer backdoors into your systems? No, not at all. These incidents simply reinforce the need for layers of security protection. Many businesses and people on personal computers say, “well I have antimalware software installed, what else can I do?” The reality is this comparable to asking, “I put a door on my house, what else can I do.?” On your house, you don’t stop at the door; you add door locks, deadbolts, security systems, cameras, etc. You must do the same with cybersecurity. There isn’t a buy one fits all option.

It’s time to look for solutions that augment your standard antimalware solution. This can include solutions that look at behavioral characteristics of your network above and beyond antimalware’s traditional signature method. Another great solution is to add honeypots to your infrastructure with appropriate alerting built in. In one of the articles sourced for this blog, the publication captured dialog between the bad actors in a chat log. Within that dialog, the few lines below reveal the bad actors are using products that are used by employees:

“their network defense does not see us b/c TeamViewer and AnyDesk are legit software, and admins also use it there. That is why no questions (about their remotely moving around the network).”

“no, you can only move laterally via credentialed net shares or RDP”

Please note, these logs are translated from Russian and the English translation might sound awkward. Basically, the bad actors will use things like RDP, which almost all institutions utilize, plus some other applications that may be more specific to each individual business. To make a long story short, these guys are smart and navigate your network with the same tools your employees use. This is known as living off the land.

On average, it takes organizations 200 days or more to learn that they have been breached. The longer a bad actor has access to a network, the more damage they can inflict.

However, what if there were folders, servers, and databases on your network that were accessible via RDP or other technologies, but they served no business purpose? These assets would serve as bait for the bad actors. Suddenly, you can identify the traffic as likely snooping and not normal activities. This is the beauty of honeypots. It helps isolate suspicious traffic from normal activity based on the interest in the material, not the method of accessing it.

It is always important to keep up with the latest news about cybersecurity. If you use one of these solutions, be sure to keep up with the latest news from the company. If you don’t use one of these companies, you could be next. Stay vigilant as every company is one nightmare away from having a breach, including yours. In the meantime, evaluate the layers you have in place. Heavily consider some type of honeypot solution, as it might be one of the few solutions that can catch true covert snooping. As always, Safe Systems is here to help evaluate the layers you have in place to help ensure you have the extra protection.

25 Apr 2019
Why Your Financial Institution Needs to Proactively Block Malicious Digital Advertisements

Why Your Financial Institution Needs to Proactively Block Malicious Digital Advertisements

Why Your Financial Institution Needs to Proactively Block Malicious Digital Advertisements

We have all seen the digital advertisements on web pages we visit. Many of them contain pop-up ads offering to install software or force a redirect to a different website. These appear on all varieties of sites from Facebook, online email accounts, and even online news sites. Most of these ads are not coming from the page you’re actually visiting but from an advertising agency that has bought the space on the site. The actual site you are visiting really has nothing to do with the advertisements. In fact, they often don’t even monitor them to ensure they are not malicious or harmful for users. This has led many banks and credit unions, as well as individuals, to be leery of online ads and begin proactively blocking them from appearing.

Hundreds of billions of ad impressions occur each month, and digital ad revenue for online advertising was estimated to top $237 billion in 2018. Many of the publishers and website owners argue that ads are important to their success and ad blocking is wrong and furthers budgetary constraints. However, the risks associated with online tracking and advertising are substantial and users should be proactively blocking malicious advertisements to ensure network security.

How many malicious ads are there really?

While it is no secret that there are malicious ads out there, many don’t truly understand the severity. In 2017, Google took down more than 3.2 billion ads that violated their advertising policies. That’s more than 100 bad ads per second, 365 days a year! Google blocked 79 million ads in their network for attempting to send people to malware-laden sites, and removed 400,000 of these unsafe sites the previous year. Google also removed 66 million “trick-to-click” ads as well as 48 million ads that were attempting to get users to install unwanted software. That’s a lot of bad ads and malicious activity!

How do malicious ads work?

Download the PDFThe 2019 IT Outlook for Community Banking Get a Copy

Malware can affect even the most careful user due to the nature of how advertisements are designed to automatically run code when they are loaded. Attackers often attach hidden code to otherwise innocent looking ads for well-known products or services. While many of the large ad networks perform due diligence and scan for such malicious content, there are dozens, if not hundreds that don’t. Once these ads are clicked on or even hovered over, hackers are able to do things like access a computer’s webcam, open the microphone or access files on the computer – general computer takeover.

How can you protect yourself?

To protect against malicious ads, make sure all browser and operating system updates are current. These patches often contain updates that can stop the malware that is hidden in ads. Also, make sure all antivirus and antimalware software is up to date. This is important because this software can find the malware before it does damage. Ad blocking solutions provide a vital security layer that severs as a way to block malicious ads. It also blocks privacy-invading tracking plugins from collecting and harvesting personal information.

These malicious ads and content are ruining the online experience for users. Blocking them wards against hackers, ensures your network and devices are safe, and enhances the user experience.

11 Apr 2019
Why It's Important to Review Firewall Rules on a Quarterly Basis

Why It’s Important to Review Firewall Rules on a Quarterly Basis

Why It's Important to Review Firewall Rules on a Quarterly Basis

Due to constant change and the growing number of threats the industry experiences, firewall security must continuously adapt to combat current threats. In response, banks and credit unions should evaluate security processes and firewall rules on a regular (quarterly) basis.

Why Should You Review

Firewalls have been a part of network security systems, monitoring both outgoing and incoming traffic, for more than 25 years. They serve as the first line of defense, helping to prevent unauthorized access and blocking certain communications based on security settings.

However, just having a firewall in place is not enough. Banks and credit unions are dynamic in nature and are constantly adding new services or changing business processes. If they are not checking the firewall configuration and rules regularly, it opens the institution up to attacks and breaches. Regular reviews help ensure a weakness in the security of the network will be found prior to exploitation and allow rules to be updated as necessary to meet technology changes or new threats.

For banks, there is an additional regulatory reason to perform quarterly reviews: the FFIEC Cybersecurity Assessment Tool (CAT). The quarterly Firewall Audit serves as a baseline standard, meaning that if you can’t answer “yes,” you will not meet the baseline requirements for the CAT in Domain 3. The quarterly audit is also part of the FFIEC Information Security Booklet.

Where to Start with Quarterly Firewall Rule Evaluations

To better understand how to assess your firewall rules, a few basic areas must be addressed.

First, you should have a solid understanding of how your firewall works and how it is setup. You should also receive firewall reports on a regular basis, and these should be reviewed carefully.

What to look for in Firewall Rules

Download the PDFThe 2019 IT Outlook for Community Banking Get a Copy

Knowing how to review or audit firewall rules can be a challenge. Here are four basic things to start with to help guide the process.

  1. Evaluate your existing firewall’s change management procedures
    This helps ensure that all rule changes that have been made in the past are adequately logged and all procedures have been done correctly.
  2. Compare current firewall rules with previous firewall rules
    Comparing rules that were previously in place with those currently in place helps to easily identify any changes; track which changes have been made; and verify whether those changes are necessary. It will also help identify unused or “stale” rules.
  3. Evaluate external IP addresses that are allowed by firewall rules
    Make sure the addresses the firewall allows are still safe and that they make sense for your bank or credit union to utilize. If some addresses now seem odd or out of place, it is likely that the rules should be changed.
  4. Ensure there is still a true business need for open ports
    Firewall rules often contain open ports to allow for external communication. Evaluating open ports to ensure they are still needed is a basic — but important — step. If they are not, the rule can be deleted to avoid unnecessary communication.

While reviews of firewall rules can be done manually, it is time consuming and can be costly in terms operational resources and personnel. Many institutions decide to seek external assistance to simplify and enhance this task. This review task cannot be completely outsourced to a third-party, as it is still the institution’s final responsibility to validate the firewall configuration. If you decide to seek third-party assistance with this responsibility, be sure to ask for specifics and examples on how they help you meet this regulatory requirement and keep your network secure. A good third-party service provider can save your institution time while ensuring your organization has the most up-to-date and efficient firewall in place to protect against today’s constant threats and ensures all compliance and regulatory requirements are met.

04 Apr 2019
Does Your Bank’s Firewall Perform SSL/TLS Inspection?

Does Your Bank’s Firewall Perform SSL/TLS Inspection?

Does Your Bank’s Firewall Perform SSL/TLS Inspection?

Despite the significant advancements in technology and the sophistication of cyber threats, firewalls remain one of the most proven cyber deterrents. Network firewalls continue to serve as a cornerstone for a solid security strategy. However, some financial institutions have learned the hard way that a misconfigured or out-of-date firewall can leave their networks unprotected. For firewalls to be most effective, they must be able to deliver advanced security services to ensure that various threats are unable to disrupt the integrity of a network.

The Missing Link in Traditional Firewall Technology

Today, the industry standard for transmitting secure data over the internet is known as Secure Sockets Layer, or SSL. A more modern version of this SSL implementation is also known as Transport Layer Security, or TLS. For many companies and financial institutions, there has been a push to implement this technology to securely protect online traffic since it establishes an encrypted link between a web server and a browser. This ensures that all data passed between the server and browser remains private.
While SSL/TLS is effective in protecting the privacy of intercepted data that was transmitted between client and server, it also poses a problem for perimeter security. Legacy firewalls are unable to view the SSL traffic and cannot perform a proper analysis to determine if the encrypted traffic is safe or malicious. This increases the risk of a potential attack, because unsuspecting users can download malicious content and packages that bypass the institution’s perimeter defenses. This can lead to a malware infection or other nefarious activity on the network.

Importance of SSL Inspection

View InfographicUpdating Your Firewall is More Important Than Ever View Infographic

One key feature that all community banks and credit unions should have as a part of their firewall security strategy is SSL/TLS Inspection. Firewalls with the ability to scan encrypted SSL/TLS traffic have become increasingly important as malware and other cyber threats continue to grow and change. SSL/TLS inspection allows the firewall to decrypt traffic that is being transmitted to and from websites, email communications, and mobile applications. Once the traffic is decrypted, a proper analysis of the content can be performed. After the analysis is complete, the data is re-encrypted and transmitted to the client.

Without deploying this level of inspection, institutions run the risk of effectively introducing a “blind spot” in their traffic analysis mechanisms. This can cause major problems since, according to Cyren’s security researchers, some form of SSL is now being utilized in 37% of all malware. Researchers also substantiated that every major ransomware family since January 2016 has been distributed at some point via SSL/TLS. In addition, the average volume of encrypted internet traffic is now greater than the average volume of unencrypted internet traffic, making the need for SSL/TLS inspection in firewalls even more significant.

To adequately protect the network, financial institutions must implement a new approach to security that goes beyond traditional perimeter protection to safeguard the entire network. While firewalls are still critical to any security strategy, for them to be truly effective, they must evolve and become more sophisticated. Financial institutions must look for ways to better protect the network and identify other features to defend against attacks, and SSL/TLS inspection plays a key role in developing a stronger security ecosystem.

21 Mar 2019
Safe Systems Launches Customer Referral Program

Safe Systems Launches Customer Referral Program

Safe Systems Launches Customer Referral Program

According to our third annual report, “2019 IT Outlook for Community Banking”, nearly 91% of survey respondents claim to turn to their peer network for information when researching a new solution or vendor.

Download the PDFThe 2019 IT Outlook for Community Banking Get a Copy

These confidants provide valuable first-hand information from trusted individuals who have knowledge of the industry and are experiencing similar situations and issues. So, we wanted to provide an opportunity for our customers to conveniently share our more than 25-year journey serving the community banking industry, unique customer experience, and dedicated strategic advisor service, by simply sending their peers to this new webpage – The Safe Systems Way.

In addition to facilitating the easy exchange of information, we have launched a formal customer referral program that provides existing customers with a simple online process to refer Safe Systems to their peers. Customers will be awarded a small gift thanking them for each peer referral, and new customers who come through the referral program will receive an exclusive welcome gift.

At Safe Systems, we strive to provide a high degree of customer service by paying close attention to our customers’ pain points and keeping their needs a priority. This has enabled us to build strong relationships with clients. These relationships combined with extensive knowledge of community banks and credit unions, enables Safe Systems to be a valued partner and true extension of our financial institution clients. We truly understand the complexity that financial institutions face in managing the constant evolution of technology, compliance, and security. Our team works to streamline IT processes for banks and credit unions and ensure regulatory requirements are met or exceeded.

14 Mar 2019
Are You Using the Right Security Layers

Are You Using the Right Security Layers? What Many Banks and Credit Unions Are Using Today

Are You Using the Right Security Layers

Over the past several years, the industry has been impacted by a marked increase in data breaches, ransomware, card fraud, cybersecurity threats, and other malicious attacks. Additionally, an increase in devices connected to networks has made it critical for financial institutions to strengthen their security strategies and policies to ensure all systems are up to date to effectively combat today’s threats.

While history has shown that well-designed single-focus solutions are useful in stopping specific attacks, the capabilities of advanced attacks are now so broad and sophisticated that a single line of defense inevitably fails—opening the way to costly data breaches and other malicious attacks.

To establish a secure IT network and be better protected in today’s digital world, banks and credit unions need to employ a strategy that places many uniquely tailored layers throughout their networks, from the end user to the internet. By employing multiple controls, security layers ensure that gaps or weaknesses in one control, or layer of controls, are compensated for by others.

According to our third annual report, “2019 IT Outlook for Community Banking,” community banks and credit unions are taking this advice to heart and do, in fact, have various security solutions in place to help protect their networks, including:


Download the PDFThe 2019 IT Outlook for Community Banking Get a Copy

The most widely used solution is the firewall. Firewalls have served as part of a network-perimeter defense for more than three decades. However, over the years, as technology and threats change, firewalls must also evolve to keep pace. To ensure they are up to date and able to combat today’s threats, many are adding key functionality to their firewalls as well. According to survey results, 52% of respondents are adding SSL inspection to enhance their solution; 48% are adding sandboxing, threat intelligence feeds, and built-in network automation.

Anti-Virus Software

Anti-Virus software has been a staple for many organizations since the launch of the internet 25 years ago. It is imperative to have up-to-date anti-virus protection on your systems at all times. Ensuring all subscriptions are current will prevent you from getting viruses such as spyware, malware, rootkits, Trojans, phishing attacks, spam attack and other online cyber-threats. Anti-virus solutions are as important as ever.


In addition to the firewall and anti-virus software, many banks and credit unions implement a level of encryption over all data, files and transactions. Encoding sensitive data helps prevent hackers from easily accessing information. This form of protection has grown increasingly popular with 84% of survey respondents claiming to be utilizing this security measure today.

Employee Training

Increasingly, banks and credit unions are recognizing employee training as an important security mechanism with 78% of survey respondents citing it. Employees who are not adequately trained on security protocols, procedures, and current issues can quickly become a top vulnerability and security threat for financial institutions. According to survey results, 100% of respondents claim that their employees have fallen victim to a phishing attack in the last 12 months and have been affected by a malware infection. To best mitigate these threats, training for all employees—from tellers and loan officers to the President and CEO—is critical. Thorough training should now include rigorous testing to ensure employees are able to spot security issues.

Vulnerability Scanning

To quickly identify internal threats, network security solutions must now scan and monitor more than just servers. Vulnerability scanning gives community banks and credit unions greater visibility into the network and identifies potential threats on all workstations and devices connected to the network. Banks and credit unions now understand the importance of scans, and 51% of survey respondents perform these scans several times a year.

Other security solutions highlighted in the report include patch management, intelligence feeds, security event log monitoring, endpoint security management, DNS filtering, anti-ransomware, and honeypots.

While all of these solutions have proven to be effective security layers, there is no single security product that will cover all of an institution’s needs and efficiently combat the variety of breaches and attacks the industry sees today. It is essential to implement a layered security approach and select security defenses that fit closely with your institution’s long-term goals as well as support your IT and compliance strategies.
For more information, download our 2019 IT Outlook for Community Banking report.

07 Mar 2019
Cell Phone Porting - Don’t Fall Victim to Phone Number Fraud

Cell Phone Porting – Don’t Fall Victim to Phone Number Fraud

Cell Phone Porting - Don’t Fall Victim to Phone Number Fraud

Increasingly, consumers are sharing their mobile phone numbers to retrieve and change lost passwords, set up new accounts, verify identity, and even for something as simple as securing a dinner reservation. Mobile phone text-based verification has proven extremely convenient but imagine if someone else had access to all of those text messages delivering secret codes required to verify our identities.

While not new, cell phone porting has recently gained traction as yet another way for scammers to hack into your systems, including bank accounts. The most alarming part of this scam is that it can allow hackers to get past added security measures on personal and financial accounts and logins by intercepting the one-time password that many companies send via text message to the mobile device to perform two-factor authentication.

How Does Porting Work?

Once a scammer has your name and phone number, they will attempt to gather personal information such as address, social security number, date of birth, etc. that can be used to impersonate you. Once obtained, they then contact your mobile provider, claim to be you, report your phone as stolen or lost and then request the number be “ported” with another provider and device. Surprisingly (and unfortunately), mobile carriers often grant this request and forgo formal verification procedures.

All calls and texts are then forwarded to the new device and the original phone – your phone — is shut off. Once in control of the mobile number, thieves can request second factor authentication be sent to the newly activated device, such as a one-time code sent via text message or an automated call that reads the one-time code aloud. This enables them to access accounts that require additional security authorization such as email, financial accounts, medical records, social networks – anything you might need to access with a password!

You may not know you are a victim of porting until your phone has lost service and you no longer can access important accounts since the hackers have changed passwords. A phone might also switch to “Emergency Calls Only” status, which is what happens when a phone number has been transferred to another phone.

Download the PDFThe 2019 IT Outlook for Community Banking Get a Copy

There are several steps you can take to protect yourself from falling victim to porting scams:

Contact your Wireless Provider About Port-out Authorization

Most major wireless providers offer an extra layer of security that customers can request, like a unique PIN or verification code, that only you have. This code or PIN must be provided before any changes can be made to your account.

Use Two Phone Numbers

Have two different phone numbers that you use in different ways. Have one number that you give out freely and another one that you never give out and use only as a backup verification tool. You can do this using a free online service, eliminating the need for an additional costly phone plan. Do not share this number with anyone – if it is shared just once it is considered public information! You can’t trust that the other person’s phone is secure or that they won’t share it.

Utilize Apps for Verification

Whenever there is the option, choose the app-based alternative for authentications. Many companies now support third-party authentication apps which can act as powerful two-factor authentication alternatives that are not nearly as easy for thieves to intercept.

In addition to these precautions, be vigilant about communications you receive and watch for alert messages from financial institutions, and texts in response to two-factor authorization requests, especially if you did not initiate the request. Also, if your phone switches to “Emergency Calls Only” mode, it is a sign the number has been compromised. If you do find yourself a victim of this type of scam, contact your mobile provider and financial institutions immediately.

The rise of porting attacks serves as a warning that we not only need to keep our emails secure, but we also need to keep our phone numbers more secure. To protect yourself, consider alternative forms of authentication other than a text message.

21 Feb 2019
Identifying Top Priorities for 2019 - IT Outlook Survey

3 Top Challenges from the 2019 IT Outlook for Community Banking

Identifying Top Priorities for 2019 - IT Outlook Survey

For the third consecutive year, we surveyed community banks and credit unions to gain a better understanding of their current IT situation, top IT priorities and challenges, security and compliance issues as well as future technology investments on the horizon. Our third annual report, “2019 IT Outlook for Community Banking,” analyzes survey feedback from approximately 164 respondents representing a range of community banks and credit unions across the U.S. with asset sizes from less than $100 million to more than $1 billion.

This report is designed to offer community banks and credit unions with valuable peer data that can provide guidance for key IT, compliance and security decisions in 2019 and beyond. The data reinforces that community financial institutions continue to recognize the importance of using technology in the current banking environment and remain committed to investing in new technologies and services as needs evolve. However, they continue to face certain challenges, often related to technology, heading into 2019.

Here are some key IT challenges and trends from the survey results:

Information Security Continues to be the Top Challenge

According to 43% of survey respondents, information security continues to be a top challenge. Falling victim to security breaches and associated attacks is very costly for community banks and credit unions, both from a financial and reputational standpoint. According to Cybersecurity Ventures, the global cost of cybercrime damages will hit $6 trillion annually by 2021. This includes damage and destruction of data, theft of personal and financial data, and disruption to the normal business operations, among others. In addition, as the number of security threats continues to increase in the financial services industry, regulators are taking a closer look at financial institutions’ policies and procedures to ensure that they can effectively safeguard confidential and non-public information. All of this has led to 57% of respondents planning to strengthen and increase budgets for IT security solutions in 2019.

Personnel Expertise and Resources Becoming a Greater Concern

According to 42% of respondents, having the right personnel resources is now a top challenge for their financial institution. Managing an IT network is a very demanding responsibility. An IT administrator needs to truly understand the increasing complexity of IT operations, continuously changing regulatory requirements, FFIEC compliance guidelines, and evolving security threats. However, many community banks and credit unions are often located in areas that lack the qualified personnel resources to efficiently manage these responsibilities, making it financially challenging for them to employ the seasoned IT technology team required. This trend is encouraging community financial institutions to augment their IT departments with outsourced service providers who are able to help them navigate technology, security, and compliance required today.

Keeping Up With Changing Customer Expectations Continues to be a Challenge

Download the PDFThe 2019 IT Outlook for Community Banking Get a Copy

Approximately 42% of survey respondents claim that keeping up with changing customer expectations is their greatest challenge moving into the New Year. The advancement of technology, online banking services, compliance and regulatory requirements plus the growing demand from customers to have 24/7 access to their financial lives, have made the business of banking more challenging. This challenge has led to many institutions making additional technology investments in customer satisfaction or solutions to better meet market needs. According to 55% of survey respondents, this is the main reason or factor for making technology investments in the coming year. Customer satisfaction has become increasingly important and delivering a great customer experience is what gives banks and credit unions a competitive advantage.

Other areas of survey respondents mentioned as challenges include automating manual processes, managing budget restraints, eliminating redundant technology, remaining compliant with changing regulations, reporting and exam preparation, disaster preparedness, and providing secure mobile technology. This is the first year mobile technology was mentioned, but it is no surprise, as more and more consumers are turning to their mobile phones for basic banking tasks, such as depositing checks, checking their balances, and transferring money between accounts.

To gain more insights into the key challenges, goals and opportunities facing banks and credit unions today, please download the full report here.

19 Dec 2018
Safe Systems Launches Banking Bits and Bytes with Brendan Educational Video Series

Safe Systems Launches “Banking Bits and Bytes with Brendan” Educational Video Series

Safe Systems Launches Banking Bits and Bytes with Brendan Educational Video Series

Safe Systems launched a new educational video series, “Banking Bits and Bytes with Brendan,” to help educate and inform customers and the financial services industry on trends and issues the industry is dealing with on a day-to-day basis. Banking Bits and Bytes with Brendan will showcase our Chief Technology Office, Brendan McGowan, who is an expert in all things related to banking technology.

Each video is a small bite of information (approximately 2-3 minutes in duration) that teaches viewers complex technology, compliance, and security topics. The videos will be sorted by topic and can be watched at the viewer’s own pace and convenience.

This video series is a way for us to help educate our customers by leveraging the expertise gained from 25 years serving community financial institutions. As the industry continues to change and evolve at a rapid pace, our knowledgeable staff serves as a valuable asset to guide our customers and help them ensure compliance, streamline processes and provide superior service in their communities. Brendan’s expertise, knowledge, and insights in banking technology will ensure each video is a valuable resource for the industry.

Here at Safe Systems, Brendan oversees the development of strategic technology solutions that support key banking initiatives for community banks and credit unions and enhance their ability to manage IT in an effective and compliant manner. In 2016, he was named to Georgia Southern University’s 2016 40 Under 40 List, which highlights professionals who represent the best young leaders under the age of 40.

The first Banking Bits and Bytes with Brendan video series focuses on Managed Cloud Services, a broad topic where Brendan addresses common questions, dispels myths, and offers advice on the best way to think about and implement a cloud strategy. Each video is hosted on YouTube as well as this website.

The first two video lessons in the Managed Cloud Services series are now live on our website. View the video below or visit the Banking Bits and Bytes with Brendan page to watch other videos.


05 Dec 2018
Watch More Kids on Banking

More Kids on Banking

This year marks our 25th Anniversary and to honor the occasion, we developed Kids on Banking, which is designed to let us reminisce about our own childhood memories of going to the bank with our parents. While the banking industry has changed quite a bit since we were kids, and most trips to the bank and ATM have been replaced with the use of online banking and the simple use of an app, we were left wondering what it was like to see the banking environment through the eyes of kids today.

So, we asked a few, ranging in age from 5-11 years old for their unscripted opinions on banking and what exactly they think happens in a bank. They were very creative and had some insightful opinions that provided us with enough content to develop not one — but two — videos!

One of the questions we asked was, “How much money is inside the safe at a bank?” Apparently, banks today house a “thousand trillion billion dollars,” or “$399,” or maybe just “$100 or $50.” When it comes to saving money, we learned that “mostly money is saved for college or toys, but mostly toys!”

Watch More Kids on Banking

According to the kids, ATMs are for giving out money. All you have to do is put in a card, type a long random number and then “about a trillion dollars will start coming out.” If only this were true.

According to these kids, the president of the bank is responsible for signing papers and writing a lot of words, controlling the money and taxes, keeping the money safe, telling everyone when to “shut the door in case of a robber” and “people even come to the president to deliver grilled cheese.”

The pneumatic air tube is a favorite piece of banking equipment. It is “the thing that goes Fwsshhh straight up to the man upstairs!” It also is the thing that delivers lollypops and bills.

The kids really got us laughing and reminiscing about how we thought about banking when we were younger.

Check out our second video, More Kids on Banking, for a good laugh and help us celebrate a quarter century of serving community banks and credit unions.

For the last 25 years Safe Systems has worked with more than 600 financial institutions and managed more than 20,000 network devices. Safe Systems has found great success in helping community financial institutions significantly decrease costs, increase IT performance, enhance cybersecurity processes and improve their compliance postures.