Category: Technology

04 Jun 2020
I’m New to Banking Technology – What Do I Need to Know?

I’m New to Banking Technology – What Do I Need to Know?

I’m New to Banking Technology – What Do I Need to Know?

The reality for the community banking industry is that often, institutions are limited in staff size, especially in IT. As a result, employees are sometimes placed in an IT role without any prior experience and they are forced to learn the “ins and outs” of information technology quickly to ensure that the institution stays in compliance and the IT environment is secure.

This can be a daunting task for a financial institution employee who’s been placed in an IT role for the first time. From our experience working with more than 600 community financial institutions, there are four key steps that someone who’s new to banking technology needs to know to quickly get up to speed on all things IT:

Step 1: Determine the Financial Institution’s Current State

When stepping into an IT role from another department, the first thing you must do is get a strong understanding of the current state of the institution and how the IT infrastructure is set up. Key questions include:

  • What does the IT infrastructure look like?
  • What technology is currently in place?
  • Is there hardware or software that is reaching end-of-life?
  • Are network schematics and data flow diagrams up to date and accurate?

Look at all the policies and procedures currently in place and understand what management has approved for the information technology program and how the environment is organized. It’s important to know exactly where the bank is from an IT perspective because without this knowledge you won’t be able to troubleshoot potential issues or plan strategically for where the financial institution needs to be to meet compliance guidelines.

Step 2: Review Vendor Relationships and Responsibilities

It is critical to know exactly who is responsible for each IT activity. Many community banks and credit unions use a variety of vendors, including core providers, cloud providers, managed services providers, and others. It’s important to understand which vendors are involved with all your hardware, software, and IT services and review the service level agreements (SLAs) which are typically found in the contract to be clear on what the vendor should be providing to the institution. This is crucial because if an issue arises you need to know if it is your responsibility to handle it internally or if you should reach out to a vendor for support. Make sure you are clear about what the institution’s vendors are responsible for, when to go to them for help, and which activities are your responsibility under the SLA.

Another key part of this role is vendor management. As a new IT admin, you have a shared responsibility for monitoring and managing the institution’s vendors and weighing the risks each one poses to the institution. To keep the network compliant and secure, you need to thoroughly evaluate potential vendors; identify critical vendors and services; implement an effective risk management process throughout the lifecycle of the vendor relationship, and report appropriately to senior management. Some key best practices include:

  • Developing plans that outline the institution’s strategy;
  • Identifying the inherent risks of the specific activity, and the residual, or remaining, risk after the application of controls;
  • Detailing how the institution selects, assesses, and oversees third-party providers;
  • Performing proper due diligence on all vendors;
  • Creating a contingency plan for terminating vendor relationships effectively; and
  • Producing clear documentation and reporting to meet all regulatory requirements.

Having a proactive plan in place will help you effectively manage vendors and have a clear understanding of the level of criticality and risk for each service provider. Properly vetting and managing vendors will reduce risk for the institution, while also ensuring compliance requirements are met successfully.

Step 3: Understand the Institution’s IT Organizational Structure

How IT roles are structured within a community bank or credit union varies by the institution, but many financial institutions have an IT administrator, information security officer (ISO), chief information officer (CIO), and an IT steering committee to support IT activities. It’s important to learn how the institution is set up and understand what the ISO and CIO are responsible for so you can work together to ensure the institution’s environment is operating securely and efficiently. It’s also important to make sure all ISO duties are separated from other IT roles at the institution to maintain compliance with FFIEC requirements.

At some point, every functional area of a bank or credit union touches IT in one way or another so understanding how every system, application, and functional area within the institution operates and relates back to IT enables you to help the staff by troubleshooting the different issues each department may experience.

Step 4. Review Recent Audits and Exams

Another way to determine the current state of the financial institution is to review all recent IT audits and exams. Determine if there were any findings or recommendations made by a regulatory agency and make sure that this has been addressed and remediated appropriately. With this information, you can tell if there are any current issues or pain points and start to make strategic plans or address specific issues as they arise.

Financial institutions are held accountable for FFIEC compliance and must manage regulatory activities including reporting effectively. New IT personnel should become familiar with FFIEC guidance and understand what is required to meet regulatory expectations and perform well on future audits and exams.

With these steps, new IT admins can gain a deeper understanding of information technology and what their key responsibilities are at the financial institution to ensure the community bank or credit union can successfully meet examiner expectations and keep operations running smoothly.

14 May 2020
Key Benefits of Cloud Infrastructure for Banking IT Operations

Key Benefits of Cloud Infrastructure for Banking IT Operations

Key Benefits of Cloud Infrastructure for Banking IT Operations

Cloud technology has been driving efficiency and innovation across many industries for years and today, many community banks and credit unions are adopting cloud services for their IT operations.

In a recent webinar, Safe Systems presented an overview of cloud infrastructure and the key benefits to financial institutions. Here are a few points to keep in mind if you’re thinking about implementing cloud services:

Data Centers

Cloud service providers, like Microsoft Azure or Amazon Web Services, have some of the best data centers in the world, providing space, power, cooling, and physical security. You no longer have to worry about the management burdens of an on-premise solution or co-location when your servers and applications are hosted in a secure cloud environment.

Lifecycle Management

The cost of server hardware does not end with its purchase. There are hidden costs of tracking which assets are still healthy, supported, and under warranty. Replacing aging equipment every few years often requires a complex project that impacts availability and takes time away from meeting more important objectives. With cloud services, you can eliminate lifecycle management of your server equipment, enabling you to focus your effort on higher-value projects that drive your business.

Availability

When you adopt cloud services, the availability of your critical application infrastructure and data is the responsibility of the cloud provider. The major cloud providers are able to attract and retain the best talent in the world to keep systems healthy and secure. They deliver your services from a highly resilient network of multiple data centers, vastly reducing your dependency on any single datacenter.

Flexibility

  • Experimentation
  • If your goal is to develop a specialized project for your institution, a platform like Microsoft Azure has many different services to make it easy for you to test scenarios or try new ideas without investing in hardware or navigating the justification and purchase order process. You simply visit the website, turn on a resource, and experiment. Later, you’re able to turn it off with no further commitment.

  • Fast Turnup and Fast Turndown
  • Cloud services enable you to get up and running fairly quickly in this new environment. Instead of having to order hardware and wait for it to be shipped or spend time setting up the solution, you can go from having an idea to having the solution turned on literally within a few minutes. Fast turndown is equally important. When you no longer need the solution, you can simply turn it off, and more importantly, the billing ends as well.

  • Elasticity
  • The elasticity of cloud service means that you can add capacity when you need it and remove expense when you don’t. For periodic computing tasks, like month-end processes, extra computing power can be added to your cloud services and then removed after the job is complete. This is more cost-effective than building an infrastructure that is sized for the busiest day of the year.

  • Serverless Functions
  • Lastly, large cloud providers have many advanced functions that can provide community banks and credit unions with new capabilities like serverless computing. Some workloads that traditionally required a dedicated server, like a Microsoft SQL database, may be able to move into a serverless alternative like Azure SQL. This creates the opportunity to start reducing the quantity of Windows Server instances that need to be patched and maintained.

Cloud infrastructure allows community banks and credit unions to reduce servers, internal infrastructure, and applications that would typically have to be hosted on-premises, in addition to the associated support each one requires. It also enables you to experiment and find the right services that fit your institution’s corporate strategy and IT objectives.

To learn more about cloud services, including cloud-based disaster recovery, watch our webinar recording, “The Cloud: Recovery and Resiliency is Just a Click Away.”

01 May 2020
Combating Business Email Compromise and Protecting Your Remote Workforce

Combating Business Email Compromise and Protecting Your Remote Workforce

Combating Business Email Compromise and Protecting Your Remote Workforce

Over the last two months, there have been more people working remotely than ever before, and with more being done outside the branch, financial institutions cannot rely on their usual firewall and anti-malware solutions to protect their staff. Today, the single most common attack used to target remote users is what is known as “business email compromise” (BEC).

Safe Systems hosted a live webinar earlier this month discussing how BEC works; the main techniques used in these types of attacks; and the cost-effective solutions needed to mitigate them. In case you missed it, here are a few key points from the webinar:

What is business email compromise and how does it work?

Business email compromise is a security exploit where an attacker targets an employee who has access to company funds or other non-public information and convinces the victim to transfer money into a bank account controlled by the attacker.

These attacks have two main categories:

  1. Phishing emails – this is just a spoofed email that seemingly comes from someone you trust within the organization (like the CFO or CEO) instructing an employee to wire money to a specific account.
  2. Account takeover – the attacker procures your real username and password and then logs into your mailbox where they are then able to send and receive emails at will from your actual account.

Using these attack methods, cybercriminals can commit many different types of fraud, including wire fraud, non-public information (NPI) theft, and spreading of malware.

There are also a number of different attack “types” that cybercriminals commonly use to take over accounts:

A single-stage attack is a social engineering email directing a user to complete a certain action. For example, an email may include a link that leads to a rogue website where the attacker is trying to capture login information. This is a fairly simple, one-step attack.

The more sophisticated variation on this type of attack is the multi-stage method. In this attack, we often see that instead of having a link in the email that goes to a suspicious website that could potentially be blocked by other security layers, attackers use a link in the email that goes to a highly trusted place like a Citrix share file or some other trusted site. If the user clicks the link, they’ve now stepped outside of any email security layers the institution might have in place. Most often these sites are SSL encrypted so this underscores the importance of having SSL inspection performed on your traffic to ensure links in emails do lead to legitimate, secure websites. The problem with this, however, is that it can be an increasingly difficult job for some financial institutions to implement and manage.

How Can Financial Institutions Defend Against These Threats?

Prevent

The first line of defense against business email compromise is to stop the user from being exposed in the first place, and the single most effective measure financial institutions can implement is user training. It’s important for financial institutions to regularly conduct penetration testing and use security awareness training to educate their employees. Over the years, we’ve seen a distinct correlation between the frequency of user security awareness training and the success rate of phishing attacks. Some institutions leverage self-testing tools such as KnowBe4, but there are many other services that financial institutions can use to test their employees.

Mitigate

The second line of defense is to stop the user from causing damage. To mitigate the threat, financial institutions can use a variety of effective tools, including:

  • Email Filtering – a tool that filters out suspicious emails to ensure no spam, malicious content, or sensitive data makes it out of the institution unauthorized.
  • DNS Filtering – is the process of using the Domain Name System lookup to find the IP address of a website to block malicious websites and filter out harmful or inappropriate content.
  • URL Rewrite – if an email has a link, the system rewrites the destination of the link to go to a security company first before the real session is connected.
  • Multifactor Authentication – this tool requires more than one method of authentication to verify a user’s identity for a login or other transaction. The methods include something you know (pin); something you have (phone) and/or something you are (biometrics).

These are just a few of the tools that can help strengthen your institution’s security posture and ensure users do not fall victim to malicious attacks. However, if they do, it is critical to have a plan to respond.

Respond

The last line of defense is to stop the expansion of damages if a threat has occurred. In this case, financial institutions must conduct an investigation into the cyberattack and have thorough logs of their mail system to understand exactly what occurred; how far it has spread; and determine the next steps. Community banks and credit unions should have an incident response plan in place and perform regular tabletop testing to confirm the plan works and will be useful when a real attack occurs.

To learn more ways to protect your institution from business email compromise, watch our recorded webinar, “Business Email Compromise – Preventing the Biggest Risk from Remote Users.”

23 Apr 2020
Managing Banking IT Operations During a Pandemic: Your Top Questions Answered

Managing Banking IT Operations During a Pandemic: Your Top Questions Answered

Managing Banking IT Operations During a Pandemic: Your Top Questions Answered

For many financial institutions, it has been a challenge to keep IT operations moving efficiently during this pandemic. Since community banks and credit unions are considered an essential business, they are required to continue to serve customers and members. This can be difficult when employees are unavailable or are forced to work remotely from their homes for the first time. Many financial institutions have questions about how to efficiently manage their remote workforce, while keeping the institution secure and employees, customers, and members safe.

To address these questions, Safe Systems’ Information Security Officer, Chuck Copland, VP of Compliance Services, Tom Hinkel, and Chief Technology Officer, Brendan McGowan held a live panel discussion last week covering ways financial institutions can manage banking IT operations during a pandemic. In this blog, we’ll cover a few of the top questions from the panel:

1. How would you suggest making sure that remote access vendors are vetted quickly but thoroughly?

For many financial institutions, remote access was limited before the pandemic because this technology either didn’t support critical functions or wasn’t a priority at the time. Now, remote access is very important to continue business operations efficiently, and many community banks and credit unions are evaluating options for larger scale use. To do this effectively, you first need to consider all of the risks associated with remote access and the potential impact on your organization. This helps you get a quick baseline of the controls you’re going to require, which will then inform your vendor review.

While some institutions may be in a rush to get remote access tools up and running, it is important to stick to your normal vendor review process and take the time to thoroughly evaluate third-party risk. If you do have to sacrifice the integrity of your normal due diligence process and cut some corners to choose a vendor quickly, understand that there will be a resulting change in your institution’s risk appetite, or your acceptable risk. Make sure this is updated and that the executive management team including the Board sign off on the your new risk appetite.

2. What are some lessons learned about remote access for financial institutions during this pandemic?

It can be difficult to determine which remote access tool fits best with your institution’s unique security and regulatory needs. First, you should identify the best way for your staff to access the network whether it’s through a virtual private network (VPN) or an application for remote access, like a telecommute remote control tool. A VPN is a piece of software that lives on a computer that your user has at home — preferably a bank or a credit union asset and not their personal home PC.

When a user connects through a VPN tunnel, typically the computer gives access to the local network at the institution. With telecommute remote control tools, like LogMeIn and Splashtop, the user is working from a local computer at the office. These tools limit the abilities of the computer from interacting with the institution’s local network, often, making it a secure option for organizations that don’t want employees to have direct access to the network. Because each tool achieves a different goal, you will want to determine exactly what your team needs to conduct remote work efficiently, effectively, and securely.

There are also several collaboration tools and meeting tools to consider which can help different teams within your institution communicate and collaborate on projects internally and meet with each other or speak with external users outside of your organization.

What are you hearing from examiners? How are exams continuing during the pandemic?

We’re seeing that all examinations have either been pushed back to a later date or changed to a remote visit. In the climate that we are in, examiners are expecting institutions to make accommodations to customers that may be negatively affected by this pandemic and ensure they have access to other critical products and services.

But what happens when the dust settles, and we go back to a more normal set of circumstances? What will examiners expect then?

Most likely, we expect them to be looking for a mature “lessons learned” document that financial institutions create to show what they have learned over the course of this particular pandemic event. We can certainly see guidance changes coming out of this, with regulators having a new set of expectations for financial institutions going forward. Right now, we are all concerned with just getting through this challenging time but all financial institutions need to document what they are doing and the lessons they have learned along the way. They also need to create a report for the Board and the executive management team recommending any necessary changes to mitigate the impact of a pandemic, should one happen again in the future.

If you’d like to find out what other questions were answered during the live panel, watch our recorded webinar, “Ask Our Experts: Managing Banking IT Operations During a Pandemic.”

02 Apr 2020
Microsoft’s LDAP Security Update and the Impact on Financial Institutions Today

Make It or Break It: Microsoft’s LDAP Security Update and the Impact on Financial Institutions Today

Microsoft’s LDAP Security Update and the Impact on Financial Institutions Today

In January 2020, Microsoft announced it would release a security update on Windows that by default enables LDAP channel binding and LDAP signing hardening changes for Active Directory. LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication. LDAP provides the communication language that applications use to communicate with other Windows active directory (AD) servers which stores users, groups and passwords for many systems on an organization’s network. LDAP is the middle communication layer between the active directory and your business applications and systems.

LDAP channel binding and LDAP signing provide ways to increase the security for communications between LDAP clients and Active Directory domain controllers. However, there are a set of insecure default configurations for LDAP channel binding and LDAP signing on Active Directory domain controllers that let the LDAP communicate without enforcing secure LDAP channel binding and LDAP signing. Many organizations have not addressed this vulnerability by changing their default setting to make the LDAP more secure, so Microsoft is leading the charge to ensure network security for all users.

While originally slated for March 2020, Microsoft plans to release the update mid-year, giving organizations more time to proactively prepare for the change. This is because the patch will disable all insecure LDAP bindings, which has the potential to break many systems for several organizations. Financial institutions must look at their systems, determine insecure devices or applications, and fix them while there is still the option to switch back to the default setting.

The Problem

So why is Microsoft forcing this update on its users? The main concern is password protection. With Windows Server active directory, passwords are essentially allowed to be sent over the network in clear text (a non-TLS encrypted communication) by default. Microsoft’s patch is going to harden LDAP to essentially block the ability to send a password over the network using clear text. This is important because if a hacker is trying to intercept your organization’s passwords and encounters an insecure LDAP, they would be able to read the password and use this information to access your systems. LDAP needs to be hardened and changed from an insecure 0 to a secure 1 or 2 to ensure this doesn’t occur. When you harden LDAP, you’re improving the security posture of this protocol, so it has less vulnerabilities and less chances of being exploited.

Download Free PDFMoving Beyond Traditional Firewall Protection to Develop an Integrated  Security Ecosystem Get a Copy

Remember this is an “all or nothing” setting. You either make it secure or you don’t, but there are many consequences tied to the latter. Once this update is released, if you send a communication in clear text, the server will block it from being authenticated. If you are unable to send the communication securely by leveraging hardened LDAP, then it will likely break and no longer perform that function. This can affect any client, device, application, or system at your financial institution that interacts with the Windows server and needs to be authenticated (e.g., scanners that scan-to-folder or enumerate an address book.)

The Solution

So, what can you do to get ahead of this impending patch? Financial institutions can make this change early before the patch is released, by changing the registry setting forcing the LDAP to be more secure and causing everything that is going to break to break. Then they can change the setting back and fix whatever is broken. Again, the affected systems could be anything that authenticates with AD that uses the LDAP protocol. This is a process of trial and error and will require a lot of manual investigation to determine potential breaks.

A good place to start is to enable additional logging and collect all of your event logs and review the event IDs to see if you are affected. Start by looking for event ID 2889, 2886, and 2887 in your directory service log. If event ID 2886 is present, it indicates that LDAP signing is not being enforced by your domain controller. Event ID 2887 occurs every 24 hours and reports how many unsigned and clear text binds have occurred over the network. Then, event ID 2889 helps determine which IP addresses and accounts are making insecure LDAP channel binding requests so you can identify the correct devices and applications to fix. You can also review additional event IDs to gather more information or use a PowerShell command to help you track down insecure LDAP binding before the deadline later this year. If you have a managed services provider, they will be able to help you find the right solution.

27 Mar 2020
What Community Banks and Credit Unions Should Do to Combat COVID-19

Facing a Pandemic: What Community Banks and Credit Unions Should Do to Combat COVID-19

What Community Banks and Credit Unions Should Do to Combat COVID-19

As the Coronavirus pandemic continues to rise throughout the world, it is important for community banks and credit unions to effectively carry out their pandemic plans to stop the spread of the virus and implement alternative ways to serve customers or members during this critical time. Safe Systems held a webinar last week covering five things all community banks and credit unions need to do during a pandemic. In this blog, we’ll cover a few of the key points from the webinar.

  1. Pandemic Testing
  2. According to the Federal Financial Institution Examination Council (FFIEC) guidelines, financial institutions need to have a “testing program designed to validate the effectiveness of the facilities, systems, and procedures identified” in their business continuity plan. In a pandemic, it is the people who are affected more than the facilities, so your systems and processes become more impacted than anything else.

    A preventative program has to address:

    • Monitoring outbreaks
    • Educating and providing appropriate hygiene training and tools to employees
    • Communicating with customers and members
    • Coordinating with critical providers and suppliers

    With the pandemic already underway, it can feel counterproductive to conduct a pandemic test for your financial institution. However, we’ve found it’s never too late to test and improve your pandemic plan, even in the midst of a crisis. Make sure you are validating your succession plan and cross training measures by purposely excluding certain key individuals from actively participating in the testing exercises you conduct for your institution. During a pandemic, important individuals may not be in the branch or available every day, so it’s important that you test your plan to make sure the institution can still operate efficiently.

  3. Social Distancing
  4. Social distancing is a term that’s come out of this global pandemic to stop the spread of the virus. The Center for Disease Control (CDC) states that individuals should keep a six-foot minimum distance from others to limit the spread of the virus, but how does this impact the way your financial institution does business? Think of how your teller line, customer service areas, lending offices, etc. are set up. For these more personal, face-to-face interactions, it is important for you to change the location set up to ensure the 6-foot distance is achieved to protect both the customer and employee. Here are some tips from the American Bankers Association® to consider:

    • Require non-customer facing personnel work from home and try limiting interactions of personnel as much as possible in offices.
    • Have staff sign in when they arrive and leave.
    • Designate times for “at risk” customers (because of age or condition) to visit the lobby when no others are allowed.
    • Make loans or open new accounts by appointment only. When you close a lobby, designate one drive-thru for business customers and one for consumers, as their transactions are very different and differentiating the two can help speed transactions.
    • Keep your messaging positive. Don’t not use the word “Closed” on your door or website; instead use “Appointments Available.” Remind customers that banks are never truly closed, thanks to online and digital platforms that provide customers with 24/7 access to their accounts.

    We are posting tips, resources, and FAQs from ABA, FDIC, NCUA, and our own Safe Systems’ experts on the homepage of our website.

  5. Security in Social Distancing
  6. For employees that are able to work from home, providing resources for working outside of the institution is another great option to keep staff and the public protected. If your staff members are working from home, here are a few things to consider to ensure the institution maintains both security and productivity.

    • Do your employees have enough bandwidth at home?
    • Do you have a dedicated VPN device?
    • Do you have a firewall to allow this connection?
    • Can the firewall/device handle the number of devices actively connecting remotely at one time?
    • Do you have enough licenses (if needed) for each user to connect remotely?

    When your staff is working from home, you still must worry about security. You will need to decide how they connect to your network, what device they use, and how that device is secured. For instance, if you are allowing an employee to use their personal computer, then reference your remote access policy. It should include rules for the appropriate cyber hygiene of the remote device (patching, antimalware, etc.), and should be signed by the end-user. OpenDNS offers free security options for DNS lookups on home computers, which is also a good consideration should you need to update or create a home PC access policy and requirements. You may also require multi-factor authentication as an additional precaution to keep the network secure.

Financial institutions provide critical services to their communities and must be able to support customers and have alternate ways of doing business during a pandemic.

If you would like to gain more insights on COVID-19 and listen to a brief Q&A from our compliance team and information security officer, download our recorded webinar, “5 Things Community Banks and Credit Unions Need to do During a pandemic.”

 

Watch Recorded Webinar


 

As many community banks and credit unions are still formulating their responses to the pandemic, we’d like to collect and share what steps financial institutions are actively taking to protect employees and customers while maintaining business operations. Please take a few minutes to complete this survey and tell us how your institution is responding to the novel coronavirus (COVID-19) pandemic.

 

How are you responding to the Pandemic? Take the Quiz


 

10 Feb 2020
The Value of User Conferences For Banks and Credit Unions

The Value of User Conferences for Banks and Credit Unions

The Value of User Conferences For Banks and Credit Unions

As the financial services industry has become more technology-driven and more complex operationally, user conferences have become key events along with industry association conferences. By providing a venue for banking professionals to collaborate directly with their technology providers and other peer institutions, user conferences represent a proven way for banks and credit unions to extend the ROI of their technology investments. Examiners and auditors recognize the importance of participation in these events and many now expect attendance to gain industry knowledge and strengthen existing vendor relationships.

Regulatory Expectations – Vendor Management

Examiners are increasingly focused on how a financial institution manages their vendors. According to the Federal Financial Institutions Examination Council (FFIEC) IT Examination Handbook, “User groups are another mechanism financial institutions can use to monitor and influence their service provider. User groups can participate and influence service provider testing (i.e., security, disaster recovery, and systems) as well as promote client issues. Independent user groups can monitor and influence a service provider better than its individual clients. Collectively, the group will constitute a significant portion of the service provider’s business. User groups offer advantages to both the service provider and the serviced institution by allowing customers to discuss and prioritize their concerns…service providers should obtain customer feedback though user groups or customer surveys.”

In addition to effective vendor management requirements, the FFIEC also requires employees of financial institutions to participate in ongoing education and technical expertise to remain in compliance.

Educational Benefits of a Users’ Conference

Regulatory and compliance issues aside, user conferences offer a host of benefits to participating banks and credit unions, such as:

Classroom Training

Well-designed webinars or online training sessions are great resources, but focused, in-person learning, and networking allows attendees to remain current on the latest technology solutions and enhancements, industry developments, and specific products and functionality that your vendor is working on. The opportunity to learn first-hand from industry and subject matter experts, as well as share your own experiences and expertise, really should not be underestimated.
User conference learning opportunities often consist of:

  • Basic and advanced workshops or sessions
  • Issue-focused roundtable discussions
  • Networking opportunities with peers
  • Software demonstrations
  • Professional development courses
  • Hands-on training and consultations with vendors

Best Practices

Many find the greatest value in user conference participation through peer discussions and open Q&A sessions on best practices. These sessions give customers access to some of the best information and insight on how other institutions are utilizing the vendor’s solutions to solve problems and drive efficiencies and profitability.

Networking

We know from experience that peer groups serve as the perfect environment to share and exchange ideas, concerns, successes and failures tied to the industry. Many community banks and credit unions share the same worries about technology, compliance, security, and business issues. These events provide a venue for you to hear others’ experiences and tap into their knowledge, providing you the opportunity to make industry friends and gain a trusted group of individuals you can rely on in the future.

The Safe Systems National Customer User Conference, NetConnect™, is less than a month away. This event will bring Safe Systems’ employees and strategic partners together with a variety of banking professionals representing technology, compliance, operations and management roles.

We understand the value of user conferences and we use that opportunity to meet with a selection of customers (Customer Advisory Board) to discuss existing and new products and services that will meet their future business goals.

If you’ve never been to a user conference, don’t take our word for it. Here’s what a few of our customers have said:

“Every time I attend, I come away with knowledge and information that can help me do a better job in my organization.”
“It was good to hear feedback from other bankers about Safe Systems as well as make connections and contacts.”
“This is the best opportunity to get a pulse on exactly what’s happening in the IT Banker’s world.”
09 Jan 2020
Top Bank Technology, Security, and Compliance Concerns in 2020

Less Worrying. More Banking.™ Top Banking Technology, Security, and Compliance Concerns in 2020

Top Banking Technology, Security, and Compliance Concerns in 2020

The constant evolution of technology, the ever-changing compliance landscape, and increased security threats have fundamentally changed the way financial institutions operate today and the key concerns they are facing on a daily basis. In our 26 years of experience serving the community banking industry, we have not seen a more difficult landscape for our clients to navigate.

The risks associated with security, compliance and technology have never been more challenging than they are today. As the responsibilities of community financial institutions continue to grow and evolve, it is not uncommon to worry about limited resources, keeping up with new technologies, or simply maintaining a competitive advantage in the industry. We believe that all financial institutions, regardless of size and location, should be able to leverage the best technology solutions available so they can focus on serving the financial needs of their communities. It is our mission to provide peace of mind and value for our customers in these areas so banking professionals can get back to doing what they do best and spend less time worrying.

Through the years we have developed and offered compliance centric IT services designed exclusively for community banks and credit unions, ensuring that they are kept up to date on the current technologies, security risks, regulatory changes, and FFIEC guidelines. We strive to listen to our customers to ensure our solutions continue to support the changing needs of the industry and meet their expectations in addressing key concerns. We recently surveyed a group of our community bank and credit union customers to gain a better understanding of the top worries and concerns they have for 2020 as they relate to technology, compliance and security. Through that survey we uncovered the following:

Technology Challenges

Financial institutions of all sizes continue to depend on their IT network infrastructure and technology solutions for nearly all functions of the institution, which makes it crucial that all solutions work efficiently. While community banks and credit unions have been utilizing technology for quite some time now, they continue to face certain technology challenges heading into 2020. According to survey respondents, the expense of technology solutions, keeping up with rapid changes, and truly understanding the technology solutions are top concerns. In addition, many continue to struggle with network management and connectivity, patch management, and training employees on IT solutions.

Compliance

While banks and credit unions have adjusted to the frequent and strenuous regulatory reviews, they continue to struggle with meeting examiner expectations across critical areas such as vendor management, business continuity planning, and risk management and assessment. In addition, many struggle with adequately defining the requirements of the Information Security Officer (ISO), as this role has become more involved and the expertise needed has grown. The ISO has one of the most crucial roles in a financial institution. In fact, it is one of the few positions that are required by guidance. The FFIEC covers various issues related to information security in great detail, including the expectations and requirements for the ISO. According to the FFIEC IT Examination Handbook’s Information Security booklet, financial institutions should have at least one person who is dedicated to serving as an in-house ISO.

Security

Over the past several years, the industry has been impacted by a marked increase in data breaches, ransomware, card fraud and other malicious attacks. Additionally, an increase in devices connected to networks has made it critical for financial institutions to strengthen their security strategies and policies and ensure all systems are up to date and able to effectively combat today’s threats. Cybersecurity-related attacks on the financial sector continue to increase at an alarming rate, making cybersecurity a top area of concern for financial institutions. Additional areas of concern include ransomware, phishing, malware, disaster recovery, and network security.

Managing these challenges alone can be a daunting task to undertake. As a trusted resource for financial IT and regulatory support, Safe Systems is here to serve as a true extension of your team, providing you with access to technology professionals who are specifically trained in the banking industry. Safe Systems offers cost effective solutions such as IT support and managed services, internal network/cloud design and installation, hosted email, business continuity and disaster recovery, compliance consulting, security services, and IT and compliance training. Our services help financial institutions significantly decrease costs, increase performance, and improve compliance posture.

Let us help you get back to what you do best. Less worrying. More banking.™

 
12 Dec 2019
Five Ways Strategic Advisors Help Community Banks and Credit Unions Improve IT Planning

5 Ways Strategic Advisors Help Community Banks and Credit Unions Improve IT Planning

Five Ways Strategic Advisors Help Community Banks and Credit Unions Improve IT Planning

The day-to-day responsibilities of managing the IT network administration, compliance efforts, and security measures for a community financial institution have grown to be a cumbersome, challenging, and often inefficient process. It is likely that there is not enough people and resources on the team to manage the multiple solutions and responsibilities.

To help combat the limited staff issue, many community banks and credit unions turn to managed services providers that have strategic advisors who act as facilitators and trusted partners to guide technology committees and provide tools to address financial regulatory governance. These advisors have a wealth of banking IT expertise and are knowledgeable regarding regulatory and industry issues faced by financial institutions today. They also serve as a convenient, single point of contact within the managed service provider, and assist by performing the following tasks:

    Get a CopyTop 3 IT Management Worries for CEOs in Banking Get a Copy

  1. Attend Technology Steering Committee Meetings
  2. Participating in regular steering committee meetings enables the strategic advisor to interact with decision makers and help with deliberation, consideration, and recommendations on IT-related issues. They can help mitigate potential risks that are often overlooked while sharing the knowledge and insight needed to help move the financial institution in a positive direction.

  3. Assist with Strategic IT planning
  4. Strategic advisors have a wealth of knowledge and insight into not only the banking and financial services arena, but the IT solutions needed for a financial institution to be successful. They help banks and credit unions develop a comprehensive plan to ensure the institution is implementing and utilizing the solutions necessary to meet its goals.

  5. Facilitate Responses to Pre-exam IT Questionnaires
  6. The exam process has become a time-consuming endeavor. At the beginning of the exam process, the examiner typically sends a list of items they want to review; certain areas they plan to examine; and items they plan to discuss. This normally includes a list of questions the financial institution must prepare ahead of the review. The strategic advisor works with the bank or credit union to complete the questions to meet examiner expectations.

  7. Provide Updates on Current Trends in Compliance, Technology, and Security
  8. The advancement of technology, online banking services, compliance, and regulatory requirements, have made the business of banking more challenging. Strategic advisors provide knowledge and information to help banks and credit unions stay abreast of all the updates and trends in the industry.

  9. Quarterly System Reviews and Assessments
  10. Performing regular assessments helps the financial institution ensure all things related to IT network technology controls are working and up to date. It also serves as time for the strategic advisor to educate bank personnel on new or changing government regulations and expectations. This helps community banks and credit unions to remain in compliance and be better prepared for audits and exams.

With this type of guidance, financial institutions can gain deeper technology insights and enhance strategic IT planning. Strategic advisors act as an extension of the internal team while helping guide and advise the bank or credit union on initiatives that ensure success today and into the future.

05 Dec 2019
How to Maintain Bank Compliance and Security During the Holiday Season

How to Maintain Bank Compliance and Security During the Holiday Season

How to Maintain Bank Compliance and Security During the Holiday Season

The holiday season is in full swing, which means many employees are heading out of the office to enjoy some vacation time. However, just because it’s the holiday season, it doesn’t mean that cybercriminals are taking time off. Cybersecurity attacks continue to increase and are becoming more sophisticated. Institutions are expected to maintain bank compliance with regulatory guidelines and ensure all technology assets are working properly so operations continue to run smoothly during the holidays.

This can be a challenging time for many community banks and credit unions that have a small staff and rely on key individuals to make sure all activities related to technology, compliance, security, and regulatory requirements are taken care of. Today’s community financial institution relies on the IT department to maintain its hardware and software and to ensure all systems are available when needed. The department is also responsible for monitoring an array of ongoing IT concerns like anti-malware, cybersecurity issues, service-related touch points, compliance updates, and email security, to name just a few. So, what happens when the people responsible for these crucial aspects of the institution go on vacation?

Partner Up

Many financial institutions are turning to an industry-specific managed services provider to act as an extension of their organization and help augment internal technology and compliance resources and responsibilities. The right managed services provider, who is familiar with the banking industry, can serve as a true partner and work alongside current staff to provide timely support, and manage the technology, security, and regulatory compliance aspects for the institution.

A managed services provider can help automate and manage many of the administrative functions that normally fall to the technology or compliance department, making it less daunting for employees to get away. In addition, while this not only saves time and improves efficiencies, it also helps the bank or credit union extend its support hours beyond the traditional 9 to 5 retail hours, which is key for IT departments with limited staff.

Managing IT resources, bank compliance-related issues and combatting cybercrime are some of the greatest challenges and concerns for financial institutions today. When IT and security staff are out or unavailable, outsourcing these processes helps fill the personnel gap and provides added stability for the institution and peace of mind to all.


What To Do When Your Bank's IT Administrator Leaves

What To Do When Your Bank’s IT Administrator Leaves (Checklist)

07 Nov 2019
How CEOs Can Ensure Continuity In their Bank or Credit Union With Network Management

How CEOs Can Ensure Continuity in their Bank or Credit Union with Network Management

How CEOs Can Ensure Continuity In their Bank or Credit Union With Network Management

The role of a community bank or credit union CEO has become increasingly complex with responsibilities including oversight of all operations and procedures—no small task in light of today’s rapidly changing technology and security landscape, evolving compliance, and shifts in consumer behavior when selecting a banking partner. Given this, many CEOs are struggling to ensure continuity in this environment, especially working with limited resources and increased employee turnover.

An effective way to do this is to partner with a managed services provider that has a comprehensive network management solution designed specifically for community banks and credit unions to provide expertise, services, IT support and add to the existing internal knowledge bases.

Sustaining Personnel Continuity

The reality is that today, community banks and credit unions must address succession planning, especially as it relates to their IT department. CEOs are tasked with thinking about and planning for redundancy to counter the consequences of key staff leaving and taking that knowledge-base with them—and away from the institution. But true continuity is not limited to a single employee resigning; there needs to be a continuity plan in place to account for when employees take vacation, are out sick, are on short-term disability, or are on maternity leave. Regardless of the situation, a managed services provider can help minimize uncertainty, prevent unnecessary stress, and assure continuity by acting as an extension of a bank or credit union and helping to augment internal IT resources.

Ensuring Technology Continuity

Get a CopyTop 3 IT Management Worries for CEOs in Banking Get a Copy

In addition to human capital, technology continuity is a key component of a community financial institution’s success. The advancement of technology, online banking services, compliance, and regulatory requirements, plus the growing demand from customers and members to have 24/7 access to their financial lives, has made the business of banking that much more challenging as it has become more IT-focused. This has made it crucial for banks and credit unions to have a proven technology program and framework in place to ensure that operations continually run smoothly.

Working with a provider who offers IT network management solutions exclusively tailored for the community banking industry provides a level of continuity and expertise that can otherwise be difficult to maintain internally on a long-term basis. Doing so ensures that the financial institution’s network is properly adhering to its operational, security, and compliance policies and procedures.

Continued Adherence to Government Regulations and Compliance

The burden of understanding how an ever-growing list of regulations applies to IT operations is shared across the organization. This pressure can be alleviated by an outsourced provider that truly understands the industry and is able to help institutions better manage their processes in a compliant manner. Taking a proactive approach to network management, for example, gives community banks and credit unions the ability to better stay ahead of new and pending regulatory requirements while effectively managing costs through limited resources.

Change is inevitable for any institution. However, having the ability to withstand change and still meet (or better yet, exceed) customer and member demands and expectations in spite of personnel turnover, natural disasters, technology struggles, etc. is key in today’s marketplace. An experienced managed services provider that offers a comprehensive network management system can go a long way toward ensuring continuity.

31 Oct 2019
IT, Compliance, Security and Personnel Challenges That De Novos Face

IT, Compliance, Security and Personnel Challenges That De Novos Face

IT, Compliance, Security and Personnel Challenges That De Novos Face

While the economy is making way for startups, there are still significant challenges to starting a bank from scratch. In addition to the overall challenging environment for community banks and the need to raise significant capital and funding, De Novos face additional obstacles such as complex regulatory and compliance expectations, strict information security requirements, and the stress of finding qualified staff in continuously evolving IT landscape.

People

Download PDFSuccess Story: American Pride Bank Get a Copy

Attracting and retaining the right people is one of the most daunting steps in launching a De Novo, particularly because early on, everyone needs to be very hands-on and wear multiple hats. Hiring the right personnel takes time and resources and can force executives who are trying to secure funding and capital for opening the bank to redirect their attention. All of this makes staffing and the development of in-house expertise significant pain points for De Novos to manage.

Technology

The advancement of information technology, security, compliance, and regulatory expectations and online banking services—plus the growing demand from customers to have 24/7 access to their financial lives—have changed the business of banking. Today, bankers have expanded their focus to include management of data, IT networks, compliance requirements, and security, in addition to their traditional roles of managing money and providing loans for their customers. Because technology has become central to the operations of banks, De Novos must quickly establish a proven technology program and framework to ensure that their operations run smoothly both at launch and ongoing. Even with the latest technology, however, the challenge often lies in trying to keep pace with the rapid rate of change that continues to impact their institution.

Information Security

From day one, De Novos must establish a strong information security posture to counter the increasing frequency of cyberattacks in today’s business environment. While falling victim to security breaches and associated attacks is costly for any community bank, both from a financial and reputational standpoint, it is especially harmful to new banks that are working hard to establish trust among its new customers and the community. Furthermore, successfully recovering from the damage and destruction of data, theft of personal and financial data, and disruption to the normal business operations can exceed a De Novo’s financial resources.

Compliance

Get a CopyTop 3 IT Management Worries for CEOs in Banking Get a Copy

Regulators have historically been more stringent in ensuring that De Novos are in compliance with, and adhering to, expectations. As an example, the FDIC’s InTREx program (Information Technology Risk Examination) is designed to provide a more uniform and less subjective examination experience—one that requires a deeper analysis by the examiner and in turn puts a greater compliance burden on the bank. Proper documentation will often make the difference between a “satisfactory” and a “less than satisfactory” assessment. This means that institutions must be adequately prepared to meet examiner expectations. In addition to proving that the bank has enough capital to operate, they must also prove they, with all applicable laws, regulations, and supervisory policies. De Novos have found managing regulatory compliance efforts to be a resource-consuming and expensive task.

Today’s complex regulations, increased use of technology, personnel restraints, and security expectations, are forcing De Novos to find new ways to manage risk, remain compliant, and be competitive in today’s environment. Under these mounting pressures, De Novos are increasingly turning to managed service providers to help bear the burden and establish a framework to meet these challenges. Such partners bring knowledge, additional resources and expertise to help financial institutions better control and more successfully manage their complex IT environments – positioning them to operate in today’s financial services arena with a greater degree of confidence and success.

24 Oct 2019
Reducing Risk for CEOs

Reducing Risk: Top 4 Things CEOs Can do to Reduce Risk in their Bank or Credit Union

Reducing Risk for CEOs

The role of a community bank and credit union CEO has expanded and now requires a much deeper understanding of technology issues, risks, and regulatory requirements. CEOs are ultimately responsible for the health of the institution, which requires effective oversight of all operations and procedures and ensuring the institution is efficiently managing and reducing risk.

Many risk events arise from preventable mistakes, including: the right security layers not being in place; flaws in transaction processing; flaws in IT solutions and processes; security breaches; and/or outright fraudulent acts.
The CEO is ultimately responsible for ensuring the institution manages and combats these risks. Some key things CEOs can do or implement to reduce risk include:

  • Attract and Retain Skilled Staff

The CEO must make sure that the staff has the knowledge to ensure the institution is both compliant and competitive in today’s market. Employees must understand the ever-growing complexity of regulations as they relate to IT operations and ensure the institution remains compliant with continuously changing regulatory requirements and is up-to-date with evolving technology to meet customer and member demands and expectations.

  • Implement Information Security Procedures

Get a CopyTop 3 IT Management Worries for CEOs in Banking Get a Copy

The CEO must ensure proper technologies and solutions to thwart viruses, spyware, and other harmful threats are installed. This entails overseeing the creation of enforceable policies and processes to both educate employees and protect the institution’s computer infrastructure, networks, and data. Cybersecurity represents a large component of the risk prevention strategy. Ensuring security defenses fit closely with the institution’s long-term goals as well as support the IT and compliance strategies is vital to not only the health of the organization but also in remaining compliant with current regulations.

  • Understand Compliance and Regulatory Expectations

Regulators now pay more attention to issues around governance, security, and IT solutions than they have in the past, and they have made clear that it is on CEOs to make sure that the institution is adequately protecting customer or member data, are aware of the institution’s operations, and are following all FFIEC and Gramm-Leach-Bliley Act (GLBA) requirements. The CEO must evaluate risk assessment efforts and security initiatives and establish policies regarding the management of key compliance and consumer risks to ensure the organization adheres to the correct policies.

  • Partner with the Right Managed Services Provider

More and more community financial institutions are turning to third-party providers for expertise, services, and IT support. Working with a provider who offers solutions exclusively tailored for community banks and credit unions ensures the institution’s network adheres to its operational, security, and compliance policies and procedures. Partnering with the right managed service provider can also help eliminate redundant resources, reduce existing fixed costs by maximizing capacity and leveraging economies of scale, and can add to existing internal knowledge bases.

CEOs of community financial institutions are continuously looking for ways to more efficiently and effectively manage risk. As a result, they are increasingly recognizing that partnering with a managed service provider that offers a comprehensive network management system, designed specifically for the financial services industry, helps them not only better manage their responsibilities and streamline processes, but reduces their regulatory risks as well.

To gain more insight into how CEOs can reduce risk, as well as other IT management issues for CEOs to be aware of, download our white paper, Top 3 IT Management Worries for CEOs in Banking.

17 Oct 2019
Morris Bank Experiences Growth with the Help of Safe Systems’ Network Management Solution

Morris Bank Experiences Growth with the Help of Safe Systems’ Network Management Solution

Morris Bank Experiences Growth with the Help of Safe Systems’ Network Management Solution

In today’s fast-paced, technology driven environment, managing community banks’ IT operations and networks have become a very time-consuming process to execute, especially for financial institutions looking to achieve strong growth, increase acquisitions, and build brand new institutions for their communities. The number of patch updates, reporting requirements, network troubleshooting, and regulatory compliance responsibilities are cumbersome for many IT professionals to handle while also working to keep bank operations running efficiently and seamlessly in various branches and locations.

Creating an Environment for Growth

Many community banks set out to build the best institutions for their communities, and when they’re successful, the next logical step is to expand. Morris Bank, headquartered in Dublin, Georgia, was on a mission to grow by offering more services, more locations, and more opportunities for their customers to thrive. A major challenge for banks that take on this task is ensuring IT operations are implemented and managed effectively, especially during these periods of growth and change, and that the institution is compliant with all regulatory requirements.

Larry Schenck, IT Officer at Morris Bank, realized the bank was already engaged with a provider that could help him more efficiently manage and meet the growing IT needs of the institution. Morris Bank has been a Safe Systems customer for 15 years. Schenck knew that they understood the demands of the banking industry and could adequately support the bank’s IT and compliance requirements. After careful consideration, Morris Bank decided to implement Safe Systems’ NetComply® One IT network management solution in 2016.

As a community bank with limited staff and branches in several locations, Morris Bank relies heavily on third-party providers, such as Safe Systems, to offer new opportunities to streamline processes. NetComply One helps Morris Bank efficiently manage all important network tasks including automated patch management, network monitoring, qualified alerting, and detailed reporting for examiners. Since the bank implemented Safe Systems to manage its IT network, the IT team has been able to focus on more revenue-generating opportunities and market expansions that have led to great successes for the bank.

“Our vendors play a key part in our success as well, and working with Safe Systems has helped us to simplify IT processes, meet compliance guidelines, and provide continuity for our internal team and our community as a whole.”

The last 10 years brought on a lot of change and growth for Morris Bank. The bank grew its total assets from roughly $180 million to $980 million and added seven locations to equal nine branches throughout Middle and South Georgia in Dublin, Gray, Gordon, Warner Robins, Statesboro, and Brooklet. The bank was able to grow so successfully by not only acquiring other smaller banks and their assets but also by opening branches in desirable locations. In fact, after being opened only two-years, the branch in Gray was the fastest growing bank branch in the state of Georgia.

“At Morris Bank, we have a great management team and an amazing staff that enable us to keep growing and continue to provide great service to our customers,” said Schenck. “Our vendors play a key part in our success as well, and working with Safe Systems has helped us to simplify IT processes, meet compliance guidelines, and provide continuity for our internal team and our community as a whole.”

Overcoming Challenges with Network Management

Acquiring banks and branches is a complex process, especially in terms of IT integration. All equipment and systems must be brought onto the same network and operate through the same infrastructure. Compatibility is not always easy, and often, the larger the bank or branch being acquired, the more complicated the task.

One of the bank’s recent acquisitions included three branches with 40 employees; more than 40 workstations; several servers; and additional devices and systems that needed to be set up on the network. First, all systems and devices must be tested for updated patches and antivirus. While this can be a cumbersome task, Safe Systems’ network management system enabled the bank to efficiently manage and complete the process. “Onboarding new machines and getting all systems set up on the network is a challenging task during an acquisition,” said Schenck. “With the reporting NetComply One offers, we can easily see which machines need updates, remedy any issues and have more visibility into the network to efficiently manage integrations.”

In addition to the reporting from NetComply One, Morris Bank relies on Safe Systems’ Strategic Advisors to help them navigate the processes needed to complete integrations. With the knowledge the advisors provide, the bank has been able to complete the challenging tasks of ensuring all systems are working in a compliant manner and all branches are running efficiently.

The patch management component of NetComply One has also been very important for Morris Bank. The bank has approximately 250 computers to manage and keep up to date with patches, which is critical to information security and combating cyber threats. “While Safe Systems manages and provides the patches, they are also very careful to not just arbitrarily patch machines and equipment without proper testing,” says Schenck. “Safe Systems tests each patch to ensure it will work with our current systems and ensure no holes will be left for hackers to exploit.”

Building a Strong Partnership

Morris Bank relies on a number of vendors to offer its customers key products and services that give them more convenience and control. Over the years, they have added additional Safe Systems services, including their Vendor Management solution. This solution enables a more efficient risk assessment and due diligence process, as well as provides the ability to proactively manage vendor renewals, centralize all important documents, and have detailed information to share with auditors, examiners, senior management, and the Board.

“Regulators are more closely scrutinizing the vendor management process within banks, and with Safe Systems’ vendor management solution, we are able to easily provide the proper documentation to examiners in an efficient manner,” said Schenck.

I worry less and sleep better at night knowing we have Safe Systems’ solutions running in our bank.”

Through its partnership with Safe Systems, Morris Bank has been able to expand its reach in all areas of technology, compliance, and security. The bank receives positive feedback from regulators on its network management and vendor management programs and has enhanced its compliance posture.

“Through the years, Safe Systems has been a valuable and trusted partner to our bank,” said Schenck. “The solutions Safe Systems provide enable us to give our customers a better banking experience as well as a more efficient work environment for our employees. I worry less and sleep better at night knowing we have Safe Systems’ solutions running in our bank.”

Free White Paper

The New Era of RegTech

Building Compliance into Your Financial Institution’s Processes
Why Reasons Why Antivirus Isn't Enough Anymore

10 Oct 2019
5 Things Community Banks and Credit Unions Should Budget for in 2020

5 Things Community Banks and Credit Unions Should Budget for in 2020

5 Things Community Banks and Credit Unions Should Budget for in 2020

The final months of the year signal the beginning of many traditions. For community banks and credit unions, the Fall marks the start of budget season. Financial institutions use this time to assess the year’s performance, make necessary adjustments—or full upgrades—for 2020 and beyond.

As you know, technology and security are constantly evolving, and compliance continues to be a moving target, so it’s time to consider important areas your institution needs to budget for in the next year. To ensure that your institution heads into 2020 on an upward trajectory, here are five key items to include on your list.

  1. Hardware
  2. Every year hardware should be evaluated to see if it is under warranty; in good working condition; and that the operating system hasn’t reached end of life.

    Two dates to be aware of:

    • SQL Server 2008 R2 reached end of life on 7/9/2019
    • Windows Server 2008 and 2008 R2 reach end of life on January 14, 2020

    These items will need to be upgraded or replaced as soon as possible with supported software. If the decision is to replace a server based on these products being end of life, there are options to consider as covered in number 2 in this article.

  3. Cloud vs. In-house Infrastructure
  4. Free eBookEverything You Need to Know About the Cloud Get a Copy

    Moving internal infrastructure out of the office is the new trend. This move feels similar to the move to virtualization, in that everyone agrees this is the next logical step in the evolution of computing. You should be asking the same question about cloud infrastructure as you did about virtualization—when is the right time for your institution to make the move and what are the pros and cons of this move? When the time comes to replace pieces of your infrastructure, start to gather information about the benefits of moving to the cloud and the costs associated with it. Remember, each server has both direct and indirect costs.

    Direct:

    • Server Hardware
    • Warranty
    • Software

    Indirect:

    • Electricity
    • Cooling
    • Storage/physical space
    • Maintenance
    • Backup
    • Disaster Recovery

    Each year as hardware becomes outdated and needs to be replaced, evaluate whether moving that server to the Cloud makes sense. Be sure that the functions of the server can be accomplished in a cloud environment. Once a presence in the cloud is established, future growth and changes become much easier and quicker.

  5. Firewalls
  6. Download Free PDFMoving Beyond Traditional Firewall Protection to Develop an Integrated  Security Ecosystem Get a Copy

    Firewalls continue to evolve as network and cybersecurity threats evolve and change. Ten years ago, adding intrusion prevention systems (IPS) to firewalls became commonplace in the industry. Now there are a host of new features that can be added to your firewall to improve your institution’s security posture. Many of these fall under products using the term next-gen firewalls. A few key features to consider include:

    • Secure Sockets Layer, or SSL, is the industry standard for transmitting secure data over the internet. The good news is most websites on the internet now use SSL to secure the traffic between the PC and the website. The bad news is, your firewall may be protecting your institution from fewer sites than ever before. Google researchers found that 85% of the websites visited by people using the Chrome browser are sites encrypted with SSL. This means that for many firewalls, 85% of web traffic cannot be inspected by the firewall. Many firewalls can perform SSL inspection but may require a model with more capacity; a new license to activate the feature; and configuration changes to enable this feature to work.
    • Sandbox analysis is a security mechanism used to analyze suspect data and execute it in a sandbox environment to evaluate its behavior. This is a great feature to introduce to your infrastructure because it provides more testing and insight into the data coming into your institution.
    • Threat intelligence feeds (like FS ISAC), built-in network automation, and correlation alerting are also important features that can help you keep track of emerging security threats; automate key processes; and improve your institution’s cybersecurity posture.

    Consider enhancing your firewall features or upgrading to a next-gen firewall to ensure the traffic traversing your firewall is truly being evaluated and inspected.

  7. Virtual Information Security Officer (VISO)
  8. A newer service that has grown in popularity over the last year is the Virtual ISO or VISO role. While services like this have been available for a while, this is the first year we have heard so much talk from community financial institutions. As the job of Information Security Officer (ISO) has become more involved the expertise needed has grown as well. These VISO services offer a way to supplement the internal staff with external expertise to accomplish the tasks of the ISO. Budgeting for a service like this becomes critical if one of the following is true:

    • No one else in the institution has the needed knowledge base and finding this knowledge set in your area is difficult or expensive;
    • Your current ISO does not have a background in the field or is wearing too many hats to do it well;
    • Your current ISO is likely to retire or leave due to predictable life change events; or
    • The role of ISO and Network Administrator or other IT personnel do not provide adequate separation of duties at the institution.

  9. Disaster Recovery (DR)
  10. Many institutions do not have a fully actionable or testable disaster recovery process. A verified DR process is a critical element of meeting business continuity planning (BCP) requirements. Therefore, this can be a significant reputational risk for the financial institution, if not done correctly. If your institution hasn’t completed a thorough and successful DR test in the last 12 months, it is time to evaluate your current DR process. Using a managed site recovery service can ensure you have the proper technology and support to thoroughly test your DR plan and recover quickly in the event of a disaster.

    Budget season is a time to address needs and wants, but also a time to seek improvement or evaluate key changes for the new year and beyond. For example, moving your infrastructure to the cloud may not make sense for the coming year, but the insight gained by evaluating it this budget season improves your knowledge-base for when it is time to make that decision. As we conclude 2019, we hope these insights position your institution for a productive budget season and a successful 2020.

26 Sep 2019
2019 Threat Outlook

2019 Threat Outlook – Business Email Compromise Continues to Threaten Banks and Credit Unions

2019 Threat Outlook

Today, cybersecurity threats are ubiquitous. Cyber attackers are infiltrating email systems, computer networks and anywhere else they can find weaknesses to exploit. They’re using a variety of schemes to steal data, money and other assets—and tarnish corporate reputations.

Financial institutions are prime targets for cyber criminals, which is why cybersecurity must be a top priority. In 2018 alone, more than 500 security incidents affected financial and insurance organizations—with almost 25 percent having confirmed data disclosure, according to the Verizon Data Breach Investigations Report.

In addition, the costs to remedy the damage from cybercrime is higher than ever, and still growing. Now, the average cost of cybercrime for an organization is $13.0 million, up from $1.4 million in 2017, according to Accenture’s 2019 Cost of Cybercrime Study.

The Rise of Business Email Compromise

New call-to-actionTop IT Areas Where CEOs Should Focus to Enhance Cybersecurity Posture  Get a Copy

Not only are cyber threats rampant, but they’re becoming more devious and complex. For example, business email compromise (BEC) is one of the top threat vectors for 2019. BEC is a sophisticated type of phishing scam that’s perpetrated through five main scenarios, according to the FBI’s Internet Crime Complaint Center (IC3). Often, BEC scammers pretend to be a foreign supplier and attempt to trick employees into wiring funds for outstanding invoices into their bank account. In another common BEC scam, attackers impersonate a high-level executive, such as a CIO, CEO, or CFO, to try to deceive employees into wiring money.

However, BEC doesn’t always entail requesting wire transfers. More recently, BEC has involved data theft—the receipt of fraudulent emails asking for either wage or tax statement forms or a company list of personally identifiable information (PII). Regardless of the scenario, the business executive’s email is compromised, either by hacking (normally through a personal email account) or spoofing (altering the sender’s information to mimic a legitimate email request).

Like other cybercrimes, BEC continues to evolve and is rapidly expanding. The scam has been reported by victims in all 50 states and in 100 countries, according to IC3. Many BEC complaints have involved businesses and associated personnel using open source email accounts; the phrases “code to admin expenses” or “urgent wire transfer;” requested dollar amounts that are similar to normal business transaction amounts; and IP addresses that frequently trace back to free domain registrars.

Strengthen Cybersecurity Processes

Financial institutions and other organizations can protect themselves from BEC by implementing robust internal prevention techniques at all levels, particularly with front-line employees who are more likely to receive initial phishing emails. Some institutions are reducing BEC-related fraud by simply holding customer requests for international wire transfers for an additional time period to verify the legitimacy of the request. Other IC3-recommended strategies for strengthening bank cybersecurity against BEC include:

  • Avoid free web-based e-mail accounts;
  • Be careful about what is posted to social media and company websites (especially job duties/descriptions, hierarchal information, and out of office details);
  • Be suspicious of requests for secrecy or pressure to take action quickly;
  • Consider using additional IT and bank cybersecurity procedures, including a two-step verification process;
  • Beware of sudden changes in business practices, such as being asked to contact a business associate through a personal email instead of company email address; and
  • Provide security awareness training to all employees.

Regardless of the threat outlook for BEC and other cyber-attacks, financial institutions must have effective tactics for safeguarding their customer information, infrastructure and operations. This necessitates meeting regulatory and industry compliance standards for collecting, protecting and using private financial data.

To gain more insight into this area, as well as other key topics for CEOs to be aware of, download our white paper, Top IT Areas Where CEOs of Financial Institutions Should Focus: Important Questions and Answers.

 
 
23 Sep 2019
The Dangers Financial Institutions Face with a DIY Approach to Disaster Recovery

The Dangers Financial Institutions Face with a DIY Approach to Disaster Recovery

The Dangers Financial Institutions Face with a DIY Approach to Disaster Recovery

Disaster recovery planning is an essential aspect of protecting a financial institution’s data, infrastructure, and overall business operations. It encompasses restoring access to the information technology systems and other resources that organizations need to resume critical business functions. This includes everything from networks, servers, and computers to software applications, data, and connectivity (fiber, cable, or wireless).

Without all the necessary system components in place, financial institutions will not be able to access critical files and applications and function effectively during a disaster situation. This can result in significant losses in employee productivity, business and, ultimately, public trust. Given all the looming threats—natural disasters, fires, floods, power outages, hardware failures, or plain human error—a do-it-yourself (DIY) approach to disaster recovery can be dangerous for banks and credit unions.

A DIY approach to disaster recovery is when a financial institution performs or puts together a disaster recovery solution in-house and all hardware and software that is required must be implemented by an IT staff member. While this can be costly depending on the amount of resources an organization needs to restore and maintain their environment, it is also a technical and time-consuming process, which can be a burden for institutions with limited IT staff.

So Much at Stake

Most DIY disaster recovery solutions involve multiple technologies along with automation, scripting, and well-documented procedures. These components and processes can be difficult for a static IT environment to manage, and technology continues to change and evolve, adding an extra layer of complication to the process. A DIY approach requires in-house resources to be available, and in the case of a disaster, communications may be limited, or the employees may be caught in the disaster themselves and unable to respond.

Testing is an important component of disaster recovery to ensure the institution can recover quickly and meet its unique Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO). However, DIY disaster recovery solutions are often difficult to test because few IT departments are equipped to do a full outage simulation with complete failover to the disaster recovery environment. Testing enables failures to be documented and corrected, but without proper testing, the risk of extended downtime in the event of an actual disaster remains high.

Get My CopyHow Southern Bank and Trust Recovered from Hurricane Irma Get a Copy

The DIY disaster recovery approach often starts with the best intentions. However, a lack of understanding of the ongoing time commitment by senior management and the IT knowledge required to keep disaster recovery systems up-to-date and effective is easily overlooked as time passes. At the very least, inadequate disaster recovery can end up costing a financial institution more time and expense. As a worst-case scenario, it can lead to reputational damage if the institution cannot successfully bounce back from a disaster or other business disruption.

Benefits of a Managed Services Provider

To combat these issues, financial institutions should consider using a managed services provider to support their disaster recovery needs. This can offer a more affordable, feasible, and reliable alternative than going the DIY route. A managed site recovery solution that replicates servers from a financial institution’s site to the cloud can get the organization back up and running in minutes—not hours or days—after a natural disaster, system outage, or other disruption. Partnering with the right services provider will also ensure financial institutions find the right-sized solution for their needs so they are not underestimating or over-spending trying to do it themselves.

In addition, working with a managed services provider can provide several other benefits over a DIY solution. For one, the solution is setup, installed, monitored, and maintained by experts in the field. The institution doesn’t have to worry about their key IT personnel spending their time focused solely on the recovery process during a disaster. Instead, they can focus on getting users setup on computers, ensuring printers are connected, and verifying that critical applications are installed. In short, managing the disaster recovery process would just be another burden for them to bare. Community banks and credit unions have the comfort of knowing that a skilled managed services provider and redundant resources will be available when needed.

A managed services provider can also provide annual DR testing and on-going support to ensure the institution is well-equipped to recover from any disaster.

All financial institutions can benefit from managed site recovery services. And partnering with a managed services provider can be especially advantageous for banks and credit unions with branches that are grouped within the same geographic area. The impact of a storm could be even more devastating to these types of institutions if they lose their only branch or the location hosting communication to their core provider.

A DIY approach may seem like the easier route to take, but when a disaster strikes, financial institutions shouldn’t have to recover on their own. A managed services provider can work as an extension of the internal team to provide dedicated support and ensure the institution recovers quickly and efficiently. The goal of a disaster recovery program is to ensure continuity, not only for the financial institution, but for the communities it serves. In the event of a disaster, financial institutions need to have a solid DR environment in place and detailed processes to recover successfully. Working with a team that can effectively address the institution’s unique needs and provide dedicated DR support streamlines internal processes, improves disaster preparedness, and provides confidence that no matter what disasters arise, the institution will be able to resume business operations.

05 Sep 2019
Disaster Recovery Planning What You Do Not Know Can Hurt You

Disaster Recovery Planning: What You Don’t Know Can Hurt You

Disaster Recovery Planning What You Do Not Know Can Hurt You

Disaster recovery is a crucial business continuity area that all financial institutions must prepare for, no matter the size of the organization or location. Each year, the U.S. gets hit with multiple tornadoes, hurricanes and other storms that produce damaging winds, rain and flooding. As of July 9th, there were already six weather and climate disaster events with losses exceeding $1 billion each across the United States, according to the National Center for Environmental Information (NCEI). The costs of these events varied, including physical damage to commercial buildings; time element losses like business interruption; and disaster restoration expenses. In addition, many areas of the Southeast are currently preparing for Hurricane Dorian as we speak!

The overall impact of adverse weather can be particularly detrimental to community banks and credit unions that may have fewer disaster recovery resources at their disposal. This highlights the need for all financial institutions to be prepared for potential disasters—whether natural or manmade—so they can implement a smooth recovery. Here are some important aspects about disaster recovery planning that community banks and credit unions should consider:

  1. Implement Effective Strategies and Tactics
  2. The disaster recovery plan provides detailed instructions to ensure all mission-critical functions can recover in the event of a business interruption. To facilitate effective disaster recovery, bank and credit union personnel must be able to implement specific activities that can restore an institution’s vital support systems after a disaster strikes. These include ensuring all back-ups are up to date and working; implementing uninterruptable power supplies for short-term outages; making sure the server room is secure and all sensitive documentation is protected; and ensuring all employees, vendors, and customers are aware of the proper communication protocols. Without these steps, the institution will not have the resources required to meet its operational needs, which could have a devastating effect on the entire organization.

  3. Prepare for All Disaster Situations
  4. Get My CopyHow Southern Bank and Trust Recovered from Hurricane Irma Get a Copy

    Disaster recovery often focuses on the prospect of restoring technology and communications after a hurricane, tornado, or other storm. However, disaster preparedness must extend beyond storms, earthquakes, fires, floods, and other natural calamities. Events like electric power outages, hardware failures, security breaches, and human error can also be catastrophic. There are also mundane reasons for needing disaster recovery: A backhoe inadvertently wipes out the internet connection or a water line leak knocks out the server. Not planning broadly enough can cause institutions to miss covering all the bases when the time comes to implement the disaster recovery plan.

  5. Know What’s at Stake
  6. Disaster recovery planning goes well beyond minimizing the loss of hardware, applications or data. It’s a matter of losing time, money, clients and, in some cases, losing business opportunities or reputation. To minimize downtime and ensure critical business functions recover quickly, it is important to determine the specific Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) for both the financial institution and all third-party vendors the institution relies on for critical business functions. The RTO is the amount of time an application can afford to be down without causing significant damage to the business, and the RPO is the allowable data loss. The longer a financial institution’s system is down the more it will suffer, so defining the RTOs and RPOs is an important step to ensure the institution can be up and running in a timely manner.

  7. Test the Plan
  8. Having a plan on paper is one thing; having a plan that works is another. Financial institutions must test their disaster recovery plan to determine what could go wrong and adjust accordingly. Not knowing if a plan works—until an actual disaster occurs—can be extremely risky. If the plan proves to be insufficient during a real-life scenario, the institution could experience undue damage and expense. Hence, the need for regular testing. The frequency of testing will depend on the size and type of financial institution. Smaller banks and credit unions should test at least once a year; larger institutions or those with a more fluid environment should test more often.

  9. Update the Plan as Needed
  10. As a part of the overall business continuity planning process, it’s essential for institutions to review and revise their disaster recovery plan to make sure it supports their current technological environment, business needs, and objectives. Updates to the plan should be done whenever an important element (internal or external) in the institution changes. To streamline this process, disaster recovery should be integrated into all business decisions and responsibility should be clearly outlined for each update and area. The importance of the disaster recovery plan should be communicated to the entire organization, which includes the board, senior management, and other stakeholders. The more frequently a disaster recovery plan is updated and the better educated the entire organization is on the plan, the more reliable and useful it will be when a problem arises.

It’s important to stay on top of all disaster recovery processes to make sure the entire financial institution is well-equipped to respond in the event of a disaster. The good news is community banks and credit unions do not have to be knowledgeable about every facet of disaster recovery planning to do this successfully. Instead of worrying about what they don’t know, they can capitalize on third-party recovery services that ensure they have the proper technology and support to recover quickly. Safe Systems, for example, offers a fully managed site recovery solution to support financial institutions of all sizes. Safe Systems’ experts can assist with disaster recovery planning, testing, and execution to safeguard institutions against the impact of a natural disaster and other threats.

29 Aug 2019
Capitalizing on Cloud Infrastructure

Capitalizing on Cloud Infrastructure: Everything Financial Institutions Need to Know About Moving to the Cloud

Capitalizing on Cloud Infrastructure

Capitalizing on Cloud Infrastructure: Everything Financial Institutions Need to Know About Moving to the Cloud

As financial institutions refine their digital strategy to keep up with market and regulatory demands, cloud computing is emerging as the future of banking technology. There are a myriad of reasons institutions should capitalize on cloud computing, including enhanced scalability, efficiency, reliability, risk management and regulatory compliance. Despite these and other appealing benefits, it can be intimidating for community banks and credit unions to move to the Cloud.

In this post, we examine some of the most important issues related to moving to the Cloud to help institutions streamline the decision-making process, determine what can and should be moved to the Cloud, and examine the cost and security issues of cloud computing. Hopefully, this will shed light on how beneficial cloud-based solutions can be and provide the information IT managers need to make the best decision for their institution.

Three Questions to Ask Before Moving to the Cloud

 
Hosting applications and systems on a cloud network can be appealing to community banks and credit unions as it allows them to reduce servers, internal infrastructure, and applications that would typically have to be hosted inside the institution, as well as the associated support each one requires. It also offers the benefits of system standardization, centralization of information, and the simplification of IT management. However, here are three essential questions financial institutions should ask before moving to the Cloud:

  1. Which applications can be moved to the Cloud? Evaluating which applications can be moved to the Cloud and which vendors offer cloud-based solutions is really the first step. This will help IT managers understand issues and elements that will be solved or created by the move to the Cloud. For example, even with cloud-based solutions, they will still need to manage user workstations, security issues, connections to applications, as well as switches and routers.
  2. Is the institution’s internet connectivity strong enough to support cloud-based solutions? Delays in loading cloud-based applications can be frustrating as well as costly. The increased use of cloud-based computing will place added demands on internet speed and connectivity, making a strong connection critical for the success and health of the financial institution. This is a very important consideration when determining whether to move to cloud-based services. Confirming the availability of the proper connectivity—including a redundant internet connection to ensure access at all times—will help streamline this transition.
  3. Are there additional compliance issues to consider when selecting a cloud vendor? Moving to a cloud-based application will mean giving up some controls to a cloud vendor. When selecting a vendor, institutions must evaluate their practices and strategies for user identity and access management, data protection, incident response, and SOC 2 Type II documentation. They should have a solid vendor management program in place to verify that their vendors are compliant and are following the service agreement.

Financial Implications of Migrating to the Cloud

 

Watch Video

Migrating to the Cloud commonly requires an organization to move from a capital expenditure (CAPEX) to an operating expenditure (OPEX) financial model. The difference in long-term costs can be difficult to measure as many of the internal costs of managing an IT network are not documented.

Most community banks and credit unions have a good understanding of their IT capital expenditures. The up-front, fixed costs, such as hardware and software, and the resulting amortized or depreciated costs over the life of the asset, are historically well tracked. Traditionally, an on-premise infrastructure is considered a capital expenditure since it includes the purchase of servers, computers, and networking hardware, as well as software licenses, maintenance, and upgrades.

What is not generally well documented are the internal costs involved with running the system, including the power, cooling, floor space, storage, physical security, and the time IT teams devote to the daily management and continual maintenance of these systems. In addition, the equipment and software will need to be upgraded or replaced periodically, making for on-going large capital costs in years to come.

The move to the Cloud means a move from a CAPEX financial model to an operating expenditure model, in which large capital outlays are replaced by monthly, quarterly, or annual fees an institution pays to operate the business. These periodic OPEX fees include license fees for software access, as well as all the infrastructure and maintenance costs associated with the technical environment. Hosting an application in the Cloud via a Software as a Service (SaaS) model can minimize required capital investments for the institution. It can enable them to be up to date with the latest technology which can lead to generating more profits and ROI. The OPEX model can also provide the IT staff more time to focus on strategic revenue-generating and customer-facing activities.

The evaluation of CAPEX and OPEX expenditures is not an apples-to-apples comparison. It is important for IT management to understand the differences between the CAPEX and OPEX models, perform an analysis, and be able to effectively communicate the pros and cons before presenting a proposal to leadership.

Four Steps for Moving Server Workloads to the Cloud

 

Watch Video

Today, banking services are increasingly being hosted in the Cloud. Cloud outsourcing often begins with specific IT functions or processes such as disaster recovery, backup, and supporting servers. However, a financial institution can be strongly in favor of cloud computing without moving 100 percent to the Cloud. For example, a bank could easily have its ancillary systems and lending in the Cloud and maintain its core in-house.

There is a great deal of infrastructure involved in managing all the applications needed to run an efficient and successful financial institution. While cloud technology has proven to be beneficial for community banks and credit unions by enabling their limited in-house personnel to focus on core strategic initiatives, there are four important factors institutions should carefully consider before moving their data to the Cloud. They are:

  1. Support the financial institution’s business strategy
     
    Some organizations consider moving to the Cloud simply because they think it is the right thing to do; however, there is no set path that all financial institutions must follow.
    Each community bank or credit union has a unique strategy driven by its market situation, whether that includes business expansion, rapid disaster recovery, or replacing existing servers or hardware. An institution’s decisions about cloud computing ultimately must align with its business goals, strategies, and objectives.
  2. Identify the application opportunities
     
    Not all business processes and applications are suitable for the Cloud. Before moving to the Cloud, the IT team must understand the requirements of their business applications. They should evaluate the data footprint, transaction types, and frequency, as well as the IT infrastructure that is being used to host each application in order to determine which applications need to remain on-premise and which can be moved to the Cloud.
  3. Determine the best path to the Cloud
     
    Once the institution’s cloud and business strategies have been aligned, and its applications have been identified, it is ready to migrate supporting servers, applications and other assets to the Cloud.
     
    There are several approaches that institutions can use to facilitate their migration to the Cloud. They can simply move the physical servers they already have to a co-location facility or data center. This can be an attractive option since it does not require extensive configuration changes to applications and servers but moves these critical assets out of their building to a highly available data center.
     
    Or a financial institution can adopt an Infrastructure as a Service (IaaS) model. This means that instead of physically moving the servers it owns, a bank or credit union can lease the server capacity that it needs from a third-party provider. The institution can then access the servers remotely to install, run, and maintain its applications.
     
    As a third option, financial institutions can implement the Software as a Service (SaaS) model. With this licensing fee and delivery model, software is licensed on a subscription basis and is centrally hosted by the application software provider. This approach enables community banks and credit unions to run their applications from a browser that is supported by the developer, so there is no additional infrastructure to maintain.
  4. Develop a Phased Approach
     
    Long term, financial institutions should consider using a graduated approach to moving their applications to the Cloud. The migration should be completed in multiple phases to enable a smoother transition. However, the applications that are not technically ready should not be moved as this can cause unnecessary complications and technical issues.

Misconceptions About Cloud Security

 

Free eBookEverything You Need to Know About the Cloud Get a Copy

Many community banks and credit unions struggle with truly understanding the security differences of housing their sensitive data in the Cloud vs. keeping it housed on servers and hardware solutions that are located on-premise.

Having sensitive data housed in a cloud-based data center is uniquely different from maintaining on-premise resources for data storage. So, it makes sense that security-related issues and concerns would need to be addressed and considered prior to cloud migration. Understandably, some institutions might have lingering doubts about whether they can truly trust a cloud-based data center that they can’t physically see or control.

Let’s take a look at some of the common issues and misconceptions organizations have about cloud security:

  1. Misconception #1: The Cloud is not secure
     
    To the contrary, the Cloud can enable financial institutions to experience as much as or more security than with an on-premise environment—and without the hassle and expense of maintaining physical servers and storage devices. Major cloud service providers have the technical expertise and strict internal processes to physically secure their IT hardware against unauthorized access, theft, fires, flooding and other potential hazards. For example, Microsoft® employs thousands of cybersecurity experts and cutting-edge technology such as artificial intelligence to detect, respond to and thwart security threats.
     
    In addition, cloud providers often give their customers access to extra security programs and resources. This can make it easier for organizations to more effectively combat threats like data loss, leaks, and hacking. Of course, no security model—even one that uses a multi-layered approach—is perfect, but a cloud solution protected by substantial security measures can ultimately enhance a financial institution’s security posture.
  2. Misconception #2: The provider is responsible for keeping data secure in the Cloud
     
    A common concern for many financial institutions who are considering moving to the Cloud is determining who is responsible for data security moving forward—the cloud services provider or the customer? The short answer is both parties. Data security is typically a shared responsibility and requires banks and credit unions to continue monitoring the security of their solutions to ensure the data is secure and meets all regulatory requirements.
  3. Misconception #3: Data can be easily lost in the Cloud
     
    Information resiliency is a key differentiator for cloud-based services. These solutions help reduce the likelihood of data loss if key security features and backups are enabled and used appropriately.
     
    In addition, cloud services can help financial institutions recover quickly from business disruptions like equipment failure, power outages, and natural disasters. This provides financial institutions with continuous access to data and other critical applications, enabling business operations to run smoothly.
  4. Misconception #4: Anyone can access data in the Cloud
     
    The Cloud actually prevents unauthorized individuals from accessing data on the network because cloud providers use a variety of security processes to control points of access. Most cloud providers use data encryption to protect data while it’s being stored and during transmission as well as multi-factor authentication to require two or more forms of verification to access the system.
     
    Moreover, cloud services providers maintain detailed activity logs that show who accessed, created and modified data. Having this type of intelligence allows cloud vendors to better understand unusual activities, detect potential threats and more effectively protect the client’s data.

Final Thoughts

 
Building a strategy for cloud computing can be intimidating. All community banks and credit unions have a unique business strategy that will guide how they migrate to the Cloud, what type of cloud solution is best for their environment, and what specific technology assets should be moved to the Cloud.

Working with an experienced service provider such as Safe Systems can simplify the process. Safe Systems helps institutions design and install cloud solutions while also ensuring their systems are compliant and meet examiner expectations.

25 Jul 2019
Resource Center

New Resource Center Features Banking Technology, Security, and Compliance Insights for Financial Institutions

Resource Center

In today’s fast-paced environment, it’s important for financial institutions to have access to trusted information related to technology, compliance, and security trends. To help facilitate this, Safe Systems has launched a new online Resource Center which provides community banks and credit unions with access to a centralized knowledge base of free materials. The Resource Center can easily be reached from any page of our website in the top navigation bar.

Meeting Your Interests and Needs

What is currently top of mind for your institution? What is keeping you awake at night? What are you most interested in learning to help you improve your performance?

Whether you are searching for information that will help your institution understand how to stop a cybersecurity attack; identify what to do when your IT administrator leaves; or recognize the top compliance and security areas where you should focus; our new online Resource Center can help. You’ll find the relevant information you need to help you worry less and focus more on banking.

 

Browse Our Resouces

Key Features and Benefits

Our Resource Center is designed to not only be useful but easy to use. There is a wide variety of content, ranging from videos to white papers to case studies. You have the freedom to search by topic and browse at your own pace to find the information most valuable to you, in the format you most prefer. When you make a selection, you’re taken to a secure page where you can choose to view the material instantly in our online environment or download it to your computer to view later at your convenience.

Whether you are trying to find a solution to a specific problem, stay on top of the latest trends and industry regulations, or simply discover new insights, our Resource Center allows you to conduct your research in an easy and meaningful way. Here are five features to help you find what you are looking for:

  • Categories – Assets are grouped in three main categories, compliance, technology, and security, allowing you to dive into specific pieces based on these themes.
  • Search box – You can conduct a search by category, keyword, or title to find your desired content faster.
  • Suggested content – Recommendations for related materials are highlighted on each page to help you find the most relevant content based on your search.
  • Dynamic environment – The Resource Center is updated frequently with new materials to provide timely and up-to-date information.
  • Archiving – Most materials remain in the center permanently allowing you to access relevant content on an ongoing basis as your needs change.

An Ever-evolving Resource

The Resource Center will continue to evolve as a virtual library. Website visitors can look forward to encountering a constantly-expanding cache of information making it a worthwhile experience for any financial institution.

 

Browse Our Resouces

27 Jun 2019
Migrating Email to the Cloud

Migrating Email to the Cloud – How Financial Institutions Can Leverage Microsoft O365 for Efficient Business Email

Migrating Email to the Cloud

Many financial institutions are finding the Cloud to be very appealing for their business objectives. Migrating server workloads and applications to the cloud provides many benefits for banks and credit unions alike, but it can also seem overwhelming to some who are introducing cloud services to their organizations for the first time. Today, many banks and credit unions are taking the first step of moving or looking to move their email hosting services to the cloud. Traditionally, email services have been hosted on-premises, but now financial institutions can take advantage of hosted email solutions to simplify email management and make processes more efficient for the entire organization.

Cloud hosted solutions, such as Microsoft O365, can dramatically simplify business email management by eliminating the need for manual intervention and management which enables the IT staff to focus on more revenue-generating tasks. In addition, the experience for end-users is essentially the same, creating a seamless transition for the institution.

In addition to increased efficiencies, there are other key advantages of moving email to the cloud such as:

  • A secure email environment – the cloud is a secure environment for data storage.
  • Reduced costs – there is no need to purchase and maintain costly servers.
  • Reduced manual intervention – with cloud solutions, bank staff no longer needs to manage the email network including email migrations, upgrades, backups, and general maintenance.
  • High reliability and availability – cloud-based solutions have redundant systems to ensure email services are consistent and run properly every day.
  • Built-in backups and archiving – cloud-based solutions automatically perform backups and archive tasks. The backups are also stored off-site, which is an important aspect of any disaster recovery plan.
  • Ability to access email from anywherecloud-based email solutions can always be accessed, from any location, using any device, improving the productivity of employees.

Not all cloud-based email solutions are created equal

Financial institutions require an industry-specific email solution that adheres to strict cybersecurity regulations to remain in compliance with regulatory guidance and expectations.

In addition, community banks and credit unions place increased importance on the availability, uptime and security of their email solutions. Some aspects of a cloud-based email solution that banks and credit unions should consider include:

  • Ability to meet strict cybersecurity regulations
  • Can create customized reports for regulators (e.g., compliance, user, and encryption)
  • Reliable up-time and redundancy
  • Unique layers of security, SPAM filtering, antivirus, and on-demand encryption
  • Multifactor authentication
30 May 2019
Microsoft Windows Server 2008 End of Life Quickly Approaching

Microsoft Windows Server 2008 End of Life Quickly Approaching

Microsoft Windows Server 2008 End of Life Quickly Approaching

Technology solutions were not built to last forever! Microsoft Windows Server 2008 is the next solution that will be reaching the end of its support lifecycle come Jan. 14, 2020. Banks and credit unions should start planning now for its demise since after that date, the operating system will no longer be supported with new security updates, support options, and online technical content updates. The lack of support can result in new vulnerabilities or holes in the system’s security, making it more susceptible to cyberattack.

The impending Microsoft Windows Server 2008 end of life means banks and credit unions have some important decisions to make about upgrading or replacing existing hardware. If you fail to properly prepare, infrastructure and applications will eventually be left virtually unprotected. Banks and credit unions of any size cannot afford to have weaknesses in a platform that has such a major impact on their data and entire business.

Options for Resolving Microsoft Windows Server 2008 End of Life

To solve the problem, banks and credit unions can implement a more current version of Microsoft Windows Server and achieve greater security, performance, and innovation. A first step is identifying and evaluating applications and server roles running on Windows Server 2008. Analyze each workload to determine the best path. From there, institutions can upgrade on premise solutions or migrate to Microsoft’s cloud computing platform, Azure. With Azure, they can build, test, deploy, and manage applications and services through Microsoft-managed data centers.

For an on premise solution, banks and credit unions can upgrade to Windows Server 2012, 2012 R2, 2016, 2016 R2 or 2019. However, some software and applications may not be compatible with the most recent version, making Windows Server 2016 a better option. With Server 2016, users can purchase up to three years of extended security updates to get continued protection beyond the deadline—and cover only the servers they need while upgrading.

Upgrading on premise solutions will enable institutions to improve security, reliability, and flexibility regardless of their operating model, according to Microsoft. “Upgrading these applications to the latest version of Windows Server delivers these benefits whether you adopt a DevOps model or stick with conventional operations,” stated the Microsoft Migration Guide for Windows Server. “Whatever operating model you use, upgrading to the latest version of Windows Server helps you reduce maintenance costs while simultaneously allowing you to improve your operational processes.”

If institutions opt for Azure, they can rehost Microsoft Windows Server 2008 workloads to Azure and expand their capabilities. With Azure, organizations can get three years of extended security updates for free and upgrade to a current version when ready. They can also get various enhancements. “Upgrading to the latest versions and moving workloads to the cloud enables you to benefit from new features and functionality,” stated the Microsoft Migration Guide for Windows Server.

Download the PDFThe 2019 IT Outlook for Community Banking Get a Copy

Purchasing new servers is another option for financial institutions to consider. However, this can be an expensive undertaking, especially for those with a significant number of servers. Obviously, institutions must take into account capital expenditures when weighing whether to upgrade or replace hardware. Generally, if a machine running Server 2008 is more than two years old, it is more cost effective in the long term to replace than upgrade.

If institutions have adequate technical resources, they can handle the process of upgrading and/or replacing machines in house. Or they can hire an outside IT provider to obtain the appropriate licenses and hardware for them—and ensure a smooth upgrade/replacement process.

Crucial Issue for Financial Institutions

Preparing for Windows Microsoft Server 2008 end of support is a critical issue—especially for highly regulated financial institutions. Auditors and examiners will be vigilant about exposing any hardware that is running outdated Server 2008, and this can result in write-ups and other issues.

The key issue is to prepare for Microsoft Windows Server 2008 end of life now to avoid future problems with compatibility, security updates, and auditors. After all, an ounce of prevention is worth a pound of cure.

23 May 2019
Prepare for Microsoft Windows 7 End of Life Now to Avoid Problems Later

Prepare for Microsoft Windows 7 End of Life Now to Avoid Problems Later

Prepare for Microsoft Windows 7 End of Life Now to Avoid Problems Later

Support for Microsoft Windows 7 will soon be coming to an end, and organizations must take proactive steps now to be properly prepared for the change. After Jan. 14, 2020, Microsoft will no longer provide security updates or technical support for devices that continue to run its popular operating system.

This means workstations running Microsoft Windows 7 will not receive patches going forward, and organizations that keep running the system will do so at their own risk. “You can continue to use Windows 7, but once support ends, your PC will become more vulnerable to security risks,” Microsoft states on its website. “Windows will operate, but you will stop receiving security and feature updates.”

Implications for financial institutions

The imminent “end of life” of Microsoft Windows 7 is a serious issue. Once Windows 7 reaches the end of its lifecycle, users will need to upgrade to a new operating system such as Windows 10 to ensure the safety of their workstations.

The situation is even more crucial for banks and credit unions, which are some of the most highly regulated businesses worldwide. Auditors and examiners will be searching for computers running Windows 7 and will note them in their reports. To prevent such findings and write-ups, the IT staff at financial institutions should implement measures now.

For instance, bank IT staff should carefully review patch management reports monthly for all their devices and remedy any exceptions. Patches—software updates designed to repair known vulnerabilities or security weaknesses in applications and operating systems—are critical to reducing security incidents in financial institutions. In the Supervisory Insights publication, the FDIC indicated that an effective patch-management program should include written policies and procedures to identify, prioritize, test, and apply patches in a timely manner.

The FDIC also stressed the importance of replacing end-of-life products, stating: “An effective program also should use information received from threat intelligence sources that report on identified vulnerabilities. Bank management should be aware of products reaching or at the end-of-life or those no longer supported by a vendor. Management should also establish strategies to migrate from unsupported or obsolete systems and applications and, in the interim, implement strategies to mitigate any risk associated with the use of unsupported or obsolete products.”

Options for addressing the issue

Download the PDFThe 2019 IT Outlook for Community Banking Get a Copy

Auditors and examiners rarely allow devices with obsolete operating systems to remain on a network. So, organizations must adopt strategies to effectively address the end of the Windows 7 lifecycle. Microsoft recommends several options to remedy the situation, including upgrading existing devices to Windows 10, purchasing new devices with Windows 10/Windows 10 Pro already installed, or using Microsoft 365 for Business/Enterprise. Regardless, the decision to upgrade or replace workstations calls for a thoughtful cost-benefit analysis.

Some experts advocate switching out machines that are at least two years old as their performance will decline and they will need to be replaced eventually. But if a PC is less than two years old—or replacement is currently not an option—installing Windows 10 Pro would be a better solution. This requires paying a one-time, minimal license fee—currently $199—for each machine being upgraded.

Microsoft Windows 10 Pro is rolled out in different “builds” or versions, which are included with the purchase of a license. Running the most up-to-date version of the product can result in potential software compatibility issues, so it is often safer to stay one build update behind. For example, it would be ideal to upgrade to version 1803 of Windows 10 now and version 1809 in the fall.

PCs that are not running on an upgraded—or at least patched—Microsoft Windows operating system will be more open to would-be cyberattacks. Thankfully, the use of firewalls and other layered security tactics can prevent a single machine from compromising overall security. Still, Windows 7 end of life poses a potential security risk that financial institutions must navigate effectively to continue operating successfully.

Banks and credit unions will have to switch to the latest Microsoft Windows system eventually, but the cost and effort involved are minimal. And taking this step sooner than later can save time, thwart hackers—and avert auditor write-ups. To make the process as painless as possible, institutions can hire a third-party provider to handle every aspect of making the necessary PC upgrades and/or replacements.

18 Apr 2019
Email Account Takeover: How Multifactor Authentication Can Prevent It

Email Account Takeover How: Multifactor Authentication Can Prevent It

Email Account Takeover: How Multifactor Authentication Can Prevent It

Email Account Takeover is one of the most profitable cybersecurity threats for criminals and as a result, has become increasingly common. In fact, according to Agari, email account takeover has seen a 126 percent increase month-to-month since the beginning of 2018. Agari also indicates that 44 percent of businesses reported being victims of targeted email attacks. Regardless of the type of email system, whether it is hosted in-house or in the most robust cloud solution available, the level of vulnerability and ease in which a user can fall victim to this threat tend to remain consistent.

As one might suspect, passwords are often the weakest link in email security. They are usually obtained through traditional means such as social engineering, malware, buying passwords off the deep web, or users simply reusing the same passwords for different sites or applications. Once passwords are compromised, hackers then use that opportunity to watch and monitor email usage to determine and ultimately target the best ways to profit from this access. This happens by emailing malware from a known user account within a legitimate contact list; a payment request for seemingly business-related items or services; or a request for another user’s passwords. Unfortunately, criminals are displaying endless levels of creativity in executing their fraudulent activity.

The Impact of Email Account Takeover

Email account takeover attacks are particularly dangerous (and very effective) because they often originate through emails from trusted senders. Because there is a pre-existing trust relationship with the sender, the attack is then more likely to succeed. In addition, since the attack originates from a legitimate account, it often goes undetected by traditional security controls.

When email account takeover attempts are successful, not only are the user and the organization directly impacted, but the losses and hardships extend far beyond those tied to that individual account. Account takeover puts a significant strain on customer and member relationships and can result in long-term damage to a financial institution’s brand and reputation.

Imagine an email with malware imbedded was sent to all of your customers or business partners. This has the potential to infect hundreds of customers’ machines. Now imagine $10,000 being wired to a rogue account based off of an email that included the correct language and information; or all of your employees receiving emails from your network administrator requesting they confirm their passwords. These are not hypothetical situations, but rather real-life examples that have all happened multiple times, regardless of industry or location.

How to Mitigate Email Account Takeover

Many banks and credit unions have realized that simply having the correct username and password is no longer enough to ensure a truly secure email account. Successful email account takeover attacks reveal a lack of adequate protection which, when recognized, can be corrected. Some proven methods to effectively prevent an attack include the following.

Employee Training

Download the PDFThe 2019 IT Outlook for Community Banking Get a Copy

Increasingly, banks and credit unions are recognizing employee training as an important security mechanism and prevention protocol. Employees who are not adequately trained on how to properly use email, including: email attachment protocols; how to deal with unknown senders; and how to spot suspicious emails; can quickly become a top vulnerability and security threat for their institutions. Training for all employees—from tellers and loan officers up to the President and CEO—is critical.

Password Usage

Remembering all of the passwords required to secure daily activities has become a tall order, one which often results in employees using the same (or a limited set) of passwords for all accounts. This is not a good idea as once your password is compromised in one place, you are then immediately vulnerable in multiple places. Whenever possible, one should randomly generate a unique password for each program or site that they use.

Outside Testing

Community banks and credit unions can leverage an outside security company to conduct security training and checks to verify exactly how their employees interact with suspicious emails. This allows network administrators to evaluate different levels of risk based on whether an employee a) ignored the email, b) opened the email, or c) clicked the link and provided information. After conducting this test, the administrator can then use that opportunity to educate employees on what happened during the test, explain how the system was compromised, and provide applicable advice on how to recognize these types of attacks in the future.

Stop Email Account Takeover Attacks with Multifactor Authentication

A proven way to protect your bank’s email system is to implement multifactor authentication, which requires more than one method of authentication to verify a user’s identity for a login or other transaction. This security option is designed to make it more difficult for cybercriminals to access bank accounts and other sensitive information.

While there are different ways to implement multifactor authentication, the three basic elements that can be used in this process include: Something the user knows, like a password or PIN; Something the user possesses, like a smart card, token or mobile phone; and Something the user is (i.e., biometrics), such as a fingerprint or retina scan.

Many of our customers rely on Safe Systems SafeSysMail O365 hosted email solution, which provides them the option to turn on dual-factor authentication to increase the layers of security. When employees login to their email account, they must first type in their username and password. Then, as a second factor, they use a mobile authentication app, which will generate a code or PIN to enter on the screen and only then are they given access to the account. If you or your employees don’t have a smart phone, that’s ok. Microsoft provides multiple ways to implement their multifactor solution. Implementing multifactor authentication is a powerful step toward preventing hackers from gaining access to accounts — even if a password or security answer is stolen.

For such a seemingly simple act, account takeover presents significant reputation risk and financial risk to your institution, but by ensuring that your bank or credit union adopt proven strategies to counter it – and remain diligent in performing them – it is a threat that can be prevented.

21 Mar 2019
Safe Systems Launches Customer Referral Program

Safe Systems Launches Customer Referral Program

Safe Systems Launches Customer Referral Program

According to our third annual report, “2019 IT Outlook for Community Banking”, nearly 91% of survey respondents claim to turn to their peer network for information when researching a new solution or vendor.

Download the PDFThe 2019 IT Outlook for Community Banking Get a Copy

These confidants provide valuable first-hand information from trusted individuals who have knowledge of the industry and are experiencing similar situations and issues. So, we wanted to provide an opportunity for our customers to conveniently share our more than 25-year journey serving the community banking industry, unique customer experience, and dedicated strategic advisor service, by simply sending their peers to this new webpage – The Safe Systems Way.

In addition to facilitating the easy exchange of information, we have launched a formal customer referral program that provides existing customers with a simple online process to refer Safe Systems to their peers. Customers will be awarded a small gift thanking them for each peer referral, and new customers who come through the referral program will receive an exclusive welcome gift.

At Safe Systems, we strive to provide a high degree of customer service by paying close attention to our customers’ pain points and keeping their needs a priority. This has enabled us to build strong relationships with clients. These relationships combined with extensive knowledge of community banks and credit unions, enables Safe Systems to be a valued partner and true extension of our financial institution clients. We truly understand the complexity that financial institutions face in managing the constant evolution of technology, compliance, and security. Our team works to streamline IT processes for banks and credit unions and ensure regulatory requirements are met or exceeded.

21 Feb 2019
Identifying Top Priorities for 2019 - IT Outlook Survey

3 Top Challenges from the 2019 IT Outlook for Community Banking

Identifying Top Priorities for 2019 - IT Outlook Survey

For the third consecutive year, we surveyed community banks and credit unions to gain a better understanding of their current IT situation, top IT priorities and challenges, security and compliance issues as well as future technology investments on the horizon. Our third annual report, “2019 IT Outlook for Community Banking,” analyzes survey feedback from approximately 164 respondents representing a range of community banks and credit unions across the U.S. with asset sizes from less than $100 million to more than $1 billion.

This report is designed to offer community banks and credit unions with valuable peer data that can provide guidance for key IT, compliance and security decisions in 2019 and beyond. The data reinforces that community financial institutions continue to recognize the importance of using technology in the current banking environment and remain committed to investing in new technologies and services as needs evolve. However, they continue to face certain challenges, often related to technology, heading into 2019.

Here are some key IT challenges and trends from the survey results:

Information Security Continues to be the Top Challenge

According to 43% of survey respondents, information security continues to be a top challenge. Falling victim to security breaches and associated attacks is very costly for community banks and credit unions, both from a financial and reputational standpoint. According to Cybersecurity Ventures, the global cost of cybercrime damages will hit $6 trillion annually by 2021. This includes damage and destruction of data, theft of personal and financial data, and disruption to the normal business operations, among others. In addition, as the number of security threats continues to increase in the financial services industry, regulators are taking a closer look at financial institutions’ policies and procedures to ensure that they can effectively safeguard confidential and non-public information. All of this has led to 57% of respondents planning to strengthen and increase budgets for IT security solutions in 2019.

Personnel Expertise and Resources Becoming a Greater Concern

According to 42% of respondents, having the right personnel resources is now a top challenge for their financial institution. Managing an IT network is a very demanding responsibility. An IT administrator needs to truly understand the increasing complexity of IT operations, continuously changing regulatory requirements, FFIEC compliance guidelines, and evolving security threats. However, many community banks and credit unions are often located in areas that lack the qualified personnel resources to efficiently manage these responsibilities, making it financially challenging for them to employ the seasoned IT technology team required. This trend is encouraging community financial institutions to augment their IT departments with outsourced service providers who are able to help them navigate technology, security, and compliance required today.

Keeping Up With Changing Customer Expectations Continues to be a Challenge

Download the PDFThe 2019 IT Outlook for Community Banking Get a Copy

Approximately 42% of survey respondents claim that keeping up with changing customer expectations is their greatest challenge moving into the New Year. The advancement of technology, online banking services, compliance and regulatory requirements plus the growing demand from customers to have 24/7 access to their financial lives, have made the business of banking more challenging. This challenge has led to many institutions making additional technology investments in customer satisfaction or solutions to better meet market needs. According to 55% of survey respondents, this is the main reason or factor for making technology investments in the coming year. Customer satisfaction has become increasingly important and delivering a great customer experience is what gives banks and credit unions a competitive advantage.

Other areas of survey respondents mentioned as challenges include automating manual processes, managing budget restraints, eliminating redundant technology, remaining compliant with changing regulations, reporting and exam preparation, disaster preparedness, and providing secure mobile technology. This is the first year mobile technology was mentioned, but it is no surprise, as more and more consumers are turning to their mobile phones for basic banking tasks, such as depositing checks, checking their balances, and transferring money between accounts.

To gain more insights into the key challenges, goals and opportunities facing banks and credit unions today, please download the full report here.

07 Feb 2019
Featured Blog Image for Banking Bits and Bytes with Brendan

Safe Systems’ “Banking Bits and Bytes with Brendan” Video Series on Managed Cloud Services Now Available

Safe Systems Launches Banking Bits and Bytes with Brendan Educational Video Series

The first course in our educational video series, “Banking Bits and Bytes with Brendan,” is now complete and available! The series, launched in December 2018, is designed to educate and inform our customers and friends in financial services on the technology trends and issues that are impacting our industry on a day-to-day basis. Our Chief Technology Officer and recognized expert in banking technology, Brendan McGowan, acts as the “professor,” taking a humorous approach to complex and challenging topics related to technology, compliance and security. We believe Brendan’s expertise, knowledge and insights ensure each video is a valuable resource.

The first video series focuses on the cloud and features six video lessons, each approximately 2-3 minutes long. In each, Brendan addresses common questions, dispels myths, and offers advice on the best way to think about — and successfully implement — a cloud strategy. Each video is hosted on YouTube as well as this website.

This series features video lessons sorted by topic that can be watched at the viewer’s own pace and convenience, and serves as a way for us to share some of our expertise gained from 25 years of serving financial institutions.

View the video below or visit the Banking Bits and Bytes with Brendan page to watch other videos.

 

31 Jan 2019
What to Look for in a Managed Services Provider Part 2 – A Cohesive Customer Experience

What to Look for in a Managed Services Provider Part 2 – A Cohesive Customer Experience

What to Look for in a Managed Services Provider Part 2 – A Cohesive Customer Experience

There is an increasing need for community banks and credit unions to outsource key IT services to improve efficiencies, meet regulatory requirements, and enable institutions to focus on their core business. With high compliance standards to meet and an increased risk of security breaches to manage, it is imperative that institutions select the right provider to address these issues. Community banks and credit unions should choose a managed service provider who not only offers the products and solutions that meet the needs of their institution, but also possess the unique skillset and level of customer service needed to become a valued partner.

One area that is too often overlooked is an evaluation of the actual people you will be working with, their industry-specific skills, knowledge, and ability to provide a cohesive customer experience. This can be a challenging task, so we have highlighted some key qualities of a managed services provider that you should look for to ensure your satisfaction as a customer.

Skilled Advisors

Complimentary White PaperAutomating Your Compliance Processes with Technology Get a Copy

Since a managed services provider works closely with you and your staff on a day-to-day basis and acts as a partner or extension of your organization, ensuring they have industry experience and technical knowledge to help empower your organization is vitally important. Look for providers who are experts in terms of banking technology, compliance, and security. A managed services provider should also have a solid understanding of how financial institutions are unique with regards to how they consume technology or security solutions due to regulatory guidance.

For example, patch management is a key component in the Federal Financial Institutions Examination Council’s (FFIEC) Security Handbook. The FFIEC is very specific on how financial institutions should manage, implement, test, and stay up-to-date with patches. Poor patch compliance practices put a bank or credit union at risk for examination exceptions and opens management up to additional scrutiny. In addition, Business Continuity Planning is not a suggestion; it is a requirement from the FFIEC. Managed services providers dedicated to the financial services industry are knowledgeable about these requirements and able to work with institutions to design solutions that meet their specific needs and ultimately support their business plan.

This skill set enables you to go back and focus on banking, serving your customers and community and key revenue-generating activities, while the managed services provider focuses on navigating compliance, technology, and security solutions needed to stay safe, compliant and competitive in today’s environment.

Ability to Listen to Needs and Concerns

Too often, managed services providers fail to really listen to their customers and incorporate their unique needs and requirements into the products and services they provide. A true partner will make it a point to really listen to customers and enable their feedback to influence the types of products and services offered. For example, auditors and regulators have increased scrutiny on financial institutions to maintain proper oversight of vendors and remote control activity into their organizations. This is not a surprise as this type of activity represents significant risk to the organization. A managed services provider who understands this and that proactively updates reporting to provide oversight of this sensitive activity is vital for banks and credit unions.

Customers can provide feedback in different ways, including user conferences, surveys, and even a simple phone call. The key to success is in open communication and ensuring your provider is able to evolve and stay attuned to industry trends. This is important for any industry but especially so in financial services since technology is always changing, compliance and regulations are always evolving, and security threats are constantly emerging.

Smooth Onboarding Process

An area that is often overlooked when selecting a managed services provider is the onboarding process and how it will impact your organization. Selecting a managed services provider that is focused on a cohesive customer experience and ensuring customers are a top priority will better guarantee a smooth and efficient onboarding process. A sign of a good provider is the assignment of a dedicated project manager who will act as the point of contact through the entire process and provide all necessary support. In addition, an entire team of experts that understand banking systems should also be involved to ensure all products and services are implemented and working correctly with limited business interruptions. Bank and credit union executives and IT staff are busy, so the onboarding process should not be time-consuming and troublesome for them – rather it should be a smooth process that is painless for the financial institution.

Achieving this level of expertise is more likely when institutions choose to work with a managed services provider who operates exclusively with financial services. This dedication and focus enable advisors to truly understand banking systems, the software used in financial institutions, the regulatory and compliance burden community banks and credit unions are under, how to work with examiners and what it takes to ensure all aspects of the organization are secure. The banking arena has evolved significantly through the years, so it is important to ensure you are working with a provider who truly understands your needs and is able to make your organization more efficient and profitable.

24 Jan 2019
What Community Financial Institutions Should Look for in a Managed Services Provider

What Community Financial Institutions Should Look for in a Managed Services Provider

What Community Financial Institutions Should Look for in a Managed Services Provider

The majority of banks and credit unions rely on managed services providers to help them improve efficiencies in their organization, meet mounting regulatory compliance requirements, and provide the competitive products and services their customers and members expect.

However, selecting the right managed services provider can be challenging. We have highlighted some key qualities that community banks and credit unions should look for when choosing trusted partners.

A managed services provider should have a true understanding of the following areas:

The community banking and credit union industries

Complimentary White PaperAutomating Your Compliance Processes with Technology Get a Copy

A managed services provider must truly understand the “ins and outs” of operating a community bank or credit union. This includes recognizing the industry trends, realizing the importance of priorities, such as customer- and/or member-service related touch points, and understanding regulatory and compliance issues. Not knowing how a community financial institution operates is a hindrance that can prohibit the provider from effectively meeting the demands of the institution and makes it unlikely that it will be in a position to offer informed recommendations on improvements and solutions to existing issues.

Financial services technology

Technology is ever-changing and it is nearly impossible for any one person to successfully keep up with all of the advancements. To provide the technological solutions and services that a community bank or credit union requires, a managed services provider should understand the technical requirements of all banking technology solutions, starting with the core platform. Since many applications have to work with — and integrate into — the core platform, it is impossible to design an efficient and comprehensive network without first an understanding of core platforms and banking technology.

Regulatory compliance requirements

The evolving world of financial regulatory compliance governs every aspect of your IT network and that includes what hardware and software you choose to deploy. In today’s banking environment, vendors must be able to make recommendations on how to manage hardware and software to meet regulatory expectations, meet regulatory expectations such as, verifying all patches, ensuring security measures are up to date, and maintaining access to critical services during a disaster.

Working with the wrong managed services provider can be time-consuming, cumbersome, and even stressful. However, working with a provider who offers the desired services and who truly understands your industry can help guide the institution in today’s challenging financial environment. A good partnership is key to ensuring your organization remains competitive and profitable for years to come.

17 Jan 2019
MSPs: Go Back to Being a Banker

Go Back to Being a Banker! Managed Services Providers Allows Bankers to be Bankers

MSPs: Go Back to Being a Banker

Managing all of the aspects of a bank or credit union’s IT, compliance, and security needs has become a cumbersome, time-consuming, and demanding responsibility. Community bank and credit union employees must now not only understand the complex tasks involved in banking and providing financial services to customers and members, but also the ever-growing complexity of IT operations; changing regulatory requirements; and FFIEC compliance guidelines. This also includes the growing threats and cybersecurity issues that can wreak havoc on their financial institutions.

With all these added — but essential — responsibilities, many community banks and credit unions are struggling to manage their day-to-day schedules and may actually find themselves falling behind in their more critical banking or revenue-generating activities. They’re also finding that they do not have the staff or in-house expertise and knowledge required to manage all of these responsibilities efficiently. In addition, given the remote location of some community institutions, finding and retaining qualified individuals is difficult. They often spend an inordinate amount of time and effort recruiting and training staff while faced with losing employees to competitive salaries in the marketplace.

Complimentary White PaperAutomating Your Compliance Processes with Technology Get a Copy

With these industry changes and personnel challenges, banks and credit unions need to be exploring ways to more efficiently manage their organization so they can prioritize working on revenue-generating and customer/member-focused initiatives. Oftentimes they determine outsourcing or partnering with a managed services provider who acts as a true extension of their organization is the most effective and efficient solution.

The Power of an MSP

A managed services provider can help remotely manage a customer’s infrastructure, including security and compliance needs, as well as end-user systems, which will relieve bank staff from having to manage the time-consuming network, security and compliance functions.

There are certain steps a bank or credit union should take before entering into an agreement with a managed services provider. They include:

  • Determine whether the relationship complements your overall mission and philosophy
  • Document how the relationship will relate to your strategic plan
  • Design action plans to achieve short-term and long-term objectives
  • Perform proper due diligence on all partners
  • Assign authority and responsibility for new managed service provider arrangements

Community banks and credit unions can benefit in many ways from partnering with the right managed services provider who understands the ever-growing complexity of their industry and offers solutions and services exclusively tailored to them. Having the help of a managed services provider allows the financial institution to provide the competitive products and services their customers and members expect, while maintaining the advantages of being a local organization. It frees up in-house staff to take on new projects that will enhance the bank and credit union’s overall mission and enable bankers to go back to banking!

19 Dec 2018
Safe Systems Launches Banking Bits and Bytes with Brendan Educational Video Series

Safe Systems Launches “Banking Bits and Bytes with Brendan” Educational Video Series

Safe Systems Launches Banking Bits and Bytes with Brendan Educational Video Series

Safe Systems launched a new educational video series, “Banking Bits and Bytes with Brendan,” to help educate and inform customers and the financial services industry on trends and issues the industry is dealing with on a day-to-day basis. Banking Bits and Bytes with Brendan will showcase our Chief Technology Office, Brendan McGowan, who is an expert in all things related to banking technology.

Each video is a small bite of information (approximately 2-3 minutes in duration) that teaches viewers complex technology, compliance, and security topics. The videos will be sorted by topic and can be watched at the viewer’s own pace and convenience.

This video series is a way for us to help educate our customers by leveraging the expertise gained from 25 years serving community financial institutions. As the industry continues to change and evolve at a rapid pace, our knowledgeable staff serves as a valuable asset to guide our customers and help them ensure compliance, streamline processes and provide superior service in their communities. Brendan’s expertise, knowledge, and insights in banking technology will ensure each video is a valuable resource for the industry.

Here at Safe Systems, Brendan oversees the development of strategic technology solutions that support key banking initiatives for community banks and credit unions and enhance their ability to manage IT in an effective and compliant manner. In 2016, he was named to Georgia Southern University’s 2016 40 Under 40 List, which highlights professionals who represent the best young leaders under the age of 40.

The first Banking Bits and Bytes with Brendan video series focuses on Managed Cloud Services, a broad topic where Brendan addresses common questions, dispels myths, and offers advice on the best way to think about and implement a cloud strategy. Each video is hosted on YouTube as well as this website.

The first two video lessons in the Managed Cloud Services series are now live on our website. View the video below or visit the Banking Bits and Bytes with Brendan page to watch other videos.

 

05 Dec 2018
Watch More Kids on Banking

More Kids on Banking

This year marks our 25th Anniversary and to honor the occasion, we developed Kids on Banking, which is designed to let us reminisce about our own childhood memories of going to the bank with our parents. While the banking industry has changed quite a bit since we were kids, and most trips to the bank and ATM have been replaced with the use of online banking and the simple use of an app, we were left wondering what it was like to see the banking environment through the eyes of kids today.

So, we asked a few, ranging in age from 5-11 years old for their unscripted opinions on banking and what exactly they think happens in a bank. They were very creative and had some insightful opinions that provided us with enough content to develop not one — but two — videos!

One of the questions we asked was, “How much money is inside the safe at a bank?” Apparently, banks today house a “thousand trillion billion dollars,” or “$399,” or maybe just “$100 or $50.” When it comes to saving money, we learned that “mostly money is saved for college or toys, but mostly toys!”

Watch More Kids on Banking

According to the kids, ATMs are for giving out money. All you have to do is put in a card, type a long random number and then “about a trillion dollars will start coming out.” If only this were true.

According to these kids, the president of the bank is responsible for signing papers and writing a lot of words, controlling the money and taxes, keeping the money safe, telling everyone when to “shut the door in case of a robber” and “people even come to the president to deliver grilled cheese.”

The pneumatic air tube is a favorite piece of banking equipment. It is “the thing that goes Fwsshhh straight up to the man upstairs!” It also is the thing that delivers lollypops and bills.

The kids really got us laughing and reminiscing about how we thought about banking when we were younger.

Check out our second video, More Kids on Banking, for a good laugh and help us celebrate a quarter century of serving community banks and credit unions.

For the last 25 years Safe Systems has worked with more than 600 financial institutions and managed more than 20,000 network devices. Safe Systems has found great success in helping community financial institutions significantly decrease costs, increase IT performance, enhance cybersecurity processes and improve their compliance postures.

28 Nov 2018
What Community Banks and Credit Unions Should Budget for in 2019

What Community Banks and Credit Unions Should Budget for in 2019

What Community Banks and Credit Unions Should Budget for in 2019

As 2018 winds down, banks and credit unions are thinking ahead to 2019. They are determining the new solutions, products, and enhancements needed to meet their strategic plans in 2019 and beyond. In addition, they are evaluating what needs to be updated or upgraded and the processes that can be improved upon.

There are three key areas banks and credit unions should focus on during budgeting season – technology, security and compliance. While lines that separate technology, security, and compliance are blurry at best, 2019 budgeting items for operations fall largely into these three buckets.

Compliance

Complimentary White PaperManaging Risk with Truly Secure Vendor Management Program Get a Copy

While the focus of many examiners has shifted back to financial aspects of institutions, the top three findings our customers report relate to:

  1. Vendor Management – Typically the current vendor management solution (if it exists at all) is deemed inadequate or insufficient. Often the solution doesn’t cover all vendors or provide a way to adequately assess these vendors.
  2. Business Continuity Planning (BCP) – In the mid to late 2000’s many banks and credit unions updated their Business Continuity Plan. However, for many institutions, these plans have remained relatively unchanged for a decade now. Technology and business processes on the other hand, have changed rapidly over the last decade. The Federal Financial Institutions Examination Council (FFIEC) has also updated their guidance to address the current challenges of BCP. If the institution’s plan has not been thoroughly updated in a while, the institution may be at risk of a finding on a future exam.
  3. With both of these findings there may be an additional finding of inadequate management or board oversight. Often these findings happen on the same exam and are followed with a concern with oversight. Many of the calls Safe Systems gets after an exam relate to these issues.

Avoid finding yourself under a Memorandum of Understanding or a Matters Require Attention by budgeting to ensure your compliance processes are up to date.

Vendor Management solutions can run from $2,500 to more than $6,000 per year. Business Continuity Plans can range more significantly from a couple of thousand to more than seven thousand dollars per year. Do some research and find some solutions that would meet your institution’s needs and identify their year one cost and annual cost thereafter.

Security

With attacks on the rise and businesses continually falling victim to cybercrime, security needs to be an institution’s priority. There are innovative solutions coming to market every day to help address security risks. These solutions can help mitigate the risks that your institution faces, but they can also cause confusion on where you should focus your attention. For the next several years, it is in the institution’s best interest to continually focus on the impending security landscape and verify that your budget reflects your strategy.

One place to start is to review your current solutions. Verify that your current investments are still applicable for your ever-changing environment. Upon investigation, you might find features that are available as an add-on to your current solution to help mitigate risk. You may also find holes in your current strategy that may need to be rectified.

Download Free PDFMoving Beyond Traditional Firewall Protection to Develop an Integrated  Security Ecosystem Get a Copy

As of October 2018, 90% of web traffic accessed through Chrome, the most popular web browser, was encrypted. These numbers have been increasing rapidly over the last few years. Many firewalls can only inspect unencrypted web traffic. This was a small risk when encrypted websites were less common. With the sudden rise of encrypted web traffic, many firewalls are NOT equipped to scan this data. It is possible to scan encrypted web traffic, but for many institutions this will require changes and additional investment. The risk of not scanning this encrypted web traffic significantly increases the chances of your institution becoming a victim of a malware outbreak or a data breach. Examiners in some regions have started to pick up on this security hole, and they are encouraging institutions to address this issue.

Another area of concern for institutions is new and emerging threats. Attackers are continually innovating and improving their attack methods, and basic security solutions may not be enough to detect and prevent these advanced attacks. Newer solutions specifically designed to analyze the growing attack techniques have been developed. The use of sandbox technology and machine learning are being tasked to make it more difficult for attackers to be successful. In many instances, these solutions can be imbedded within your perimeter firewall solution. These types of defenses can vastly increase the effectiveness of your security landscape.

Even though your firewall is viewed as a technical security device, it is also the device that grants users access to the internet. The internet has quickly become a business-critical service. When strategizing about upcoming budget aspects, the institution should consider the business risks involved when an internet device causes downtime. There are ways to mitigate internet downtime using high availability solutions. High availability involves having two firewall devices configured in a cluster. If one device fails, the second device seamlessly takes over responsibility so that downtime is avoided.

Additional devices and licensing will also affect the budget. These changes can be small or very large depending on the scope and goals of your strategy. Going forward, have a plan and strategy to deal with the ever-changing security landscape.

Technology

The biggest move in technology over the last half decade has been the move to the cloud. This will continue to be the case in 2019. The cloud offers benefits such as low maintenance, high availability and rapid disaster recovery that can’t be easily or affordably addressed with in-house solutions. The future likely means more servers and business functions moving to the cloud. This likely is where technology spend will move over the next 5 years. Another term for this is Infrastructure as a Service (IaaS). There are three likely situations that will lead to this move and determine how your institution makes the transition.

  1. Your institution desperately needs high availability and/or disaster recovery and is willing to incur the cost of moving from a hardware-based solution to a cloud-based solution.
  2. Your institution’s hardware infrastructure is reaching the end of its life and it is time to purchase all new hardware or move in a new direction. This can be a good time to evaluate your current setup and what is best for the future.
  3. Your institution has some regular hardware turnover scheduled for next year and wants to evaluate slowly moving to the cloud. Instead of buying a new server, it may be time to evaluate what the future of your infrastructure will look like and if the cloud is a long-term solution.

Free eBookEverything You Need to Know About the Cloud Get a Copy

Some vendors pitch the move to IaaS as a cost savings move. There are cost savings involved. No more hardware to buy and maintain; no more electricity to run the devices; no more cooling to keep hardware cool; and the ability to achieve high availability is easier and more efficient. However, the move to IaaS is typically not a cost savings, but a feature advantage. Most institutions will be lucky if they break even with moving to an IaaS model, but they will gain great redundancy, uptime, reliability, and disaster recovery capabilities.

Generic cost estimates are impossible due to the fact that everyone has different infrastructure, needs, wants, etc. But if flexibility and added freedom is something your institution wants or needs, start investigating what IaaS might cost for your institution. This technology has matured greatly over the last few years and continues to evolve, making it viable now and likely the wave of the future.

In moving into 2019, focus on two things. Are my current processes and products adequate? Not have they passed exams this year, but are they mitigating the current risks to the institution? Too often measuring by exams leaves the institution open to a false sense of security and potential exam issues in the future. For compliance, ensure the institution’s processes are thorough, up to date, and adequate to meet the needs of the institution. For technology, consider what the long-term goals of the institution are and start working on a plan to implement these changes. Security is going to need new investments each year for the foreseeable future. The historical solutions for security problems have been successful which has forced criminals to find ways around them. It’s time to realize that the threats have changed, and it is time to address the new threat landscape.

26 Nov 2018
Identifying Top Priorities for 2019 - IT Outlook Survey

Identifying Top Priorities for 2019: Participate In Safe Systems’ Annual IT Outlook Survey for Banks and Credit Unions

Identifying Top Priorities for 2019 - IT Outlook SurveyWe want to hear from you for our annual industry report examining how community banks and credit unions plan to meet their IT, compliance and security needs in 2019.

To better understand banks’ and credit unions’ current IT situation, we have been surveying community banks and credit unions for the last 3 years. Our previous reports highlighted top IT priorities, IT challenges, security concerns and compliance issues, as well as what technologies and investments banks and credit unions plan to leverage in the coming year. We share the information gathered by publishing a white paper; last year’s was “2018 IT Outlook for Community Banks and Credit Unions.” The report is designed to provide community banks and credit unions with valuable peer data that can provide guidance for key IT, compliance and security decisions.

Looking back on 2018, some of the trends we saw included:

  1. Cybersecurity and Information Security Continue to Challenge Banks and Credit Unions
  2. Cybersecurity was the greatest security challenge banks and credit unions foresaw for the year ahead and information security was also a top challenge.

  3. Compliance Continues to be a Challenge
  4. Managing strict, ever-changing government regulations and guidelines is the greatest IT compliance challenge, which has led to the increasing trend of outsourcing compliance needs.

  5. Outsourcing Remains Beneficial and Important for Smaller Institutions
  6. With limited internal resources and expertise, community financial institutions continue to augment their IT departments with outsourced service providers who are able to help them navigate the IT changes and meet examiner expectations.

  7. Technology Investment Continues
  8. Community financial institutions continue to recognize the need for investing in new technologies and services.

  9. Both Community Banks and Credit Unions Have the Same Pain Points
  10. The results indicated that both credit unions and community banks experience many of the same issues related to compliance, IT challenges and staffing constraints.

Other areas the survey focuses on include IT management issues, audit and exam preparation, additional technology challenges, vendor management, business continuity planning, reasons for change and implementation of new services and cloud usage.

We hope you will participate in the 2019 IT Outlook by taking our survey. By completing the survey, you will gain access to this comprehensive year-end report. Your anonymous responses will be aggregated to provide detailed graphs, charts and plenty of insight amongst your peers in the community financial industry.

Begin Survey
14 Nov 2018
5 Ways Cloud-Based Solutions Improve Disaster Recovery for Banks and Credit Unions

5 Ways Cloud-Based Solutions Improve Disaster Recovery for Banks and Credit Unions

5 Ways Cloud-Based Solutions Improve Disaster Recovery for Banks and Credit UnionsDisaster recovery is a concern for all banks and credit unions, regardless of size and location, but the hard truth is that a number of institutions are not adequately prepared for emergency situations and are unable to quickly recover from a disaster. This goes against FFIEC compliance regulations and can also equal significant revenue losses and reputational damage.

Implementing cloud-based solutions can help solve this issue by significantly speeding up the disaster recovery process and improving operations. In fact, one of the biggest benefits of using cloud-based solutions is its impact on disaster recovery.

5 key ways cloud-based solutions improve disaster recovery:

1. Improved access to data

Cloud-based solutions provide the flexibility of being able to access and restore systems quickly from any location. The cloud provides instant connection to critical data and servers, which prevents compliance and regulations issues and fines, reduces loss of revenue and increases customer or member confidence.

2. Eliminates the need for duplicate data centers and back-up locations

Banks and credit unions using the cloud eliminate the expense of having duplicate data centers and expensive back-up sites. Organizations access the servers remotely to install, run, and maintain applications. In addition, banks and credit unions do not have to worry that their data center or back-up facility will also be hit by the disaster. For many community financial institutions, their branches and offices are often all in the path of the disaster given their geography.

3. Quicker response times

Free eBookEverything You Need to Know About the Cloud Get a Copy

Using the cloud enables banks and credit unions to respond more quickly to a disaster, sometimes in as little as minutes, rather than hours or days. Cloud-based solutions eliminate the need for time-consuming manual administration and intervention.

4. Reliable and up-to-date backups

Cloud solutions automatically perform back-up functions on a regular basis. This ensures that updates are accurate and that banks and credit unions have the most recent version of documents and data at all times. This helps ensure disaster recovery operations are utilizing the most recent version of all solutions and data.

5. Scalability

Cloud solutions offer a high degree of scalability. As banks and credit unions grow and technology evolves, their systems grow as well. Instead of having to physically implement new servers to handle the growth and implement disaster recovery plans for all new systems, cloud based solutions can easily expand with the organization.

Because disaster recovery from the cloud provides a much more streamlined process, recovery times are much faster; data can be accessed from anywhere; and the time-consuming and error prone process of manually recovering from a disaster is eliminated.

Implementing cloud-based services can be challenging and even a daunting task for some community banks and credit unions. Working with an outsourced service provider, such as Safe Systems, can help with the process while ensuring the systems are compliant and meet all regulator expectations. We built our Managed Cloud Services solution specifically for community banks and credit unions to enable quick recovery from any disaster, as well as ensure your data is safe and secure.

07 Nov 2018
4 Misconceptions about Cloud Security in the Financial Industry

4 Misconceptions About Cloud Security in the Financial Industry

4 Misconceptions about Cloud Security in the Financial Industry

More and more banks and credit unions are either thinking about or already entrusting their IT solutions and data to cloud-based systems. While the allure of having applications and systems hosted on a cloud network is appealing to community banks and credit unions due to the ability to eliminate servers, internal infrastructure, and applications that would typically have to be hosted inside the institution, there are still some concerns with the transition, especially as it relates to security. Many organizations have some misconceptions and struggle with truly understanding the security differences of housing their sensitive data in the cloud vs. keeping it housed on servers and hardware solutions that are located on-premise.

Having sensitive data stored in a virtual environment is certainly different from on-premise resources, so it makes sense that security-related issues and concerns would need to be addressed and considered. It is understandable that you might have some doubts on whether you can really put your trust in something you can’t physically see and control in your own building or financial institution.

So, let’s take a look at some of the common issues and misconceptions about cloud security.

Misconception #1 – The cloud is not secure!

Cloud-based solution providers don’t take security lightly. In fact, the global cloud security market is predicted to reach $12.64 billion by 2024—up from $1.41 billion in 2016, according to Hexa Research. According to the report, the growth is driven by the increasing use of cloud services for data storage, and the rising sophistication of cyber attacks.

Misconception #2 – Once I move my data to the cloud, its security is not my responsibility

One of the main security-related issues when it comes to the cloud is determining who is actually responsible for data security. Cloud security is typically expected to be a shared responsibility. Just because a bank or credit union utilizes cloud-based solutions doesn’t mean they aren’t responsible for monitoring the security of the solutions, ensuring the data is safe and meeting compliance and regulation requirements. IT professionals and cloud vendors should share cloud security duties.

Misconception #3 – My data can be lost in the cloud

Cloud-based solutions excel in one critical security area and that is information resiliency. Utilizing the cloud will prevent the loss of data while also reducing the likelihood that it will be susceptible to corruption. Cloud-based solutions can recover quickly and continue operating even when there has been an equipment failure, power outage, natural disaster or other disruption, providing a bank or credit union continuous access to data and vital information.

Misconception #4 – Anyone can access my data

The cloud actually reduces the surface area of possible penetration attacks because the entry points into the cloud are very well defined and are locked down with multi-factor authentication and other mature and trusted security tools and processes. While physical security is no longer a worry, banks and credit unions will still need to manage user work stations, connections to applications, and switches and routers, to name a few. In addition, cloud-based solutions provide users with detailed reports of all activity– who has logged in, who accesses certain information, etc., which provides the ability to audit unusual or potentially harmful actions on the network.

Cloud services offer many benefits for financial institutions, including system standardization, centralization of information, the simplification of IT management and the built-in ability to stay current with technology and hardware updates. Deploying these tools in an on-premise environment and ensuring the entire network is secure enough to combat the growing cyber threats seen today would require not only large investments in infrastructure, but large teams to manage them as well. This can be extremely costly for small to mid-sized banks and credit unions. Ultimately, moving assets to the cloud enables banks and credit union’s IT executives to focus on the key capabilities that support the institution’s unique strategy while having the confidence all assets are secure.

31 Oct 2018
NetConnect 2018

Preparing for the Future: The Value of Safe Systems’ NetConnect Customer User Conference

NetConnect 2018

Safe Systems hosted its 2018 NetConnect Customer User Conference October 2-4 in St. Simons Island, Georgia. The three-day conference was designed to bring customers, employees, and vendor partners together to exchange ideas and learn about key technology, compliance, and security best practices and solutions. Banks and credit unions from around the country attended to listen to inspiring keynote speakers and attend sessions designed to educate, motivate, and drive success. The event also included a tradeshow made up of a dozen vendor partners offering additional products and services to Safe Systems’ customers. One of the most critical meetings held during the event is the customer advisory meeting, where the Safe Systems management and product development teams gather feedback from a subset of customers on existing and future products and services.

A key goal of this year’s conference was to provide our banking and credit union customers with the necessary tools and guidance to develop comprehensive cybersecurity programs; meet stringent regulatory demands; and build successful institutions. The event began with an entire day of pre-conference training focused on information security threats, including cyber threats. As these threats continue to evolve, the need for effective IT management and efficient risk management increases. This professional development opportunity helped cultivate the skills needed to effectively create and maintain a comprehensive information security program; communicate effectively with the board; and improve vendor management processes.

NetConnect 2018

This year’s keynote speaker was Bill Treasurer, CEO of Giant Leap Consulting, and author of numerous books about courageous leadership. His speech, “Leading with Courage”, focused on practical strategies for building courageous workers that seek out leadership opportunities, how to step up to challenges, offer innovative ideas, passionately embrace change, and become more productive.

In addition, one of the guest speakers, Erich Kron, a security awareness advocate, led a session on “Hacking the Users: Developing the Human Sensor and Firewall,” which focused on how banks and credit unions can turn people into effective attack sensors and human firewalls. He discussed the real goal of security awareness training, the politics of phishing your users, and how to deal with repeat offenders.

NetConnect provided an atmosphere where customers could exchange ideas and learn more about the latest technologies and trends in the financial services industry. Safe Systems’ product managers led educational sessions, focused on the company’s solutions and services customers use every day, to provide expert training and share tips and tricks to help streamline processes. Safe Systems’ compliance and security teams also led informative sessions and interactive workshops on relevant compliance topics and trends, including how to manage or push back on examiners; steps to take after completing the cybersecurity assessment tool (CAT); and how to respond to and recover from a cyberattack.

NetConnect 2018

During the conference, Safe System’s employees and customers celebrated the company’s 25th anniversary. For more than two decades, Safe Systems has worked with more than 600 financial institutions and managed more than 20,000 network devices. Safe Systems has found great success in helping community financial institutions significantly decrease costs, increase IT performance, enhance cybersecurity processes and improve their compliance postures. With our expertise and experience in the industry, we have a solid understanding of what is coming down the pipeline, how to anticipate trends and have gained a unique perspective into what our customers need. Our talented employees work hard to build strong relationships with our clients and pride themselves on the quality customer service they provide.

Safe Systems strives for the NetConnect event to be an engaging and educational experience where bankers and credit union professionals can gain valuable knowledge on technology, compliance, and security. The company values the customer partnership and the opportunity to seek their direct feedback on current and future services which will ensure success for both parties. Safe Systems continues to provide products and services to help community banks and credit unions strengthen their institutions and build success. Our solutions, combined with our customer service and advisory, arm our customers with the resources they need to succeed in today’s financial environment and beyond.

14 Sep 2018
American Pride Bank Partners with Safe Systems to Successfully Launch New Institution

American Pride Bank Partners with Safe Systems to Successfully Launch New Institution

American Pride Bank Partners with Safe Systems to Successfully Launch New Institution

An efficient network environment is important to ensure that bank operations run smoothly, especially for new financial institutions. Preparing a bank for a grand opening involves setting up workstations, equipment, servers and software for the entire organization – all of which can prove daunting for an institution with limited IT staff.

Nicole Rinehart, vice president of Macon, Ga.-based American Pride Bank, quickly found herself in this situation when managing the launch of the de novo bank. She realized she needed assistance and support with the bank’s IT initiatives to get the institution up and running as soon as possible.

“As the only IT person in the bank, I had a big assignment to accomplish getting the bank open and ready for business,” said Rinehart. “I had never dealt with a company like Safe Systems before, but with their professionalism and expertise in the banking industry, I felt that they were a great partner to help us with this project.”

Streamline IT Operations and Compliance Processes

Download PDFSuccess Story: American Pride Bank Get a Copy

American Pride Bank implemented Safe Systems’ IT network management service, NetComply® One, allowing it to automate a variety of IT functions to ensure its network would be secure and compliant. With NetComply One, the bank can monitor and manage IT compliance and security from one centralized platform; easily receive alerts; provide detailed reports to examiners and Board of Directors; receive network updates; streamline patch management and other manual tasks and obtain expert support from Safe Systems’ team. Rinehart is also able to access the bank’s network remotely to monitor and manage day-to-day maintenance issues that arise.

After the initial set up, the bank switched locations seven months later, and Safe Systems was right there to transfer all of the equipment, servers, and workstations to the new building. The support from the technical engineers made the transition seamless and stress-free for the entire organization.

“NetComply One is a one-stop-shop for technology, compliance, and security,” Rinehart said. “When examiners come into the bank, our audits are flawless because we have thorough, real-time data to share that meets regulatory expectations and shows that our network is functioning securely and efficiently. The platform streamlines our IT processes and reduces the amount of time I spend on manual IT tasks, allowing me to focus on more valuable activities for the bank.”

For more information, download the full success story, American Pride Bank Enhances IT Network Management Processes.

12 Sep 2018
Streamline Network Reporting to Better Meet FFIEC Requirements

Streamline Network Reporting to Better Meet FFIEC Requirements

Streamline Network Reporting to Better Meet FFIEC Requirements

Annual exams and regulator expectations continue to change and become more cumbersome for financial institutions, regardless of size. The entire exam process, starting with the preparation, can be an extremely time consuming and stressful process to complete given the amount of reports and information the bank or credit union is required to provide. To manage this process efficiently, community banks and credit unions must understand what examiners are looking for and be able to streamline processes to ensure the proper documentation is prepared prior to the exam.

The Compliance Challenge

Regulatory agencies are requesting an increasing number of documents and reports even before the exam begins. Financial institutions are usually asked to prepare between 40-100 items for each exam or audit and institutions have between 11-20 exams per year, making exam preparation alone a cumbersome, full-time task, and one that can be overwhelming for a financial institution with a small IT department. This doesn’t even take into account the amount of time spent providing accurate responses to requests and reviewing and remediating findings.

Download PDFSuccess Story: American Pride Bank Get a Copy

Some of the reports requested by government agencies include:

  • Documentation of patch management programs;
  • Vendor management program reports;
  • Network Vulnerability Scan reports;
  • Back-up verification and reporting;
  • Inventory and auditing logs;
  • Remote Control Logs;
  • Training logs;
  • Detailed Executive Summaries; and
  • Security Control Logs and Verification.

With limited resources, many community financial institutions struggle to efficiently meet examiner expectations and provide reports that are timely, accurate, complete, and consistent.

Automate the Network Reporting Process

Community financial institutions are looking for ways to better manage their regulatory reporting requirements. To help streamline this process, financial institutions are implementing a network management system with an automated reporting function that allows institutions to easily configure, customize and generate reports to meet examiner expectations.

A comprehensive network management system designed specifically for financial institutions can help the IT department quickly produce and effectively manage custom reports for exams. Having a solution that automates IT reporting based on FFIEC requirements, helps banks and credit unions to more efficiently prepare for exams. In addition, increased visibility to the network helps IT managers simplify processes and provide proper documentation to examiners.


Remaining in compliance with government regulations is a consuming responsibility for institutions of all sizes. Regulatory agencies are continually changing and increasing the amount of reports they require. To help ease this compliance challenge and streamline reporting activities, financial institutions should adopt applications that will increase efficiencies with automation.

05 Sep 2018
8 Key Requirements of the CAT to Consider

Does Your Network Management Comply with the CAT? 8 Key Requirements to Consider

The threat to network systems has increased significantly over the last few years, and the consequences of a breach can be potentially disastrous for organizations and individuals alike. Due to the volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (CAT) plays a major part in helping financial institutions identify risk and understand their cybersecurity preparedness. To better protect the network, financial institutions must understand where their security practices fall short and how to effectively address those gaps. The CAT provides a clear set of standards to ensure an institution’s network systems are managed efficiently and compliantly.

 
Some key areas of network management that are addressed in the CAT include:

  1. Risk Identification
  2. There must be documented processes that outline potential threats and vulnerabilities. Risk identification activities that determine the institution’s information security risk profile, including cybersecurity risk, must be documented and evaluated on a routine basis.

  3. Network Border Protection
  4. There must be effective preventative controls in place to adequately protect the network from attack. This includes firewalls, anti-virus protection and anti-malware software.

  5. Inventory of Assets
  6. An updated inventory of technology assets including hardware, software, information, and connections should be maintained. The inventory should include where all assets are stored, transmitted and processed.

  7. Auditing of the Network
  8. Download PDFSuccess Story: American Pride Bank Get a Copy

    Financial institutions must have the ability to identify what devices are present on a network; the ability to monitor at the device level to determine the health of network components; and the extent to which their performance matches capacity plans and intra-enterprise service-level agreements (SLAs). It also includes the ability to track performance indicators such as bandwidth utilization, packet loss, latency, availability and uptime of routers, switches and other Simple Network Management Protocol (SNMP) enabled devices.

  9. Dual-Factor Authentication
  10. The system must have more than one form of authentication in order to access it to ensure a secure log-in.

  11. Patch Management
  12. An effective patch management program is a must in today’s environment. All software applications require updates from vendors to remedy weaknesses. Updates should be rolled out to all devices in a timely manner, updates should be tested to ensure they don’t create an issue for the institution’s applications and all patches must be well documented.

  13. Remote Control Access
  14. Remote access to a network allows employees to connect to any machine in their network via encrypted and logged sessions. It gives administrative personnel the tools to administer and manage a network, enabling increased productivity, heightened security, greater flexibility and centralized control that’s accessible from anywhere they have an Internet connection. While this is beneficial, it must be monitored and protected from outside attacks.

  15. Reporting
  16. Financial institutions must be able to generate and provide easily configurable, customizable and accurate reports for all exams and audits in a timely manner.

Consequences of Not Being in Compliance

Failure to comply with FFIEC guidelines puts a financial institution at risk of doing poorly on exams, being written up for not following protocols and spending large amounts of time remedying violations, which can all lead to reputational damage and loss of revenue. Regardless of location and size, banks and credit unions are all subject to largely the same regulations. Governing agencies have become more stringent in their exams in the last several years and have been liberal in issuing citations to community financial institutions that have lapses or are not meeting regulations.

Automating Network Management

To help ensure community financial institutions operate more efficiently, securely and compliantly, IT professionals are implementing network management systems designed specifically for financial institutions and their compliance needs. These systems help to further decrease costs, increase performance, and improve their compliance posture by automating the myriad of tasks associated with exams and regulatory requirements. Systems with built-in automated intelligence eliminate the need for IT staff to directly administer challenging and time-consuming tasks such as patch management, anti-malware updates, and reporting.

Automating IT activities helps ease the burden of maintaining network compliance. Remember, while compliance requirements can be cumbersome and time-consuming, these standards are in place to ensure that sensitive, financial data is protected from the malicious threats and attackers who seek to exploit it.

29 Aug 2018
Often Overlooked Component of a Patch Management Program – Patch Testing

An Often Overlooked Component of a Patch Management Program — Patch Testing

Often Overlooked Component of a Patch Management Program – Patch Testing

A strong patch management program has many important components. It starts with identifying the right patches, implementing a patch schedule, deploying patches, and ensuring all patches are effective and working correctly. However, one critical but often-overlooked component of patch management is the actual testing of all patches. Testing patches before they are implemented is crucial to ensure that they will not wreak havoc on your machines, servers or networks and cause disruptions in your IT environment, not to mention impede customer service.

Patches are constantly being released, making testing an on-going action item for financial institutions to ensure their network and organization are protected. Testing can be a time-consuming task, requiring, hours, days or weeks, depending on the updates provided and criticality of the system to be patched. On the other hand, the cost of having to repair damaged software and network systems due to untested patches can be significant.

Effective Patch Management and Testing

Download PDFSuccess Story: American Pride Bank Get a Copy

Financial institutions cannot blindly install patches without understanding the potential impact the update will have on the institution’s network. Doing so can result in the elimination of key features in bank systems, incompatibility with critical functions, and even the removal of important data and financial information. Once patches are installed, it can be difficult to revert back to the older version.

All software applications require updates from vendors to remedy known vulnerabilities or security weaknesses, not just operating systems. This includes updates for third party software programs such as Adobe Acrobat®, Adobe Reader®, Adobe Flash®, Java™, Chrome™, and Firefox®. All patches should be tested in an environment that hosts the same critical applications, including business applications, servers, network systems and all the key applications unique to the financial institution. The goal is to replicate the whole environment as much as possible to determine the potential complications and outcomes for each patch.

Streamline Patch Testing

To help streamline the testing process and ensure all patches are thoroughly tested, Safe Systems has established one of the largest test groups in the United States focused on the financial services industry. The test group consists of more than 1,000 devices in real-world environments, ensuring that when a patch is approved for full deployment, the financial institutions system’s operations and applications are not impacted and business is not interrupted.

Having the support of an outsourced service provider testing all patches crucial to your institution ensures you have a comprehensive patching program that is guaranteed to deliver quick, accurate, and secure patch updates to all workstations and servers. This process will help mitigate the multiple risks associated with running unpatched and untested programs and automate the time-consuming process of testing and deploying new patches.

A lack of effective patch management and testing has contributed significantly to the increase in the number of security incidents in financial institutions. Adequately testing every possible configuration is a necessity for all financial organizations to protect against data breaches and other malicious attacks. Working with a third-party service provider to assist in the testing phase can save your organization countless hours; eliminate the headache of having to fix incompatible patches; and ensure software is up to date, resulting in a secure environment.

22 Aug 2018
2018 The Peoples Bank of Georgia Enhances Compliance and IT Network Management Processes with Safe Systems’ NetComply One Solution

The Peoples Bank of Georgia Enhances Compliance and IT Network Management Processes with Safe Systems’ NetComply One Solution

2018 The Peoples Bank of Georgia Enhances Compliance and IT Network Management Processes with Safe Systems’ NetComply One Solution

When The Peoples Bank of Georgia’s outsourced IT provider retired and sold the business to another company, the staff was faced with the challenge of working with a provider who did not specialize in banking. This led Jessica Keller, Information Technology Officer for The Peoples Bank of Georgia, to search for a service provider who truly understood her bank’s IT operations; one that could successfully manage its compliance requirements; and one that had the expertise to monitor and manage the bank’s network efficiently.

Experienced and Knowledgeable Third-Party Provider

Keller learned about Safe Systems through attending banking industry conferences and through recommendations from her peers. The bank selected and implemented Safe Systems’ NetComply® One IT network management solution to efficiently manage all important network tasks and provide proper documentation to regulators for IT examinations. NetComply One also enables the bank to automate patch management; receive qualified alerts; and obtain detailed reports.

New Call-to-actionSuccess Story: Peoples Bank of Georgia Get a Copy

“As a small community bank, we needed a service provider who could guide our institution’s IT projects, efficiently manage compliance, regulatory requirements, reporting and act as an extension of our organization,” said Keller. “Safe Systems’ expertise in the banking industry, their ability to work with regulators, and the automated reports they provide, made them the ideal partner for our bank.”

Compliance and Regulatory Expertise

After NetComply One was installed, the bank’s staff was able to more efficiently manage all important network tasks, ensuring proper documentation to regulators for IT examinations. “Implementing the NetComply One solution has made significant improvements in examination preparation and management for our entire network,” said Keller. “I no longer have to spend time on manual processes and can now focus on more valuable tasks and activities. Safe Systems is a true partner who understands the banking industry and acts as an extension of our organization, enabling us to ultimately better serve our customers.”

For more information, download the full success story, The Peoples Bank of Georgia Enhances Compliance and IT Network Management Processes with Safe Systems’ NetComply One® Solution.

15 Aug 2018
First National Bank in Olney, Illinois Strengthens Patch Management

First National Bank in Olney, Illinois Strengthens Patch Management and Enhances Compliance Posture with Safe Systems’ NetComply One Solution

First National Bank in Olney, Illinois Strengthens Patch Management

Patch management has become more important than ever for financial institutions as the lack of an effective program has contributed significantly to the increase in the number of security breaches. The most popular software products are tested by hackers for weaknesses, and vendors have to constantly release security updates to keep these applications safe and secure. However, monitoring and managing patches can be a cumbersome, time-consuming process, especially for community financial institutions with limited IT staff.

This was the case for Rick Johnson, assistant vice president of IT at First National Bank in Olney, Illinois. He was spending a significant amount of time on patch management. In fact, it had nearly become a full-time job, and the bank was looking into hiring additional personnel to assist the IT department with this task. This led Johnson to search for an outsourced service provider who offered a comprehensive automated patch management solution designed specifically for community financial institutions.

New Call-to-actionFirst National Bank in Olney Success Story Get a Copy

“Maintaining patches became a very time consuming task for me, in addition to my other responsibilities at the institution,” said Rick Johnson. “We are in a rural location, and it was extremely challenging to find someone who could manage the network, understand compliance policies, and maintain patches in a timely manner.”

Automated Patch Management Solution

First National Bank in Olney selected Safe Systems’ NetComply® One IT network management solution to efficiently manage all important network tasks including automated patch management, network monitoring, qualified alerting, and detailed reporting. In addition, the bank utilizes the Security Baseline Service that is built into NetComply One and is designed to help streamline the essential task of maintaining server hardening by automating the process, including a testing phase and ticketing notification.

“To ensure the security of our network and successfully meet examiner expectations, we needed an outsourced provider who could support our IT initiatives and offer insight on compliance updates and changes,” said Johnson. “NetComply One ensures that we are up to date with our patches and other IT functions, so we can focus on more revenue generating activities at the bank without having to add extra staff. Since implementing Safe Systems, we have increased network performance and improved our overall compliance posture.”

For more information, download the full success story, First National Bank in Olney, Illinois Improves Patch Management and Compliance with Safe Systems NetComply One® Solution.

09 Jul 2018
Kids on Banking Blog Featured Image Behind the Scenes

Behind the Scenes: Kids on Banking

Kids on Banking, The Ocean

There were many activities leading up to March 17, 2018, including pre-production meetings, casting calls and location scouts. The whole idea started a full year earlier, when the Safe Systems’ marketing team attentively listened to two very famous speakers, Morgan Spurlock (documentary filmmaker) and Seth Godin (author) encourage the audience to create content that was not about their own products or even their own company. As it so happened, Safe Systems was approaching the milestone achievement of 25 years in business, so this was the catalyst to build a business case and move forward with the experts’ advice.

The production crew came from as far as Akron, Ohio and assembled at the Greenville Center for Creative Arts in Greenville, SC at 6:30 am. The day was carefully orchestrated with mothers, fathers and kids arriving every hour. While in the waiting room the kids were drawing pictures about banking topics to get them in the right mindset. After going through hair and makeup they were finally brought in for their on-camera interviews. Of course, the whole project was a gamble as it was totally unscripted. We really did not know if the kids would say anything funny at all. As it turned out, we were laughing the entire day and are so excited about the finished product. The now infamous Kids on Banking video has been viewed and shared more than 26,994 times so far across various platforms.

 

Here’s a peek behind the scenes!

 

Behinds the Scenes, Kids on Banking

Behinds the Scenes, Kids on Banking

 

How would they spend $50?

You may recall we asked the kids on camera if they had $50 how they would spend it. At the end of each interview, each child was surprised with a Safe Systems wallet and $50 bill. So, we thought it would be fun to find out how the kids actually spent the money. (Did they really buy a water park and put it in their backyard?) Well, no, but there were several nice stories sent in to us that we want to share.

Most kids saved a portion of their earnings and then made some strategic purchases with the “disposable income.” Max and Zoe are siblings…and as they stated in the video, purchased Lego® sets. Cohen bought new Pokémon© cards and Sarah Spratlin (her ambition was to buy a private jet and fill it full of puppies) bought a book about the history of The Avengers for her 11 year old brother as a birthday gift.

Chloe loves unicorns! Her shopping trip resulted in the acquisition of 2 new stuffed unicorns, 1 unicorn pen, and a toy for her hamster.

 

Chloe, Kids on Banking

 

Hudson and Caleb are brothers. As you may recall they both wanted to purchase animals (maybe even all the animals in the world). Well…they did buy a new snake (and a car racing kit) but also divided up their earnings to save for the future and give to others in need.

 

Caleb and Hudson, Kids on Banking

 

We have enough footage from that day to create another video. Watch our website, social media pages, and your inbox for the upcoming release of Kids on Banking 2 coming to YouTube this fall. In the meantime, we highly recommend you watch (and share often) the first video so you won’t be lost in the upcoming sequel.

#kidsonbanking #safesystems25

Browse Our Services

11 Apr 2018
How RegTech Solutions Have Changed the Financial Services Industry

How RegTech Solutions Have Changed the Financial Services Industry

How RegTech Solutions Have Changed the Financial Services Industry

Financial institutions today are tasked with finding new ways to manage risk and comply with changing regulations. This has led to the development of regulatory-focused technology or “RegTech,” a new product category that can be thought of as a subset of FinTech. RegTech solutions are specifically designed to address common regulatory challenges and help financial institutions effectively comply with these regulations in a more efficient, cost effective manner.

The Evolution of RegTech

Since its inception, RegTech has evolved and transformed rapidly. According to CB Insights, there are four key phases that showcase how RegTech solutions have changed over time:

  1. Manual — This initial stage of RegTech involved manually collecting and storing data. These basic reporting functions enabled compliance teams to manage and store data in programs like Microsoft Excel®. Many organizations have used these tools to streamline auditing, reporting, and reduce errors.
  2. Workflow Automation — As software matures to include workflows and automation around regulatory and compliance issues, the second phase of RegTech was formed. In the workflow automation phase, financial services organizations began using software for regulatory reporting, automating audit trails and compliance tasks. This level of automation reduces manual intervention and helps meet compliance and regulatory expectations.
  3. Continuous Monitoring — The continuous monitoring phase involves data analytics, process automation and back office integrations. With continuous monitoring, inconsistencies and compliance gaps are quickly noticed and fixed. This enables financial organizations to reduce risk and exposure to breaches, among other security threats.
  4. Predictive analytics — The future of RegTech is in new technologies, including advanced analytics, cognitive computing, the cloud, artificial intelligence and machine learning. Organizations are beginning to leverage artificial intelligence for risk identification, compliance intelligence, identity management and background screening. In addition, artificial intelligence and Big Data tools are being used to monitor pre-and post-trade compliance; deliver faster insights; increase efficiencies in compliance processes through automation, while reducing costs and offering foresight into emerging risk issues.

RegTech has made a big impact on the industry, but this is just the beginning. These solutions are more important than ever as the number of regulatory changes rises along with an increased use of technology and focus on data and reporting. The fines imposed by regulators will continue to increase and the number of regulations will continue to grow. In fact, it is estimated that by 2020 there will be 300 million pages of regulations in existence, with fines for non-compliance likely to rise accordingly. With so much at stake, financial organizations must have a plan in place to implement RegTech solutions in their institutions.

For more information on RegTech, download our white paper, The New Era of RegTech: Building Compliance into Your Financial Institution’s Processes.

Free White Paper

The New Era of RegTech

Building Compliance into Your Financial Institution’s Processes
Free White Paper

04 Apr 2018
Six Costs to Consider When Implementing New Bank Technology

Six Costs to Consider When Implementing New Bank Technology

Six Costs to Consider When Implementing New Bank Technology

Community banks and credit unions remain committed to investing in new technologies and services as needs evolve. In fact, according to the 2018 Community Bank and Credit Union Information Technology Outlook survey, nearly 80 percent of community bank survey respondents claim their technology spending has increased in the past 18 months, and 88 percent of credit unions claim their technology spending has increased in the same time period.

Community financial institutions depend on their IT network infrastructure and technology solutions for nearly all functions including managing data, network monitoring, online banking services, ATM services, teller functions, email, regulatory and compliance issues and security monitoring. This means it is crucial that all solutions work together efficiently. For this to happen, financial institutions must continue to update their hardware and software and invest in new resources or services to enhance their financial institution and better serve their customers.

Cost Considerations

Here are six costs to consider before purchasing new technology solutions for your financial institution.

  1. Physical Hardware — Hardware costs can include the initial hardware price or lease costs of the actual IT equipment for computers, laptops, servers or other network hardware.

  2. Software — This includes purchasing software solutions, licensing and subscriptions. This can be costly depending on how many users are involved. The costs can also vary depending on if it’s a one-time purchase or a cloud-based system with a set annual fee.
  3. Operational — This cost considers the impact to the users. For example, solutions that improve efficiency, enable integration, automation, improve decision making, and better collaboration allow bank staff to reduce manual tasks and focus on more revenue-generating activities.
  4. Education and Training — Implementing new technology solutions usually requires some training and education for the end-user. If you are replacing or updating a solution that works in the same way as your current system, little training may be required. However, more complex systems or upgrades can require significant training which can be costly.
  5. Support — Support and maintenance are often underestimated when evaluating new banking products and services. As technology changes and evolves, there are often upgrades to the software or hardware that financial institutions must be aware of. Ongoing costs related to security upgrades, software updates, computer repair and general support are a necessity to owning and utilizing technology.
  6. Warranty — Purchasing an extended warranty or service contract that covers damage is often recommended and needs to be included in the total cost of ownership. The extended warranty will often cover repair or replacement of a device or solution due to mishaps for a longer time than the manufacturers’ warranties.

No technology lasts forever. New systems, hardware and techniques are constantly being developed to automate processes, increase efficiency and improve the overall organization so understanding the costs associated with implementing new solutions is imperative. Careful planning, evaluation and preparation will result in successful technological implementations.




White Paper Download

2018 Community Bank IT Outlook

Primary Research and Analysis of Your IT Priorities in 2018
White Paper Download

28 Mar 2018
Closing the Gap with RegTech

Closing the Gap: How RegTech Solutions Can Boost Your Institution’s Compliance

Closing the Gap with RegTech

With the Federal Deposit Insurance Corporation’s (FDIC) InTREx program, recent updates to the Federal Financial Examination Council’s (FFIEC) Cybersecurity Assessment Tool (CAT), and other regulatory expectations, financial institutions have a large responsibility to keep up with the evolving compliance landscape. While these laws and requirements were designed to improve risk controls, maintain capital and create a more transparent financial sector, many financial institutions have found managing regulatory compliance efforts is a resource consuming, expensive inefficiency.

These complex regulations, coupled with the increased use of technology within financial institutions, are forcing community banks and credit unions to find new ways to manage risk and remain compliant. The need to streamline compliance processes across the board has resulted in the development of a new technology product category: regulatory technology or RegTech.

RegTech Fills Compliance Gaps

While the financial services industry has made significant strides in the use of technology solutions, many have not adequately addressed regulatory issues and expectations, which has led to institutions performing manual processes to maintain compliance.

RegTech helps solve this issue for financial organizations by automating compliance tasks, reducing operational risks, streamlining reporting processes, and providing better oversight of their data. RegTech refers to a set of companies and solutions that address regulatory challenges through innovative technology in the financial services sector. This technology empowers organizations to make informed choices based on the actionable data provided through the systems. This data highlights the compliance risks the organization faces and how it mitigates and manages those risks.

While traditional solutions can be inflexible and require configuration when changes or enhancements are needed, RegTech solutions are agile and can easily keep up with the quickly evolving regulatory landscape. Using advanced technologies and analytics tools that extract, load and analyze data in a timely and efficient manner, financial institutions have the ability to stay up-to-date with regulatory and compliance guidelines and expectations, avoid costly fines, and save money by reducing the need to manually dredge through data.

RegTech has the potential to continually monitor capacity, provide close to real-time insights through deep learning and artificial intelligence filters, and identify problems in advance rather than simply taking enforcement action after the fact. Identifying potential threats to financial security early enables financial institutions to minimize the risks and costs that are associated with lost funds and data breaches.

Characteristics of RegTech Solutions

By automating compliance processes, RegTech solutions are truly addressing a gap in the financial services market. Some key characteristics of RegTech solutions include:

  • Combined use of real-time information with algorithms and analytics as well as even social media and biometrics, which has transformed how customer due diligence is done and how anti-fraud measures are determined;
  • The agility to combine complex information from banks and regulatory agencies to automate the prediction of potential risk areas;
  • Customizable and easy to integrate into a variety of environments;
  • A reporting function that allows institutions to easily configure, customize and generate reports to meet examiner expectations; and
  • A cloud-based solution to help financial institutions maintain, manage and back-up data remotely, while ensuring all data is secure in a cost-efficient manner.

According to research by FinTech Global, investment in RegTech has more than tripled over the last five years. Since regulators are now demanding a higher level of transparency, technology solutions that streamline this process are of the utmost importance. When community banks and credit unions are able to simplify regulatory processes, compliance costs are reduced and the bank’s staff is able to decrease time spent on manual tasks. Ultimately, this increases the effectiveness and the efficiency of compliance efforts which leads to more flexibility and new growth opportunities for financial institutions.

For more information, download our white paper, The New Era of RegTech: Building Compliance into Your Financial Institution’s Processes.

Free White Paper

The New Era of RegTech

Building Compliance into Your Financial Institution’s Processes
Free White Paper

21 Mar 2018
How Credit Unions Plan to Manage IT Challenges

How Credit Unions Plan to Manage IT Challenges, Staffing Struggles and Outsourcing Needs in 2018

How Credit Unions Plan to Manage IT Challenges

Our second annual IT outlook survey was designed to help better understand community banks’ and credit unions’ current IT situations, top IT priorities and challenges, security and compliance issues, as well as gain insight into key technologies and investments they plan to make in the year ahead. We surveyed approximately 110 respondents representing a range of community banks and credit unions nationwide with asset sizes from $100 million to more than $1 billion.

Within the results were four highlights about credit unions specifically that were of note:

Technology Spending On the Rise

Credit union respondents recognize the need for investing in new technologies and services and claim their technology spending has increased in the past 18 months. According to survey results, 50% of credit unions spent $50k-$350k on non-core service technology in the past year.

Staffing Struggles Continue to Permeate

Personnel resource restraints and in-house expertise are significant pain points for credit unions. With constant technological changes and increasingly strict regulatory guidelines, small IT departments can easily feel overwhelmed when managing day-to-day tasks. 50% of credit union respondents have only one employee in their IT department, while the remaining half indicated no dedicated IT department at all.

Outsourcing Priorities

Nearly 55% of survey respondents are outsourcing the management of their IT network. It is not surprising that 64% of credit union respondents have elected to outsource their security monitoring, especially given the increase in security breaches the industry has seen within the past year. Other key areas credit unions are outsourcing include compliance services, IT support and IT projects.

Cloud vs. On-Premise Servers

In general, credit unions are adopting cloud-based server solutions, with 63% indicating their institutions currently have servers in the cloud. Approximately 50% of credit union respondents claim this is driven by the desire to reduce disaster recovery risks and ensure the institution maintains access to its data.

The complete report provides credit union executives with valuable peer-to-peer information to better understand the current IT environment within community banks and credit unions nationwide, while also helping improve decision making within their own institution in 2018 and beyond.

To gain more insights into the key challenges, goals and opportunities facing community banks and credit unions today, download the full report here:




White Paper Download

2018 Community Bank IT Outlook

Primary Research and Analysis of Your IT Priorities in 2018
White Paper Download

14 Mar 2018
aWhy Outsourcing IT Network Management is the Answer to Your Financial Institutions Compliance Woes

Why Outsourcing IT Network Management is the Answer to Your Financial Institution’s Compliance Woes

Why Outsourcing IT Network Management is the Answer to Your Financial Institutions Compliance Woes

Community banks and credit unions are growing accustomed to the strenuous regulatory reviews they must go through each year. However, they continue to struggle with managing an evolving set of government regulations and guidelines. In fact, according to the 2018 Community Bank and Credit Union Information Technology Outlook survey we conducted in the fourth quarter of 2017, 32% of respondents claim this is currently their greatest IT compliance challenge. Audits and exams, including internal audits, are designed to help ensure a financial institution’s environment is sound and compliant and that daily practices are in line with those standards. As a result, the entire exam process, from preparation to providing accurate responses to reviewing and remediating findings, can be an extremely time consuming and stressful process to complete.

Preparing for an exam has evolved into a time consuming task. Agencies are requesting an increasing number of documents and reports before the exam even begins. According to survey results, approximately 60% of respondents were asked to prepare more than 40 items for each exam or audit; and 31% of respondents indicated that they were tasked with preparing up to 40 items. With 48% of survey respondents preparing for and responding to between 11-20 exams per year, exam preparation is becoming a full-time task, one that can be overwhelming for a financial institution with a small IT department.

With these limited resources, many community financial institutions struggle to efficiently administer IT tasks and meet examiner expectations. To counter these mounting pressures, community financial institutions are looking for ways to more efficiently manage their networks and meet regulatory requirements.

Automating Exam Prep and Reporting

To help ensure community financial institutions operate more efficiently, securely and compliantly, IT professionals are implementing network management systems designed specifically for financial institutions to further decrease costs, increase performance, and improve their compliance posture. Utilizing such applications will increase efficiencies by automating the myriad of tasks associated with exams and regulatory requirements. Systems with built-in automated intelligence eliminate the need for IT staff to directly administer challenging and time-consuming tasks such as patch management, anti-malware updates, and reporting.


Network management systems designed with compliance in mind are able to account for updates to banking regulations and changes as they occur, which allows financial institutions to stay ahead of the curve and ensure adherence to all regulatory requirements. A comprehensive network management system can also automate, produce and manage custom reports for exams. Having a solution in place that automates reporting functions and requirements and is able to produce custom reports based on FFIEC requirements makes preparing for exams more efficient. Increased visibility to the network helps bank IT managers streamline processes and provide proper documentation to examiners. In addition, providing financial executives with the ability to receive live information for reporting purposes not only saves time but also improves operational efficiencies.

Regardless of location and size, banks and credit unions are all subject to largely the same regulations, and regulatory agencies are continually changing and increasing guidance requirements. It’s also no secret that governing agencies have become more stringent in their exams in the last several years and have been liberal in issuing citations to community financial organizations that have lapses or are not meeting regulations. Meeting expectations and adequately preparing for an exam are top concerns for many financial institutions. To help ease these compliance challenges and streamline compliance-related activities, financial institutions should adopt applications that will increase efficiencies with automation.




White Paper Download

2018 Community Bank IT Outlook

Primary Research and Analysis of Your IT Priorities in 2018
White Paper Download

07 Feb 2018
2018 IT Outlook

5 Highlights from 2018 Community Bank and Credit Union Information Technology Outlook Survey

2018 IT Outlook

In our second annual IT outlook report, we surveyed community banks and credit unions to better understand their current IT situations, top IT priorities and challenges, security and compliance issues and to get an idea of key technologies and investments they plan to make in the year ahead. The data collected in our 2018 report analyzes survey feedback on 54 questions from approximately 110 respondents representing a range of community banks and credit unions across the country with asset sizes from $100 million to more than $1 billion.

One big difference to note is this year marks the first time that the survey includes responses from credit unions. The survey shows that both credit unions and community banks are experiencing many of the same issues related to compliance, IT challenges and staffing constraints. 


Five highlights from the 2018 Community Bank and Credit Union Information Technology Outlook reveal the following:

  1. Cybersecurity and Information Security Continue to Challenge Financial Institutions
  2. Cybersecurity remains the greatest security challenge banks and credit unions foresee for the year ahead according to 80% of survey respondents. Information Security continues to be a top challenge for community financial institutions, according to 81% of survey respondents, which has led to 74% of survey respondents claiming they have increased their IT-related security spending in the past 18 months.

  3. Compliance Continues to be “Top of Mind”

  4. Managing strict, ever-changing government regulations and guidelines is the greatest IT compliance challenge today for 32% of survey respondents. This has led approximately 40% of respondents to outsource their compliance needs. In addition, preparing for an exam has become a time consuming task as agencies are requesting more and more documents and reports before the exam even begins. According to survey results, approximately 60% of respondents have been asked to prepare more than 40 items for each exam or audit.

  5. IT Staffing Struggles Continue
  6. For the second consecutive year, personnel resource restraints and in-house expertise are cited as significant pain points for many financial institutions. According to the survey, approximately 31% of respondents have only one employee in their IT department and 26% have just two IT employees, emphasizing that many community banks and credit union’s IT departments continue to be understaffed.

  7. Outsourcing Continues to be Beneficial
  8. With limited internal resources and expertise, community financial institutions continue to augment their IT departments with outsourced service providers who are able to help them navigate the IT changes and meet examiner expectations. According to survey results, 76% of respondents outsource the management of their IT network to a technology service provider. 86% of bank and credit union respondents outsource their security monitoring, given the increase in security breaches the industry has seen this past year.

  9. Technology Investment Continues
  10. Community financial institutions continue to recognize the need for investing in new technologies and services. Nearly 81% of survey respondents claim their technology spending has increased in the past 18 months.

Other areas the survey focused on include IT management issues, audit and exam preparation, additional technology challenges, vendor management, business continuity planning, reasons for change and implementation of new services and cloud usage. The complete report provides executives with peer-to-peer information to better understand the current IT environment within community banks and credit unions nationwide, while also helping improve decision making within their own institution in 2018 and beyond.

To gain more insights into the key challenges, goals and opportunities facing community financial institutions today, please download the full report here.




White Paper Download

2018 Community Bank IT Outlook

Primary Research and Analysis of Your IT Priorities in 2018
White Paper Download