Category: Technology

Community banks continue to embrace technology and remain committed to investing in new technologies and services this year. In fact, according to the 2017 Community Bank Information Technology Outlook Study, a survey conducted by Safe Systems in the fourth quarter of 2016, nearly 77% of respondents claim they are spending more on technology today than they have in the past. The challenge however, often lies in trying to keep pace with the rapid rate of change that is influencing and impacting the banking industry.

It seems that the one constant in our industry is continuous change as new systems, new hardware and new techniques are being developed to improve uptime, increase efficiency, control costs, assist with compliance issues, and generally help banks run more smoothly. This rate of change pushes virtually every institution to regularly perform system upgrades and technology modifications to improve its IT environment. According to the survey, the driving factor for change among community banks is business strategy, with 28% of survey respondents naming this as their primary reason for investigating new resources or services to enhance their institution. However, rather than making large, wholesale changes that can deplete valuable HR energy and resources, IT administrators stand to benefit more by making targeted, incremental improvements to support their bank’s overall IT strategy.

2018 Community Bank Information
Technology Outlook

Primary Research and Analysis of Your IT Priorities
in 2018

Slow and Steady Wins The Race

The IT industry is built on innovation that fuels revolutionary change. Perhaps the most notable example, Apple^®, essentially redefined consumer electronics starting with the Macintosh^®, then the MacBook^®, the iPod^®, the iPhone^®, the iPad ^® and the Apple Watch^®, each building on the other, usually attracting lines around the block of consumers turned brand evangelists.

While technological evolution can yield incredible results, it can also be extremely hard on financial institutions by forcing them to change their entire network or IT plan to accommodate a new innovation. This is particularly relevant for small community banks with limited resources. Additionally, charting the future path of innovation can be an unreliable and unpredictable undertaking. Are you going to innovate this year, next year or in three years? It is very hard to manage and predict. On the other hand, by making smart, incremental changes, it enables the bank to set manageable goals and actually see those goals and improvements come to fruition more rapidly.

Evolutionary Change to Save Time and Improve Efficiency

One proven example of an evolutionary change is automated patch management, software updates designed to fix known vulnerabilities or security weaknesses in applications and operating systems. All software applications require updates from vendors, including third-party software programs such as Microsoft^®, Adobe^®, Adobe Reader^®, Adobe Flash^®, Chrome ™, and QuickTime^®. Too often, though, IT professionals are relying on a manual process, requiring staff to update each machine and workstation individually. This also requires them to stay abreast of all changes essentially in real-time, which is unfeasible. Increasingly, banks are automating this process, which delivers quick, accurate, and secure patch updates to all workstations and servers and mitigates the multiple risks associated with running unpatched programs. The time the IT department saves on managing patch management enables them to instead focus on more profit-generating activities for the financial institution.

Making Evolution Part of your Company Culture

Banks should make continual service improvement a key part of their overall corporate culture. These changes can be identified by a single resource or through a committee focusing on operational improvement. Allocating time and resources to focus on the right aspects of new technology and process improvement is key as even the smallest incremental changes can have the ability to provide a significant positive impact.

For more information please download our complimentary white paper, 2017 Community Bank Information Technology Outlook.

New Regulatory Trends Encourage Succession Planning for Your Bank’s IT Administrator Too

While banks are accustomed to planning for the departure of the CEO, president, vice presidents, controller and/or other senior leaders, the critical and pervasive nature of IT systems is leading many examiners to require institutions to consider expanding succession planning to include IT administrators as well.

The reality is that today, community banks must address a mounting succession problem, especially as it relates to their IT department. As technology has become more operationally and strategically important, banks must now have a plan in place to ensure that the sudden departure of a critical IT employee is a manageable event and does not present a major organizational crisis.

Understanding Regulatory Expectations

Regulators recognize the important role that IT administrators and cybersecurity personnel play in the overall success and wellbeing of the financial institution. While there have not been any formal government mandates released (yet), regulators are now looking at — and in some cases, requiring — financial institutions to have a formal succession plan in place for their key IT personnel. In fact, the new FFIEC Management Handbook requires examiners to determine that there are “provisions for management succession that provide for an acceptable transition in the event of the loss of a key IT manager or staff member”.

A community bank’s IT administrator bears a great deal of responsibility as he or she must understand the ever-growing complexity of IT operations, and work closely with the Information Security Officer to ensure the institution remains compliant with continuously changing regulatory requirements. Even though the list of duties and level of complexity has grown substantially in recent years, many community banks have just one dedicated person on staff to manage all of their IT operations.

Employees may leave for any number of reasons, and IT personnel are no exception. There are a number of risks associated with the loss of an IT manager who is the sole individual with the knowledge of how the bank’s network runs. To help mitigate this risk, the FFIEC’s Cybersecurity Assessment Tool suggests that banks build “a program for talent recruitment, retention, and succession planning for the cybersecurity and resilience staffs.” In order to consistently comply with government regulations and examiner expectations in the long term, banks should have a succession plan that outlines how the bank will continue to function in an uninterrupted manner after the loss of an important IT employee.

What the Succession Plan Should Include

Bankers must understand that a community bank’s technological assets are every bit as valuable as the money in their vault. The success of the bank relies on its IT infrastructure, which is heavily dependent (and often over-dependent) on IT personnel. Regulators want to confirm that an institution can provide a constructive response detailing exactly what the bank will do to keep IT operations running efficiently if its key IT personnel leaves.

Again, the FFIEC Management Handbook states that “…Management should have backup staff for key positions and should cross-train additional personnel. The objective is to provide for a smooth transition in the event of turnover in vital IT management or IT operations.”

While the human element cannot be replaced, using automation to supplement IT personnel bolsters a bank’s succession plan. Automated systems don’t forget, get too busy, take vacations or sick days, and aren’t subject to human error or inconsistencies. And perhaps the biggest advantage of using automated processes to augment your succession plan, is to ensure your procedures are applied in a consistent and timely manner, regardless of personnel changes.

Dispelling 5 IT Outsourcing Myths within Financial Institutions

Learn why five of the most commonly believed “facts” about IT outsourcing within community financial institutions are actually myths.

Choose a Partner To Support Your IT Department

Finding, training, and retaining qualified staff to manage an IT network can eat up considerable time and energy from your bank’s management team, taking away valuable time needed to support customers and banking operations. Not doing so quickly can open the bank up to additional security risk. In considering IT succession planning, many financial institutions are proactively turning to IT service providers to act as an extension of their organization and help augment internal IT resources.

The right solution provider can serve as a true partner and work alongside current IT staff to manage the network and streamline technology needs, while meeting regulators’ expectations and enabling the bank to meet all compliance mandates. At Safe Systems, we understand the ever-growing complexity of community banks’ IT operations and apply that knowledge to providing our customers with an in-depth view of their IT network environments and additional support in co-managing their IT operations. We want to provide bankers with assurance that their institution’s IT network is functioning efficiently, optimally, securely, and is in compliance with industry regulations.

Technology has become the lifeblood of today’s financial institution so it is imperative that all technology assets work efficiently. Modern community banks rely on their IT departments to maintain hardware and software and ensure that all systems are functioning optimally when needed. IT is also responsible for monitoring an array of on-going concerns like antivirus protection, patch management and email security, to name a few.

As a result, the network administrator position has become — both operationally and strategically — one of the most important within financial institutions. However, potential problems can occur for many community banks that find themselves with only one person running their IT departments, putting the bank at risk if that person goes on vacation, gets sick, changes jobs, or goes on extended leave. According to a CareerBuilder Job Forecast, the IT Manager/Network Administrator is one of the top five positions with the most turnover.

Strengthen your IT Department and Build Greater Continuity for Your Bank

To help ease the loss of a valuable resource, having a third-party integrated with existing IT staff to augment the department can make the transition smoother and eliminate gaps within operations should a bank’s IT manager leave for any reason. Many financial institutions are turning to IT and security service providers to act as an extension of their organization and help supplement internal IT resources. Outsourcing even a portion of IT provides a level of continuity and stability that can be difficult for smaller community financial institutions to achieve on their own. Often, banks are at the mercy of a single individual, even if there are multiple people in the department, to make sure all activities are completed. The right solution provider can serve as a true partner and work alongside current IT staff to manage the network and streamline technology needs. When the IT staff is out or unavailable, outsourcing critical IT business processes helps fill the personnel gap to provide added peace of mind and stability for the institution.

Use Checks and Balances to Stabilize Your Bank’s IT Outlook

In addition to having increased IT support, outsourcing brings a well rounded perspective to technology needs. This helps avoid a common issue among some community institutions in which the administrator’s level of influence and power can actually influence the institution’s corporate personality and approach to business. For example, a very conservative administrator may prefer not to “rock the boat,” push hard to make improvements or ask for funding and as a result, the institution might end up behind the technology curve in the long run. This creates a less than efficient organization and one that does not meet the growing demands of its customers. On the other hand, a more aggressive approach toward cutting edge technology can lead to excess spending in unproven or high risk technologies. To help balance this, it is good practice to have a trusted outside partner to offer guidance and ensure the bank implements technologies that make sense financially, will enhance current services and align with the institution’s long-term goals.

The right technology service provider should offer your bank full support for the demands of today’s banking technology requirements and truly act as an extension of your internal IT department. At Safe Systems, we understand the ever-growing complexity of community banks’ IT operations and apply that knowledge to providing our customers with an in-depth view of their IT network environments and additional support in co-managing their IT operations. We want to provide bankers with assurance that their institution’s IT network is functioning efficiently, optimally, securely, and is in compliance with industry regulations. No matter what changes an institution goes through, having an outsourced IT partner on the team can help to streamline processes and keep IT operations running smoothly.

Dispelling 5 IT Outsourcing Myths within Financial Institutions

Learn why five of the most commonly believed “facts” about IT outsourcing within community financial institutions are actually myths.

For community banks to remain competitive today, they must continually add or upgrade applications and solutions to their networks that integrate seamlessly with their core banking system, such as Jack Henry. If you are considering making a change, it is important to first understand the impact it will have on your existing IT environment (including costs associated with physical equipment, security and regulatory compliance).

To help you avoid unnecessary mistakes, we have prepared some pertinent questions to discuss before you start the project.

10 Questions to ask before Jack Henry Application Implementations:

1. What proprietary software do we have in place that will be affected by the change?
2. Is the proposed implementation of this application modular (i.e. one size fits all) or is it being implemented in a way that fits into my specific network design?
3. Are we getting the best or even competitive pricing on licensing, hardware and installation or should we seek comparison quotes?
4. Can I implement this application on a virtual platform to enhance fault tolerance, replication and recovery capabilities?
5. Is our current network sufficient and can it handle any increase in demand on existing resources?
6. How will this change affect our Business Continuity Plan and procedures?
7. How will this change impact our cybersecurity posture?
8. Can our current data replication and back up process handle this change or will we need to modify these capabilities at additional expense?
9. What amount of time, expense and other resources will it take to train our IT staff and maintain their skills to support the new application?
10. Do we need help evaluating our current IT environment to help us identify and minimize unforeseen impacts resulting from this change?

Today’s community bank IT administrators have a very challenging and time consuming role! They must stay abreast of ever changing banking applications, regulatory compliance requirements, maintain complex multibranch networks, while also meeting customer and board of director demands and expectations. Before implementing a new JHA core application, you should consider working with an outsourced IT provider who understands the Jack Henry software suite.

Safe Systems supports over 100 Jack Henry banks

Safe Systems has been providing IT, security and compliance services exclusively to community banks and credit unions for more than 20 years. We know from experience that the specific needs of financial institutions differ significantly from other network installations. Leverage our expertise to better understand:

• Best practices for implementing and supporting Jack Henry Banking core applications
• How to efficiently add banking applications in a secure environment
• Security factors and FFIEC regulations
• How to configure and install servers, backup solutions and fault tolerant host connectivity

Through our years of working with Jack Henry’s core solutions, we have built an extensive base of knowledge to effectively support banks who rely on a wide variety of Jack Henry core banking applications. We have a proven track record of implementing a diverse set of ProfitStars’ banking solutions, including Synergy Enterprise Content Management, Yellow Hammer’s BSATM compliance solution and ArgoKeys® LendingKeys™ branch sales automation platform successfully throughout our diverse Jack Henry customer base.

Working with an outsourced IT provider who truly understands Jack Henry solutions can be a huge benefit when it comes to managing your network and adding the banking applications that ensure your organization is competitive in today’s challenging financial marketplace.

Patch management is more important than ever!  The lack of an effective patch management program has contributed significantly to the increase in the number of security incidents in financial institutions. Patches are software updates designed to fix known vulnerabilities or security weaknesses in applications and operating systems.  All software applications require updates from vendors, not just operating systems. This includes software updates for third party software programs such as Microsoft, Adobe, Adobe Reader, Adobe Flash, Chrome, and QuickTime.  The most popular software products are tested by hackers for weaknesses, and vendors have to constantly release security updates to keep these applications safe and secure.

When it comes to patch management, many financial institutions today fall into one of two categories:

1. Those that don’t keep systems consistently up to date, and simply react when there is a problem or vulnerability.
2. Those that keep systems up to date, but spend a lot of time managing the patching process.

Examiner Expectations

Patch management’s importance was underscored with the recent release of the FFIEC’s Cybersecurity Assessment Tool.  This assessment tool makes multiple references to patch management, and dedicates an entire contributing component category to statements covering patching practices. The tool defines clear expectations on what banks must do in order to remain in compliance, and lays out a path for improvement beyond the basics.

In addition, the most recent Supervisory Insights edition from the FDIC references the need for effective patch management as one of 4 key areas that institutions should manage to mitigate security threats. The FDIC also stressed effective patch management in a webinar last year, and stated that 99.9% of successful hacker and malware attacks that exploited a vulnerability did so more than a year after a patch was published to plug the security hole.

All of these sources point to some best practices regarding patch management:

• Updates should be rolled out to all devices
• Timeliness of patching is critical as the longer an unpatched system is in production, the larger the risk
• Devices with patching issues need to be addressed promptly to avoid a security issue
• Updates should be tested to ensure they don’t create an issue for the institution’s applications
• Patches that are not deployed because of bank applications must be documented
• Senior Management and Board of directors should be provided with reports on patch status

Components of an effective patch management system

An effective patch management program should include policies and procedures to identify, prioritize, test, and apply patches in a timely manner.  The longer that a system remains unpatched the more vulnerable the intuition becomes. It is crucial that all systems are patched, if at all possible.  To support a comprehensive patching program, the bank should create an asset inventory cataloging all systems that require patch management oversight. This asset inventory should list all software and firmware, including every server, switch, router, firewall, operating system, printer, laptop, desktop and ATM in the bank that are subject to periodic patches from vendors.  Effective patch management is much broader than just making sure that Microsoft patches are flowing.

Bank executives should also stay abreast of possible threats by monitoring reports on identified vulnerabilities, and should ask if such vulnerabilities can be patched.  Once a vendor stops supporting a software application they typically also stop releasing patches to plug newly discovered vulnerabilities, so executives should stay informed about assets nearing end-of-life.  Management should also establish strategies to migrate from unsupported or obsolete systems and applications, and implement strategies to mitigate any risk associated with these products.

To comply with the FFIEC guidance, the board and senior management at the bank should require regular, standard reporting on the status of the patch-management program, including reports monitoring the identification and installation of available patches. Independent audits and internal reviews should validate the effectiveness of the bank’s patch management programs.

Automated Patch Management

Many financial institutions find managing the patch management process and maintaining patching solutions both challenging and time-consuming.  Working with an outsourced service provider such as Safe Systems can provide your institution with a comprehensive patching program that delivers quick, accurate, and secure patch updates to all workstations and servers. This process will help mitigate the multiple risks associated with running unpatched programs and automate the time-consuming process of testing and deploying new patches.

Dispelling 5 IT Outsourcing Myths within Financial Institutions

Learn why five of the most commonly believed “facts” about IT outsourcing within community financial institutions are actually myths.

It might have taken some time, but you have finally found what you think and hope is the right candidate to fill your bank’s IT network administrator position. Today’s community bank relies on the IT department to maintain its hardware and software and to ensure all systems are available when needed. The IT department is also responsible for monitoring an array of on-going IT concerns like antivirus status, patch compliance and email security, to name just a few, so ensuring the new IT administrator is managing all this efficiently and effectively is very important.

Once the new IT administrator has been on the job for at least several months, if not longer, how can you really measure their success and make sure they are efficiently managing this crucial aspect of the financial institution? There are a few key areas to evaluate.

How are they able to handle and recover from downtime?

Ensuring all systems are working correctly is a crucial aspect of the IT administrator position. Anytime one of the systems is down, be it the teller system, ATM network or online banking portals, it affects customer service expectations and causes a disruption in the financial institution.

Your bank’s IT administrator should be able to quickly investigate, analyze and resolve complex hardware problems on the bank’s computer systems and quickly perform advanced hardware and software repairs and support on a wide range of PC-based computers and peripherals. In addition, this individual must provide troubleshooting support for escalated software and hardware problems as well as respond to after-hours system problems in a timely and efficient manner. Financial institutions have little tolerance for downtime, so ensuring the IT administrator is able to quickly resolve technical issues and ensure the bank IT infrastructure is running smoothly is critical.

How smooth is the transition?

Ensuring a seamless transition between IT administrators is important for all banks. The new bank IT administrator should establish a new list of passwords, run a security audit and investigate and become aware of all previous processes and procedures of past administrators. These processes should be completed with little interruption for banking personnel.

Cybersecurity and Incident Response Tests

Having cyber incident response plans, policies and procedures in place is a critical aspect of compliance for financial institutions today. In addition to simply having the policies in place, a critical element is testing that these policies actually do what they claim. A comprehensive incident test can expose gaps in even robust plans and provide valuable insight into whether the incident response plan delivers its stated claims. The new bank IT administrator should perform these tests to make sure the financial institution is safe and in compliance with government regulations.

7 Reasons Why Small Community Banks Should Outsource IT Network Management

This is a free white paper that addresses key issues smaller financial institutions face when managing their networks and the benefits of outsourcing these tasks to a provider who offers IT network management solutions exclusively tailored for community banks.

You’re only as good as your last backup and disaster recovery test!

A backup and recovery test is an important process of assessing the effectiveness of a financial institution’s software and methods of replicating data, as well as its ability to reliably retrieve that data should the need arise. Backup and recovery testing is an essential part of a disaster recovery plan. In addition to ensuring the backup of mission critical data, testing also uncovers problems in software or processes that could lead to serious loss of data.

Insufficient testing leaves the bank vulnerable to data loss, downtime and redundancy of effort, not to mention in violation of government regulations. Backup and disaster recovery testing should be done at least yearly; however, this can be completed more frequently should the need arise or when changes are made to personnel and/or technology systems and procedures. The new bank IT administrator should run their own backup test to ensure they are familiar with the processes and systems.

People Skills — Are they able to work with people as well as machines?

In addition to showcasing stellar technical skills, IT administrators must also have good people skills. Good people skills have as much of an impact on the success of your IT administrator as their technical skills, and this area can be evaluated pretty quickly. They must showcase a good demeanor when they have to respond and interact with both customers and employees. When a problem arises, bank IT administrators need to be able to communicate with individuals about the problem, what has been done so far and ultimately how it will be resolved.

IT audit scores

Each year banks must go through an examination process with the Federal Reserve where the government agency evaluates the bank’s soundness, the level of risk involved in the bank’s transactions and activities and its compliance with banking laws and regulations. They also review the adequacy of corporate governance and the quality of the board of directors and management, as well as areas that must be strengthened to improve the bank and its overall compliance. Once the evaluation is complete, examiners will provide an overall rating for the bank. The rating is very important for the bank as it is proof of its success, soundness and compliance. Ultimately, it is the responsibility of the IT administrator to ensure all things are in place for a successful evaluation and rating. This is a longer-term evaluation as this is typically conducted once a year.

A community bank’s technological assets are every bit as valuable as the money in the vault! The success of today’s community bank relies on the IT department so ensuring you have the right person leading this department and all its assets is crucial.

We’ve reached the final installment in our “New Bank IT Administrator” blog series. After reviewing vendors, ensuring security and creating a solid disaster recovery program, it’s important for a new bank IT administrator to become extremely familiar with your bank’s processes and team. The final three steps will help communications and create a smooth and seamless transition for new bank IT administrators.

7. Examine the Network Infrastructure of Your Bank’s Branches

Determine how information comes and goes to ensure your portals and locations are all equally protected. For example, you might have two branches that share the Internet that comes directly from one of the branches. When you perform the audit you might discover that the firewall is not working the way it is designed to, creating a significant security hole. It is important to take the time to ensure all network systems and hardware are working correctly and that everything is secure within all branches. This process can also uncover policies that should be revised or updated, giving you the chance to provide the bank instant value.

8. Review Previous Exams at Your Bank

Become familiar with anything brought up within an IT exam that needs to be fixed or reviewed. Make sure you are able to put a plan in place to immediately address these issues as you will ultimately be responsible for the next audit.

9. Work Closely with Your ISO and CTO in the First Five Days

Have a list of questions and points to go over with your information security officer and CTO during your initial meetings. This will help uncover previous pain points the bank has been experiencing, objectives moving forward and expectations for your role. This will also set priorities in place for the next 30 days to a year and will ensure the entire team is on the same page.

In addition to the meeting with your bank’s technical management team, you should also set up meetings with key vendors, which might include, the core vendor, loan origination software vendors, backup solutions vendor, security provider, the IT managed services provider and the hosted email vendor.

By following these important steps, a community bank’s new IT administrator should have all the tools he/she needs to succeed. Taking inventories of hardware/software, reviewing vendors, double checking security measures and creating solid relationships are all important measures to ensure both the IT administrator and the bank thrive.

In our last blog, we explained the first three tasks that should be accomplished as a new community bank IT administrator. The IT administrator wears many hats and plays multiple roles within a community bank. After taking hardware, software and vendor inventories, the next three steps are important to ensure the financial institution is secure and successful.

4. Determine Most Recent Dates of Hardware and Software Vendor Audits

In addition to simply completing a vendor audit, it is also important to vet vendors or at least identify the last time vendors were audited. If they haven’t been reviewed in a while, they should be, as IT admins need to ensure updated information on all aspects of the relationship and that the vendor is in compliance with all recent Federal vendor management guidelines.

5. Determine and Test the Backup Schedule

Every bank has to perform backups. The IT admin should familiarize themselves with the software used to perform backups. Are the backups being done on schedule, are the backups up to date, and when was the last time a successful restore was performed. Along those same lines, determine if the backup is done on-site, off-site or in the cloud and are the backups being encrypted with the correct cipher strength. Are the backups being done in-house or is it outsourced? It is very important to make sure backups are being done regularly. The schedule should be evaluated closely to make sure it aligns with the most recent disaster recovery plan. If they are not aligned, the schedule should be adjusted.

One of the main tasks associated with the administrative side of the IT administrator’s job is making sure you become familiar with the disaster recovery plan and ensuring it is up to date with any updated regulatory requirements. If the plan was last updated four or five years ago, you will need to redo it to meet new Federal requirements. This is usually done by a committee that consists of the information security officer and CTO. You should work closely with the information security officer to go through policies and procedures and to make sure everything is documented to remain in compliance with current regulatory guidelines.

6. Run a Security Audit and Ensure Previous IT Administrator’s Access to Systems is Disabled

There are also some steps you should take to transition from the prior IT administrator. This starts with making a list of all user names and passwords and disabling the previous administrator’s accounts. As the new IT administrator, you should run a new security audit. You need to be fully aware of what the previous administrator did so you can be familiar with the security processes and correct anything that was not done to standards.

This audit includes making sure passwords are changed, and the previous administrator’s access is terminated and accounts are disabled. If an administrator had remote access, you need to ensure this access is taken away or denied. Another area to examine is the use of programs such as Dropbox, often times used to store information so that it can be accessed remotely. When the administrator leaves the bank, this access to information must be eliminated.

Once you create hardware, software and vendor inventories, the bank IT administrator should have the capabilities to take the next three steps in ensuring your community bank is secure. Reviewing vendors, evaluating backups and security and auditing security operations are all important steps that should be performed within the first month of a new IT administrator. In our next blog, we will explore the final three steps in extending your review of your bank’s IT operations.

Starting a new job is always a challenge, but stepping into the role of a community bank IT administrator can be especially daunting. Oftentimes, the IT administrator is overwhelmed and at a loss as to where to start, given the demands of the position. After all, the health of a bank’s IT assets is every bit as valuable as the money in the vault!

The IT administrator position must support two distinct roles. The position serves as the technical resource as well as an administrative resource. Primarily, they are the IT resource for servers, workstations, networks, software and other technical aspects of the bank. Additionally, the IT administrator must work with the CTO and ISO in an administrative capacity to help with IT audits, regulatory examinations and providing senior management with information about the bank’s IT infrastructure.

 
Today, we’ll explore the first three things a new IT administrator should accomplish for a successful initial week on the job:

1. Create an Inventory of All Hardware

The IT administrator should immediately familiarize themselves with the equipment used in the bank. Identify your servers and their roles, tally your workstations (production and any spares), examine the networking equipment in use and continue this process for printers and other peripherals until you have created a thorough inventory of all equipment you have in-house. With your inventory results in-hand, check on warranty status for all your key equipment; warranty coverage can be invaluable in case of hardware failure or if you need customer support. Be sure to include serial numbers and warranty expiration dates for every device in your master inventory.

2. Audit All of the Software in Use

What operating systems and versions are you running? What software do you use for your teller stations, for loan operations and/or ATM management functions? Don’t forget about common third party software such as MS Word, MS Excel and Adobe Acrobat. Next, determine if all software is still being supported by the vendor, and make note of the support contact for each software system or application. Finally, investigate the support end of life date for the current software systems in place. This last step will significantly help come budget season by giving you a good idea of what should be replaced in the coming year.

3. Compile an Updated List of Vendors

After the hardware and software audits are complete, begin looking at the vendors your bank uses. For regulatory compliance purposes, your institution should have a thorough vendor management program. You may be able to work with the ISO to obtain the existing list of vendors, but your fresh start with the company is a great chance to take a fresh look at the list. This should include original manufacturers, third party resellers and service providers. Vendors should be identified for both hardware and software. For example, if you use Cisco network routers, did you purchase these from Cisco or are you leasing devices from a third party reseller? Create a comprehensive vendor list of who you will contact for support during both normal business hours as well as any emergency contacts for afterhours emergencies. Your final document should have a list of all vendors and primary contacts for each specific service provided.

These three steps set the foundation for the next steps required in keeping your community bank running smoothly while transitioning to a new IT administrator. While this sounds like a large amount of work, an IT administrator does not have to do it all alone. Many financial institutions are turning to IT and security service providers to act as an extension of their organization and help augment internal IT resources. The right IT solution provider can serve as a true partner and work alongside current IT staff to help manage the network and streamline technology processes. When the IT staff has turnover or is simply unavailable, outsourcing select IT business processes helps fill the personnel gap and provide added support resources and peace of mind to all.

 

It can be devastating to learn your bank’s IT Administrator is moving on to a new job. Many community banks find themselves wondering, what should I do now and what are the steps I should take to successfully find a new IT administrator to fill this key role?

Start with an updated bank IT administrator job description

The first step any bank needs to take is to update or put together the actual job description for the role they are looking to fill. Oftentimes responsibilities, requirements and required technology skillsets change based on process improvements and new technologies in the financial industry. The job description needs to be a collaboration between bank management, the board and key stakeholders within the bank.

Networking critical to spread the word

Once the description and key requirements have been put together, the position should be posted to key career sites such as LinkedIn, your state’s community bank association website, CareerBuilder and networking needs to start. The community banking network is a close-knit group so networking is crucial. Ask peers inside your organization and network if they know of anyone who they would recommend. Word of mouth can be very efficient in the hiring process!

Cast a wide net

Make your search broad. Given the rural location of many community institutions, locating qualified individuals locally can be a challenge. Don’t restrict recruiting to only your immediate community. Reach out to nearby markets, even other states and larger cities. Qualified candidates may be looking to relocate to your community and this could be the perfect fit for them.

Seek help during the hiring process

While all this sounds easy enough, it can be challenging to find the right candidate for your bank, and you certainly don’t want to make a rushed or hasty decision. It can take two to three months to find a suitable candidate that meets your needs for an IT administrator. Unemployment rate is low (2.3%, for IT jobs in the United States), so you may need to enlist the help of a recruiter who might have a pool of qualified candidates.

In addition, bank executives may find themselves at a loss to ask the right questions and assess qualifications during the interview process. This is typically due to a lack of knowledge of the technical details and skill sets required for this position. The IT Administrator is responsible for overseeing the selection, implementation, and ongoing support of technology throughout the entire bank, so having the right person in place is crucial. Don’t be afraid to ask for help from technology partners or even recruiters during this process. These professionals can help ensure the candidate does indeed possess the right IT and financial industry knowledge needed to efficiently and successfully perform the duties of the bank IT administrator role.

Key skill sets to look for in candidates

Since this position is responsible for the entire bank’s IT network, advanced knowledge of a wide range of computer hardware, systems software, applications, networking and communications technology is required. In addition, they should have:

• The skills necessary to maintain, repair and provide technical support for these systems;
• The ability to efficiently communicate with both staff and customers as well as have the ability to manage and supervise staff; and
• Solid understanding of the regulatory environment and compliance issues banks are facing today.

Given their remote location and possible hiring challenges, smaller community financial institutions can benefit from outsourcing or partnering with a provider who offers network management solutions exclusively tailored for community banks. An outsourced solution provider will work with your IT department, serving as a true partner and eliminating the possibility of a single point of failure. In today’s banking environment it is critical to have a system in place that offers key features such as patch management, third party patching, antivirus, hardware and software inventory management, vulnerability remediation, and compliance-focused reporting to help you verify that your financial institution’s network is adhering to your policies and procedures.

Don’t get blindsided when a single employee leaves

Have a solid back up plan and a trusted partner to ensure your financial institution continues to run smoothly and stays in compliance with today’s demanding regulatory requirements.

For a complete list of the skills and requirements for an ideal bank IT administrator, please see our complimentary job description.

IT Administrator
Job Description

What to do when your IT Administrator Leaves

It’s inevitable. You have finally found a stellar IT network administrator and things are running smoothly, when that person decides it is time to move on and explore new endeavors. For the community bank with limited resources, this can be a challenging time. If you have a one or two person IT department, it can be daunting to think about all that needs to happen for a smooth transition.

A community bank’s technological assets are every bit as valuable as the money in the vault! Today’s community bank relies on the IT department to maintain its hardware and software to ensure all systems are available when needed. The department is also responsible for monitoring an array of ongoing IT concerns like antivirus status, patch compliance and email security, just to name a few.

So, what happens when the key individual who is responsible for this crucial aspect of the financial institution decides to leave?

First, there are some technical issues to consider immediately. Change the IT administrator’s previous password and disable their account. This includes changing passwords for any service accounts that they might have known, including access to any virtual infrastructure as well as disabling access to all systems including email, email archival, network management, remote control, security monitoring, ancillary network services and remote access.

Contact information for key vendors should be changed and web hosting sites should be redirected. Also, make sure you know what reports need to be reviewed on a weekly, monthly and quarterly basis to ensure no regulatory compliance lapses occur. This is just the beginning of a vast number of things that have to happen to ensure your institution is secure and run efficiently.

Solution Options

To help alleviate this cumbersome process, many financial institutions are turning to IT and security service providers to act as an extension of their organization and help augment internal IT resources. The right solution provider can serve as a true partner and work alongside current IT staff to manage the network and streamline technology needs. Outsourcing select IT business processes helps fill the personnel gap and provide added peace of mind to all.



An IT and security service provider can automate and control many of the administrative functions that normally fall to the IT department, making it less daunting for bank personnel. These service providers can also automate third party patch management and reporting, hardware and software inventory management, vulnerability remediation and compliance-focused documentation and reporting. Providing the ability to actively monitor network information for diagnostic or security issues not only saves time and improves efficiencies, but also extends the bank’s support hours beyond the traditional 9 to 5. The right technology service provider should offer your bank full support for the demands of today’s banking technology requirements and truly act as an extension of your internal IT department.

At Safe Systems, we understand the ever-growing complexity of community banks’ IT operations. By making the decision to partner with Safe Systems, your organization will benefit from time saving automation, an in-depth view of your IT network environment and additional support in co-managing your IT operations. We want to provide you with assurance that the institution’s IT network is functioning efficiently, optimally, securely and is in compliance with industry regulations at all times.

For more information on what to do when your IT administrator leaves, please download our complimentary checklist of tasks to complete.

Who doesn’t love a deal? It’s the American way to search out the lowest price for that must-have item, especially around the two biggest discount days of the year, Black Friday and Cyber Monday. If, however, you are trying to take advantage of holiday discounts when buying for your financial institution, it may not be quite as simple as spotting that low price and clicking the buy button. Even with that irresistible deal you could end up actually spending more money in wasted equipment/software, duplicate configuration time, and accelerated depreciation schedules. So how can you make wise IT purchasing decisions, but still enjoy the shopping festivities? Here are the top five things to consider if you are looking to buy hardware or software for your financial institution during these bargain bonanzas.

Top 5 Considerations for Black Friday Technology Purchases for Banks

1. Watch the warranty:

   Consumer advocates like Clark Howard commonly tell folks to skip the extended warranty when purchasing consumer electronics. This can be a sound strategy for your personal devices where hardware failure may result in a boring plane ride or a less entertaining jog. When purchasing for the workplace, however, downtime costs you money. To ensure that you are minimizing your likelihood of downtime, a warranty that covers parts and labor with an acceptable replacement timeframe needs to be standard. Ideally, it will include covering the labor costs of a technician coming to your site or, at minimum, free expedited shipping for replacement parts or off-site repairs. You don’t want to deal with constantly carting these items back and forth to a retail shop for repairs. Not only can this be frustrating, but it also hampers employee productivity and could potentially open your data up to further risk.

2. Is it a refurb or special build?

   Many of these sales are able to offer lower prices because they are selling refurbished equipment. While refurbished machines have a solid track record of performance there are many other questions to be answered such as:

   • Does this item come with any support?
   • Which components are actually covered under any warranty?
   • How long do I have to determine if the item is working as advertised?

   Additionally, many stores and manufacturers create special builds for these large retail events. These combinations of hardware components and software builds are commonly used to clear backlogged stock, so the resulting builds may not always make the most technical sense. In some cases hardware components may be poorly balanced against one another, or one component may be more dated (and fated for faster obsolescence) than the other components. In other instances, bundled deals advertised as having the same technical specifications may have equivalent or comparable, but not identical, internal components per device. When shopping for business purposes, one-offs and small batch builds should generally be avoided unless you have the in-house expertise and administrative leeway to give that equipment the appropriate special attention. Be sure you read through all of the technical information before you make a purchase in order to avoid any surprises.

3. What’s the return policy?

   Make sure that anything you purchase is going to have a return policy that fits with your plans and timelines. For example, if you are going to take on a major PC replacement product mid-1^st quarter next year it probably doesn’t make sense to purchase your PCs now if they have a 30 day return policy. You’ll likely need longer than a month just to getting around to test them.

4. Be wary of close outs.

   You can get some really great prices on close out items. Because they are brand new, many feel that this is a better option than buying the newer generation at full price. Well, maybe, but you really need to understand what it is you are buying. How fast will the manufacturer “end of life” the product (i.e. stop providing updates and any kind of support)? Is this a purchase that will have to be expanded later? Will parts be available at that point? If you aren’t careful you can end up with an asset that has a much shorter lifespan than you anticipated.

5. Home licenses don’t do the job.

   Over the years this has been the most common mistake I’ve seen people make when they are in a bind for a PC. Often, they run out to the local big box store and purchase a PC off the shelf, seemingly resolving their issue. Many big box stores are geared towards personal rather than business users, and return policies for computer hardware or software purchases are typically more restrictive than other products. What might seem like minor details during the purchase case add up to a significant licensing cost. A user might unbox and set up their new workstation before realizing that it has a home edition of Windows, or the wrong version of Microsoft Office with “click-to-run” patching. Neither of these products is designed for a business environment, and the store may no longer accept the workstation as a return once it has been used. Often, the only workaround here is to replace the consumer-grade software with the business equivalent, and this can be a nasty added expense. Before you make any purchase you should make sure that all the software running on the device is ready for the enterprise and not simply intended for home use.

Black Friday and Cyber Monday both offer very tempting deals that many consumers, and even some businesses, are looking to take advantage of. It’s easy to get caught up in the momentum of the shopping season and purchase equipment or software after only a cursory glance. If you intend to take part in this annual flurry of commerce, then please make sure to take your time and understand exactly what it is that you are buying. Otherwise, that supersaver, white hot, limited quantities, limited time, guaranteed best price, too good to advertise, blowout bargain purchase may wind up costing you more in the long run.

Dispelling 5 IT Outsourcing Myths within Financial Institutions

Learn why five of the most commonly believed “facts” about IT outsourcing within community financial institutions are actually myths.

Recommendation #1: Keep and Maintain a Hardware Inventory

If you don’t have a hardware inventory record for your bank, it’s a great place to start. A complete list should include the following for both voice and data equipment:

• Make
• Model
• Software Level/Firmware Level
• General Function – Server, Firewall, Router, Switch, PBX
• Warranty Term and Expiration Date – End of Support Date, End of Life Date

Tip: Remember to include routers, switches, servers, PBXs, Wireless Access Points, and essentially any other device that has an IP address — be aware of devices approaching or past end of support or end of life.
 

Recommendation #2: Keep and Maintain a WAN Services Inventory

It’s also a good idea to keep and maintain a WAN services inventory for each location in your financial institution. The inventory should include the following information:

• Circuit Provider
• Circuit Type – T1, Ethernet, Cable Modem
• Circuit Bandwidth
• Circuit Function – MPLS, Internet, Point-to-Point, Voice (PRI/SIP/Analog)
• Provider Contract Signing Date
• Provider Contract Term – 12 month, 24 month, 36 month, 60 month

Tip: Most WAN and telecom circuit contracts are 36 month terms. Most carriers provide contracts with shorter terms (i.e., 24 or even 12 months), but expect to pay a premium -– approximately 20% or more for each reduction in term.

Recommendation #3: Review Your Voice and Data Solution Annually

Because bank voice and data networks are a large portion of your IT operating expense, the best practice is to conduct a yearly review of your technology solution.

For example, if you have not reviewed your MPLS network costs in the past year, you may be paying too much. Pricing pressures from competing providers (e.g., cable companies) have significantly reduced the cost of MPLS WAN circuits in recent years. In addition to pricing, technology advances at a lightning pace, so your solution might have become outdated since your last review.

Tip: If it’s been a year or longer since you reviewed your business communication solution, odds are it’s time for a review.

Engineering Best Practice

Create complete hardware and WAN service inventories to help you better manage your bank’s current business communication solution. These inventories will be very useful when you are ready to review your technology for improvements – you need to know what you have to work with before you start to solve problems. Once you have a thorough understanding of your existing IT communications environment, review your options to ensure you have the best price and technology available.

Don’t Go It Alone!

Safe Systems has seasoned WAN and telecom engineers that will help you throughout the process of evaluating your bank’s voice and data solution. There are a lot of choices, but we can ensure you get the right technology for your bank’s unique voice and data needs.

Dispelling 5 IT Outsourcing Myths within Financial Institutions

Learn why five of the most commonly believed “facts” about IT outsourcing within community financial institutions are actually myths.

The Current State of SYSVOL Replication

So what is SYSVOL, how does it replicate, and why should your bank or credit union care? SYSVOL is the set of data replicated between domain controllers that contains both the files necessary to run Group Policy as well as any logon scripts used to map drives, configure printers, etc. Abbreviated as DC, a domain controller is a server on a Microsoft Windows or Windows NT network that is responsible for allowing host access to Windows domain resources. The domain controllers in your network are the centerpiece of your Active Directory service. It stores user account information, authenticates users and enforces security policy for a Windows domain – from Webopedia. For all logon scripts and Group Policy Objects to work properly, it is essential that SYSVOL be copied accurately and promptly throughout the domain. To perform this copy process, the File Replication Service (FRS) was established in Windows Server 2003. FRS was deprecated in Server 2008 R2 but is still widely used. As its replacement, Microsoft introduced Distributed File System Replication, or DFSR. Since DFSR is multitudes better than FRS, Microsoft has pushed domains forward by no longer even allowing the setup of FRS on new domains. However, any domain that has ever had a Server 2003 domain controller must be updated.

The Risks and Downsides of FRS

Before even looking at the benefits of DFSR, there are a multitude of reasons to switch just to avoid FRS. To start, FRS has been deprecated so that it receives no bug or security fixes. This means there have been no updates to this system in more than eight years. Second, FRS always copies the entire set of data, not just changes, so it causes significantly more traffic across the WAN when changes are made. Additionally, FRS has no self-repair system to resolve issues like database corruption or morphed folders. This means engineers have to respond more often to alerts to repair this system.

The Top 4 Improvements and Upsides of Using DFSR

1. Contrary to FRS, DFSR is a fully supported replication system. It can replicate partial files, scale to a greater number of connections, and has mechanisms to help support slow and unstable networks.
2. Unlike FRS, DFSR does not wait for a fixed interval to replicate, but is always running immediate and continuous replication.
3. From a reporting standpoint, DFSR has built-in health status reports that list out any potential issue. This is especially important for the ability to quickly respond and resolve issues.
4. DFSR contains many self-healing mechanisms to prevent errors in the first place. This leads to a system that is more manageable, has higher performance, is more reliable and allows for greater scale.

The Bottom Line

The need to update to DFSR is present in almost every domain. Push to complete this process as soon as possible for all the benefits available. This migration will correct any health issues in the Group Policy system, and it only takes around three hours of total time to complete. Click here to find out more about Safe Systems’ Network Monitoring and Management Services. For related information on migrating SYSVOL to DFSR, click here.

Dispelling 5 IT Outsourcing Myths within Financial Institutions

Learn why five of the most commonly believed “facts” about IT outsourcing within community financial institutions are actually myths.

A community bank’s digital assets are every bit as valuable as the money in the vault. The business of financial services has undergone a tremendous amount of change in the last decade with the advancement of network technology, online services and the growing demand from customers for 24/7 access to their financial lives. Running a community bank is not simply a matter of managing money and providing loans. It’s about managing data and networks, too.

Because of this technological shift in the industry, network administrators and information technology officers now play a crucial part in ensuring the financial institution’s network and data are protected from viruses, malware and electronic attacks.

There are a number of tools and procedures available that will help any community bank or credit union to operate in the online age with a greater degree of confidence. Some of these steps may seem like obvious security techniques, but the deployment of a layered approach is the first step in building a strong security foundation.

Deploy these 10 Steps to Best Manage your Community Bank’s IT Security Program

1. Employ a firewall and intrusion prevention system (IPS) solution
2. Keep your Microsoft systems patched with the latest bug fixes and security updates
3. Maintain up-to-date virus security software and definitions
4. Establish a process for critical server vulnerability scanning
5. Patch ubiquitous third-party applications, such as Adobe, Java and Flash
6. Have an ongoing server hardening solution to remove common and critical vulnerabilities
7. Use a hosted DNS solution to protect against malware downloads
8. Train your employees on information security and best practices
9. Install a server security solution to monitor activity and help prevent attacks
10. Have a comprehensive reporting solution for both network management and security review

Deploying these ten steps 
will provide you the additional peace of mind that comes through sound, comprehensive IT security. These ten components go a long way toward building a comprehensive security program that will help protect your institution and its assets from many malicious attacks.

We understand that community banks like yours are under pressure to manage the constant evolution of technology. By applying these tactics and solutions, you can stay ahead of this ever changing environment while managing costs and resources.

For more information on how to implement these techniques to keep your community bank’s digital assets secure, download Safe System’s complimentary white paper, 10 Components of a Comprehensive IT Security System for Community Banks.

Dispelling 5 IT Outsourcing Myths within Financial Institutions

Learn why five of the most commonly believed “facts” about IT outsourcing within community financial institutions are actually myths.

The advancement of IT network technology, online banking services and the growing demand from customers to have 24/7 access to their financial lives have changed the business of banking. These changes have shifted the objectives of running a community bank away from simply needing to manage money and provide loans to also managing data and the IT networks that carry this information. From the teller line and the CSR platform to the phone and alarm systems, most modern institutions are highly interconnected and dependent on their IT network infrastructure. It is the lifeblood of today’s financial institution so it is imperative all technology assets work together and efficiently.

To ensure all systems are constantly functioning, it is important to continuously monitor hardware and software for failures, virus detection, and be alerted to required maintenance. Having a centralized solution in place that automatically monitors, alerts, tickets, provides support and reporting for servers, workstations, network routers, switches, software and other devices is an integral and critical function in today’s community bank.

Community banks face common challenges in terms of the capacity of their IT staff including:

1. Finding IT Talent. Smaller financial institutions rely on technology to help them deliver the same services as the big banks in their regions; however, it can be very difficult to attract and retain quality IT talent to maintain these complex systems. IT teams (many times a single individual) are tasked with implementing new technologies and applications while keeping the bank’s IT infrastructure running and documenting every change to meet regulators’ demands.
2. Keeping up with the Patches. When it comes to security, patch management is a critical component of any IT management plan. Patching is also a time consuming task for your bank’s IT personnel. It can take up to 30 minutes to manually patch an individual workstation. However, ensuring patches are up to date, as well as having a documented report of the patches that have been put in place, is crucial for security and compliance in the banking environment.
3. Sustaining Security while Going Mobile. The shift in the banking industry to online and mobile services has also changed the job of IT network administrators and information technology officers. That’s put a new pressure on this role to ensure the financial institution’s network and data are protected from viruses, malware and electronic attacks from would-be-digital robbers. It’s not an easy job!

Having a programmatic way of proactively monitoring and addressing issues as they occur, is imperative to maximize uptime of all systems. The automation of these basic IT processes can benefit your financial institution tremendously. It also frees up IT personnel to help deliver services to customers and enhance the bank’s profitability.

With today’s mounting pressures, many community banks are increasingly turning to technology service providers to help manage their IT infrastructure. Such partners bring knowledge, additional resources and expertise to help community banks control and manage their complex IT environments and operate in today’s financial services arena with a greater degree of confidence.

A technology service provider can help consolidate, automate and manage many of the administrative functions that are so time consuming for in-house staff. Automating patch management and reporting saves bank IT administrators a great deal of time. In addition, providing bankers the ability to receive live information for diagnostic or reporting purposes, as well as remote access to the network not only saves time and improves efficiencies, but also helps meet the responsibilities of banking IT managers for documenting the environment for regulators.

When looking for a technology service provider to help your bank, look for the following characteristics:

• Does the provider offer flexibility in their support services that align with your organization’s IT needs?
• Does the technology service provider have knowledge and expertise of all the regulatory requirements of financial institutions?
• Are their support center staff and system engineers well-versed in network and security technologies, as well as understand the unique technical requirements of your core banking platform and ancillary applications?

For more information about ways to improve the management of your bank’s IT network, please download our complementary white paper, Best Practices for Control and Management of your Community Bank’s Information Technology.

Summer is nearing an end, and many employees are getting out of the office for their last vacation before school starts. For the community bank IT network administrator, this can be a challenging time. If you are the only person in the IT department, it can be daunting for both you and the financial institution.

A community bank’s technological assets are every bit as valuable as the money in the vault! Today’s community bank relies on the IT department to maintain its hardware and software and to ensure all systems are available when needed. The department is also responsible for monitoring an array of on-going IT concerns like antivirus status, patch compliance and email security to name just a few.

The FDIC encourages mandatory vacation time for bank employees of all levels, so taking some time off may not be a matter of choice. So, what happens when the key individual who is responsible for this crucial aspect of the financial institution is on vacation?

Many financial institutions are turning to IT and security service providers to act as an extension of their organization and help augment internal IT resources. The right solution provider can serve as a true partner and work alongside current IT staff to manage the network and streamline technology needs. When the IT staff is out or unavailable, outsourcing select IT business processes helps fill the personnel gap and provide added peace of mind to all.



An IT and security service provider can help automate and control many of the administrative functions that normally fall to the IT department, making it less daunting for IT personnel to take time away from the office. These service providers can automate Microsoft and third party patch management and reporting, hardware and software inventory management, vulnerability remediation, and compliance-focused documentation and reporting. Providing the ability to actively monitor network information for diagnostic or security issues not only saves time and improves efficiencies, but also helps the bank extend its hours of support beyond the traditional 9 to 5 hours. This expanded presence is key for IT departments with limited staff.

The right technology service provider should offer your bank full support for the demands of today’s banking technology requirements and truly act as an extension of your internal IT department. At Safe Systems we understand the ever-growing complexity of community banks’ IT operations. By making the decision to partner with Safe Systems, your organization will benefit from time saving automation, an in-depth view of your IT network environment, and additional support in co-managing your IT operations. We want to provide you with assurance that the institution’s IT network is functioning efficiently, optimally, securely, and is in compliance with industry regulations at all times; but, especially when your institution’s key IT personnel are out of the office.

Dispelling 5 IT Outsourcing Myths within Financial Institutions

Learn why five of the most commonly believed “facts” about IT outsourcing within community financial institutions are actually myths.

Running the day to day IT network administration for a community bank is a full-time job. One of the biggest challenges is the need for constant management of multiple solutions with a limited number of people on the IT team.

The typical IT department at a small community institution has a big job with limited staff. Not only is the department expected to oversee all the administrative work of setting up and maintaining the bank’s IT network, but they are also expected to work with the security officers to ensure that every technology component that constitutes the network is compliant with regulatory guidance. The department is also responsible for monitoring an array of administrative concerns like antivirus status, patch compliance, and email security to name just a few.

Furthermore, when auditors or examiners come knocking, the IT department must be able to produce a paper trail proving that daily practices match written policies and procedures. Then comes the matter of internal oversight. The processes that make use of those technology components must also align with the institution’s high-level policies, and this is where an IT steering committee, senior management, and the board of directors come into play. In order to support strategic IT decision-making, IT managers must be able to neatly package and explain network health and technology compliance in reports aimed at this group who hold the ultimate responsibility for protecting customer data.

As these financial institutions plan for a future that is increasingly taking more banking services online and mobile, a modern community bank’s lifeblood is its technology!

To help augment internal IT resources many institutions are turning to IT and security service providers to act as an extension of their organization — seeking a true partner to work together to streamline technology needs. The right solution provider can help bridge the gap between a financial institution’s everyday network administrative functions and the big picture goals of IT compliance and infrastructure planning.

An IT and security service provider can help automate and control many of the IT network administrative functions that are so time-consuming for in-house staff. Automating patch management and reporting saves your bank IT resources a tremendous amount of time. Providing bankers the ability to actively monitor network information for diagnostic or security issues not only saves time and improves efficiencies, but also helps the bank extend its hours of support beyond the traditional 9 to 5 hours. Additionally, outsourcing these business processes can help fill the gap when the IT staff is out sick or on vacation, providing added peace of mind.

IT service providers who focus on the community bank market can also offer account managers who act as facilitators and trusted advisors to help guide technology committees and provide tools to address financial regulatory governance. These account managers have a wealth of banking IT expertise and commonly attend technology steering committee meetings, assist with IT strategic planning, facilitate the responses to pre-exam IT questionnaires, and conduct periodic self-assessments of the bank’s IT infrastructure. With this structured guidance, financial institutions can gain deeper technology insights, complete more comprehensive control self-assessments, and enhance strategic IT planning.

The right IT service provider should offer your bank full support for the demands of banking technology and IT regulatory compliance by delivering your institution a solution that encompasses the three spheres of IT policy, procedure, and documentation. At Safe Systems we understand the ever-growing complexity of community banks’ IT operations and enhanced regulatory requirements. By making the decision to partner with Safe Systems and introduce our NetComply service, your organization will benefit from time saving automation and an in-depth view of your IT network environment. We want to provide you with assurance that your institution’s IT network is functioning efficiently, optimally, securely, and, most importantly, is compliant with FFIEC regulations.

Dispelling 5 IT Outsourcing Myths within Financial Institutions

Learn why five of the most commonly believed “facts” about IT outsourcing within community financial institutions are actually myths.

Microsoft appears to be positioning Windows 10 to address the usability concerns many had with Windows 8. In theory, Windows 8 itself could be interpreted as an overreaction to the proliferation of touchscreen devices of the past few years. In an attempt to make Windows 8 an iOS competitor, Microsoft appears to have swung wide by removing the familiar Start menu and focusing more on touch-responsive UI and navigation.

Now, with the reintroduction of the Start button and a sharper focus on usability and navigation with a mouse, perhaps Microsoft can address the issues that made Windows 8 such a jolting transition. The revised Start button will function as a cross between the Start button of Windows 7 and the Start screen of Windows 8. Further, Microsoft appears to be making efforts to ensure that the user experience will be flexible enough to serve the needs of both desktop/laptop and tablet/smartphone users.

Another evolving feature that somewhat bridges the gap between usability and security in Windows 10 is the software update mechanism. Traditionally, Microsoft has provided an intermittent update cycle, through which they professed to not add new features outside of major version updates. In reality, what we have seen over the years was a major version release (Windows XP, 7, 8), and subsequent smaller updates in the form of “R2” releases or Service Packs. Windows 10 looks to introduce a more frequent update schedule that will make use of update “tracks.” This will allow administrators and users to select between a slow update speed and a fast update speed. Users on the fast track will receive updates earlier, and those on the slow track will get updates more slowly. This will bring Microsoft in closer alignment with the faster update schedule of Google Chrome, while still allowing a robust testing base. It should be noted that this paradigm only applies to feature updates. Security updates will still be deployed on a monthly basis, and the existing Microsoft Update system appears to be more or less intact in current preview versions.

Dispelling 5 IT Outsourcing Myths within Financial Institutions

Learn why five of the most commonly believed “facts” about IT outsourcing within community financial institutions are actually myths.

1. Does your hardware and software vendor understand the technical requirements of your core banking platform?

   Having the knowledge and ability to work with your core banking provider is imperative for all IT vendors that work with your financial institution. Vendors must know the inner workings of the core banking application. They should also be familiar with the various products that the core provider uses. It is also helpful for vendors to have a repository of core product specs to refer to before ordering equipment.

2. Will the vendor understand your business?

   Hardware vendors and service providers must truly understand the ins and outs of operating a community bank. For example, they must understand the priority of a customer-facing teller line and the best technology needed to deliver such service. Another thing to consider is: will they listen to your banking business needs and make a recommendation based on solving those needs, not just placing a piece of hardware?

3. Will your vendor understand regulatory compliance requirements?

   The ever-changing world of financial regulatory compliance governs every aspect of your IT network; and that includes what hardware and software you choose to deploy. In today’s banking environment, vendors must be able to make recommendations on how to manage hardware and software to meet regulatory expectations, including making sure your hardware stays under warranty and your software stays under support (i.e., when there is a critical service being run on a server, you can’t have the server warranty expire); certifying that you can always access your critical services as a part of a business continuity plan; and warranting that software is kept up to date with security updates.

   
   Read: Extending the Life of Your Hardware Maintaining hardware warranties

4. Will your vendor have a plan or are they just filling orders?

   Building an IT network without a plan is like building a house without a blueprint. In order for hardware and software implementations to be successful, bankers and vendors must agree on a plan. A smart way for bankers to move forward is developing a strategic IT plan to manage your current business and provide a foundation to support new technology and services.

5. Does your vendor have the ability to recognize and discuss trends within the banking industry?


   Technology is ever changing and it is nearly impossible for anyone to keep up with all the advancements happening day to day. Look for a partner with numerous bank clients facing similar challenges every day and one that has the experience of finding the best solutions for these challenges. Bankers need to employ new but stable technology with a focus on performance, security and recoverability.

Dispelling 5 IT Outsourcing Myths within Financial Institutions

Learn why five of the most commonly believed “facts” about IT outsourcing within community financial institutions are actually myths.