Tag: security services

15 Jul 2021
Cybersecurity Shouldn’t Be Keeping You Up at Night

Cybersecurity Shouldn’t Be Keeping You Up at Night

Cybersecurity Shouldn’t Be Keeping You Up at Night

There’s been a notable uptick in cyberattacks in recent years, some of which have drastically impacted institutions’ overall security. At Safe Systems, we believe that proactively protecting customer data will always be more cost effective than falling victim to malicious activity.

From malware and ransomware to managing security needs, we’ve got you covered on how best to protect your financial institution against any type of cybersecurity threat. After all, that’s why we’re here, right?

Make sure cybersecurity isn’t your institution’s weakest link by taking a look at our original blog post on the matter here.

08 Apr 2021
Why Security Solutions Fail and What Your Financial Institution Can Do to Stay Safe Featured Blog Image_Header Image

Proven Security Solutions to Keep Your Financial Institution Safe from Cybersecurity Threats

Why Security Solutions Fail and What Your Financial Institution Can Do to Stay Safe Featured Blog Image_Header Image

Like many other professional industries, the financial sector of business was forced to work from home due to the COVID-19 pandemic. With an unprecedented number of employees still working remotely, now more than ever financial institutions are susceptible to a cyberattack. The increased threat of a security compromise has prompted financial institutions and other organizations across the country to increase their cybersecurity posture to help prevent a future attack.

In a recent post, Safe System’s guest blogger, Keith Haskett, president and CEO of Rebyc Security, discusses 5 reasons security solutions fail, such as lack of multi-factor authentication or improperly configured spam filtering and what you can do to keep your institution safe. In case you missed the full blog, view it here.

09 Sep 2020
Why Security Solutions Fail and What Your Financial Institution Can Do to Stay Safe Featured Blog Image_Header Image

Why Security Solutions Fail and What Your Financial Institution Can Do to Stay Safe

Why Security Solutions Fail and What Your Financial Institution Can Do to Stay Safe Featured Blog Image_Header Image

From the beginning of the pandemic, the financial sector has seen a rising number of security threats. With more employees working remotely and increasing their online activity, cybercriminals are finding success using attacks like phishing and social engineering to take advantage during these uncertain times. These attacks have prompted financial institutions and other organizations to improve their cybersecurity posture and protect against future attacks.

Financial institutions make significant investments to protect their networks especially as their workforce has turned to digital channels for remote work. However, there are a few additional security measures that often get overlooked.

In this blog post, we discuss 5 reasons why security solutions fail and what you can do to keep your institution safe and combat malicious attacks.

Improperly configured spam filtering/web filtering solutions

Every financial institution uses some form of spam filtering and web filtering solutions. However, IT personnel often set these solutions up, configure them, and then may not test them again, which creates vulnerabilities over time. Financial institutions must check to make sure these solutions are configured properly and understand all of the security features available to them to use these tools at full capacity.

Lack of multi-factor authentication for ALL accounts

Multifactor authentication (MFA) is crucial for financial institutions to protect against unauthorized access to the network and email accounts. In fact, a report from Microsoft has determined that 99.9% of account compromises can be blocked with MFA, but the overall adoption rate remains low.

Financial institutions often experience difficulties implementing an MFA program for their staff because it can be a time-consuming project and often requires staff to use their own personal devices. It is important to understand the different types of MFA solutions available and identify the one that works best for your staff. While there is variance among MFA solutions in terms of strength and security, having at least some form of MFA greatly enhances your security posture.

Lack of security coverage enterprise-wide

Not just IT, but everyone within the organization, should be practicing cybersecurity best practices to keep the network safe. Employees are often the weakest link when it comes to security and cybercriminals prey on these individuals to gain access to non-public information. Without proper training, your staff may not have the skills and awareness to spot security threats and handle them in the appropriate manner. Investing in security awareness training can provide them with the knowledge and expertise to combat malicious threats and ensure that the entire enterprise is working towards this goal.

Accessing external resources (Gmail/Dropbox)

When employees use external resources like Google Drive or Dropbox for file sharing, it can be difficult for IT personnel to control “what” data is going “where.” Cybercriminals are also using these file sharing tools to trick users into clicking links to fake websites to steal login credentials and then slip by corporate security protections.

To mitigate these issues, financial institutions can use credential theft protection tools to block usernames and passwords from leaving the organization. Even if a user fails to recognize the threat, these tools provide protection on the backend to keep the information safe.

Utilizing corporate resources remotely

With many employees working from home during the pandemic, financial institutions must take extra care to ensure the network is protected. It is important to understand how employees are connecting to the network; what devices they are using; and ensure that those devices are secured. Some employees may be using personal devices or public Wi-Fi to access the network. These are high risk behaviors that can have detrimental impact on the institutions if attackers are able to exploit vulnerabilities through these entry points.

As employees continue to work remotely, they should be using corporate devices; avoiding public Wi-Fi; and accessing the network through a virtual private network or another secure remote access device. Ultimately, it will be staff’s ability to reference remote access policies and practice appropriate cyber hygiene on remote devices that helps keep their institution secure.

Keith HaskettKeith Haskett is the president and CEO of Rebyc Security and is responsible for executing their strategic plan. After several years leading the Risk and Information Security Consulting Services practice at CSI, he co-founded Rebyc to deliver offensive security solutions customized to meet the needs of the highly regulated, financial services industry. His teams have delivered over 2,000 engagements to financial institutions nationwide.

For more information on protecting your institution from security threats, view Rebyc Security’s recent blogs.

04 Aug 2020
Maintaining Information Security to Combat Cyber Attacks

Maintaining Information Security to Combat Cyber Attacks

Maintaining Information Security to Combat Cyber Attacks

As banks and credit unions continue to work to keep all employees and customers/members safe during the pandemic, information security should be a top priority. Because many businesses and consumers have shifted towards digital channels, threat actors have launched a new wave of attacks specifically targeting financial institutions and other financial activities. According to VMware Carbon Black, attacks against the financial sector increased 238% globally from the beginning of February to the end of April. Protecting your institution’s nonpublic personal information is critical as we continue to move forward in a heightened security threat landscape. Here are a few things to keep in mind:

CIA of Information Security

Information security focuses on ensuring the Confidentiality, Integrity, and Availability of virtually all forms of information. It involves protecting digital and physical data from unauthorized access, use, disclosure, disruption, modification, inspection, recording, or destruction. Some of the most serious—and alarming—threats to information security are data breaches, malware, and phishing.

  • Data Breaches
  • With data breaches, sensitive, confidential, or otherwise protected information is accessed or inappropriately disclosed. The negative impact of such a breach can result in diminished customer loyalty, a tarnished brand image, and loss revenues and profits. These adverse effects can last for years—with some companies never recovering.

  • Malware
  • Malware is any piece of software that was written with the intent of damaging devices and/or stealing data. There are many different types of malware including, viruses, trojans, spyware, and ransomware. Fintech holds a special interest from the malware community-at-large. According to cyber threat intelligence company Intsights, 25 percent of all malware targets financial institutions.

  • Phishing
  • With phishing, cyber attackers use fraudulent emails and websites to solicit people’s credit card numbers, passwords, account data, and other personal information. Financial institutions are common targets of phishing scams that are engineered to trick victims into disclosing their information.

Best Practices for Information Security

Security threats can affect financial institutions through numerous weaknesses. So institutions should take a layered approach by using a combination of security measures, policies, and procedures. According to the FFIEC IT Handbook’s Information Security booklet, common layers in security controls should include:

  • Patch management
  • Asset and configuration management
  • Vulnerability scanning and penetration testing
  • Endpoint security
  • Resilience controls
  • Logging and monitoring

However, since humans are often considered to be the first—and best—line of defense for preventing cyber-attacks, employees need to receive the proper education and training on the latest scams and techniques. By teaching staff how to detect suspicious emails, links, and websites, financial institutions can significantly strengthen their security and avoid unnecessary trouble. The more user training an institution provides, the lower the success rate of phishing attacks against that institution. Ultimately, an institution’s approach to security will depend on the assets it is protecting, along with its unique vulnerabilities, operation, and strategic objectives.

For more information, download our complimentary white paper, “Top 10 Banking Security, Technology, and Compliance Concerns.”