Blog Posts

The concept of a virtual information security officer (VISO) has been gaining more traction with regulators and financial institutions. In the past, regulators have said very little about institutions using a virtual ISO. But recently, the Federal Deposit Insurance Corporation (FDIC), Office of the Comptroller of the Currency (OCC), National Credit Union Administration (NCUA), and […]

As financial institutions increasingly rely on outsourced providers, third-party management is becoming a more critical aspect of managing risk. Institutions depend on third-party providers for a variety of essential services, including technology, operations, and marketing. And while these entities offer significant benefits, such as cost savings and improved efficiency, they also pose a substantial risk. […]

It can be challenging for financial institutions to lose an information security officer (ISO)—particularly for smaller community banks and credit unions. Since ISOs have broad responsibilities relating to data security and other vital areas1, they play a critical role within the organization. Therefore, institutions must have a well-defined plan in place to keep an ISO’s […]

Pending interagency guidance on the management of third-party relationships will significantly alter how financial institutions (FIs) handle risks related to external service providers. The new guidelines will increase the complexity and responsibility of third-party management for banking organizations in the near future. These standards will apply to all financial institutions—including community banks—with third-party relationships.1 The […]

Multifactor authentication (MFA) is not a static, set-it-and-forget-it process. Financial institutions must constantly monitor—and make necessary adjustments—to ensure effectiveness so that only authorized users are accessing their network, data, and services. MFA Methods and Risk Some of the most common MFA methods, particularly with Microsoft Azure are: FIDO2 security key Microsoft Authenticator app Windows Hello […]

Phishing attacks are becoming more complex—and successful—making them more problematic for companies to combat. As a prime example, a recent phishing scam has been circumventing multifactor authentication (MFA) to successfully breach multiple companies. The attacks, which seem to be targeting banks and credit unions, are a stark reminder of the constant cyber threats that financial […]