Cybersecurity has become an increasing issue for many companies and organizations. It’s no longer a matter of whether or not there is a possibility that your bank will be attacked by a virus, hacker, or other threat, but rather, a matter of when that threat will appear. In October 2018, the FDIC released FIL-63-2018 to assist community banks with cybersecurity management. Have you improved the cybersecurity standards throughout your bank? Are you protecting both your bank and your customers? FIL-63-2018 is designed to provide you with the information you need to move forward.
Information Technology Disruptions: What’s the Risk?
As a banker, you’re highly familiar with a wide range of factors that can threaten your bank and your bank’s customers: changing interest rates, market disruptions, and more. You may not, however, recognize how information technology disruptions can threaten both your customers and your community bank.
Poor customer service. Today’s customers expect a bank that is always working for them: a bank that they can access when they need it, and where they can take care of basic banking services exactly when they expect to be able to take care of them. When you’re attacked, whether through a denial of service or other disruption, you miss out on that opportunity.
Drop in reputation. Your bank is only as good as its reputation. If cybersecurity threats cause you to lose customer funds, disrupt services, or provide poor customer service, your reputation will quickly suffer. Many clients love the personal feel of a community bank, but they expect you to take care of them just as well as a large institution. Not only will customers turn to other institutions if your bank is unable to provide them with the service they expect, they will warn others away, too–and for a community bank, that can be catastrophic.
Inability to carry out basic functions. When a cybersecurity threat shuts down your bank, you may quickly lose basic functions. You may not be sure what systems are impacted, or you may find that you’re simply unable to take care of basic operational functions. Do you have backups in place that will allow you to continue to function or to return to business quickly in the face of data loss, or will you be left struggling?
Financial damage. Your bank may be responsible for financial damage done to your customers as a result of online threats, especially if you failed to protect them appropriately. Worse, you may suffer other financial damages as a result of the attack. If your employees are unable to work, they may sit on the clock, paid to accomplish nothing. You may need to bring in professionals to take care of the cyber attack. You’ll need to make reparation to your customers. The cost of a successful cyber attack can mount quickly–but stopping it in its tracks, before it hits, can help protect both your bank and your customers.
In order to protect your bank, it’s important to minimize all types of disruptions–including potential technology disruptions. It is, therefore, more critical than ever that you take the steps necessary to provide proper cybersecurity protection.
Cybersecurity may be an ongoing challenge for many institutions, but unfortunately, it’s also one that gets all too little notice. Many banks aren’t even sure where to begin the discussion about cybersecurity, much less how to implement more effective security measures throughout the facility. Cyber Challenge is designed to help change that: to start the conversation and provide bank managers with vital information about how to protect their customers, their data, and their funds.
Cyber Challenge presents nine unique scenarios, presented as videos, and a series of challenge questions that go with them. Through each video, a new challenge is presented: phishing emails, unauthorized withdrawals from corporate accounts, problems after updates, denial of service attacks, and more. After the video, several questions are presented that allow watchers to assess the situation, determine how their bank would respond, and determine what tools they need to put in place in order to better face potential future challenges.
Cyber Challenge is not a requirement for community banks. Rather, it is a useful and valuable tool: an opportunity to start moving forward with cybersecurity throughout your community bank. Do you know how to respond if you suspect an unauthorized withdrawal on a customer account? How long will your bank remain out of service if you experience a denial of service attack? With Cyber Challenge, you’ll get a better idea of the tools, resources, and procedures that need to be in place throughout your bank.
The Cybersecurity Assessment Tool
Do you know whether or not your bank is genuinely secure? Have you taken the steps necessary to secure your bank, protecting it from threats from the outside? The Cybersecurity Assessment Tool developed by the FFIEC is designed to:
Understand potential risks
Examine openings in the security of a specific bank
Learn more about how to close those gaps
The Cybersecurity Assessment Tool is an excellent first step in improving security throughout the bank, both in terms of physical security and in terms of online security. It helps close both obvious holes and identify patterns, like failing to properly and effectively back up data or failing to keep up with the latest updates on software used throughout the bank, that can decrease the bank’s overall security.
Like Cyber Challenge, the Cybersecurity Assessment tool isn’t a requirement for any bank. Rather, it’s an opportunity: an open door that allows you to get a better look at exactly what your bank needs in order to offer peace of mind and financial security to your customers.
–but you still need to provide your customers with the highest possible level of protection. If you need more help, contact us today to learn more about our Nashville-based IT services designed for financial institutions and how we have assisted other financial services companies with these vital elements of preparedness. We have Certified Community Bank Technology Officers on staff ready to serve you.
Brian Gray, MCP, is the President at Kraft Technology Group, LLC (KTG), an affiliate of KraftCPAs PLLC. Within his role, Brian is responsible for all aspects of service delivery to our clients. Brian has a decade of experience working for managed service providers. He has worked with clients in a variety of industries, including financial services, accounting, legal, healthcare, manufacturing, and retail.