NOTICE to ALL FDIC-Supervised Institutions: Statement Issued
Re: Heightened Cybersecurity Risk
We’ve all seen the rise of cybercrime – in the news, throughout articles on the internet, and in some cases, in our own businesses with an influx of phishing emails and other threats on the network. As a result, the FDIC and the Office of the Comptroller of the Currency issued a statement to all FDIC-supervised institutions, including community institutions, regarding the heightened cybersecurity risk and how to address it. In the document, they cover the following important topics:
- Data protection
- Security tools
- Employee training
- Business resilience
- System configuration
The document mentions specifically that “while preventative controls are important, financial institution management should be prepared for a worst-case scenario and maintain sufficient business continuity planning processes for a rapid recovery, resumption, and maintenance of the institution’s operations.”
Attacks Against Financial Institutions Are Becoming More Destructive and Disruptive, So How Can You Manage Threats?
It’s no secret… Attacks against financial institutions are becoming more destructive and disruptive than ever before. It’s important to reevaluate all safeguards currently in place to ensure they’re strong enough to prevent the occurrence of ransomware and other threats, such as malware or viruses. We strongly urge all financial institutions to follow the recommendations found in the document. Here are a few highlights:
Create a plan that incorporates resiliency and recovery
Financial institutions should incorporate resiliency and recovery into their information technology environment to prepare for the worst-case scenario. This means you’re prepared to recover from any sort of cyber attack with:
- A comprehensive data backup and business continuity plan that keeps systems and data backed up onsite and in the cloud for quick and easy recovery within a moment’s notice.
- A cyber-insurance plan that ensures you’re covered in the event of a loss resulting from cybercrime while also identifying and mitigating all types of risk exposure.
- A regular schedule in terms of testing your data backup and business continuity plan to ensure it’s capable of recovering all of your information and systems without failure.
Implement identity and access management controls
Financial institutions should implement identity and access management systems, which are designed to ensure the proper people have access to appropriate resources and data for their jobs as they:
- Outline role-based access controls to limit permissions on an “as-needed” basis so employees only have access to the information necessary to do their jobs.
- Limit administrator and other privileged user accounts to ensure they’re only used as needed.
- Use multi-factor authentication wherein users require a password and some other form of identification to gain access to accounts.
Pay attention to the configuration/security of all network-connected devices
Financial institutions should pay close attention to the configuration and security of any and all network-connected devices. This means applying security updates and patches, implementing monitoring tools, and overall, keeping them safe as you:
- Disable all unnecessary services, protocols, and ports to ensure only approved network components are allowed.
- Document and approve security configuration standards regarding all systems and operating systems.
- Perform vulnerability scans on a regular basis to ensure all systems are up-to-date and safe.
Read the full document here or get in touch with us at (615) 600-4411 with any questions. Kraft Technology Group is your team of trusted IT professionals for financial services firms throughout Nashville.
Like this article? Keep reading…