written by Chris Griesemer

This past June, Tom Beisner and I went to Boca Raton to attend the Finance and Accounting Forum for Financial Institutions coordinated by The Financial Managers Society (FMS).

The keynote speaker, Louis Hernandez, Jr. was the highlight of the forum. Louis is an advocate for community banks and author of Too Small to Fail. His presentation focused on how the global economy is changing and how banks can prepare for the future. He explained how important education is and shared an astonishing statistic: China and India both have more honor students than the U.S. has kids. He also explained how the cost of doing business for banks has increased and key areas banks can focus on to remain competitive in the future. I am including a link to Louis’ presentation and notes. I highly recommend viewing this impressive presentation. Click here to view the link.

Peter Viglucci, Director of Technology at P & G Associates, had an interesting presentation on Trends and Challenges in IT Security. He explained the importance of risk assessments and the controls in place to mitigate high risks. He said one of the most common controls missing in community banks is the centralized patch management server only updating Microsoft products. Adobe and Java are normally not centrally patched and unfortunately are the most patched programs on workstations. I have to agree with Peter. After running vulnerability scans on banks, over 65% of vulnerabilities are a combination of an adobe product and Java. Keeping those 3rd party programs patched would greatly improve vulnerability scan results.

Another control Peter discussed was website monitoring. He speculated that most community banks outsource their website hosting and believe that their webpage is safe. On top of that, hacking a bank website doesn’t give hackers access to any customer information. Although there is no customer information on bank websites, a hacker could deface the website and ruin a banks reputation or a hacker could manipulate the site so that a link could be added that would take a customer to a website used to gather personal information. He believes banks should have some form of automated email sent to them after a webpage has been updated. This control would allow banks to monitor all changes made to their website.

Risks were definitely the main topic, but new technology was also discussed. There are now multiple banks using board management software for iPads that allow board members to follow the topics of the board meeting on their iPad. One piece of software that was discussed was Diligent Board. And finally, social media and the risks associated was a hot topic as it was mentioned in almost all presentations I attended. I will save that topic for next month.

The conference was outstanding and I look forward to attending next year. If you have any questions, please don’t hesitate to email or call me.

By Chris Griesemer, IT Security Specialist