written by Chris Griesemer

Recently I had the opportunity to speak with an FDIC examiner about IT reviews and what is in store for banks in the future. He explained the FDIC has increased the review process because of the cybersecurity threats happening over the past 2 years. They are taking more people on site and trying to dig a little deeper into the IT security of a bank. The following are some areas banks should look into:

Remote Users
When it comes to remote users, it is important to verify they are using secure connections. Obviously a VPN is recommended but how the VPN process works is also important. When users log into the VPN, are they using the same username and password they would use to log into their computer? It is recommended that a VPN username and password be different than the Windows login.

Data Loss Prevention
Making sure data is secured is getting more difficult. It is important to verify users don’t have the ability to take bank data without permission. It is recommended banks secure USB ports and read/write DVD drives, but with new technology services like dropboxes, Microsoft Onedrive and Google Drive, it is important to mitigate these online storage locations also.

Intrusion Response Plan
It is recommended banks should add cybersecurity threats such as DDOS, phishing, hacker account takeover and man in the middle and ransomeware attacks to the Intrusion Response Plan. Management should develop procedures to help identify signs of a potential intrusion, steps to take to contain the incident and help preserve evidence. And of course, training should be implemented to help identify a possible breach.

Vendor Remote Access
When a vendor needs to access the bank network remotely, controls need to be implemented to help mitigate possible security breaches. It is recommended to implement log files for remote vendor logins. It is also recommended remote vendors are only allowed to login after the bank has enabled access. In other words, remote vendors don’t always have the ability to login. Something has to occur at the bank for the vendor to gain access.

Firewall Access
Several banks have outsourced network operations to a managed service provider. In many cases, the managed service provider is handling firewall upgrades and modifications. It is recommended to make sure the bank has administrative access to the firewall just in case the managed service provider goes out of business or is terminated.

Cybersecurity Threat Intelligence Program
It is recommended banks should create a cybersecurity threat intelligence program that describes the process of protecting information by preventing, detecting and responding to DDOS, phishing, hacker account takeover and man in the middle and ransomeware attacks.

Tabletop Tests
Many banks perform tabletop tests on the banks business continuity plan. This allows the bank to bring up a specific situation, use the business continuity plan and see if the plan actually addresses the disaster effectively. It is recommended to add cybersecurity threats to the tabletop process. Simulate a phishing attack or DDOS attack and see if your business continuity plan is prepared. This also allows you to see if your incident response plan is effective.

Preparedness for cybersecurity threats is definitely under scrutiny. Make sure you address these issues before your next exam and make sure you have completed the cybersecurity assessment tool. If you have any questions or need help, please don’t hesitate to contact me at 417-881-0145.