Pub. 11 2021-2022 Issue 6

weakness. To create a cybersecurity-focused culture, ensure employees are familiar with the latest threats and know how to identify the warning signs. If employees fail social engineering tests, revisit your strategy to provide real examples of phishing as well as incentives for employees to do their part. 2. Raise Customer Awareness: Only 18% of bankers identified customer cybersecurity training as a top tactic in 2022, but it’s important to remember that banks benefit significantly from an informed customer base. Since customers, especially those newest to digital banking, are another component of the “people factor,” institutions must ensure they reinforce the importance of good cyber hygiene through cybersecurity awareness programs, which could include videos and gamification. 3. Update Your Incident Response Plan (IRP): Institutions must consider all the operational, financial and reputational implications of being held hostage to ransomware. Your bank’s IRP should include planning for data and system backups, communication plans, business continuity plans if employees or customers are unable to access your systems and dealing with the attackers. You don’t want to confront those issues for the first time during a ransomware attack. With 23% of bankers reporting IRP testing as a top tactic to combat cyber threats, remember that maintaining a tested IRP puts your bank in a stronger position to withstand an attack. 4. Conduct Vendor Due Diligence: Even if your internal systems and employees are prepared for a cybersecurity attack, your bank is vulnerable if an external vendor does not adhere to the same defense standards. Appropriate cybersecurity due diligence and regular monitoring should be conducted on all third-party vendors, especially any external vendor who has access to your sensitive data or systems. This process is critical to mitigate risk of supply chain attacks, which have surged in the past year. 5. Implement Multi-Factor Authentication (MFA): Incorporate MFA into all applications where employees – or customers – must enter their credentials. With MFA, multiple authentication factors are required to verify a user’s identity, preventing unauthorized account access. This verification strengthens resiliency and provides an effective defense against the two largest threat vectors: social engineering and phishing. When confronted with this extra obstacle, many hackers will move to a less secure target. Maximize Protections with a Layered Approach to Cybersecurity As institutions navigate the changing cybersecurity landscape, embracing a layered approach to cybersecurity will maximize protections for your bank. Implementing multiple layers of security – including cybersecurity training and tools – makes it more difficult for cybercriminals to infiltrate your systems and keeps employees and customers secure. Download CSI’s 2022 Banking Priorities Executive Report for additional insight into bankers’ perceptions of cyber threats, technology, compliance and more. Steve Sanders serves as CSI’s chief information security officer. In his role, Steve leads CSI’s information security vision, strategy and program and chairs the company’s Information Security Committee. He also oversees vulnerability monitoring and awareness programs as well as information security training. With over 15 years of experience focused on cybersecurity, information security and privacy, he employs his strong background in audit, information security and IT security to help board members and senior management gain command of cyber-risk oversight. As institutions navigate the changing cybersecurity landscape, embracing a layered approach to cybersecurity will maximize protections for your bank. Implementing multiple layers of security – including cybersecurity training and tools – makes it more difficult for cybercriminals to infiltrate your systems and keeps employees and customers secure. Continued from page 19 www.coloradobankers.org 20

RkJQdWJsaXNoZXIy ODQxMjUw