Pub. 6 2016-2017 Issue 3

O V E R A C E N T U R Y : B U I L D I N G B E T T E R B A N K S - H E L P I N G C O L O R A D A N S R E A L I Z E D R E A M S November • December 2016 21 sites appropriate to visit in the workplace, and signs that a seemingly safe websitemay in fact be a repository for malware. Update Software – The most basic structural protection against infection is to maintain up-to-date antivirus software and ensure that operating systems and software are updated with the latest security patches. What can my bank do now to prepare for a ransomware infection? Incident Response Plan – Banks should have a plan in place to deal with a data security incident. The team that pre - pares the plan should be led by outside counsel (to maximize potentially applicable privileges) and include key stakeholders from information security, operations, compliance, legal, marketing and HR. As part of this process, banks should pre-engage outside vendors such as security forensic firms, credit monitoring services, and call center/mailing services. A tabletop exercise is a good way to test your plan on an an - nual basis. DataBack-Up andTesting – Banks should performregular back-ups of all critical information. This will limit the impact of data or system loss and will help expedite the recovery pro - cess. Segregate back-ups from the network in multiple places including a file server, a local hard disk, a cloud-based backup and/or a remote access center. Further, to minimize the risk of disruption, test back-ups on a regular basis to confirm that the data is restorable with full functionality of the replicated network systems. Compromise Assessment – Every bank should retain an out - side security firm, at the direction of counsel, to perform a compromise assessment. These assessments allow the bank to know whether they are, have recently been, or are about to be the victim of a cyberattack. The average time between hacker penetration and information exfiltration is 209 days. A compromise assessment minimizes this risk. Need additional information? The FFIEC website (www.ffiec.gov/cybersecurity.htm) has informative reference materials, including a useful cyberse - curity assessment tool. n Dan Rohner and Camila Tobon are attorneys in the Denver office of Shook, Hardy & Bacon LLP, and are members of Shook’s Privacy and Data Secu- rity Team. Dan is a commercial litigator who has represented banks and other financial institutions for nearly 20 years. Camila is the Director of the firm’s International Data Privacy Task Force and assists clients in developing and managing privacy programs. Congratulations 2016 Graduates from Colorado We congratulate you on completing the rigorous 25-month program and joining the more than 20,000 alumni who have gone on to leadership positions in their organizations, associations and the financial services industry. Best wishes for continued success! 5315 Wall Street #280, Madison, WI 53718 | Ph. 800-755-6440 | Please visit gsb.org Sponsored by: Educating Professionals, Creating Leaders Ty Keller Lakewood FirstBank Ryland Percy Lakewood FirstBank Katie Schmidt Lakewood First Bank Jake Wuest Arvada FirstBank GSB_GradAd_Colorado_0916.indd 1 9/7/16 7:42 AM