40 JULY / AUGUST 2020 OPERATIONS / TECHNOLOGY As healthcare experts work to mitigate the COVID-19 pandemic, the banking industry is faced with fighting other viruses. Cyberattackers are known to be opportunistic, pouncing during times of anxiety and uncertainty. Rest assured, they won’t let up once the coronavirus has run its course. While information technology directors had been focused on processing huge volumes of Small Business Administration loans and continue to assist bankers working remotely, computer virus and malware threats are on the rise. If not handled effectively, this could threaten the security of the financial system. Dr. Anthony Fauci, head of the National Institute of Allergy and Infectious Diseases, cautions that Americans need to prepare for the possibility that COVID-19 could return — or even become a seasonal disease. With such prospects, savvy bank directors should familiarize themselves with their institutions’ data security and technology infrastructure. Here are six points to consider when assessing the future of banks’ information security system: 1. Look again at business continuity plans. Although your bank utilized its business continuity plan during the pandemic and was able to develop workarounds to configure remote work capabilities, it probably did not consider the immediate worldwide demands for laptops and network hardware needed to configure remote work capabilities. Nor did these plans likely consider supply chain interruptions when factories shut down in Asia, where the virus was first Guarding Against Virtual Viruses In a pandemic environment detected. The lesson: If you wait until the next global emergency occurs, you might be too late. Plan now. 2. Consider the increased risk with more employees working remotely. The larger the inventory – coupled with less control of who uses the computer – the tougher it is to protect. An even more concerning practice is allowing bank employees to use personal computers to access bank networks. Firewalls, spam filters, antivirus software and other security measures should not be determined by individual employees. The Cybersecurity and Infrastructure Security Agency has issued guidance related to remote work and defending against COVID-19 scams. One of its tips is to ensure virtual private networks, or VPNs, have the latest software package and configurations, and that current antivirus software is installed and up to date. Multifactor authentication is another must-have for protecting your bank’s network. 3. Make sure you have enough IT support. Even before COVID-19, there were not enough qualified technical staff to fill available positions. The increased demand for remote connectivity has further stretched IT departments. Make sure your technology department is fully staffed, or has access to qualified outside help. 4. Be sure employees are hyper-vigilant. Attackers hope that more distance between coworkers will equate to guards being lowered. Ensure that employees are regularly reminded of social engineering, email and other current threats to increase top-of-mind awareness of cybersecurity. Robert Mendez Vice Chairman BankOnIT rmendez@bankonitusa.com BankOnITUSA is an associate member of the Indiana Bankers Association.
RkJQdWJsaXNoZXIy MTg3NDExNQ==