Mike Gilmore is the Chief Compliance Officer of RESULTS Technology and a Certified Information Systems Auditor (CISA) with more than 30 years of experience in the banking industry. RESULTS Technology provides IT services to community banks across the Midwest. In his role as CCO, Mike provides compliance and risk assessments, audit and exam support and policy documentation. He can be reached at mgilmore@resultstechnology.com. Is It Really That Effective? Yes, But Nothing Is Foolproof! When MFA was first gaining steam, Microsoft claimed it could stop 99.99% of data breaches. But like most things, especially when it’s concerning cybersecurity for banks, cybercriminals quickly got to work finding ways around it. So while you can’t have a near-perfect guarantee, MFA is still highly effective. Many bank employees may think that the biggest cybersecurity risk comes from a customer’s account being hacked or from someone accessing the bank’s main data frame. But hackers aren’t interested in those hard-to-reach targets. Instead, they might find an employee’s email login information and, without MFA, make it into their account. But that’s not their target — your employee’s compromised account is just the Trojan horse. With the credibility of an employee’s account, they’ll send emails to coworkers and customers. Once they have an email address and password, the attacker can eavesdrop on your email accounts. With the credibility of your employee’s account, they can quietly collect private data from your customers or internal staff for months without detection. Through this process, they can request private information, rewire payments to go into their own account or infect thousands of more computers with a phishing email. The possibilities are endless when it comes to social engineering. If they’re successful, your bank will risk everything from lost income due to reputational damage — in the age of information, mistakes are amplified, which could put your company at an extreme disadvantage. But with multi-factor authentication as a layer of your cyber defense, you could stop the criminal before they have a chance to wreak havoc. Do I Need a Paid Service, or Can I Get the Same Security for Free? If you’re feeling the strain of cyber threats but don’t have the resources to have a cybersecurity provider, most apps and tools have an MFA feature. To improve your security today, you should go through each of your vendors — VPN, Gmail, Outlook, Dropbox, DocuSign — anything you access online, and implement MFA. You won’t have to spend any money, and your cyber posture will have straightened up immediately. The downside to these free options is that there’s no guarantee of how secure the authentication process is. You won’t be able to track what devices are being used or who has access. Another downside is that they will all vary in how they’re implemented and used, so you’ll need to remember to audit your MFA security often to ensure it’s always in use. You’ll also have to log in and do the authentication for each app separately, which can be frustrating. Free options work in a cinch but shouldn’t be the extent of your MFA strategy. This is especially the case since not all systems provide a free option. Instead, try to collaborate with an IT provider that specializes in cybersecurity for banks. They’ll set up a paid version of MFA that coordinates between all your applications and gives you insight into the following: • What devices are connected to your accounts? • Who is accessing the system? • Is there unauthorized access? • Where are people logging in? A paid service will also allow you to remember devices for a few months at a time and set up an automated authentication process, so you don’t have to do any extra steps. Multi-Factor Authentication Is a Worthy Investment — Make the Most of It. When it comes to cybersecurity for banks, there’s no silver bullet. You need multiple layers of defense, and MFA should be one of them. It only takes a few seconds to do this extra step — and it could save you from a world of hurt. These days, you need MFA to protect yourself against rising cybercrime. If you neglect this essential security measure, you’re opening yourself up to the full brunt of reputational damage in the age of social media. In addition, the time you spend verifying your identity is nothing compared to the cost and hassle associated with recovering from a data breach. Please reach out if you have any questions or need help at (913) 347-6497 or visit www.resultstechnology.com. 9 In Touch
RkJQdWJsaXNoZXIy ODQxMjUw