Pub. 1 2020 Issue 6

11 ISSUE 6 | 2020 These questions come from the insurance company’s loss history and are intended to help the company, and you, determine where there may be exposure. I.T. auditors and consultants also bring up various issues to help with risk management. You can ask your staff many questions to determine if there are any gaps in your loss control program. The following are just a few questions to include in a self-assessment tool. More procedures and controls are available upon request, along with examples of losses. • Are employees working from home using bank-owned computers? • If the website links by any means to any other website, has permission been granted or a link license been obtained? • Does someone regularly review activity on social media? • Are logical access controls (user Ids and passwords) in place to allow only authorized employees to access the network? Are the passwords changed every 120 days? Diana Poquette UNICO Group, Inc. 402-499-1011 dpoquette@unicogroup.com • Is the website’s content reviewed to ensure mandatory legal disclosures and relevant regulatory and compliance issues have been adequately addressed? • Has the internet banking strategic/business plan been reviewed and approved by the board of directors annually? • Has the disaster recovery plan been modified to include internet banking and other electronic activities? • Have the internal and external audit programs been updated to specifically address internet banking and electronic activities? • Is software used to manage or monitor employee email content, file downloads, or unsolicited email (SPAM) activities? • Has publicly obtainable information such as date of birth, social security number, mother’s maiden name, etc. been removed from the list of authentication options? • Are exception reports generated and reviewed daily, which would reveal: (1) restricted transactions, (2) correcting and reversing entries, and (3) unsuccessful attempts to access the system or restricted information?  Together, you can determine what coverage you really need and what you are willing to pay for the additional options.