or corrective actions need to be implemented. The fraudsters want to use time against you and will use a variety of pressure tactics to push you to make a hurried, reactive decision. Your carrier is familiar with these tactics and will advise you accordingly. TO PAY OR NOT TO PAY Your board and senior management should discuss ahead of any ransomware incident whether the bank will pay a ransomware demand. One factor to consider is that all organizations are prohibited from paying individuals or entities on the OFAC SDN List. But what about fraudsters that are not on that list? With viable backups allowing the bank to restore its systems and recover its data, insureds are encouraged not to pay. A ransomware incident involving encrypted data will trigger the need to notify customers of a potential breach whether or not you pay a ransom to the bad actors. Plus, not all fraudsters will provide decryption keys after a ransom is paid, thus opening the door for repeated monetary demands even if you pay the initial demand. WHAT EXPENSES ARE COVERED BY CYBER INSURANCE? Not all cyber policies are the same, so your bank should review its policy carefully. Many of the following expenses may be covered (subject to the policy retention or deductible): • Attorney costs to determine obligations under breach notice laws. • Computer security expert and forensic investigator costs to determine the extent of the suspected breach. • Costs to notify impacted individuals. • Credit monitoring expenses. • Call center services. • Data recovery costs. • Ransomware payments. • Business income loss/ extra expenses. • Reputation loss. • Regulatory defense expenses. BEST PRACTICES TO PREVENT A RANSOMWARE ATTACK The following are tools to strengthen your bank’s protection against a ransomware attack: 1. Reduce Authentication Risk: Consider implementing the following to lower the risk of compromised credentials across network users: • Stronger minimum password length requirements for network users. Non- administrative users should have 14-character minimum complex passwords, and administrative-level users should have password requirements of at least 24 characters. • Multi-factor authentication (MFA). At a minimum, privileged accounts, such as network administrators, should be required to authenticate with MFA. The wider the deployment of MFA throughout your institution, the better. • Credential management tool. With the ever-increasing number of credentials that users must manage, consider a credential management tool to improve the strength of passwords and reduce your users’ reused passwords. 2. Implement with Least Permission: Restrict user permissions to the level of the duties of the job only, limiting network access to potential attackers. 3. Increase Network Visibility: Implement Security Incident Event Monitoring (SIEM) for faster analysis during a crisis. In addition, implement an Endpoint Detection and Response (EDR) or Managed Detection and Response (MDR) platform to monitor the network 24/7 for suspicious activity and to isolate endpoints with potential threats. Such tools will dramatically reduce the response time to an incident and stop an unpleasant situation from worsening. 4. Employee Education: The enduser is the most vulnerable aspect of network security, so regular training on phishing, security threats and incident response protocols is essential to protecting your bank against bad actors and limiting potential damage. 5. Additional tools: Use VPN technology for remote access, make sure your patch management is timely and utilize offline, air-gapped backups. REVIEW YOUR CYBER INSURANCE PROTECTION ANNUALLY Your bank’s cyber risk is rapidly changing and evolving, and you should be reviewing your cyber insurance protection at least annually to determine if the coverage and limits continue to meet your bank’s exposures and needs. Note: All products and services represented on this page are not insured by the FDIC or any other federal government agency, are not deposits of or guaranteed by the Bank or any Bank affiliate and may lose value. United Bankers’ Agency, the insurance division of UBB, can help you find the best cyber insurance plan for your community bank’s needs. To request pricing and additional information, visit www.ubbinsurance.com or contact Tim Henry at tim.henry@ubb.com. Community Banker 19
RkJQdWJsaXNoZXIy MTg3NDExNQ==