Pub. 16 2019 Issue 1

Issue 1 • 2019 15 O V E R A C E N T U R Y : B U I L D I N G B E T T E R B A N K S - H E L P I N G N E W M E X I C O R E A L I Z E D R E A M S 2) Regulatory Environment: Boards should educate themselves on the types of information the organization typ- ically handles; which state or federal laws may govern the collection, re- tention, use, or disposal of such data; and what the organization should be doing to comply with those laws from a best-practices standpoint. 3) Information Security Leadership: Whether it's a chief information secu- rity officer, chief technology officer, or director of information technology, there should be one individual who is responsi- ble for overseeing all cybersecurity oper- ations, preferably with regular and direct communication with the board and man- agement. Looking for ways to improve the IT organization's security posture and following best practices within the IT Organization has proven results and is not only better security, but also delivers more effective and efficient IT overall. Your security leadership should integrate with every part of your IT manage- ment and processes. Being proactive in managing your security as well as your IT systems, making sure you have the foundational controls and processes in place is not easy, but should be a priority for every company and organization. 4) Incident Response Planning & Proactive IT Management: In conjunc - tion with the chief information security officer (or equivalent), the board should approve an enterprise-wide cyber incident response plan that contemplates a variety of incidents, including data breaches, system outages, denial of service attacks, and ransomware. The best incident response plans will outline specific roles and responsibilities in the event of a cyber incident, and will be reevaluated, updated, and practiced on a regular basis. Again, the best defense is a good offence, so while you should implement and manage an up to date incident response plan, you should also be looking to provide con- tinual improvement to your IT processes and practices in managing all of your IT systems. This offensive focus on managing IT with rock solid Configuration, Change, and Release Management processes will provide an excellent back-stop if the bad guys do breach your systems. 5) Culture of Security: Despite the sophistication of present-day technology, most successful data breaches and cyber incidents can ultimately be traced back to human error or carelessness. This highlights the need for boards to encour- age a "culture of security" from the top down, educating all personnel on proper "cyber hygiene" and empowering employ- ees to report suspicious emails or other threats as soon as they are identified. It is imperative this starts with the IT team it- self; are they taking measures to include security in all aspects of how they or the managed services partners they have selected are managing the organization's IT assets? 6) Risk Retention and Transfer: While there are many ways to reduce the likelihood of a breach and even mitigate the impact of a cyber event, boards must also consider risk transfer as a financial backstop. Purchasing a dedicated Cy- ber-Insurance Policy is paramount and something every organization should have these days. Not only does it provide protection from first party losses and third-party liability but will often offer access to a network of experienced claim specialists, forensic experts, and data privacy attorneys. n Filename & version: 18-CENT-40980-Ads-Wagnon-BnkrsDigest(updates)-FIN Cisneros Design: 505.471.6699 Contact: nicole@cisnerosdesign.com Client: Century Bank Ad Size: 7.5"w x 4.625"h I AM . responsive * This is not an offer of credit. All loans are subject to credit approval. frank.wagnon@centurybnk.com MyCenturyBank.com | 817.925.8181 As a banker for bankers, I know you need fast response to stock loans and purchasing overline loans. I work efficiently so that you can take care of your clients, board and investors. Let’s talk! I AM Century Bank.* Frank Wagnon, SVP | Commercial Lending Officer