Pub 1 2021 Issue 4

August 2021 | 33 potential fines and reputation damage can be devastating for any business, especially banks. Cybersecurity Insurance The final concern should be cybersecurity insurance, and every bank should have a cybersecurity insurance policy. These policies are crucial in the event of a breach. But many insurers are increasing the requirements that companies and organizations have for coverage. These requirements are typically based on having a certain level of security and protections in place to prevent a breach. Every bank should check their cyber insurance policy to ensure they have proper coverage and are meeting security requirements under the policy, so they are not left in the dark in the event of a compromise. Where do cyber threats come from? Banks also need to understand where threats are coming from so that they can adequately guard against them. Despite hacker stereotypes, most data breaches come from internal threats and human error. An employee might click a bad link in a phishing scam or accidentally download sensitive data. Hackers love to target employees by using tricks and information they know will fool someone into clicking a link or providing login credentials. This process is called social engineering. Hackers can learn a lot about someone, usually from the data they have stolen from someone else, and use that information to make highly personalized messages that seem genuine. All it takes is a smart and timely actor to send an email that mimics a business partner at the height of a very important transaction to trick someone into wiring funds to the wrong account. Another major source of breaches is third-party vendors. Almost every bank uses third-party vendors, like most organizations. But also, like most organizations, banks do not always keep track of their third-party vendors and the level of access they have; a recent study by SecureLink found that 51% of organizations have experienced a breach by a third party. It is not only a lack of vendor vetting causing that number to be so high, but also because many companies, banks included, make the mistake of trusting vendors based solely on reputation or signed contracts. A legal contract does not necessarily mean the vendor is safe and secure. Furthermore, it does not always protect against liability in the event of a breach. Why is that important? New legislation is increasingly putting the responsibility on the company or organization that was breached, not the third-party vendor who caused the breach. Knowing who has access to your data and the level of security those vendors have is vital to keeping a bank secure. Keeping Your Bank Cyber Secure How does a bank keep itself and its clients protected from ongoing and increasing cyber threats? Several simple steps can be taken, such as: • Regularly changing passwords • Having a Cyber Incident Response Process and Policy • Employees trained on current security threats and best-practices • Process for vetting security of vendors But the most critical step is not to try and build a cybersecurity strategy alone. Having a Managed IT Services Provider should be a bank’s top investment. An MSP can provide 24-hour comprehensive IT support and services and provide the peace of mind that banks need. A dedicated MSP can help build a proper cybersecurity strategy, manage threats, and assess weaknesses and vulnerabilities so a bank can focus on what is most important: serving its clients. ■ Greg Morse is the Marketing Coordinator of Stronghold Data, a 2021 ChannelFutures 501 and CRN 500 Managed Services Provider, located in Joplin, MO. Stronghold Data, a New Charter Technologies Company, specializes in managed IT services, data security and backup, and private cloud management. For more information, visi t Strongholddata.com or call 417-427-7905 to speak with a representative today. Scan the QR code below to download a complimentary Cybersecurity Self-Assessment.