Keeping your financial institution safe is critical to your success. Without the right security measures and procedures in place, your financial institution can be at risk of cyberattacks, embezzlement and more.
In uncertain times when employees may be working remotely and processes and procedures have changed dramatically, your financial institution’s security is even more important to ensure your business and employees are kept safe.
Cybersecurity is Key
Financial institutions and other businesses that hold people’s sensitive information are prime targets for cybercriminals. Having a proactive approach to cybersecurity is a great way to ensure your customers’ and employees’ data remains safe.
“Technology has helped create enhancements for regulatory compliance and fraud prevention, although it seems as we get more sophisticated with fraud prevention, those trying to commit fraud get more sophisticated as well.”
-Mark Daigle, President and CEO, First National Bank of Durango
Of course, creating a proactive approach can be a challenge. This is a team effort and everyone in your financial institution needs to play a vital role in keeping information safe. There are best practices in two areas that you can start with today to help increase your organizations proactivity: email and internet, and physical devices.
Email and Internet Best Practices
Email and internet are a key piece of how financial institutions operate and communicate. Here are five ideas to consider to help make these areas more secure from cybersecurity threats.
Physical Device Best Practices
The actions of your everyday staff, whether they are on-site or working from home, are critical keys to a robust cybersecurity program. Here are some best practices related to your staff and their devices that can help prevent any attacks.
Watch for Common IT Problems
Many banks rely on a third party for their IT services. However, financial institutions need to know how to check on that third party’s work.
A financial institution that has gone through a replacement of their security systems, such as security cameras and access systems, may have a potential threat. Many times, those cameras or locks are easily accessed by unauthorized people. This happens when system vendors create user logins for the bank to use but leave the admin accounts at default or leave the passwords blank.
Software patching continues to be a problem for financial institutions, especially when a third party is responsible for it. These problems may exist in Microsoft apps, Java, Adobe and many other applications. The vulnerabilities in these apps have been discovered in some very large breaches, which have occurred worldwide.
Other systems at risk for security breaches include scanners, phone systems, storage systems, routers and network switches, among others. A person can gain access to these using vendor default credentials, which gives them power to delete the financial institution’s data storage. Smart TVs and electronic signs are also easily hacked, and the hacker may display malicious content and lock the owner out.
Peace of mind begins with an understanding of the risk and how to make a strategic plan for prevention, detection and resolution. We’ve created a guide to give you tips to weather the cybersecurity storm.
Utilize HR to Prevent Fraud
When it comes to fraud, human resources is usually brought into the picture after the act has been discovered. However, having a solid human resource plan from the start can minimize the chances of fraud occurring, as well as result in less severe effects if fraud does occur.
Begin fraud prevention by starting with the hiring process. Background checks on new hires can help your institution avoid negligent hiring and can verify information on a candidate. Placement services can also be used by smaller organizations to find, vet and verify potential candidates, which can help lessen the burden to the business.
Items to consider when vetting potential candidates to avoid becoming the next victim of fraud or embezzlement include:
You may also want to consider implementing a whistleblower hotline, which provides a confidential way for employees to report wrongful behavior. Not only do hotlines prevent illegal and fraudulent behavior, but they can also detect issues before they become serious and can help reduce losses. Some areas a whistleblower hotline allows for tips to be submitted anonymously for all manners of wrongdoing including:
“When it comes to where we are going in the future, it’s about adapting to change. We don’t do banking like we did 50 or 150 years ago. We don’t even do banking like we did 15 years ago. Everything is going to change around us, and we have to continue to change along with it.”
-Susan Whitson, EVP, First National
The Importance of Internal Audit No Matter Your Bank’s Size
No financial institution is too big or too small to be a victim to fraud. A system of internal controls that allows management to measure performance and an internal audit program to ensure controls are in effect can protect your institution.
The Federal Reserve System, OCC, FDIC and NCUA provide guidance for internal audits, and all financial institutions must adhere to certain regulatory requirements regarding internal controls. The system of internal control of an organization consists of the environment and procedures put in place by management to ensure risks relating to key business objectives are identified, evaluated and reduced. Key business objectives include reliability of financial reporting, operational effectiveness, regulatory compliance and safeguarding of the institution’s assets.
Components of Internal Control
Internal control consists of five related components:
It is important to remember that independence is critical to the internal audit function. To accomplish the objectives of the audit function, personnel must maintain total independence from your management or other employees.
Recovering Lost Data
Dealing with attacks to your financial institution can be tough, and there are many aspects to consider in the recovery period. Recovery money is important, but another issue to address is data loss and your potential obligation to report it.
Forensic accountants can help you recover your data in a number of ways, including:
The safety of your financial institution’s data and employees is critical to your success. As your organization navigates through the changes of operating during and after COVID-19 and its impacts, it’s more important than ever to make sure your financial institution is protected against risk.
As you look to reopen, evaluate your cash management and work with clients on PPP loans, make sure your financial institution is well prepared for any threats that come your way.
Banks consistently have some of the highest data breach costs. Make sure you’re prepared.