Keeping your financial institution safe is critical to your success. Without the right security measures and procedures in place, your financial institution can be at risk of cyberattacks, embezzlement and more. In the new modern hybrid work environment, your financial institution’s security is even more important to ensure your business and employee data is kept safe.
Peace of mind begins with an understanding of the risk and how to make a strategic plan for prevention, detection and resolution. We’ve created a guide to give you tips to weather the cybersecurity storm.
Financial institutions are prime targets for cybercriminals. In addition to criminal actors looking to profit from stolen data, nation-states are also focused in on targeting financial institutions. In 2021, ransomware attacks on the banking industry increased 1,300% over the previous year, and financial institutions consistently rank in the highest cost of a data breach. In 2022, the average cost of a data breach for financial institutions was $5.7 million. Having a proactive approach to cybersecurity is imperative to mitigating risk and keeping your customers’ and employees’ data secure.
“Technology has helped create enhancements for regulatory compliance and fraud prevention, although it seems as we get more sophisticated with fraud prevention, those trying to commit fraud get more sophisticated as well.”
-Mark Daigle, President and CEO, First National Bank of Durango
Of course, creating a proactive approach can be a challenge. This is a team effort and everyone in your financial institution needs to play a vital role in keeping information safe. There are best practices in two areas that you can start with today to help increase your organizations proactivity: email and internet, and physical devices.
Email and Internet Best Practices
Email and internet are a key piece of how financial institutions operate and communicate. Here are five ideas to consider to help make these areas more secure from cybersecurity threats.
Physical Device Best Practices
The actions of your everyday staff, whether they are on-site or working from home, are critical keys to a robust cybersecurity program. Here are some best practices related to your staff and their devices that can help prevent any attacks.
Watch for Common IT Problems
Many banks rely on a third party for their IT services. However, financial institutions need to know how to check on that third party’s work.
A financial institution that has gone through a replacement of their security systems, such as security cameras and access systems, may have a potential threat. Many times, those cameras or locks are easily accessed by unauthorized people. This happens when system vendors create user logins for the bank to use but leave the admin accounts at default or leave the passwords blank.
Software patching continues to be a problem for financial institutions, especially when a third party is responsible for it. These problems may exist in Microsoft apps, Java, Adobe and many other applications. The vulnerabilities in these apps have been discovered in some very large breaches, which have occurred worldwide.
Other systems at risk for security breaches include scanners, phone systems, storage systems, routers and network switches, among others. A person can gain access to these using vendor default credentials, which gives them power to delete the financial institution’s data storage. Smart TVs and electronic signs are also easily hacked, and the hacker may display malicious content and lock the owner out.
Our team of IT professionals has identified 12 questions to help gauge your current security risk areas and assess your overall IT health. Most importantly, the results will provide tips to help you make actionable improvements now.
From data backups to your administrative protocols and password protection processes, this IT quiz will give you some quick wins to take back to your organization. Know how your security stacks up while learning best practices for optimum network stability, disaster recovery, and IT health.
No matter where you land on the risk scale, sometimes you just need a second opinion. One set of questions can certainly provide a nice overview, but there’s no substitute for a comprehensive security assessment.
When it comes to fraud, human resources is usually brought into the picture after the act has been discovered. However, having a solid human resource plan from the start can minimize the chances of fraud occurring, as well as result in less severe effects if fraud does occur.
Begin fraud prevention by starting with the hiring process. Background checks on new hires can help your institution avoid negligent hiring and can verify information on a candidate. Placement services can also be used by smaller organizations to find, vet and verify potential candidates, which can help lessen the burden to the business.
Items to consider when vetting potential candidates to avoid becoming the next victim of fraud or embezzlement include:
You may also want to consider implementing a whistleblower hotline, which provides a confidential way for employees to report wrongful behavior. Not only do hotlines prevent illegal and fraudulent behavior, but they can also detect issues before they become serious and can help reduce losses. Some areas a whistleblower hotline allows for tips to be submitted anonymously for all manners of wrongdoing including:
“When it comes to where we are going in the future, it’s about adapting to change. We don’t do banking like we did 50 or 150 years ago. We don’t even do banking like we did 15 years ago. Everything is going to change around us, and we have to continue to change along with it.”
-Susan Whitson, EVP, First National
The Importance of Internal Audit No Matter Your Bank’s Size
No financial institution is too big or too small to be a victim to fraud. A system of internal controls that allows management to measure performance and an internal audit program to ensure controls are in effect can protect your institution.
The Federal Reserve System, OCC, FDIC and NCUA provide guidance for internal audits, and all financial institutions must adhere to certain regulatory requirements regarding internal controls. The system of internal control of an organization consists of the environment and procedures put in place by management to ensure risks relating to key business objectives are identified, evaluated and reduced. Key business objectives include reliability of financial reporting, operational effectiveness, regulatory compliance and safeguarding of the institution’s assets.
Components of Internal Control
Internal control consists of five related components:
It is important to remember that independence is critical to the internal audit function. To accomplish the objectives of the audit function, personnel must maintain total independence from your management or other employees.
Recovering Lost Data
Dealing with attacks to your financial institution can be tough, and there are many aspects to consider in the recovery period. Recovery money is important, but another issue to address is data loss and your potential obligation to report it.
Forensic accountants can help you recover your data in a number of ways, including:
A proactive stance on cybersecurity and fraud prevention is the key to mitigating risk in your financial institution. The key to maturing your security is through effective, ongoing and evolving program management.
Even if you think your financial institution is secure, the fact is that you’re still at risk. We can assess your security environment no matter where you are in your security maturity.
Stay current on your favorite topics
See what more we can bring to organizations just like yours.Financial Institutions
Take a deeper dive into this Insight’s subject matter.Cybersecurity Human Resources Internal Audit