4 minute read
Taking Charge: October is Cyber Security Awareness Month
Taking Charge October Is Cybersecurity Awareness Month
CBA’s popular Cyber Risk Summit was held in August in Savannah with close to 70 attendees. Information security officers, digital innovation experts, operations managers, and risk managers gathered to learn, share resources, and ensure their bank is cyber aware and compliant. A few topics this year included computer security incident notification requirements, vendor management & risk assessments as well as IT and cyber governance. In honor of Cybersecurity Awareness Month in October, we polled several community bank cyber experts on best practices, recent threats and what keeps them up at night.
Kerry Everidge, CISM Senior Vice Vice President, Administrative Services Officer , ISO Planters First Bank Cordele
How does your bank keep employees up to date on policy changes, new information security risks, and best practices?
We leverage our employee intranet to promote cyber awareness and policy changes. We continually share information on the latest threats and best practices from a combination of resources (government agencies and service providers). We share a “scam of the week”, examples of phishing emails, and news articles. We also conduct on going phishing exercises and monthly training to keep cyber security top of mind.
What keeps you up at night?
Insurance issues as it relates to ransomware and major breeches. Is there language in the policy that is not aligned with our application, or does the carrier disagree with our approaches as it relates to mitigation. We use an outside consultant, but the carrier takes the position of denial, then we need to prove the claim.
We recently increased our insurance coverage, but again, the carrier will make us prove we did everything according to their policy and our application. That’s a lot of information that has to be precisely correct, and to the carrier’s liking.
Does your bank have a plan for responding to a cyber security emergency?
Notify insurance carrier very early in the process. They, in turn, will assign one of their approved attorneys to represent the bank throughout the incident. The attorneys will provide forensic experts to help mitigate the incident. This method also helps ensure claims payments.
David Cowles
Executive Vice President & COO BankSouth Greensboro
CRA Investment and Lending Test Credit For Protecting Local Seniors
Our foundation partners with community banks on programs that promote safety in nursing homes, HUD housing, and Veterans Homes across America. We support those that gave us so much with systems that prevent financial and physical abuse. Join the hundreds of banks that already participate. To get involved and earn CRA
credit, please contact: info@shcpfoundation.org
Latisha Brundidge VP, Chief Compliance Officer Talbot State Bank Fayetteville
What keeps you up at night?
Cyber-attacks are what keeps us up at night. Specifically ensuring we are prepared and have enough controls to prevent imminent attacks.
How does your bank keep employees up to date on policy changes, new information security risks and best practices?
We help employees identify security threats through various training programs. For example, our bank uses Knowb4 to educate and test our staff on different types of social engineering scams and phishing attacks. Our best defense has been our quarterly training. We can prevent loss if our staff is knowledgeable and aware.
What threats have you seen recently?
Spear smishing has been especially prevalent the last 12 months. Bad actors are actively using LinkedIn and other forms of social media to collect cell numbers of new team members. They then send SMS text messages to the new team members posing as our CEO or other C-level executives. To date, every reported case started out as a pleasantry, like a welcome to the team text. Fortunately, we had users report the strange texts early and now we periodically send out emails to educate users on the scam.
What keeps you up at night?
I worry about the sheer volume of security related information that needs to be analyzed and addressed. I, like many of my peers, are signed up for security related notifications and alerts from a plethora of resources. Whether it be newsletters, CISA/US-CERT alerts, audit firms, etc..., I am constantly bombarded with security information, vulnerability information, ransomware information, data breach information, and more. Some are easy to discard, but much of it requires time and analysis to determine if we are impacted and how we can mitigate it. The scariest part is that most of the time, by the time I receive an alert, that means the vulnerability or event has been in the wild for weeks or months or even longer.
Daniel Rentz
IT Director Colony Bank Fitzgerald
How does your bank keep employees up to date on policy changes, new information security risks, and best practices?
Our bank has a weekly operations meeting that has representatives from all areas of the bank. There are standing agenda items for change management requests, which would include new policy changes. Relevant policy information is cascaded throughout the bank from that meeting. September/October 2022 | Georgia Communities First | 23