www.keepmybanksecure.com Open in urlscan Pro
198.185.159.144  Public Scan

Form analysis
1 forms found in the DOM

POST

<form class="newsletter-form" data-form-id="606b3040f57e6d613c1fa668" autocomplete="on" method="POST" novalidate="" onsubmit="return (function (form) {
    Y.use('squarespace-form-submit', 'node', function usingFormSubmit(Y) {
      (new Y.Squarespace.FormSubmit(form)).submit({
        formId: '606b3040f57e6d613c1fa668',
        collectionId: '60524477c28d8e2b6d5b0aea',
        objectName: 'page-section-606b3040f57e6d613c1fa66a'
      });
    });
    return false;
  })(this);">
  <header class="newsletter-form-header">
    <h2 class="newsletter-form-header-title preFade" style="transition-timing-function: ease; transition-duration: 0.9s; transition-delay: 0.558462s;">Securely subscribe for news and updates.</h2>
    <div class="newsletter-form-header-description">
      <p class="preFade" style="transition-timing-function: ease; transition-duration: 0.9s; transition-delay: 0.563077s;">Sign up with your email address to receive news and updates.</p>
    </div>
  </header>
  <div class="newsletter-form-body">
    <div class="newsletter-form-fields-wrapper form-fields" style="vertical-align: middle;">
      <div id="email-yui_3_17_2_1_1552579698432_3881" class="newsletter-form-field-wrapper form-item field email required" style="vertical-align: bottom;">
        <label class="newsletter-form-field-label title" for="email-yui_3_17_2_1_1552579698432_3881-field">Email Address</label>
        <input id="email-yui_3_17_2_1_1552579698432_3881-field" class="newsletter-form-field-element field-element" name="email" x-autocompletetype="email" autocomplete="email" type="email" spellcheck="false" placeholder="Email Address">
      </div>
    </div>
    <div data-animation-role="button" class="newsletter-form-button-wrapper submit-wrapper preFade" style="vertical-align: middle; transition-timing-function: ease; transition-duration: 0.9s; transition-delay: 0.567692s;">
      <button class="
            newsletter-form-button
            sqs-system-button
            sqs-editable-button-layout
            sqs-editable-button-style
            sqs-editable-button-shape
            sqs-button-element--primary
          " type="submit" value="Sign Up">
        <span class="newsletter-form-spinner sqs-spin light large"></span>
        <span class="newsletter-form-button-label">Sign Up</span>
        <span class="newsletter-form-button-icon"></span>
      </button>
    </div>
    <div class="model"></div>
  </div>
  <div class="newsletter-form-footnote">
    <p class="preFade" style="white-space: pre-wrap; transition-timing-function: ease; transition-duration: 0.9s; transition-delay: 0.572308s;">KeepMyBankSecure.com is an intra-industry cooperative public service for U.S. independent banks and
      financial institutions of all sizes. We will never share nor reveal your email to third parties. We will endeavor to update you as important news and content are available.</p>
  </div>
  <div class="hidden form-submission-text">
    <p class="preFade" style="white-space: pre-wrap; transition-timing-function: ease; transition-duration: 0.9s; transition-delay: 0.576923s;">Thank you! You have been added to our News &amp; Updates</p>
  </div>
  <div class="hidden form-submission-html" data-submission-html=""></div>
</form>

Text Content

0

LEARN: 5 TECHNOLOGIES TO PREVENT CYBER THREATS

Skip to Content


ABOUT
WATCH
Q&A
ARTICLES
RESOURCES
SUBSCRIBE

Open Menu Close Menu

ABOUT
WATCH
Q&A
ARTICLES
RESOURCES
SUBSCRIBE

Open Menu Close Menu

ABOUT
WATCH
Q&A
ARTICLES
RESOURCES
SUBSCRIBE



STAY INFORMED. STAY SAFE.

A COOPERATIVE RESOURCE TO KEEP COMMUNITY BANKS AND FINANCIAL INSTITUTIONS AT THE
FOREFRONT OF CYBERSECURITY

 
LEARN MORE
WATCH
LATEST NEWS
 


WHAT IS KMBS?

KeepMyBankSecure.com is a cooperatively produced and underwritten resource for
North American independent banks and financial institutions to learn and stay
informed of the latest in cybersecurity planning and strategy. Our initiative
was founded in 2021 by CalTech with the cooperation and assistance of Texas
state banking authorities, state banking associations, and community bank
leaders.

With the increasing number of recent threats against and attacks on U.S.
institutions by malicious actors, we believe it is important for regulated
industries such as banking to make cybersecurity a top priority. Now more than
ever, cybersecurity should not just be a part of annual planning, but a part of
the overall financial institution business model.

 


ENGAGE

We aim to further raise awareness and discussions around cybersecurity as a
means to decrease the vulnerabilities of financial institutions. As threats
increase, so too must our awareness.


INFORM

Knowledge is power. The more banks and their people know about cyber threats and
how threat actors go about exploiting our institutions, the better equipped we
can all be at preventing attacks.


INSTILL

Bank and financial institution cybersecurity is no longer a line item, but a
mindset. We seek to help banks protect against threats by encouraging leaders to
make it a part of their business models.

MORE
 


THE LATEST

 

CYBERSECURITY AWARENESS MAKES ALL THE DIFFERENCE

Tuesday, September 27, 2022

Cybersecurity breaches continue to grow across all industries worldwide;
however, the financial sector is particularly vulnerable – up to 300 times more
so, according to studies.*

In response to the popularity of electronic banking, financial organizations
continue to develop more web portals and mobile apps. While these digital
platforms increase convenience for customers, they also expand the number of
potential targets, entry points, and security risks.  

To counteract this growing threat, companies must make cybersecurity a priority
across the board. That requires a holistic and balanced approach that, in
addition to implementing technology tools, proactively invests in employee
awareness and training.



Why Employee Awareness Matters

While technical solutions are important, the one unifying risk factor that must
be addressed to improve security is the role of human error. It is the biggest
threat to cybersecurity and the driving force behind an overwhelming majority of
problems.

According to a study by IBM, human error is a major contributing cause in 95
percent of all cybersecurity breaches, and these types of breaches cost an
average of $3.33 million.

Whether by unintentional actions (or lack of action), people frequently cause,
spread, or allow a security breach to take place. They put data and systems at
risk by falling victim in one of these most common ways.

 * are tricked into providing sensitive details

 * don’t properly protect their passwords

 * use weak credentials

 * click on malicious links

 * open suspicious email attachments.

The general lack of awareness and a corporate culture that fails to stress
security are often to blame. Fortunately, these are things that can be addressed
by your organization to give employees the knowledge and skills they need to
keep themselves and the business secure.



Building a Security-Focused Culture

When we hear the word “training,” most of us think about a single event focused
on a certain group about a specific topic. However, when it comes to
cybersecurity training, there needs to be ongoing education about existing and
emerging threats. And it must involve all employees.

Make It Everyone’s Responsibility

From the C-suite to the college intern, every employee needs to be on board,
understanding and embracing the company’s cybersecurity efforts. What was once
the IT department’s sole responsibility is now a company-wide concern. And each
department has a unique set of needs, as well as a specific role to play.

Communicate the Threats

While every organization’s threat landscape is slightly different, there are
common threats predicted to continue for banks and financial institutions. These
include ransomware, ongoing risks from remote work, cloud-based cyberattacks,
supply chain attacks, and social engineering.

“Knowledge is power,” as the saying goes, and the more employees know about
these increasingly sophisticated tactics, the better prepared they are to
recognize and avoid the risks. Regular communication that keeps them current on
the latest threats is essential. Encourage questions, initiate discussions, and
foster a sense of ownership.

Keep It Going

Cyber awareness is not a project to be finished or a “box” to be checked off.
Just as cyberattacks continue to evolve, so must your organization’s security
posture and your employee awareness efforts.

Revisit your approach frequently and make adjustments based on changes in your
environment. With expert assistance from IT professionals, continue to seek
improvement in your processes and policies.

 

Consistently working with employees about information security will make them
vigilant and equipped to successfully take on cyberattack attempts. Your people
can be one of your best defenses against cyber threats.

*source: Boston Consulting Group, 2019


ANATOMY OF A CYBER ATTACK

Can this really happen? Yes. It already does. Find out how.

 


EXPERT ADVICE

Recorded in late-2021, we invited Executive Chairman, Trey Maust, of Lewis &
Clark Bank of Portland, Oregon and Phillip Hinkle, Director of IT Security
Examinations for the Texas Department of Banking, to sit down and talk about a
range of topics related to cybersecurity. Specifically, the two focused on
issues impacting community banks and financial institutions. Learn more about
these topics below, as we progressively release the videos through 2022.

CYBERSECURITY
STRATEGY

What are some of the best practices in planning your financial institution’s
strategy for cybersecurity?

RANSOMWARE SELF-ASSESSMENT

There’s a tool available for any bank or financial institution to assess their
preparedness for a cyber attack — the Ransomware Self-assessment Tool.

CYBERSECURITY MANAGEMENT

Do you handle cybersecurity on your own, or bring in outside experts? Let’s talk
Cybersecurity Management.

 

CIS CONTROLS
& FFIEC CAT

This segment covers CIS Controls and the FFIEC CAT — two important standards in
staying atop your institution’s cybersecurity practices and planning.

 

 


VENDOR MANAGEMENT IN IT

Banks face challenges working with a vendor or internal party that does not have
a focus on banking. Spend time understanding the topics unique to the banking
industry’s needs.

 



3RD PARTY FIRMS RISK MANAGEMENT ASSESSMENT

Partnering with a critical vendor is a big step for companies looking to
outsource a particular practice or expertise. Before signing on, conduct your
risk management or risk assessment analysis to ensure the vendor is the
appropriate one for you.

MOCK FFIEC EXAMS


Mock FFIEC Exams too often focus on compliance rather than on securing your
bank. This is a mistake. Phillip Hinkle shares his take on the subject with Trey
Maust.

 

 


GRAMM-LEACH-BLILEY ACT PINPOINTING RISK AREAS

Universal standards that cover a multitude of industries do not always include
bank-specific elements, such as the Gramm-Leach-Bliley Act. When looking at your
bank’s unique security elements, you must ensure that a focus on regulation is
not forgotten.

MANAGEMENT AND BOARD EDUCATION ON CYBERSECURITY

Board management and education on cybersecurity is a road one shouldn’t take
alone. Lean on trade associations, experts, and make a commitment to knowing
this is a skill set you need to develop to stay ahead of new threats.


 


PSA BOARD CYBERSECURITY

It’s vital that you and your board stay plugged in with outside resources, trade
associations, peers, and information-sharing networks to build an understanding
of the fundamentals of cybersecurity.

--------------------------------------------------------------------------------




CYBERSECURITY Q&A

A PRIMER FOR BANKS AND FINANCIAL INSTITUTIONS

 

HOW DO WE PREVENT CYBER ATTACKS?

There are many tactics that are available to prevent and thwart cyber attacks,
but a multi-layered (i.e. multi-factor authentication) approach alongside
end-user education is probably the simplest and most critical.

 

IS MY BANK VULNERABLE?

There is always a chance that your bank infrastructure is vulnerable. However,
the best way to know for sure is to find and engage a qualified IT services
provider to perform an audit and assessment of your infrastructure and protocols
for cybersecurity. Only then will you know your degree of vulnerability and the
best steps your financial institution can take to lessen your risk.

 

WHERE DO THESE ATTACKS COME FROM?

The short answer is, from all over the world. However, as has been recently
reported by the U.S. government and intelligence community, we’re seeing an
increasing number come from Russia, Eastern Europe, and China.

 

HOW FAST DO THESE ATTACKS OCCUR?

Cyber-attacks can start with the single click of a button but can take weeks to
fully infect a network and steal data before locking you out of access data.

 

WHAT ABOUT MY REMOTE EMPLOYEES?

Remote access can always be a weak point for security. However, you don’t have
to limit your remote employees and their productivity to be able to protect
them. Education, software, hardware, and protocols can all be enacted to ensure
better cybersecurity, even for remote employees.

 

DO RANSOMS ALWAYS HAVE TO BE PAID?

Depending on the scale, source, and sophistication of the attack and your backup
and recovery systems in place at the time of the attack, not necessarily. With
the right systems in place, even partially successful attacks and data lockouts
can be circumvented.

 

HOW DO HACKERS GET INTO A SERVER?

Hackers typically gain access via less obvious means first, like a mobile device
or a workstation. Email is an easy and popular place for them to gain access
since much information is shared between and amongst employees via email. From
there, hackers will typically dig around until they find the servers and the
credentials necessary to access them. This is why it is good practice to use
separate administrative accounts from your email account(s).

 

HOW DO WE KNOW A HACKER IS SERIOUS?

You will know a hacker is serious by the amount of evidence of the infiltration
of your IT infrastructure. For example, if the hacker has encrypted your data
and locked you out, then you can assume they are serious. Another sign of the
seriousness of an attack is the hacker’s choice of communication. A serious
hacker will usually insist on a sophisticated and non-traceable means of
communication.

 

HOW DO WE TRAIN EMPLOYEES FOR THIS?

Monthly end-user training combined with quarterly testing by a qualified IT
security provider is a great place to start in order to introduce and educate
employees to cybersecurity best practices and protocols.

 

CAN WE CATCH THESE CRIMINALS?

Unfortunately, most of these criminals are outside of the United States. Without
government and international authority intervention, options to bring them to
justice are limited. The best defense is to have a proactive plan and approach
to cybersecurity.

 

WHAT OTHER KINDS OF ATTACKS ARE THERE?

Other than phishing schemes, there are attacks known as brute-force attacks
where the hacker simply uses trial and error to guess credentials. There are
attacks that shut down websites, such as denial of service attacks, where a web
server is flooded with false data requests. There is also a credential stuffing
attack, where a hacker gains access to one’s password and login credentials and
then proceeds to try the credentials across multiple sites and networks. This
approach counts on users using the same login credentials for different networks
and services. These are just a few, but there are many others.

 

HOW DO I KNOW IF I’M A TARGET?

Anyone and everyone can be a target. If you receive spam mail, you have most
likely been targeted. If you have received an email that attempts to get you to
click on a link by evoking an emergency or urgent situation, you have definitely
been a target. Hackers count on volume and the weakest link to gain access to
organizational data. This is usually through employees and staff.

 

WHAT KINDS OF PASSWORDS NEED TO BE SET?

Passphrases should be used instead of passwords. This allows a longer character
count while still making it easier for the end-user to remember. And, never use
easily guessed content in your passwords or passphrases (e.g. “password”, your
name, sequential numerals, etc.)

 

HOW OFTEN DO WE CHANGE PASSWORDS?

You should change passwords at least every 90 days unless you have complex
passphrases in place. However, even then, it’s wise to periodically change them.

 
DOWNLOAD PDF


ADDITIONAL RESOURCES

 


TEXAS
DEPARTMENT
OF BANKING


 

Center for Internet Security

 

National Institute of Standards and Technology


SECURELY SUBSCRIBE FOR NEWS AND UPDATES.

Sign up with your email address to receive news and updates.

Email Address
Sign Up


KeepMyBankSecure.com is an intra-industry cooperative public service for U.S.
independent banks and financial institutions of all sizes. We will never share
nor reveal your email to third parties. We will endeavor to update you as
important news and content are available.

Thank you! You have been added to our News & Updates




KEEP MY BANK SECURE

©️ Copyright 2021-2022 KeepMyBankSecure.com.

KeepMyBankSecure.com is a cooperative initiative founded by CalTech with the
cooperation and assistance of Texas state banking authorities, state banking
associations, and community bank leaders. It is provided as a public service to
U.S. independent banks and financial institutions of all sizes.



By using this website, you agree to our use of cookies. We use cookies to
provide you with a great experience and to help our website run effectively.

Accept