www.keepmybanksecure.com
Open in
urlscan Pro
198.185.159.144
Public Scan
Submitted URL: http://starlandbank.com/
Effective URL: https://www.keepmybanksecure.com/
Submission: On October 21 via api from IE — Scanned from DE
Effective URL: https://www.keepmybanksecure.com/
Submission: On October 21 via api from IE — Scanned from DE
Form analysis
1 forms found in the DOMPOST
<form class="newsletter-form" data-form-id="606b3040f57e6d613c1fa668" autocomplete="on" method="POST" novalidate="" onsubmit="return (function (form) {
Y.use('squarespace-form-submit', 'node', function usingFormSubmit(Y) {
(new Y.Squarespace.FormSubmit(form)).submit({
formId: '606b3040f57e6d613c1fa668',
collectionId: '60524477c28d8e2b6d5b0aea',
objectName: 'page-section-606b3040f57e6d613c1fa66a'
});
});
return false;
})(this);">
<header class="newsletter-form-header">
<h2 class="newsletter-form-header-title preFade" style="transition-timing-function: ease; transition-duration: 0.9s; transition-delay: 0.558462s;">Securely subscribe for news and updates.</h2>
<div class="newsletter-form-header-description">
<p class="preFade" style="transition-timing-function: ease; transition-duration: 0.9s; transition-delay: 0.563077s;">Sign up with your email address to receive news and updates.</p>
</div>
</header>
<div class="newsletter-form-body">
<div class="newsletter-form-fields-wrapper form-fields" style="vertical-align: middle;">
<div id="email-yui_3_17_2_1_1552579698432_3881" class="newsletter-form-field-wrapper form-item field email required" style="vertical-align: bottom;">
<label class="newsletter-form-field-label title" for="email-yui_3_17_2_1_1552579698432_3881-field">Email Address</label>
<input id="email-yui_3_17_2_1_1552579698432_3881-field" class="newsletter-form-field-element field-element" name="email" x-autocompletetype="email" autocomplete="email" type="email" spellcheck="false" placeholder="Email Address">
</div>
</div>
<div data-animation-role="button" class="newsletter-form-button-wrapper submit-wrapper preFade" style="vertical-align: middle; transition-timing-function: ease; transition-duration: 0.9s; transition-delay: 0.567692s;">
<button class="
newsletter-form-button
sqs-system-button
sqs-editable-button-layout
sqs-editable-button-style
sqs-editable-button-shape
sqs-button-element--primary
" type="submit" value="Sign Up">
<span class="newsletter-form-spinner sqs-spin light large"></span>
<span class="newsletter-form-button-label">Sign Up</span>
<span class="newsletter-form-button-icon"></span>
</button>
</div>
<div class="model"></div>
</div>
<div class="newsletter-form-footnote">
<p class="preFade" style="white-space: pre-wrap; transition-timing-function: ease; transition-duration: 0.9s; transition-delay: 0.572308s;">KeepMyBankSecure.com is an intra-industry cooperative public service for U.S. independent banks and
financial institutions of all sizes. We will never share nor reveal your email to third parties. We will endeavor to update you as important news and content are available.</p>
</div>
<div class="hidden form-submission-text">
<p class="preFade" style="white-space: pre-wrap; transition-timing-function: ease; transition-duration: 0.9s; transition-delay: 0.576923s;">Thank you! You have been added to our News & Updates</p>
</div>
<div class="hidden form-submission-html" data-submission-html=""></div>
</form>
Text Content
0 LEARN: 5 TECHNOLOGIES TO PREVENT CYBER THREATS Skip to Content ABOUT WATCH Q&A ARTICLES RESOURCES SUBSCRIBE Open Menu Close Menu ABOUT WATCH Q&A ARTICLES RESOURCES SUBSCRIBE Open Menu Close Menu ABOUT WATCH Q&A ARTICLES RESOURCES SUBSCRIBE STAY INFORMED. STAY SAFE. A COOPERATIVE RESOURCE TO KEEP COMMUNITY BANKS AND FINANCIAL INSTITUTIONS AT THE FOREFRONT OF CYBERSECURITY LEARN MORE WATCH LATEST NEWS WHAT IS KMBS? KeepMyBankSecure.com is a cooperatively produced and underwritten resource for North American independent banks and financial institutions to learn and stay informed of the latest in cybersecurity planning and strategy. Our initiative was founded in 2021 by CalTech with the cooperation and assistance of Texas state banking authorities, state banking associations, and community bank leaders. With the increasing number of recent threats against and attacks on U.S. institutions by malicious actors, we believe it is important for regulated industries such as banking to make cybersecurity a top priority. Now more than ever, cybersecurity should not just be a part of annual planning, but a part of the overall financial institution business model. ENGAGE We aim to further raise awareness and discussions around cybersecurity as a means to decrease the vulnerabilities of financial institutions. As threats increase, so too must our awareness. INFORM Knowledge is power. The more banks and their people know about cyber threats and how threat actors go about exploiting our institutions, the better equipped we can all be at preventing attacks. INSTILL Bank and financial institution cybersecurity is no longer a line item, but a mindset. We seek to help banks protect against threats by encouraging leaders to make it a part of their business models. MORE THE LATEST CYBERSECURITY AWARENESS MAKES ALL THE DIFFERENCE Tuesday, September 27, 2022 Cybersecurity breaches continue to grow across all industries worldwide; however, the financial sector is particularly vulnerable – up to 300 times more so, according to studies.* In response to the popularity of electronic banking, financial organizations continue to develop more web portals and mobile apps. While these digital platforms increase convenience for customers, they also expand the number of potential targets, entry points, and security risks. To counteract this growing threat, companies must make cybersecurity a priority across the board. That requires a holistic and balanced approach that, in addition to implementing technology tools, proactively invests in employee awareness and training. Why Employee Awareness Matters While technical solutions are important, the one unifying risk factor that must be addressed to improve security is the role of human error. It is the biggest threat to cybersecurity and the driving force behind an overwhelming majority of problems. According to a study by IBM, human error is a major contributing cause in 95 percent of all cybersecurity breaches, and these types of breaches cost an average of $3.33 million. Whether by unintentional actions (or lack of action), people frequently cause, spread, or allow a security breach to take place. They put data and systems at risk by falling victim in one of these most common ways. * are tricked into providing sensitive details * don’t properly protect their passwords * use weak credentials * click on malicious links * open suspicious email attachments. The general lack of awareness and a corporate culture that fails to stress security are often to blame. Fortunately, these are things that can be addressed by your organization to give employees the knowledge and skills they need to keep themselves and the business secure. Building a Security-Focused Culture When we hear the word “training,” most of us think about a single event focused on a certain group about a specific topic. However, when it comes to cybersecurity training, there needs to be ongoing education about existing and emerging threats. And it must involve all employees. Make It Everyone’s Responsibility From the C-suite to the college intern, every employee needs to be on board, understanding and embracing the company’s cybersecurity efforts. What was once the IT department’s sole responsibility is now a company-wide concern. And each department has a unique set of needs, as well as a specific role to play. Communicate the Threats While every organization’s threat landscape is slightly different, there are common threats predicted to continue for banks and financial institutions. These include ransomware, ongoing risks from remote work, cloud-based cyberattacks, supply chain attacks, and social engineering. “Knowledge is power,” as the saying goes, and the more employees know about these increasingly sophisticated tactics, the better prepared they are to recognize and avoid the risks. Regular communication that keeps them current on the latest threats is essential. Encourage questions, initiate discussions, and foster a sense of ownership. Keep It Going Cyber awareness is not a project to be finished or a “box” to be checked off. Just as cyberattacks continue to evolve, so must your organization’s security posture and your employee awareness efforts. Revisit your approach frequently and make adjustments based on changes in your environment. With expert assistance from IT professionals, continue to seek improvement in your processes and policies. Consistently working with employees about information security will make them vigilant and equipped to successfully take on cyberattack attempts. Your people can be one of your best defenses against cyber threats. *source: Boston Consulting Group, 2019 ANATOMY OF A CYBER ATTACK Can this really happen? Yes. It already does. Find out how. EXPERT ADVICE Recorded in late-2021, we invited Executive Chairman, Trey Maust, of Lewis & Clark Bank of Portland, Oregon and Phillip Hinkle, Director of IT Security Examinations for the Texas Department of Banking, to sit down and talk about a range of topics related to cybersecurity. Specifically, the two focused on issues impacting community banks and financial institutions. Learn more about these topics below, as we progressively release the videos through 2022. CYBERSECURITY STRATEGY What are some of the best practices in planning your financial institution’s strategy for cybersecurity? RANSOMWARE SELF-ASSESSMENT There’s a tool available for any bank or financial institution to assess their preparedness for a cyber attack — the Ransomware Self-assessment Tool. CYBERSECURITY MANAGEMENT Do you handle cybersecurity on your own, or bring in outside experts? Let’s talk Cybersecurity Management. CIS CONTROLS & FFIEC CAT This segment covers CIS Controls and the FFIEC CAT — two important standards in staying atop your institution’s cybersecurity practices and planning. VENDOR MANAGEMENT IN IT Banks face challenges working with a vendor or internal party that does not have a focus on banking. Spend time understanding the topics unique to the banking industry’s needs. 3RD PARTY FIRMS RISK MANAGEMENT ASSESSMENT Partnering with a critical vendor is a big step for companies looking to outsource a particular practice or expertise. Before signing on, conduct your risk management or risk assessment analysis to ensure the vendor is the appropriate one for you. MOCK FFIEC EXAMS Mock FFIEC Exams too often focus on compliance rather than on securing your bank. This is a mistake. Phillip Hinkle shares his take on the subject with Trey Maust. GRAMM-LEACH-BLILEY ACT PINPOINTING RISK AREAS Universal standards that cover a multitude of industries do not always include bank-specific elements, such as the Gramm-Leach-Bliley Act. When looking at your bank’s unique security elements, you must ensure that a focus on regulation is not forgotten. MANAGEMENT AND BOARD EDUCATION ON CYBERSECURITY Board management and education on cybersecurity is a road one shouldn’t take alone. Lean on trade associations, experts, and make a commitment to knowing this is a skill set you need to develop to stay ahead of new threats. PSA BOARD CYBERSECURITY It’s vital that you and your board stay plugged in with outside resources, trade associations, peers, and information-sharing networks to build an understanding of the fundamentals of cybersecurity. -------------------------------------------------------------------------------- CYBERSECURITY Q&A A PRIMER FOR BANKS AND FINANCIAL INSTITUTIONS HOW DO WE PREVENT CYBER ATTACKS? There are many tactics that are available to prevent and thwart cyber attacks, but a multi-layered (i.e. multi-factor authentication) approach alongside end-user education is probably the simplest and most critical. IS MY BANK VULNERABLE? There is always a chance that your bank infrastructure is vulnerable. However, the best way to know for sure is to find and engage a qualified IT services provider to perform an audit and assessment of your infrastructure and protocols for cybersecurity. Only then will you know your degree of vulnerability and the best steps your financial institution can take to lessen your risk. WHERE DO THESE ATTACKS COME FROM? The short answer is, from all over the world. However, as has been recently reported by the U.S. government and intelligence community, we’re seeing an increasing number come from Russia, Eastern Europe, and China. HOW FAST DO THESE ATTACKS OCCUR? Cyber-attacks can start with the single click of a button but can take weeks to fully infect a network and steal data before locking you out of access data. WHAT ABOUT MY REMOTE EMPLOYEES? Remote access can always be a weak point for security. However, you don’t have to limit your remote employees and their productivity to be able to protect them. Education, software, hardware, and protocols can all be enacted to ensure better cybersecurity, even for remote employees. DO RANSOMS ALWAYS HAVE TO BE PAID? Depending on the scale, source, and sophistication of the attack and your backup and recovery systems in place at the time of the attack, not necessarily. With the right systems in place, even partially successful attacks and data lockouts can be circumvented. HOW DO HACKERS GET INTO A SERVER? Hackers typically gain access via less obvious means first, like a mobile device or a workstation. Email is an easy and popular place for them to gain access since much information is shared between and amongst employees via email. From there, hackers will typically dig around until they find the servers and the credentials necessary to access them. This is why it is good practice to use separate administrative accounts from your email account(s). HOW DO WE KNOW A HACKER IS SERIOUS? You will know a hacker is serious by the amount of evidence of the infiltration of your IT infrastructure. For example, if the hacker has encrypted your data and locked you out, then you can assume they are serious. Another sign of the seriousness of an attack is the hacker’s choice of communication. A serious hacker will usually insist on a sophisticated and non-traceable means of communication. HOW DO WE TRAIN EMPLOYEES FOR THIS? Monthly end-user training combined with quarterly testing by a qualified IT security provider is a great place to start in order to introduce and educate employees to cybersecurity best practices and protocols. CAN WE CATCH THESE CRIMINALS? Unfortunately, most of these criminals are outside of the United States. Without government and international authority intervention, options to bring them to justice are limited. The best defense is to have a proactive plan and approach to cybersecurity. WHAT OTHER KINDS OF ATTACKS ARE THERE? Other than phishing schemes, there are attacks known as brute-force attacks where the hacker simply uses trial and error to guess credentials. There are attacks that shut down websites, such as denial of service attacks, where a web server is flooded with false data requests. There is also a credential stuffing attack, where a hacker gains access to one’s password and login credentials and then proceeds to try the credentials across multiple sites and networks. This approach counts on users using the same login credentials for different networks and services. These are just a few, but there are many others. HOW DO I KNOW IF I’M A TARGET? Anyone and everyone can be a target. If you receive spam mail, you have most likely been targeted. If you have received an email that attempts to get you to click on a link by evoking an emergency or urgent situation, you have definitely been a target. Hackers count on volume and the weakest link to gain access to organizational data. This is usually through employees and staff. WHAT KINDS OF PASSWORDS NEED TO BE SET? Passphrases should be used instead of passwords. This allows a longer character count while still making it easier for the end-user to remember. And, never use easily guessed content in your passwords or passphrases (e.g. “password”, your name, sequential numerals, etc.) HOW OFTEN DO WE CHANGE PASSWORDS? You should change passwords at least every 90 days unless you have complex passphrases in place. However, even then, it’s wise to periodically change them. DOWNLOAD PDF ADDITIONAL RESOURCES TEXAS DEPARTMENT OF BANKING Center for Internet Security National Institute of Standards and Technology SECURELY SUBSCRIBE FOR NEWS AND UPDATES. Sign up with your email address to receive news and updates. Email Address Sign Up KeepMyBankSecure.com is an intra-industry cooperative public service for U.S. independent banks and financial institutions of all sizes. We will never share nor reveal your email to third parties. We will endeavor to update you as important news and content are available. Thank you! You have been added to our News & Updates KEEP MY BANK SECURE ©️ Copyright 2021-2022 KeepMyBankSecure.com. KeepMyBankSecure.com is a cooperative initiative founded by CalTech with the cooperation and assistance of Texas state banking authorities, state banking associations, and community bank leaders. It is provided as a public service to U.S. independent banks and financial institutions of all sizes. By using this website, you agree to our use of cookies. We use cookies to provide you with a great experience and to help our website run effectively. Accept