Don’t be Spooked by Cybersecurity: How to Take a Proactive Approach
Data breaches, cybercrimes, compliance – oh my! It’s a lot think about and manage, but there’s no need to get spooked by these looming priorities. October is Cybersecurity Awareness Month, and regardless of the prioritized objectives within your institution, a successful and secure future is all about key partnerships, collaboration, and education. Harness your resources to create a united front!
As the financial sector continues to advance technologically, the masked actors are keeping pace. Metaphorically speaking, like a who wore it best costume contest, financial institutions are being tasked with new requirements and contending with ever-evolving technology.
For example, specific to cyber reporting, these requirements (PDF download) by the OCC, Federal Reserve, and FDIC include timing in which a “notification incident” arises in relation to communicating to “each affected banking organization customer.”
- Comply by notifying their case manager of an incident.
- Comply by notifying any member of an FDIC examination team if the event occurs during an examination.
- If a bank is unable to access its supervisory team contacts, the bank may notify the FDIC by email at firstname.lastname@example.org.
Further, the NCUA Board approved a proposed rule that would require a federally insured credit union (FICU) to notify the NCUA as soon as possible, but no later than 72 hours after they reasonably believe that a reportable cyber incident has occurred.
|“The NCUA Board also approved a threshold for determining the appropriate supervisory office: Effective January 1, 2023, credit unions with assets between $10 billion and $15 billion will be supervised by their appropriate Regional Office. All credit unions above $10 billion in assets currently supervised by ONES will continue to be supervised by that office under the final rule. Credit unions that cross the $15 billion threshold will by supervised by ONES. The proposed rule does not alter any other regulatory requirements for credit unions covered under these regulations.”|
Access NCUA’s useful and actionable Cybersecurity Resources HERE.
In addition to changes in reporting requirements such as the ones outlined above, financial institutions also have new cyber liability insurance renewal requirements as well.
As noted in our recent Risk Alert: An uptick in data breach liability litigation, large payouts for ransomware attacks, and other cybercrimes have impacted the cyber insurance industry. As a result, there are stricter cyber insurance underwriting requirements and increased enforcement of data privacy laws. The tenacious upsurge in attacks has caused cybersecurity to remain a top priority for the NCUA as evidenced by its prominent appearance in their Supervisory Priorities.
Cyber liability protection policies also help cover the costs associated with a potential data breach, while helping your financial institution bounce back from an attack. There’s no time to wait, this is the eleventh hour. Cybercrimes put your institution and the financial wellbeing of your customers at risk. Financial institutions need to implement insurance requirements and effective controls. These include:
- Encrypted air-gapped/cloud-based backups
- Multi-factor authentication (MFA) on:
- Air-gapped/cloud-based backups
- Remote network access
- Remote email access
- Admin/privileged user accounts
- Endpoint detection and response (EDR) solution in place
- Email filtering
- Encryption on data at rest
- Phishing/social engineering training for employees
- Updating devices to latest version to mitigate log4j vulnerabilities
Learn more from our Bond Case Study
No product or service acquired is complete without proper expert training and education.
ID theft protection and data breach protection are often services that are excellent companions to cyber liability insurance. The Cybersecurity & Infrastructure Security Agency has themed this year’s Cybersecurity Awareness Month Campaign as “See Yourself in Cyber.” The campaign represents a focus on people of cybersecurity and offers educational resources. Threats are tricky to predict and it’s no treat to go it alone. But with the right resources and understanding, you can take a proactive approach to protecting your financial institution and the security and privacy of those you connect with every single day.
Stay up to date with our Fraud & Security e-newsletter and Risk Alerts.
About Allied Solutions
Allied Solutions, LLC is one of the largest providers of insurance, lending, and marketing products to financial institutions in the US. Allied Solutions uses technology-based products and services customized to meet the needs of over 4,000 banks and credit unions, along with a portfolio of innovative products and services from a wide variety of providers. Allied Solutions maintains several offices strategically located across the country and is a subsidiary of Securian Financial Group, Inc.
Content in the blog posts are the opinion and views of the writer, and don't necessarily reflect the opinions or views of Allied Solutions.