You are here

As financial institutions continue to increase their dependence on technology, it’s more necessary than ever that they are able to protect their infrastructure against the constant threat of cyberattacks. Recently the Federal Financial Institutions Examination Council (FFIEC) released statements on two of the most commonly occurring cybersecurity threats that institutions should be prepared for - compromised credentials and destructive malware.

Compromised Credentials
With stolen credentials of an institution’s employees, third-party vendors or customers, the damage hackers can cause is potentially crippling. To better protect your customers and institution, consider the following:

Customers – Make sure your institution has the necessary technical controls in place to protect your customers’ transactions, along with effective monitoring programs so you can see when a customer’s account is hacked.

Colleagues –Improve your colleagues’ understanding of why information security is important and how they can identify and respond to a security threat effectively. Provide security awareness training more than once a year, and send regular emails with security tips and reminders.      

Vendors – It’s crucial to ensure your institution has a sound vendor management program in place. The key elements of a vendor management program are: Vendor risk assessment, vendor selection due diligence, contact structuring, and ongoing vendor monitoring.

Malware is malicious software that can infiltrate an institution via means such as email attachments and USB devices. Being able to proficiently detect and eradicate a threat so business can continue as normal is critical in the fight against malware.

Typically, institutions rely heavily on up-to-date antivirus solutions, and web and email filtering utilities to detect and prevent the software from entering their network. In addition to these measures, you should review, update, and test your incident response and business continuity plans annually.

While most institutions have a nicely formatted incident response plan in place, rarely is it tested to ensure that it will effectively respond in the event of a security incident. We’re are not suggesting you introduce a virus into your network to see how quickly you can eradicate it, but you can perform table top tests and walk through the process of dealing with a security breach.

If you have any questions or would like a review of your cybersecurity preparedness or incident response measures, please contact Nick Jesi, IT Assurance Senior Consultant, at 617-933-3373 or