Finosec Official Blog

Contract Checklist

Feb 10, 2022 10:15:00 AM / by Finosec posted in Cybersecurity, Innovation, Fintech, Banking, community banking, checklist, contract

0 Comments

Contracts are typically dense, highly detailed documents that can be hard to navigate. After wading through strikingly specific legal verbiage, it can be difficult to ascertain whether or not the contracts are accomplishing everything they claim to be. As a result, financial institutions may wonder how they can feel confident in signing such a document. Systematically and thoroughly reading and reviewing the contract before agreeing to its terms are vital, but knowing how to do that well can be tough. Prior to conducting a review, you’ll need to understand the expectations of the relationship: which products/services were selected, any prerequisites or additional costs to implement, term(s) of the agreement, and the stakeholders. Conducting a contract review is vital to reduce overall risk, ensure that the provisions are correct, and provide both sides with the opportunity to fully understand what they are agreeing to before the final signing decision is made. Regulatory requirements mandate that each institution is responsible for reviewing and understanding vendor contracts and/or agreements - but that is easier said than done.

Read More

Why User Access

Jan 20, 2022 10:15:00 AM / by Finosec posted in Cybersecurity, Innovation, Banking, User Access

0 Comments

Threats to your cybersecurity and information security programs are not just external. In fact, 60% of security breaches are internal threats. The weakest component in your cybersecurity posture will always inherently be the human link.

Read More

Cyber Insurance

Jan 13, 2022 10:00:00 AM / by Finosec posted in Cybersecurity, Innovation, Cyber Attack, Banking, User Access, insurance

0 Comments

In the ever evolving landscape of cyber risk, cyber insurance is more important than ever. This is a policy that is specifically tailored to the cybersecurity and information security needs of your institution, potentially covering incidents such as ransomware, cyber extortion, data destruction, and more. To engage with insurers and take out such a policy, the broker will be asking for information around how you secure your institution, including your user access practices and how you are managing to least privilege. CEO and Founder Zach Duke spends a few minutes sharing the cautionary tale of the National Bank of Blacksburg as well as some things to consider when working to secure this type of insurance. Watch the video then read on for further discussion.

Read More

Budgeting for Cybersecurity

Dec 14, 2021 11:15:00 AM / by Finosec posted in Cybersecurity, Innovation, Banking, Budgeting

0 Comments

The FDIC requires that within a financial institution’s budget there must be a specific allocation for cybersecurity elements. That is, that there is money going toward services, programs, and coverage related to this item. More than just a requirement, though, it is important that your institution structures the budget in such a way that you can feel confident in your cybersecurity and information security abilities. Because “cybersecurity” can tend to be a rather nebulous term, sometimes getting lumped together with all things IT, Founder and CEO Zach Duke spends a few minutes discussing how to have fruitful conversations and create an effective budget around this element. Watch the video below for more information.

Read More

User Access Complexity

Nov 19, 2021 10:00:00 AM / by Finosec posted in Cybersecurity, Innovation, Ransomware, User Access

0 Comments

Earlier we discussed the frequency of user access reviews and how often they should be completed. You can read that blog here. It seems that there is a direct correlation between user access review frequency and the difficulties associated with those reviews. A highly manual process will inherently prohibit increased frequency due to increased time requirements. President and CEO Zach Duke talks about the challenges these reviews pose to you and/or your staff, and some next steps on how to make that process a little simpler. Take a couple minutes to watch the video below.

Read More

User Access Reporting Frequency

Nov 10, 2021 11:15:00 AM / by Finosec posted in Cybersecurity, Innovation, Banking, User Access

0 Comments

User access reviews can be a complex, time consuming process. Coupled with the regulatory expectations regarding these reviews and their frequency, they prove to be an arduous task that is far too often hindered by reliance on legacy systems. We believe everyone deserves a simple approach to cybersecurity, and user access reviews are no exception. President and CEO Zach Duke asks some questions regarding user access, and FINOSEC would like to hear your feedback on your experiences and opinions on this matter. Watch the video below for more information.

Read More

FINOSEC sits down with the ICBA to discuss top concerns in cybersecurity.

Nov 4, 2021 11:15:00 AM / by Finosec posted in Cybersecurity, Innovation, Banking, ICBA, community banking

0 Comments

The ever evolving landscape of cybersecurity and cyber risk presents a unique challenge. As the threats and associated risks continually change, it can be difficult to stay abreast of the latest recommendations, guidance, and best practices. FINOSEC President and CEO Zach Duke spent some time talking to Joel Williquette, Senior Vice President of Operational Risk Policy for the ICBA to discuss some practical cybersecurity tips for community banks. We have linked the entire conversation at the bottom of this post, but here are 5 of the key takeaways in considering how to identify, evaluate, and address cybersecurity risks at your institution. 

Read More

Cybersecurity Awareness Month

Oct 26, 2021 11:15:00 AM / by Finosec posted in Cybersecurity, Innovation, Cyber Attack, Banking, cybersecurity awareness month, toolkit

0 Comments

For the 18th year, October serves as Cybersecurity Awareness Month. With the evolving trends in cyber risk, the diversity of cyber attacks, and the breadth of exposure nearly everyone faces in regards to their digital footprint, it is more important than ever to be cyber smart. The CISA and the National Cyber Security Alliance have declared October a month to focus on educating everyone about their responsibility in maintaining a resilient cybersecurity posture. Below we discuss what that means for you as a financial institution, as well as share key ways you can capitalize on this educational momentum by focusing on 4 primary pillars. 

Read More

Ransomware Self Assessment Tool

Sep 28, 2021 1:00:00 PM / by Finosec posted in Cybersecurity, Innovation, Ransomware, self assessment

0 Comments

FINOSEC President and CEO Zach Duke has spent a few minutes breaking down the Ransomware Self Assessment Tool. This tool was created by the Conference of State Bank Supervisors, and was crafted to help mitigate the risks associated with Ransomware. Furthermore, it serves as an effective communication piece that demonstrates to upper level management how the institution is actively being protected against this particular risk. Watch the short video below for what this tool includes and how it could serve you.

HubSpot Video
Read More

Recent Guidance on Authentication

Sep 16, 2021 11:45:00 AM / by Finosec posted in Cybersecurity, Innovation, Banking, Authentication, Guidance

0 Comments

The FFIEC has released an update titled “Authentication and Access to Financial Institution Services and Systems.” It ​​replaces two previously released FFIEC issued pieces: "Authentication in an Internet Banking Environment" released in 2005, and the "Supplement to Authentication in an Internet Banking Environment" released in 2011. The guidance has been expanded to include employees, third party vendors, and APIs with increased expectation in regards to controls and risk management. This update is clearly focused on an understanding of the threat landscape, having a current risk assessment, ensuring layered security, and a general increase in authentication implementation. Take a few minutes to watch FINOSEC President and CEO Zach Duke unpack this information.

Read More