Recently, the New York Department of Financial Services (“DFS”) released a proposed update to its 2017 “Cybersecurity Requirements for Financial Services Companies" law (also known as “23 NYCRR...
Brian Petzold
Recent Posts
Self-Assessing Authentication & Access Risk
by Brian Petzold | Nov 4, 2022
A little over a year ago, banking regulators released the “Authentication and Access to Financial Institution Services and Systems” guidance. Since that time, Bedel Security has been taking the...
What Is A Strong Password in 2022?
by Brian Petzold | Sep 2, 2022
“How long should a password be?” “Should passwords even be used any longer?” These are questions that organizations have been grappling with as we enter the end of 2022. Each day, we are seeing...
Where Does Managing Aggregator Risk Belong?
by Brian Petzold | Aug 5, 2022
A little over a year ago, bank regulators published new proposed guidance on managing third-party risk. One of the more controversial topics in this guidance is whether a data aggregator needs to be...
Confessions of a Professional Worrier
by Brian Petzold | Jul 8, 2022
A few weeks ago, in my life outside of cybersecurity, a person said to me: “You are always thinking three steps ahead of the rest of us”. I am not sure if it was meant as a compliment or not. I...
Questions You Should Be Asking Your Internet Banking Provider
by Brian Petzold | Apr 21, 2022
Financial institutions are required to regularly assess the authentication controls, security layers, and monitoring of Internet Banking to prepare for current threats and comply with FFIEC guidance.
MFA Enrollment Mistakes
by Brian Petzold | Apr 8, 2022
Most financial institutions understand the importance of Multifactor Authentication (MFA) in keeping unauthorized parties from gaining access to user accounts. The volume of phishing attacks...
Is Your Risk Assessment Authentication & Access Ready?
by Brian Petzold | Jan 21, 2022
In August, the FFIEC released new guidance titled “Authentication and Access to Financial Institution Services and Systems”. Because the guidance replaces the previous “Authentication in an Internet...
Backups vs. Retention
by Brian Petzold | Nov 19, 2021
We often run into situations where different staff in an institution have different understandings of the goals and operations of their backup system. The IT department tends to think of backups as...
Tricky Phish Testing
by Brian Petzold | Oct 29, 2021
Phishing remains one of the top threats to organizations today. Every user regularly receives emails designed to trick them into clicking on a link, opening an attachment, or providing credentials...