Recently, the New York Department of Financial Services (“DFS”) released a proposed update to its 2017 “Cybersecurity Requirements for Financial Services Companies" law (also known as “23 NYCRR...

A little over a year ago, banking regulators released the “Authentication and Access to Financial Institution Services and Systems” guidance. Since that time, Bedel Security has been taking the...

“How long should a password be?” “Should passwords even be used any longer?” These are questions that organizations have been grappling with as we enter the end of 2022. Each day, we are seeing...

A little over a year ago, bank regulators published new proposed guidance on managing third-party risk. One of the more controversial topics in this guidance is whether a data aggregator needs to be...

A few weeks ago, in my life outside of cybersecurity, a person said to me: “You are always thinking three steps ahead of the rest of us”. I am not sure if it was meant as a compliment or not. I...

Financial institutions are required to regularly assess the authentication controls, security layers, and monitoring of Internet Banking to prepare for current threats and comply with FFIEC guidance.

Most financial institutions understand the importance of Multifactor Authentication (MFA) in keeping unauthorized parties from gaining access to user accounts. The volume of phishing attacks...

In August, the FFIEC released new guidance titled “Authentication and Access to Financial Institution Services and Systems”. Because the guidance replaces the previous “Authentication in an Internet...

We often run into situations where different staff in an institution have different understandings of the goals and operations of their backup system. The IT department tends to think of backups as...

Phishing remains one of the top threats to organizations today. Every user regularly receives emails designed to trick them into clicking on a link, opening an attachment, or providing credentials...