2 min read
Where Does Managing Aggregator Risk Belong?
A little over a year ago, bank regulators published new proposed guidance on managing third-party risk. One of the more controversial topics in this...
2 min read
Confessions of a Professional Worrier
A few weeks ago, in my life outside of cybersecurity, a person said to me: “You are always thinking three steps ahead of the rest of us”. I am not...
1 min read
Questions You Should Be Asking Your Internet Banking Provider
Financial institutions are required to regularly assess the authentication controls, security layers, and monitoring of Internet Banking to prepare...
2 min read
MFA Enrollment Mistakes
Most financial institutions understand the importance of Multifactor Authentication (MFA) in keeping unauthorized parties from gaining access to user...
2 min read
Is Your Risk Assessment Authentication & Access Ready?
In August, the FFIEC released new guidance titled “Authentication and Access to Financial Institution Services and Systems”. Because the guidance...
2 min read
Backups vs. Retention
We often run into situations where different staff in an institution have different understandings of the goals and operations of their backup...
2 min read
Tricky Phish Testing
Phishing remains one of the top threats to organizations today. Every user regularly receives emails designed to trick them into clicking on a link,...
2 min read
Training Your Board
Being on the board of a financial institution is not easy. Board members are expected to not only be knowledgeable about the operational and...
2 min read
Choosing a Cybersecurity Framework
It is a good practice to identify a cybersecurity framework as part of an institution’s Information Security Program. A framework helps to identify...