Being on the board of a financial institution is not easy. Board members are expected to not only be knowledgeable about the operational and financial workings of the institution but also to...

It is a good practice to identify a cybersecurity framework as part of an institution’s Information Security Program. A framework helps to identify gaps that might exist and leave the institution...

Multifactor Authentication (MFA) is one of the most important controls to block account takeover fraud. There are many different forms of MFA available, and many banks support more than one method...

Today I am writing to those who wish to sell their products or services to a financial institution. If you work at a financial institution, feel free to pass this on to any prospective vendors to...

You started with an Information Security Policy that covered the basics. Then one day an auditor walked in and asked to see your Data Destruction Policy, so you wrote one. In the next exam,...

Most of our IT infrastructures were built to trust. From the time users sign on in the morning until they log off at the end of the day, the network trusts them as well as the computer that they are...

Over the years, I have become wary of the term “best practice” when it is applied to technology and cybersecurity. The term “best practice” is supposed to mean that what is being described aligns...

Networks rely on encryption to ensure that data is kept private and cannot be changed while at rest or in transit. In most cases this encryption utilizes certificates, and these certificates in turn...

The worst fears of security experts became a reality recently when threat actors maliciously hid malware inside legitimate updates of SolarWinds network monitoring software. When the malware...

When the Gramm-Leach-Bliley Act was implemented, each regulatory agency adopted a set of interagency guidelines and regulations required for compliance with the provisions of the Act. Within each of...