Community banks face a unique challenge: balancing compliance demands with limited resources. As regulators place greater emphasis on cybersecurity programs, many institutions find themselves underprepared for the level of scrutiny they now face.
First National Bank of Pulaski, a 1.4 billion dollar community bank in Tennessee, experienced this challenge firsthand. Gaps in leadership, missing documentation, and regulatory findings left the bank vulnerable and in need of expert guidance. By partnering with Bedel Security for vCISO services, the bank gained the knowledge, structure, and the oversight needed to transform its information security environment into a well-organized and risk-focused program.
Before partnering with Bedel Security, First National Bank of Pulaski faced increased regulatory scrutiny as it lacked a qualified Information Security Officer on staff. When asked about their information security program, Mike Counts, Network Administrator, said:
“It was weak. The person holding the ISO title lacked the knowledge to meet the expectations for the position.”
The OCC magnified these issues by highlighting deficiencies in the risk assessment process and the lack of adequate documentation.
IMPLEMENTATION
Onboarding with Bedel Security proved to be a smooth transition.
“Super easy,” Counts said, “No issues there, you guys did a really good job at explaining the different modules available.”
One of the first major changes was establishing a true steering committee. While the bank already had an IT committee, Bedel helped formalize the process and ensure that reports and minutes flowed to the board.
“The board is more informed about vulnerabilities, risks, etc.,” Counts explained.
Early impressions of the partnership left him confident. “First off, I knew you guys knew what you were doing, especially compared to what we were seeing internally.
PROGRAM DEVELOPMENT
The pace of progress was quick, but manageable for the small IT team. “It took away time from our duties, but the time was very well scheduled,” Counts noted.
Two modules, in particular, stood out for their impact: the Risk Assessment and Third-Party Management.
Risk Assessment
“I didn’t feel like we had a very good risk assessment, we have a much better one now.”
Third-Party Management
“What Bedel is doing with the vendor information now is something we weren’t doing. We just had a Word document with vendors on it and did an annual review every year. We didn’t go into the detail that you guys go through to have a true vendor management program.”
RESULTS
Today, First National Bank of Pulaski’s information security program is unrecognizable compared to where it began.
“It’s night and day,” Counts said. “I think we were in the infant stages in our program, and we’ve moved that needle a long way to having a complete program, especially from a regulatory standpoint.”
The bank has also gained something far more valuable than documents and processes; they gained true expertise.
“We gained somebody with the knowledge of what a true IS program should be.”
ADVICE FOR OTHER BANKS
When asked what he would tell another institution considering Bedel Security, Counts didn’t hesitate:
“They probably don’t know what level their program is. They might think they have a very comprehensive program, but once they start working with Bedel Security they will realize they don’t, and what they have been missing.”
With regulators now peeling back more layers and diving deeper than ever before, First National Bank of Pulaski has confidence in its program, Bedel Security, and its future.
Cade Williams
Business Development Associate
Bedel Security®
Cwilliams@bedelsecurity.com
Schedule some time to chat with Cade here.