2 min read
Corporate Account Takeovers
I want to talk about something that’s been on my mind a lot lately: corporate account takeover (CATO). As someone who has worked in the cybersecurity...
Banks (4)
1 min read
Three Options to Implement Phish Resistant Multi-Factor Authentication
Since the pandemic and the rise of work at home, we have become very familiar with Multi-Factor Authentication (MFA). Typically, this is implemented...
1 min read
Where to start?
If you are new to managing cybersecurity for a financial institution, I’m sure you’ll have a lot of questions. More specifically, “Where do I start?”
2 min read
Should Financial Institutions have a BISO Program?
A BISO (Business Information Security Officer) is an ombudsman for business lines across an institution. This person is responsible for representing...
2 min read
The 1 Thing You Can Do to Improve Your Cybersecurity Program
Let's use our imaginations for a few minutes.
2 min read
The Risk Based Audit
We have a meeting every Monday morning to do a status update on each of the 40 financial institutions we serve as their virtual Information Security...
2 min read
Self-Assessing Authentication & Access Risk
A little over a year ago, banking regulators released the “Authentication and Access to Financial Institution Services and Systems” guidance. Since...
1 min read
Effective User Access Reviews
What exactly is a user access review? In its simplest form, this review is a process that certifies that users’ (including vendors’) access within...
3 min read
How to Change Your Virtual CISO (or how to avoid it to begin with)
There’s been an interesting trend in the virtual CISO industry over the last several months.
2 min read
Tools to Check Out in the Cybersecurity Resource Guide
Last week, we saw the Federal Financial Institutions Council (FFIEC) announce an update to its Cybersecurity Resource Guide. It was originally...