October is cybersecurity month – which is akin to the ‘time change’ reminder to check your smoke detector batteries – only this reminds us that it’s time for businesses (and home offices) to assess their systems, data, public information, and procedures and ensure protection from the brutal national cybercrime statistics. A failure to do so can result in devastating losses.
KCoe’s IT consultants break down the top five ways that banks should be taking action to detect and deter cybercriminal activities.
- Educate and test your employees. Social engineering education and awareness are crucial.
Banks need to educate their employees OFTEN, so they retain the information and put the education to use. KCoe’s IT consultants test the employees of our clients in a variety of ways. During one test, I identified myself as the company’s managed service provider and told them there was some unusual activity on their desktop. I informed them that I needed to send them a remote access link and would then attach and clear the issue up. Within minutes I had access. They failed the test!
- Understand and control and reduce your attack surface.
The attack surface is the entire area of an organization or system that is at risk of hacking. It’s all the points an unauthorized person could use to enter the system. Many of the entry points are found in vulnerable web components, expired certificates, and unsecured devices. Because of the change in the work from home atmosphere and the internet of things attack surfaces have expanded. Read more about identifying cyberattack vulnerabilities here.
- Cyber hygiene – once you have identified your attack surface you will want to keep it protected.
This can look like installing reputable antivirus and malware prevention software, patching, operating on the most recent version, consistent backups, testing, operating on a network, and using firewalls. These steps are preventative like washing your hands or locking your door when you leave. For more information, read our blog Cyber Hygiene: 4 Simple Ways to Protect Your Organization.
- Zero trust –identify risks, have controls, and audit those controls.
Identify your company’s largest risks and create a risk assessment. Then create a testing plan around the mitigating controls for those items. We recommend that every business takes the time to test your IT infrastructure, and your level of IT resiliency.
- Make cybersecurity a top priority.
Everyone is responsible for cybersecurity, even if you think you don’t understand IT stuff. Normally, when organizations discuss cybersecurity, all heads turn to IT for management of this issue. But cybersecurity programs are no longer the sole responsibility of IT departments. To assess and ensure the strength of a bank’s cybersecurity program, we recommend that management takes a key role in making sure they have answers to each of these questions.
Contact a KCoe advisor to perform a thorough IT evaluation of your business, or create strategies to mitigate cybersecurity risks and ensure resiliency.