Pub. 10 2021 Issue 6 29 your financial institution, and your employees should have to verify their identity before accessing the company network from a different location. Track Incidents One of the best ways we learn is from previous incidents that have occurred. Whether it’s a phishing attempt, fraud from a customer, or ransomware, each incident should be tracked and analyzed thoroughly. Documenting the occurrence of incidents ensures you are prepared to handle that situation when it arises in the future. Schedule Regular Exercises / Tests Testing your institution’s response to downtime, closures, or inability to access information can be critical for when those situations occur in real life. Are your employees prepared for how to continue critical operations if there’s a network outage, or if they cannot report to their normal job site? Documenting these procedures in a business continuity plan is a start, but executing those procedures helps you identify gaps and areas that need improvement. If You’re Unsure, Verify Authenticity Suspicious emails are still a common problem for many businesses. These phishing emails are dangerous to the well-being of your institution and the safety of customer information. If you receive an email from someone you do not know, or a strange email that you were not expecting, take the necessary steps to verify the legitimacy of the email. As you verify the legitimacy, do not click any links or open attachments that may be included in the email. Schedule Annual Security Awareness Training Improperly trained employees pose a large security risk to your institution. Even employees with low-level access to secure information should be trained to understand the importance of keeping information secure, and how to easily detect and report problems. Everyone at your institution plays a role in keeping customer and internal information secure, and creating an environment where risks can be taught, discussed, and used for educational purposes is vital. At least once a year, enroll all employees in security awareness training. As part of the security awareness training, conduct simulated phishing tests. If certain employees continuously fail your simulated phishing tests, take that as indication that additional security awareness training is needed. What are my Next Steps? As you check in on your security routine, remember that you can always refer to guidance for additional tools and verification. One of the best new references from the FFIEC is the “Authentication and Access to Financial Institution Services and Systems” guidance, published in August 2021. This guidance focuses on practices you can implement at your institution to keep your customers, employees, and third-party service providers secure in your banking environment. Review this guidance and determine how your institution can improve security practices here: https://www.ffiec.gov/press/pr081121.htm Checking in on your security routine not only benefits your own knowledge and skills, but it benefits the overall well-being and security of your information, so your institution can continue to thrive and provide exceptional service. Samantha Torrez has been working in the customer and IT service industry for almost 10 years. She has been with the Tandem Suppor t Team for f ive years, building relationships with customers every day as they use the Tandem sof tware. Samantha thrives on instilling comprehensive training for her teammates and customers and f inding the best solution to each problem she encounters. She has spoken at several conferences and published several blog posts over her knowledge of vendor management , business continuity planning, and more. Test ing your inst i tut ion’s response to downt ime, closures, or inabi l i t y to access informat ion can be cri t ical for when those si tuat ions occur in real l i fe.
RkJQdWJsaXNoZXIy ODQxMjUw