Pub. 9 2020 Issue 1

© Copyright 2019 CalTech. All rights reserved. 3. WEAK PASSWORD REQUIREMENTS The Problem: Even if a password policy is in place, it can be weak. For example, “Password1!” fits all the requirements of a common password policy. Such a lack of password complexity leaves your network vulnerable. The Solution: Follow industry best practices and regulatory recommendations when setting up or updating your password policy. Even better – move to passphrases. They are longer, easier to remember, and with proper setup, more secure than standard passwords. Lastly, add two-factor or multi-factor authentication to improve security. 4. LACK OF A WELL-DEFINED INCIDENT RESPONSE PLAN The Problem: Do you know what to do in the case of a compromise? What about during a natural disaster? If not, your institution is vulnerable breach or data loss. The Solution: Devise and adopt a well-conceived and regularly practiced incident response plan. Be sure to define roles and responsibilities, have a business continuity plan, communicate your response and recovery processes, and note your communication procedures for internal and external groups. 5. OVERLOADING YOUR DECISION MAKERS The Problem: Your board members have a lot on their plate. The last thing they need is another 1000-page report about how your Information Security Program is doing. Un-distilled and un- actionable reporting is nearly as bad as not at all reporting the state of your information security program. The Solution: Have a distilled and actionable reporting system; one that helps your bank’s leadership understand and make informed business decisions. Questions? Let’s Chat. We’re here to help. No question is too small. Schedule a quick 15-minute call with Brad Giddens, our Customer Outreach Specialist. Of course, because working with banks and FI’s is our specialty, CalTech has designed a CyberDefense Program — a comprehensive managed security service product designed with community banks in mind. Brad can provide you with answers to your questions and get you connected with one of our Cybersecurity experts. SCHEDULE A CALL