Independent Banker - February 2020 - 27
Next: Why leaders should be in the trenches
measure the plan's effectiveness. Accountability for the
development and maintenance of risk management policies
and controls should also be built into the program.
To carry out the data security plan effectively, a community
bank should ensure it has the appropriate security
expertise. Keeping up with encryption technologies and
processes may require skills to perform intrusion detection,
firewall development or penetration testing and the like,
which may not be organic to bank staff. Most bank employees
are not versed in security and encryption technologies
and practices. With the proper controls, outsourcing could
provide a cost-effective way to attain special skill sets.
A robust data protection program delivers results
across the board. What should the program include?
First, ensure compliance with the Interagency Guidelines
Establishing Standards for Safeguarding Customer Information
under the Gramm-Leach-Bliley Act of 1999. While
allowing for differences in the nature of a community bank's
operations, the guidelines present a series of questions
designed for examinations that can guide a bank's own evaluation
of its information security program.
The guidelines emphasize the need for a written information
security program or policy that has been approved by a
bank's board or an appropriate committee of the board. The
written program must be appropriate for the size and complexity
of the bank and its operations, and it should contain
the objectives of the program, assign responsibility for
implementation and provide methods for compliance and
enforcement. All aspects of the program should appropriately
cover vendor management and third-party oversight
as they relate to customer information and data security.
A community bank should conduct periodic testing and
monitoring of all data security controls. It should correct or
modify the program to reflect issues that are identified, and
it should update the program for changes in its operations
and systems. The bank should conduct a periodic risk evaluation
and risk assessment to identify and address changes in
the threats or risks to its customer information.
Establishing an incident response program that is communicated
widely to community bank employees and
third-party vendors is critical. This communication should
include specific actions required if or when a bank or
its vendor suspects or detects that unauthorized parties
have gained access to customer information systems. The
response program should include appropriate reports to
regulatory and law enforcement agencies and should reflect
the Federal Trade Commission (FTC) Safeguards Rule, other
federal requirements for responses to customer information
and customer notice, and any state-specific requirements.
2
Beyond the regulatory
requirements, staying ahead
of the hackers is key to a
community bank's reputation.
Daily practice equals successful outcomes. Once
a data security policy and comprehensive security program
are in place, a community bank should make sure
everyone in the organization understands them and adheres
to them.
In 2019, the National Cyber Security Alliance published
the 10 most common cybersecurity misconceptions for
small- and medium-sized organizations-and they're rather
surprising. They include the belief that the value of data is
low, that outsourcing protects the institution and that bad
actors are limited to those outside the organization. Needless
to say, these are untrue.
Community banks should train widely, make customer
privacy everyone's job and make privacy a discussion, not
just a form of mandated disclosure. This could include
questionable emails, appropriate use of electronic correspondence
with customers and employees' use of outside
computers and other equipment. Be sure to implement
practices that err on the side of prudence, such as:
Q Practice a need-to-know methodology even among
departments and groups within the bank
Q Limit access to those with a genuine business-purpose
need to limit hackers' opportunities. Reasonable access to
consumer data should be provided in proportion to the
sensitivity of the data and the nature of its use
Q Protect what the bank collects to limit exposure, and take
steps to ensure the accuracy of all data
Q Destroy unneeded or outdated data when possible. Follow
established rules for retention of bank records
Cybercrimes, such as intrusion and phishing, continue to
flourish. Beyond the regulatory requirements, staying ahead
of the hackers is key to a community bank's reputation, its
capacity to provide products and services to its customers,
and its ability to prevent customer data from being vulnerable
to fraud.
Mary Thorson Wright, a former Federal Reserve examiner, is a
writer in Virginia.
independentbanker.org Q 27
3
http://www.independentbanker.org
Independent Banker - February 2020
Table of Contents for the Digital Edition of Independent Banker - February 2020
Table of Contents
Independent Banker - February 2020 - Intro
Independent Banker - February 2020 - Cover1
Independent Banker - February 2020 - Cover2
Independent Banker - February 2020 - Table of Contents
Independent Banker - February 2020 - 2
Independent Banker - February 2020 - 3
Independent Banker - February 2020 - 4
Independent Banker - February 2020 - 5
Independent Banker - February 2020 - 6
Independent Banker - February 2020 - 7
Independent Banker - February 2020 - 8
Independent Banker - February 2020 - 9
Independent Banker - February 2020 - 10
Independent Banker - February 2020 - 11
Independent Banker - February 2020 - 12
Independent Banker - February 2020 - 13
Independent Banker - February 2020 - 14
Independent Banker - February 2020 - 15
Independent Banker - February 2020 - 16
Independent Banker - February 2020 - 17
Independent Banker - February 2020 - 18
Independent Banker - February 2020 - 19
Independent Banker - February 2020 - 20
Independent Banker - February 2020 - 21
Independent Banker - February 2020 - 22
Independent Banker - February 2020 - 23
Independent Banker - February 2020 - 24
Independent Banker - February 2020 - 25
Independent Banker - February 2020 - 26
Independent Banker - February 2020 - 27
Independent Banker - February 2020 - 28
Independent Banker - February 2020 - 29
Independent Banker - February 2020 - 30
Independent Banker - February 2020 - 31
Independent Banker - February 2020 - 32
Independent Banker - February 2020 - 33
Independent Banker - February 2020 - 34
Independent Banker - February 2020 - 35
Independent Banker - February 2020 - 36
Independent Banker - February 2020 - 37
Independent Banker - February 2020 - 38
Independent Banker - February 2020 - 39
Independent Banker - February 2020 - 40
Independent Banker - February 2020 - 41
Independent Banker - February 2020 - 42
Independent Banker - February 2020 - 43
Independent Banker - February 2020 - 44
Independent Banker - February 2020 - 45
Independent Banker - February 2020 - 46
Independent Banker - February 2020 - 47
Independent Banker - February 2020 - 48
Independent Banker - February 2020 - 49
Independent Banker - February 2020 - 50
Independent Banker - February 2020 - 51
Independent Banker - February 2020 - 52
Independent Banker - February 2020 - 53
Independent Banker - February 2020 - 54
Independent Banker - February 2020 - 55
Independent Banker - February 2020 - 56
Independent Banker - February 2020 - 57
Independent Banker - February 2020 - 58
Independent Banker - February 2020 - 59
Independent Banker - February 2020 - 60
Independent Banker - February 2020 - 61
Independent Banker - February 2020 - 62
Independent Banker - February 2020 - 63
Independent Banker - February 2020 - 64
Independent Banker - February 2020 - 65
Independent Banker - February 2020 - 66
Independent Banker - February 2020 - 67
Independent Banker - February 2020 - 68
Independent Banker - February 2020 - 69
Independent Banker - February 2020 - 70
Independent Banker - February 2020 - 71
Independent Banker - February 2020 - 72
Independent Banker - February 2020 - 73
Independent Banker - February 2020 - 74
Independent Banker - February 2020 - 75
Independent Banker - February 2020 - 76
Independent Banker - February 2020 - 77
Independent Banker - February 2020 - 78
Independent Banker - February 2020 - 79
Independent Banker - February 2020 - 80
Independent Banker - February 2020 - Cover3
Independent Banker - February 2020 - Cover4
https://www.nxtbook.com/mspc/independentbanker/october2024
https://www.nxtbook.com/mspc/independentbanker/september2024
https://www.nxtbook.com/mspc/independentbanker/august2024
https://www.nxtbook.com/mspc/independentbanker/july2024
https://www.nxtbook.com/mspc/independentbanker/june2024
https://www.nxtbook.com/mspc/independentbanker/may2024
https://www.nxtbook.com/mspc/independentbanker/april2024
https://www.nxtbook.com/mspc/independentbanker/march2024
https://www.nxtbook.com/mspc/independentbanker/february2024
https://www.nxtbook.com/mspc/independentbanker/january2024
https://www.nxtbook.com/mspc/independentbanker/december2023
https://www.nxtbook.com/mspc/independentbanker/november2023
https://www.nxtbook.com/mspc/independentbanker/october2023
https://www.nxtbook.com/mspc/independentbanker/september2023
https://www.nxtbook.com/mspc/independentbanker/august2023
https://www.nxtbook.com/mspc/independentbanker/july2023
https://www.nxtbook.com/mspc/independentbanker/june2023
https://www.nxtbook.com/mspc/independentbanker/may2023
https://www.nxtbook.com/mspc/independentbanker/april2023
https://www.nxtbook.com/mspc/independentbanker/march2023
https://www.nxtbook.com/mspc/independentbanker/february2023
https://www.nxtbook.com/mspc/independentbanker/january2023
https://www.nxtbook.com/mspc/independentbanker/december2022
https://www.nxtbook.com/mspc/independentbanker/november2022
https://www.nxtbook.com/mspc/independentbanker/october2022
https://www.nxtbook.com/mspc/independentbanker/september2022
https://www.nxtbook.com/mspc/independentbanker/august2022
https://www.nxtbook.com/mspc/independentbanker/july2022
https://www.nxtbook.com/mspc/independentbanker/june2022
https://www.nxtbook.com/mspc/independentbanker/may2022
https://www.nxtbook.com/mspc/independentbanker/april2022
https://www.nxtbook.com/mspc/independentbanker/march2022
https://www.nxtbook.com/mspc/independentbanker/february2022
https://www.nxtbook.com/mspc/independentbanker/january2022
https://www.nxtbook.com/mspc/independentbanker/december2021
https://www.nxtbook.com/mspc/independentbanker/november2021
https://www.nxtbook.com/mspc/independentbanker/october2021
https://www.nxtbook.com/mspc/independentbanker/september2021
https://www.nxtbook.com/mspc/independentbanker/august2021
https://www.nxtbook.com/mspc/independentbanker/july2021
https://www.nxtbook.com/mspc/independentbanker/june2021
https://www.nxtbook.com/mspc/independentbanker/may2021
https://www.nxtbook.com/mspc/independentbanker/april2021
https://www.nxtbook.com/mspc/independentbanker/march2021
https://www.nxtbook.com/mspc/independentbanker/february2021
https://www.nxtbook.com/mspc/independentbanker/january2021
https://www.nxtbook.com/mspc/independentbanker/december2020
https://www.nxtbook.com/mspc/independentbanker/november2020
https://www.nxtbook.com/mspc/independentbanker/october2020
https://www.nxtbook.com/mspc/independentbanker/september2020
https://www.nxtbook.com/mspc/independentbanker/august2020
https://www.nxtbook.com/mspc/independentbanker/july2020
https://www.nxtbook.com/mspc/independentbanker/june2020
https://www.nxtbook.com/mspc/independentbanker/may2020
https://www.nxtbook.com/mspc/independentbanker/april2020
https://www.nxtbook.com/mspc/independentbanker/march2020
https://www.nxtbook.com/mspc/independentbanker/february2020
https://www.nxtbook.com/mspc/independentbanker/january2020
https://www.nxtbook.com/mspc/independentbanker/december2019
https://www.nxtbook.com/mspc/independentbanker/november2019
https://www.nxtbook.com/mspc/independentbanker/october2019
https://www.nxtbook.com/mspc/independentbanker/september2019
https://www.nxtbook.com/mspc/independentbanker/august2019
https://www.nxtbook.com/mspc/independentbanker/july2019
https://www.nxtbook.com/mspc/independentbanker/june2019
https://www.nxtbook.com/mspc/independentbanker/may2019
https://www.nxtbook.com/mspc/independentbanker/april2019
https://www.nxtbook.com/mspc/independentbanker/march2019
https://www.nxtbook.com/mspc/independentbanker/february2019
https://www.nxtbook.com/mspc/independentbanker/january2019
https://www.nxtbook.com/mspc/independentbanker/december2018
https://www.nxtbook.com/mspc/independentbanker/november2018
https://www.nxtbook.com/mspc/independentbanker/october2018
https://www.nxtbook.com/mspc/independentbanker/september2018
https://www.nxtbook.com/mspc/independentbanker/august2018
https://www.nxtbook.com/mspc/independentbanker/july2018
https://www.nxtbook.com/mspc/independentbanker/june2018
https://www.nxtbook.com/mspc/independentbanker/may2018
https://www.nxtbook.com/mspc/independentbanker/april2018
https://www.nxtbook.com/mspc/independentbanker/march2018
https://www.nxtbook.com/mspc/independentbanker/february2018
https://www.nxtbook.com/mspc/independentbanker/january2018
https://www.nxtbook.com/mspc/independentbanker/december2017
https://www.nxtbook.com/mspc/independentbanker/november2017
https://www.nxtbook.com/mspc/independentbanker/october2017
https://www.nxtbook.com/mspc/independentbanker/september2017
https://www.nxtbook.com/mspc/independentbanker/august2017
https://www.nxtbook.com/mspc/independentbanker/july2017
https://www.nxtbook.com/mspc/independentbanker/june2017
https://www.nxtbook.com/mspc/independentbanker/may2017
https://www.nxtbook.com/mspc/independentbanker/april2017
https://www.nxtbookmedia.com