Independent Banker - January 2019 - 49
distributed denial of service (DDoS) attacks against
websites in the fi nancial world.
Other risks include business emails being compromised,
wire transfers going astray and banks being sued by
customers. " If you get sued by your own customer because
a wire transfer went out the door, " Payton explains, " even
if the bank wins because the bank's not wrong, it's still
a losing proposition when your own customer sues you.
That's a huge potential risk. "
But there is another hidden risk Payton says isn't
being talked about nearly enough. " What cybercriminal
syndicates have fi gured out is this: If I break in and don't
take anything, and I don't lock any fi les up; if I break in
and I only do one thing, which is to deposit cryptocurrency
mining software and steal your CPUs from you, and you
don't even know it, then I can fatten up my digital wallet
and nobody else is the wiser.
" So, we're starting to see, where these silent break-ins
have occurred, they've fi gured out how to hide in plain
sight within your processing. It's like your neighbor
stealing your electricity by plugging into the outlet behind
your house with a long extension cord. "
Practical security steps
What can community banks do to combat these threats?
First, Payton suggests a walkabout. " Go to each of your
functions that takes care of your customers, " she explains.
" Don't try and fi x, and don't try to criticize, but ask them:
Are there any system processes or manual processes that
you have to create a workaround for in order to take care
of the customer? You could very well learn at that moment
that people are writing customer data on Post-it notes or
taking pictures of screens with their phones. Don't chastise
them for doing it. Just listen. And then look for design
opportunities to remove those obstacles. "
Second, plan for the worst and pray for the best.
Payton suggests quarterly top-down digital disaster
exercises, changing the scenario each time. " I would highly
recommend the fi rst thing being a ransomware attack, " she
says, " and make it for real. Time yourself. Ask somebody
how long [before they can] start restoring backup. And see
how long it actually takes to validate the data. I have people
say to me 'eight hours,' and they come back and it's 18, 24,
72, 96 hours. That's really important. "
Another exercise could be a DDoS attack against your
website, like the Mirai botnet of 2016, when almost the
entire East Coast screeched to a halt. " So, the question is:
With your website down and social media not available,
how do you let your customers know you're still open for
business? What do you want to do? [An email] blast? An
old-school phone tree? Do you want to text message all of
the cell phones you have on fi le? What's the backup plan? "
Third, Payton recommends doing some social
engineering campaigns against third-party vendors and
your own employees to look for potential weaknesses.
" Who clicks on which links and why? Who opens up
attachments and why? " she says. " Ask yourself: Is there a
way to prevent that from happening by using additional
tools and techniques? Or is there a way to almost create a
sandbox for link opening and attachment opening so that
we don't have damages when people make bad choices? "
Payton admits these are diffi cult concepts and advises
community banks to learn about the issues. If that fails, seek
outside help to fi nd out what your peers are doing about it,
for example, ransomware and cyber liability insurance. " You
can see why I say sleep and rest are completely overrated! "
she laughs. " There's so much to do. "
Roshan McArthur is a writer in California.
HOW TO STAY
UP TO DATE
To keep up with emerging threats, Theresa Payton
recommends the following steps for banks.
Q Appoint a board member who is responsible for a
sub-working group on security and governance.
Then decide whether your bank has the capacity
to recruit in-house staff . If you add two staff
members, for example, will they have the capacity
you need?
Q Look at bringing in an outside team as an
alternative. Look for a trusted partner that
understands the needs of community banks-
mission, tight margins, operations, vendors,
internally developed programs, customer care and
recovery-time objectives.
Q Keep up with information from security
conferences. These three sites all upload short
videos explaining key issues and fixes:
rsa.com
blackhat.com
defcon.org
independentbanker.org Q 49
http://www.rsa.com
http://www.blackhat.com
http://www.defcon.org
http://www.independentbanker.org
Independent Banker - January 2019
Table of Contents for the Digital Edition of Independent Banker - January 2019
Table of Contents
Independent Banker - January 2019 - Cover1
Independent Banker - January 2019 - Cover2
Independent Banker - January 2019 - Table of Contents
Independent Banker - January 2019 - 2
Independent Banker - January 2019 - 3
Independent Banker - January 2019 - 4
Independent Banker - January 2019 - 5
Independent Banker - January 2019 - 6
Independent Banker - January 2019 - 7
Independent Banker - January 2019 - 8
Independent Banker - January 2019 - 9
Independent Banker - January 2019 - 10
Independent Banker - January 2019 - 11
Independent Banker - January 2019 - 12
Independent Banker - January 2019 - 13
Independent Banker - January 2019 - 14
Independent Banker - January 2019 - 15
Independent Banker - January 2019 - 16
Independent Banker - January 2019 - 17
Independent Banker - January 2019 - 18
Independent Banker - January 2019 - 19
Independent Banker - January 2019 - 20
Independent Banker - January 2019 - 21
Independent Banker - January 2019 - 22
Independent Banker - January 2019 - 23
Independent Banker - January 2019 - 24
Independent Banker - January 2019 - 25
Independent Banker - January 2019 - 26
Independent Banker - January 2019 - 27
Independent Banker - January 2019 - 28
Independent Banker - January 2019 - 29
Independent Banker - January 2019 - 30
Independent Banker - January 2019 - 31
Independent Banker - January 2019 - 32
Independent Banker - January 2019 - 33
Independent Banker - January 2019 - 34
Independent Banker - January 2019 - 35
Independent Banker - January 2019 - 36
Independent Banker - January 2019 - 37
Independent Banker - January 2019 - 38
Independent Banker - January 2019 - 39
Independent Banker - January 2019 - 40
Independent Banker - January 2019 - 41
Independent Banker - January 2019 - 42
Independent Banker - January 2019 - 43
Independent Banker - January 2019 - 44
Independent Banker - January 2019 - 45
Independent Banker - January 2019 - 46
Independent Banker - January 2019 - 47
Independent Banker - January 2019 - 48
Independent Banker - January 2019 - 49
Independent Banker - January 2019 - 50
Independent Banker - January 2019 - 51
Independent Banker - January 2019 - 52
Independent Banker - January 2019 - 53
Independent Banker - January 2019 - 54
Independent Banker - January 2019 - 55
Independent Banker - January 2019 - 56
Independent Banker - January 2019 - 57
Independent Banker - January 2019 - 58
Independent Banker - January 2019 - 59
Independent Banker - January 2019 - 60
Independent Banker - January 2019 - 61
Independent Banker - January 2019 - 62
Independent Banker - January 2019 - 63
Independent Banker - January 2019 - 64
Independent Banker - January 2019 - 65
Independent Banker - January 2019 - 66
Independent Banker - January 2019 - 67
Independent Banker - January 2019 - 68
Independent Banker - January 2019 - 69
Independent Banker - January 2019 - 70
Independent Banker - January 2019 - 71
Independent Banker - January 2019 - 72
Independent Banker - January 2019 - 73
Independent Banker - January 2019 - 74
Independent Banker - January 2019 - 75
Independent Banker - January 2019 - 76
Independent Banker - January 2019 - Cover3
Independent Banker - January 2019 - Cover4
https://www.nxtbook.com/mspc/independentbanker/october2024
https://www.nxtbook.com/mspc/independentbanker/september2024
https://www.nxtbook.com/mspc/independentbanker/august2024
https://www.nxtbook.com/mspc/independentbanker/july2024
https://www.nxtbook.com/mspc/independentbanker/june2024
https://www.nxtbook.com/mspc/independentbanker/may2024
https://www.nxtbook.com/mspc/independentbanker/april2024
https://www.nxtbook.com/mspc/independentbanker/march2024
https://www.nxtbook.com/mspc/independentbanker/february2024
https://www.nxtbook.com/mspc/independentbanker/january2024
https://www.nxtbook.com/mspc/independentbanker/december2023
https://www.nxtbook.com/mspc/independentbanker/november2023
https://www.nxtbook.com/mspc/independentbanker/october2023
https://www.nxtbook.com/mspc/independentbanker/september2023
https://www.nxtbook.com/mspc/independentbanker/august2023
https://www.nxtbook.com/mspc/independentbanker/july2023
https://www.nxtbook.com/mspc/independentbanker/june2023
https://www.nxtbook.com/mspc/independentbanker/may2023
https://www.nxtbook.com/mspc/independentbanker/april2023
https://www.nxtbook.com/mspc/independentbanker/march2023
https://www.nxtbook.com/mspc/independentbanker/february2023
https://www.nxtbook.com/mspc/independentbanker/january2023
https://www.nxtbook.com/mspc/independentbanker/december2022
https://www.nxtbook.com/mspc/independentbanker/november2022
https://www.nxtbook.com/mspc/independentbanker/october2022
https://www.nxtbook.com/mspc/independentbanker/september2022
https://www.nxtbook.com/mspc/independentbanker/august2022
https://www.nxtbook.com/mspc/independentbanker/july2022
https://www.nxtbook.com/mspc/independentbanker/june2022
https://www.nxtbook.com/mspc/independentbanker/may2022
https://www.nxtbook.com/mspc/independentbanker/april2022
https://www.nxtbook.com/mspc/independentbanker/march2022
https://www.nxtbook.com/mspc/independentbanker/february2022
https://www.nxtbook.com/mspc/independentbanker/january2022
https://www.nxtbook.com/mspc/independentbanker/december2021
https://www.nxtbook.com/mspc/independentbanker/november2021
https://www.nxtbook.com/mspc/independentbanker/october2021
https://www.nxtbook.com/mspc/independentbanker/september2021
https://www.nxtbook.com/mspc/independentbanker/august2021
https://www.nxtbook.com/mspc/independentbanker/july2021
https://www.nxtbook.com/mspc/independentbanker/june2021
https://www.nxtbook.com/mspc/independentbanker/may2021
https://www.nxtbook.com/mspc/independentbanker/april2021
https://www.nxtbook.com/mspc/independentbanker/march2021
https://www.nxtbook.com/mspc/independentbanker/february2021
https://www.nxtbook.com/mspc/independentbanker/january2021
https://www.nxtbook.com/mspc/independentbanker/december2020
https://www.nxtbook.com/mspc/independentbanker/november2020
https://www.nxtbook.com/mspc/independentbanker/october2020
https://www.nxtbook.com/mspc/independentbanker/september2020
https://www.nxtbook.com/mspc/independentbanker/august2020
https://www.nxtbook.com/mspc/independentbanker/july2020
https://www.nxtbook.com/mspc/independentbanker/june2020
https://www.nxtbook.com/mspc/independentbanker/may2020
https://www.nxtbook.com/mspc/independentbanker/april2020
https://www.nxtbook.com/mspc/independentbanker/march2020
https://www.nxtbook.com/mspc/independentbanker/february2020
https://www.nxtbook.com/mspc/independentbanker/january2020
https://www.nxtbook.com/mspc/independentbanker/december2019
https://www.nxtbook.com/mspc/independentbanker/november2019
https://www.nxtbook.com/mspc/independentbanker/october2019
https://www.nxtbook.com/mspc/independentbanker/september2019
https://www.nxtbook.com/mspc/independentbanker/august2019
https://www.nxtbook.com/mspc/independentbanker/july2019
https://www.nxtbook.com/mspc/independentbanker/june2019
https://www.nxtbook.com/mspc/independentbanker/may2019
https://www.nxtbook.com/mspc/independentbanker/april2019
https://www.nxtbook.com/mspc/independentbanker/march2019
https://www.nxtbook.com/mspc/independentbanker/february2019
https://www.nxtbook.com/mspc/independentbanker/january2019
https://www.nxtbook.com/mspc/independentbanker/december2018
https://www.nxtbook.com/mspc/independentbanker/november2018
https://www.nxtbook.com/mspc/independentbanker/october2018
https://www.nxtbook.com/mspc/independentbanker/september2018
https://www.nxtbook.com/mspc/independentbanker/august2018
https://www.nxtbook.com/mspc/independentbanker/july2018
https://www.nxtbook.com/mspc/independentbanker/june2018
https://www.nxtbook.com/mspc/independentbanker/may2018
https://www.nxtbook.com/mspc/independentbanker/april2018
https://www.nxtbook.com/mspc/independentbanker/march2018
https://www.nxtbook.com/mspc/independentbanker/february2018
https://www.nxtbook.com/mspc/independentbanker/january2018
https://www.nxtbook.com/mspc/independentbanker/december2017
https://www.nxtbook.com/mspc/independentbanker/november2017
https://www.nxtbook.com/mspc/independentbanker/october2017
https://www.nxtbook.com/mspc/independentbanker/september2017
https://www.nxtbook.com/mspc/independentbanker/august2017
https://www.nxtbook.com/mspc/independentbanker/july2017
https://www.nxtbook.com/mspc/independentbanker/june2017
https://www.nxtbook.com/mspc/independentbanker/may2017
https://www.nxtbook.com/mspc/independentbanker/april2017
https://www.nxtbookmedia.com