Independent Banker - July 2017 - 66

Nuts & Bolts
that most community banks are doing
" a better job today than several years
ago " in vetting and reviewing their
third-party vendors, there is still
" opportunity for improvement. "
" In some instances, the banks may
have a great [vendor review] program
and process in place to gather documents
from their vendors, but they do
not go beyond the basic SSAE16, " he
says. " They do not address everything
that might be of concern. "
But with so much ground to cover,
Bjorklund and other industry insiders
recommend community banks
focus their limited resources on
vendors providing " critical services
to run their bank, " particularly those
" Whether they can
get at a bank through
identity theft or a thirdparty
relationship, they
are consistently refining
their attacks. "
-THOMAS L. FRALE JR.,
RLR MANAGEMENT CONSULTING INC.
involved in processing and those
with access to sensitive network
information.
" It comes down to banks truly
understanding what is being provided
[by the vendor] and what the bank's
risks are, and having a solid vendor
management program, " Bjorkland
says. He adds that aside from initially
vetting vendors, banks should conduct
annual reviews, looking at key
vendors' risk methodology, security
practices and financial information.
" Community banks need to do a
thorough level of due diligence, " says
Agcaoili, adding that banks should
implement the NIST framework for
understanding risk and look to groups
like the FC-ISAC and the Financial
Services Roundtable. " There is support
in the community. "
Karen Epper Hoffman is a writer in
Washington state.
66 ICBA IndependentBanker July 2017
Three third parties to keep an eye on
For community banks, there are many potential inroads that hackers can
use get to banks' internal operations. These may include:
1
Financial technology firms
Speaking on the potential cybersecurity risk of third-party access, former
OCC comptroller Thomas Curry pointed out, " While fintech companies
are still a small portion of the industry, their rapid growth requires banks
and regulators to ask big-picture questions about the future of banking,
how consumer needs are being met, and whether we have the necessary
regulatory tools and structure to ensure that the changes occur in a
safe and sound manner, promote financial inclusion and avoid consumer
abuse. " In lieu of long-term track records, community banks often must rely
on these vendors' cyber savvy as a main defense of their online security.
Billing software and portals
Every community bank has to remit invoices and therefore is using
software or online technology such as SAP Ariba, which many banks and
other enterprises use for billing and procurement. " Banks need to understand
the structure and segmentation of their network, " says Julie Conroy,
research director for Aite Group.
2
3
Payments providers
Payment systems are " well-protected, but as with anything or anyone,
they are vulnerable, " says PeoplesBank's Joseph Zazzaro. " Zero-day
malware, ransomware and many other hacking-type events are targeting
the end users, and as they say, people are our weakest link and can be
easily fooled. "
Banks should require that risk and vendor assessments be completed,
with scheduled reviews to see if there have been any changes at the
vendor and with its service level. This is especially important for payment
providers, which offer direct access to a bank's most valuable data.
" We have report cards on vendors to see if service issues have occurred
and whether a new vendor should be sought out, " Zazzaro says. " This is not
a new environment for us; [there are] just many more public channels to
utilize services from now, which opens up more vulnerabilities and threats. "
-Karen Epper Hoffman

Independent Banker - July 2017

Table of Contents for the Digital Edition of Independent Banker - July 2017

Table of Contents
Independent Banker - July 2017 - Intro
Independent Banker - July 2017 - Cover1
Independent Banker - July 2017 - Cover2
Independent Banker - July 2017 - Table of Contents
Independent Banker - July 2017 - 2
Independent Banker - July 2017 - 3
Independent Banker - July 2017 - 4
Independent Banker - July 2017 - 5
Independent Banker - July 2017 - 6
Independent Banker - July 2017 - 7
Independent Banker - July 2017 - 8
Independent Banker - July 2017 - 9
Independent Banker - July 2017 - 10
Independent Banker - July 2017 - 11
Independent Banker - July 2017 - 12
Independent Banker - July 2017 - 13
Independent Banker - July 2017 - 14
Independent Banker - July 2017 - 15
Independent Banker - July 2017 - 16
Independent Banker - July 2017 - 17
Independent Banker - July 2017 - 18
Independent Banker - July 2017 - 19
Independent Banker - July 2017 - 20
Independent Banker - July 2017 - 21
Independent Banker - July 2017 - 22
Independent Banker - July 2017 - 23
Independent Banker - July 2017 - 24
Independent Banker - July 2017 - 25
Independent Banker - July 2017 - 26
Independent Banker - July 2017 - 27
Independent Banker - July 2017 - 28
Independent Banker - July 2017 - 29
Independent Banker - July 2017 - 30
Independent Banker - July 2017 - 31
Independent Banker - July 2017 - 32
Independent Banker - July 2017 - 33
Independent Banker - July 2017 - 34
Independent Banker - July 2017 - 35
Independent Banker - July 2017 - 36
Independent Banker - July 2017 - 37
Independent Banker - July 2017 - 38
Independent Banker - July 2017 - 39
Independent Banker - July 2017 - 40
Independent Banker - July 2017 - 41
Independent Banker - July 2017 - 42
Independent Banker - July 2017 - 43
Independent Banker - July 2017 - 44
Independent Banker - July 2017 - 45
Independent Banker - July 2017 - 46
Independent Banker - July 2017 - 47
Independent Banker - July 2017 - 48
Independent Banker - July 2017 - 49
Independent Banker - July 2017 - 50
Independent Banker - July 2017 - 51
Independent Banker - July 2017 - 52
Independent Banker - July 2017 - 53
Independent Banker - July 2017 - 54
Independent Banker - July 2017 - 55
Independent Banker - July 2017 - 56
Independent Banker - July 2017 - 57
Independent Banker - July 2017 - 58
Independent Banker - July 2017 - 59
Independent Banker - July 2017 - 60
Independent Banker - July 2017 - 61
Independent Banker - July 2017 - 62
Independent Banker - July 2017 - 63
Independent Banker - July 2017 - 64
Independent Banker - July 2017 - 65
Independent Banker - July 2017 - 66
Independent Banker - July 2017 - 67
Independent Banker - July 2017 - 68
Independent Banker - July 2017 - 69
Independent Banker - July 2017 - 70
Independent Banker - July 2017 - 71
Independent Banker - July 2017 - 72
Independent Banker - July 2017 - Cover3
Independent Banker - July 2017 - Cover4
https://www.nxtbook.com/mspc/independentbanker/october2024
https://www.nxtbook.com/mspc/independentbanker/september2024
https://www.nxtbook.com/mspc/independentbanker/august2024
https://www.nxtbook.com/mspc/independentbanker/july2024
https://www.nxtbook.com/mspc/independentbanker/june2024
https://www.nxtbook.com/mspc/independentbanker/may2024
https://www.nxtbook.com/mspc/independentbanker/april2024
https://www.nxtbook.com/mspc/independentbanker/march2024
https://www.nxtbook.com/mspc/independentbanker/february2024
https://www.nxtbook.com/mspc/independentbanker/january2024
https://www.nxtbook.com/mspc/independentbanker/december2023
https://www.nxtbook.com/mspc/independentbanker/november2023
https://www.nxtbook.com/mspc/independentbanker/october2023
https://www.nxtbook.com/mspc/independentbanker/september2023
https://www.nxtbook.com/mspc/independentbanker/august2023
https://www.nxtbook.com/mspc/independentbanker/july2023
https://www.nxtbook.com/mspc/independentbanker/june2023
https://www.nxtbook.com/mspc/independentbanker/may2023
https://www.nxtbook.com/mspc/independentbanker/april2023
https://www.nxtbook.com/mspc/independentbanker/march2023
https://www.nxtbook.com/mspc/independentbanker/february2023
https://www.nxtbook.com/mspc/independentbanker/january2023
https://www.nxtbook.com/mspc/independentbanker/december2022
https://www.nxtbook.com/mspc/independentbanker/november2022
https://www.nxtbook.com/mspc/independentbanker/october2022
https://www.nxtbook.com/mspc/independentbanker/september2022
https://www.nxtbook.com/mspc/independentbanker/august2022
https://www.nxtbook.com/mspc/independentbanker/july2022
https://www.nxtbook.com/mspc/independentbanker/june2022
https://www.nxtbook.com/mspc/independentbanker/may2022
https://www.nxtbook.com/mspc/independentbanker/april2022
https://www.nxtbook.com/mspc/independentbanker/march2022
https://www.nxtbook.com/mspc/independentbanker/february2022
https://www.nxtbook.com/mspc/independentbanker/january2022
https://www.nxtbook.com/mspc/independentbanker/december2021
https://www.nxtbook.com/mspc/independentbanker/november2021
https://www.nxtbook.com/mspc/independentbanker/october2021
https://www.nxtbook.com/mspc/independentbanker/september2021
https://www.nxtbook.com/mspc/independentbanker/august2021
https://www.nxtbook.com/mspc/independentbanker/july2021
https://www.nxtbook.com/mspc/independentbanker/june2021
https://www.nxtbook.com/mspc/independentbanker/may2021
https://www.nxtbook.com/mspc/independentbanker/april2021
https://www.nxtbook.com/mspc/independentbanker/march2021
https://www.nxtbook.com/mspc/independentbanker/february2021
https://www.nxtbook.com/mspc/independentbanker/january2021
https://www.nxtbook.com/mspc/independentbanker/december2020
https://www.nxtbook.com/mspc/independentbanker/november2020
https://www.nxtbook.com/mspc/independentbanker/october2020
https://www.nxtbook.com/mspc/independentbanker/september2020
https://www.nxtbook.com/mspc/independentbanker/august2020
https://www.nxtbook.com/mspc/independentbanker/july2020
https://www.nxtbook.com/mspc/independentbanker/june2020
https://www.nxtbook.com/mspc/independentbanker/may2020
https://www.nxtbook.com/mspc/independentbanker/april2020
https://www.nxtbook.com/mspc/independentbanker/march2020
https://www.nxtbook.com/mspc/independentbanker/february2020
https://www.nxtbook.com/mspc/independentbanker/january2020
https://www.nxtbook.com/mspc/independentbanker/december2019
https://www.nxtbook.com/mspc/independentbanker/november2019
https://www.nxtbook.com/mspc/independentbanker/october2019
https://www.nxtbook.com/mspc/independentbanker/september2019
https://www.nxtbook.com/mspc/independentbanker/august2019
https://www.nxtbook.com/mspc/independentbanker/july2019
https://www.nxtbook.com/mspc/independentbanker/june2019
https://www.nxtbook.com/mspc/independentbanker/may2019
https://www.nxtbook.com/mspc/independentbanker/april2019
https://www.nxtbook.com/mspc/independentbanker/march2019
https://www.nxtbook.com/mspc/independentbanker/february2019
https://www.nxtbook.com/mspc/independentbanker/january2019
https://www.nxtbook.com/mspc/independentbanker/december2018
https://www.nxtbook.com/mspc/independentbanker/november2018
https://www.nxtbook.com/mspc/independentbanker/october2018
https://www.nxtbook.com/mspc/independentbanker/september2018
https://www.nxtbook.com/mspc/independentbanker/august2018
https://www.nxtbook.com/mspc/independentbanker/july2018
https://www.nxtbook.com/mspc/independentbanker/june2018
https://www.nxtbook.com/mspc/independentbanker/may2018
https://www.nxtbook.com/mspc/independentbanker/april2018
https://www.nxtbook.com/mspc/independentbanker/march2018
https://www.nxtbook.com/mspc/independentbanker/february2018
https://www.nxtbook.com/mspc/independentbanker/january2018
https://www.nxtbook.com/mspc/independentbanker/december2017
https://www.nxtbook.com/mspc/independentbanker/november2017
https://www.nxtbook.com/mspc/independentbanker/october2017
https://www.nxtbook.com/mspc/independentbanker/september2017
https://www.nxtbook.com/mspc/independentbanker/august2017
https://www.nxtbook.com/mspc/independentbanker/july2017
https://www.nxtbook.com/mspc/independentbanker/june2017
https://www.nxtbook.com/mspc/independentbanker/may2017
https://www.nxtbook.com/mspc/independentbanker/april2017
https://www.nxtbookmedia.com