Don’t be Spooked by Cybersecurity

Don’t be Spooked by Cybersecurity: How to Take a Proactive Approach

Data breaches, cybercrimes, compliance – oh my! It’s a lot think about and manage, but there’s no need to get spooked by these looming priorities. October is Cybersecurity Awareness Month, and regardless of the prioritized objectives within your institution, a successful and secure future is all about key partnerships, collaboration, and education. Harness your resources to create a united front!

Cyber Reporting

As the financial sector continues to advance technologically, the masked actors are keeping pace. Metaphorically speaking, like a who wore it best costume contest, financial institutions are being tasked with new requirements and contending with ever-evolving technology.

For example, specific to cyber reporting, these requirements (PDF download) by the OCC, Federal Reserve, and FDIC include timing in which a “notification incident” arises in relation to communicating to “each affected banking organization customer.” 

FDIC Highlights:

• Comply by notifying their case manager of an incident. 
• Comply by notifying any member of an FDIC examination team if the event occurs during an examination.
• If a bank is unable to access its supervisory team contacts, the bank may notify the FDIC by email at incident@fdic.gov.

Further, the NCUA Board approved a proposed rule that would require a federally insured credit union (FICU) to notify the NCUA as soon as possible, but no later than 72 hours after they reasonably believe that a reportable cyber incident has occurred.

Access NCUA’s useful and actionable Cybersecurity Resources HERE.

In addition to changes in reporting requirements such as the ones outlined above, financial institutions also have new cyber liability insurance renewal requirements as well. 

Insurance Requirements

As noted in our recent Risk Alert: An uptick in data breach liability litigation, large payouts for ransomware attacks, and other cybercrimes have impacted the cyber insurance industry. As a result, there are stricter cyber insurance underwriting requirements and increased enforcement of data privacy laws. The tenacious upsurge in attacks has caused cybersecurity to remain a top priority for the NCUA as evidenced by its prominent appearance in their Supervisory Priorities.

Cyber liability protection policies also help cover the costs associated with a potential data breach, while helping your financial institution bounce back from an attack. There’s no time to wait, this is the eleventh hour. Cybercrimes put your institution and the financial wellbeing of your customers at risk. Financial institutions need to implement insurance requirements and effective controls. These include:

• Encrypted air-gapped/cloud-based backups 
• Multi-factor authentication (MFA) on: 
  • Air-gapped/cloud-based backups 
  • Remote network access 
  • Remote email access 
  • Admin/privileged user accounts 
• Endpoint detection and response (EDR) solution in place 
• Email filtering 
• Encryption on data at rest 
• Phishing/social engineering training for employees 
• Updating devices to latest version to mitigate log4j vulnerabilities

Learn more from our Bond Case Study

No product or service acquired is complete without proper expert training and education.

ID theft protection and data breach protection are often services that are excellent companions to cyber liability insurance. The Cybersecurity & Infrastructure Security Agency has themed this year’s Cybersecurity Awareness Month Campaign as “See Yourself in Cyber.” The campaign represents a focus on people of cybersecurity and offers educational resources. Threats are tricky to predict and it’s no treat to go it alone. But with the right resources and understanding, you can take a proactive approach to protecting your financial institution and the security and privacy of those you connect with every single day.

Stay up to date with our Fraud & Security e-newsletter and Risk Alerts.