Venminder Blog

How Your Bank or Credit Union Can Comply with Cybersecurity

Written by Venminder Experts | Jan 29, 2019 6:00:00 AM

The scope of vendor management is expanding. Your vendor's cybersecurity preparedness will be a focus for examiners in 2016. Now is the time to prepare.

Do you know where to start? Have you reviewed your vendor's cybersecurity preparedness? 

We've heard a lot of banks and credit unions are still confused. We thought we would help break it down a little bit for you.  

The Issues at Play

Satisfying Regulators

How will you comply with the new focus on cybersecurity?

  • Ask your vendors?
  • Check in once a year?
  • Assume/Trust they have it covered?
  • Hope they have enough insurance?

Protecting Your Future

When (not if) it happens, how much will it cost your institution?

  • In dollars?
  • In reputation?
  • In lawsuits?
  • In lost customers?

How to Prepare

Understand the Inherent Risk

Financial institutions need a solid methodology to identify inherent risk from cyber threats. Start by defining the following:

  • Connection Types
  • Products and Services Offered
  • Technologies Implemented

Prepare Your Controls

Once a solid understanding of inherent risks has been identified and documented, financial institutions need to focus on risk mitigating controls. The FFIEC highlights the following areas:

  • Risk Management and Oversight - involves governance, allocation of resources and training and wareness of employees.
  • Threat Intelligence and Collaboration - is the acquisition and analysis of information to identify, track and predict cyber capabilities, intentions and activities that offer courses of action to enhance decision making.
  • Cybersecurity Controls - controls can be preventive, detective or corrective.
  • External Dependency Management - includes the connectivity to third-party service providers, business partners, customers or others and the financial institutions' expectations and practices to oversee these relationships.
  • Cyber Incident Management and Resilience - involves incident detection, response, mitigation, escalation, reporting and resilience.

Different Ways Your Financial Institution Can Comply

Outsource

There are new tools on the market that offer affordable, continuous and highly informative monitoring of your vendor's security posture. Learn about Venminder's service here

In-House

You may have someone on staff that understands how to assess and monitor your vendors for cybersecurity preparedness. Suggested qualifications for this function would be staff with a CISSP certification or an equivalent number of years in IT/Information Security experience. Ensure the staff member has the time and tools available to monitor on a continuous basis since cybersecurity is a continuous threat. Remember that snapshot or point in time reviews create gaps and increase your risk. 

 

/credit-union-bank-vendor-cybersecurity-infographic
View full post