Cyber attacks are on the rise, and we we know that small banks are increasingly targeted. But cybersecurity is complicated, so banks are often asking the questions, "Where do I start?", "What should I do?", and "How will that fit in my budget?"
At TraceSecurity, we often hear these very same questions. We believe the best place to start is by ensuring that you don't make yourself an easy target. Attackers target small banks because they know they are often more vulnerable. They usually don't have the resources that larger banks have to prevent these attacks. So, what can a small bank do to ensure it is not "low hanging fruit" for an attacker?
There is a lot of publicly available information about your bank – configuration details about your domain and your email, information about users within your organization, and servers that are exposed to the outside world. For someone trying to get access to your data, this information can provide them with a playbook to attacking your bank. Just as important, properly configuring and securing these externally-facing components shows that you are security-conscious and will cause attackers to try elsewhere.
TraceSecurity offers an External Security Assessment that collects and reports public information easily obtained by attackers and ensures your external systems follow configuration best practices. We provide easy-to-implement recommendations that your managed service provider or IT staff can handle with your existing investments – nothing additional to buy, just modify settings and you’re done. To get started you don’t need to install any software or equipment – we can check everything remotely and provide you with a report of the findings. And, we do this monthly to ensure you remain off the radar moving forward.
Cybersecurity begins by analyzing the bank’s risk and ensuring the resources available are prioritized to reduce the most risk. While Risk Assessments can be costly, a scaled down version (Cybersecurity Assessment) can give you a quick assessment of your bank’s cybersecurity posture.
TraceSecurity offers a FREE Cybersecurity Assessment Tool (CSAT) that guides the bank through the process and provides a report on the findings. TraceSecurity also offers consultation services to help your bank perform the CSAT and provides a detailed report with a cybersecurity action plan for the bank. The CSAT tool aligns directly with the FFIEC’s Cybersecurity Assessment Tool (CAT), meaning completion of the CSAT results in compliance with the NCUA’s ACET requirement.
Phishing attacks are responsible for a majority of cyber breaches worldwide and take many forms. Whether they are attempting to deliver malware or ransomware, trying to get your employees to pay invoices, wire transfer money, or send customer or employee confidential information, attackers use email to trick employees into not following bank policy. Many banks employ security awareness education and phishing simulation in an attempt address this risk. However, employees still fall for these attacks, because they are sophisticated enough to look real and are frequent, causing busy employees in a hurry or rushed to forget their training. Ultimately, most employees are “aware” of the phishing threat and know what to look for in emails. But, doing this for 100% of email is not reasonable.
So, how can you get your users to pause and consider the most suspicious emails? TraceSecurity offers PhinPoint, an anti-phishing email filtering software that identifies phishing attacks, highlights these attacks for the end-user, raises end-user awareness, and prevents users from engaging with phishing emails. It acts as another layer along with your spam filter to ensure that employees don’t fall for phishing attacks.