This content is provided by our sponsor, and neither is written by nor provides endorsement from ICBA.
Security isn’t sexy, but it’s vitally important
By Matt Cunard, Web Marketing Specialist, VGM Forbin
The bread and butter of independent community banks is their high level of customer service. No other type of business in the financial industry is as invested in customer success as independent community banks. Your focus is on your customers.
However, a web data breach is a quick way to lose the trust you have invested so much time and energy into creating. And if you think these intrusions are limited to larger companies like Target, Home Depot and JP Morgan, that line of thinking is outdated and naïve.
Having the highest level of security safeguards in place is just as important as your products and services, marketing campaigns and community outreach efforts, if not more so. Sure, security is not sexy, but it is vitally important.
There are a few easy questions to ask to identify if your security has holes that can be exploited:
- Are you using an open source content management system or open source software?
- Are your security systems updated regularly?
- Do you stay on top of necessary patches for your network firewall and personal security systems?
- How much do your employees know about security issues like phishing and email fraud?
Let’s take a look at each of these areas of your security and why they are critically important.
Open Source Systems and Software
The term “open source” refers to the code of the content management system (CMS) or other software you are using. When a CMS is open source, this means the original source code is made freely available and may be redistributed and modified by anyone.
Open source systems, such as Joomla, Drupal and WordPress are popular for many reasons. The main draw of an open source CMS is the adaptability of the source code of the system. This means programmers or developers on your staff can make adjustments to the system to fit your needs. They are also generally lower in cost (or free) to put in place and can easily integrate with other systems or software. However, adaptability is also the downfall of open source solutions.
Since the source code is available to anyone, weaknesses are well known. Working in the banking industry, you know there are less than savory characters out there looking to exploit any weakness they can find. This means planting viruses, trojans and other malicious software that not only infiltrates your bank’s data, but your customer information as well.
While open source CMS solutions may be a less expensive investment, you get what you pay for when it comes to security.
Network and Code Vulnerabilites
These can range from issues that affect nearly everyone – such as the Heartbleed Bug – to unpatched networks and firewalls or anti-virus systems that have not been updated.
The need for enterprise-wide security in combination with security on a personal level (computers at personal workstations) is equally great. You cannot have one without the other. By keeping your network firewall and security systems patched and updated and doing the same for personal security, you are creating a safer work environment.
Phishing and Email Security
Have you ever received an email from a random email address with a link in it? Do you receive emails from organizations you do business with asking you to provide personal information or account numbers to “confirm your membership?”
Phishing and email fraud are two ways attackers look to infiltrate your network by targeting employees. Fortunately, the chances of their success can be dramatically reduced in a couple of ways:
- Regular employee security training- by teaching employees the basics of security, you can ensure they are able to spot fraudulent emails, phishing attempts on their phones or through social media. Security protocols for working wirelessly and saving or transferring company data should be addressed as well.
- Placing strict spam filters on your institution’s email accounts- a strict spam filter halts suspicious emails instead of allowing them to go straight to your email inbox. This allows you to see who an email is coming from and the subject line.
The Ideal Security Solution
As we live in an age of technological advances, hackers and cyber criminals are always changing and improving their attack styles. A truly secure website needs to be able to recognize known and unknown attacks of all kinds, even threats that lack recognizable attack signatures. There should also be a human element to any security system for audits and continued testing for vulnerabilities in the network.
I am partial to our own proprietary security product, the VGuard™ Intrusion Penetration System (IPS). It uses a database of thousands of attack signatures to block known threats, as well as an anomaly-based detection system that is able to seek out threats without known attack signatures. Annual audits from certified IT staff, along with continued penetration testing and vulnerability scans are also part of VGuard.
Most important, our policies and controls are audited by a third-party, industry-leader CDW. This ensures the technology and personnel behind VGuard are operating effectively.
Top-Level Security is NOT Optional
The threats to your financial institution’s security are not going to stop. Cyber criminals will continue to try and exploit open source CMS solutions, find vulnerabilities in your website and target you and other employees to gain the access they need.
Security is ongoing and ever evolving, and your safeguards must be as well.