Executive Letter: Protecting Your Bank from a Cyberattack
By Rose Oswald Poels
Cyberattacks are becoming an increasingly alarming trend and it is vital that bankers in Wisconsin remain vigilant in safeguarding their institutions and the personal financial information of their customers. In 2022, global cyberattacks increased by 38% when compared to the year prior, notes a study conducted by Check Point Research. These attacks, which target both individuals and businesses worldwide, include phishing, ransomware, breaches, and vulnerability exploitation. Each year, cybercrime costs the U.S. economy billions of dollars.
Despite this, there are many ways in which banks are able to mitigate these risks if an attack occurs.
Continually monitoring, updating, and testing your systems are all key to ensuring that your people and environments are not vulnerable. In an ever-changing digital and banking world, it may be difficult to know what areas need to be addressed, but it does not have to be. As always, WBA and its subsidiaries — FIPCO and Midwest Bankers Insurance Services (MBIS) — offer many different resources for banks to help educate your employees, protect your systems, and partner with you during a cyber event.
To proactively identify vulnerabilities of critical aspects of business operation, FIPCO offers an IT Audit & Security service. This service, which includes various tests, audits, and resources, keeps your institution one step ahead to mitigate high-risk areas before it is too late.
Right behind robust firewalls, up-to-date antivirus software, and other initiatives to mitigate cyberthreats, are your employees. Ensuring all team members feel empowered to assist in cyber risk reduction efforts should be a significant aspect of an institution’s risk mitigation strategy. Annually, WBA offers a number of security and IT-focused educational opportunities, a best practices library featuring an extensive list of security and financial crimes resources, as well as a technology and operations peer group to help in facilitating discussion and idea sharing.
Ensuring that all team members are set up with strong, unique passwords may also be the difference between a secure organization and a vulnerable one. These passwords, according to the National Institute of Standards and Technology (NIST), should be more than 12 characters long and include mixed casing and numbers. Multifactor Authentication (MFA) is also strongly recommended for bank leaders and administrators, if not every member of the team.
Having comprehensive insurance coverage is also crucial in the event of an attack. MBIS offers an extensive list of insurance coverages, including cyber liability. This policy is designed to protect directors, officers, employees, and entities from losses arising out of electronic theft of customer information, including cyber extortion, forensic expense, security breach notification, e-commerce activity, and electronic publishing. The insurance carriers for cyber liability policies also provide extensive resources that MBIS recommends be immediately engaged in the event of any cyberattack, including phishing incidents and ransomware attacks. Additionally, FIPCO’s Loan Processing Central service provides a resource you can retain ahead of time to immediately step in if a bank experiences a disaster, including a cyberattack, or an unplanned employee absence, to help continue the processing of your loan documentation.
Whether your bank is recovering from a cyber incident or mitigating the chances of one, our team is here to ensure your bank is well-prepared and equipped to navigate the complex and stressful landscape of cybersecurity challenges. If you are interested in learning more about the protections WBA can help you implement at your bank, please contact Rob Foxx (FIPCO) at rfoxx@fipco.com or Jeff Otteson (MBIS) at jeffo@mbisllc.com.