• Home
  • Education
  • News and Resources
  • Advocacy
  • Associate Members
  • Contact
  • Search
  • Menu Menu

Tag Archive for: FIPCO

Posts

News, Products

FIPCO Serves Compliance Concierge® Customers With Software Updates

By Annette Witkowski

Customers have always been, and will always be, top of mind for FIPCO staff members. That is why we continually revise the Compliance Concierge® software with updated documents, regulation changes, and user enhancement requests.

Some of the items we have released lately are:

  • HOEPA/HPM rates, so Compliance Concierge® notifies when users are outside of their range;
  • Reg Z threshold amount, so Truth-in-Lending documents appear when required;
  • Bank holidays that allow Compliance Concierge® to calculate rescission;
  • Over 40 secondary market documents that the GSEs have changed;
  • Updated Ascensus* IRA documents;
  • User-requested warning messages on certain screens;
  • Factual Data by CBC interface;
  • Revisions to WBA 382 P.O.D. Beneficiary Designation document;
  • User-requested commercial application document; and
  • Updated Automatic Payment Authorization to comply with NACHA rules.

We continue to distribute timely information through software release notes, notices, and the monthly FIPCO Focus e-publication. If you are not receiving these items and would like to, please visit fipco.com and edit your profile or, if you are not registered with our website, click “Sign Up” to request these items.

As always, FIPCO staff members are here for you. If there is anything we can help with, please contact our business development team at fipcosales@fipco.com or fipcosupport@fipco.com.

*Ascensus is a WBA Associate Member.

 

January 5, 2023/by Jaclyn Lindquist
https://www.wisbank.com/wp-content/uploads/2021/09/Untitled-3_Blue.jpg 972 1920 Jaclyn Lindquist https://www.wisbank.com/wp-content/uploads/2021/09/Wisconsin-Bankers-Association-logo.svg Jaclyn Lindquist2023-01-05 16:57:492023-01-06 08:53:57FIPCO Serves Compliance Concierge® Customers With Software Updates
News, Uncategorized

FIPCO Welcomes New Staff

Read more
February 4, 2022/by Jaclyn Lindquist
https://www.wisbank.com/wp-content/uploads/2021/09/Untitled-3_Blue.jpg 972 1920 Jaclyn Lindquist https://www.wisbank.com/wp-content/uploads/2021/09/Wisconsin-Bankers-Association-logo.svg Jaclyn Lindquist2022-02-04 13:50:332022-02-04 13:50:33FIPCO Welcomes New Staff
News

The Evolution of Information Technology

Thank You, Ken Shaurette, for 13 Years at FIPCO!

By Hannah Flanders

On December 31, 2021 Ken Shaurette retired from FIPCO’s Information Security and Audit Services after 13 years with the company. Shaurette launched his IT career in 1976 after completing his associates degree in data processing. Over the past two decades, he has also garnered a collection of training courses through venders and trade schools as well as certifications by the National Security Agency (NSA) in Information Assessment Methodology. In 2008, Shaurette was hired at FIPCO to build the Information Security and Audit Service from the ground up as its director.

Shaurette shared reflections on how the industry has changed over his decades of experience. When his career began, data was stored centrally in large computer data centers. Slowly, the industry began to give more processing power and ability to manipulate data to users and as the data became increasingly decentralized, security professionals had to establish improved policies and information security programs that addressed data no longer being stored in a big computer center, but out at the desktops anywhere in the company.

As data collection and storage abilities improved, not only did it become more difficult for all the information to be properly secured, it became increasingly important. Regulations have been created today in order to meet the expectation that customer data is equally protected no matter the size of the bank. “Information security [must continue to be] part of our individual and our companies DNA” says Shaurette. “Without security controls, your business can’t grow quickly.”

Shaurette’s perspective has allowed him to help banks throughout Wisconsin protect themselves against serious attacks that could in turn affect growth, reliability, and profits. Shaurette notes that “when it comes to information security 80% is the same regardless of [the] industry when securing the data, 15% is unique to the [banking] industry, and probably 5% is the social atmosphere of [each bank].”

“Over the course of the years, his expertise and service have been greatly appreciated and well-respected by our customers and members,” says Pam Kelly, president of FIPCO. “His passion and unfailing dedication to information security and our members has helped hundreds of bankers keep critical data secure, avoid attackers, and meet the needs of their own communities. Thank you, Ken, for 13 years!”

In his retirement, Shaurette looks forward to spending time with his grandchildren, volunteering, and — he jokes — not writing audit reports. However, he leaves FIPCO customers with one last message in appreciation over that last 13 years, “I may be boating off into the sunset, but the sunrise of a new generation is transitioning behind me, and you will be left in very good hands with Rob Foxx. I’ll be waiting for you to show up for an information security peer group meeting or networking round table on the pontoon boat someday soon. Those that know me, the refreshments are always ready.”

January 4, 2022/by Hannah Flanders
https://www.wisbank.com/wp-content/uploads/2021/10/digital_cyber_security_banner-1.jpg 864 1152 Hannah Flanders https://www.wisbank.com/wp-content/uploads/2021/09/Wisconsin-Bankers-Association-logo.svg Hannah Flanders2022-01-04 13:44:432022-01-04 14:45:13The Evolution of Information Technology
News, Products

Bringing Call Centers into the Future

FIPCO partners with interface.ai

In this current world, customer connection comes at a premium. The pandemic changed many things and shifted customer behavior. Now customers who may have previously stopped by a branch to ask a question are seeking service through phone more and more. How can financial institutions manage the ever-increasing number of calls while still providing high-quality service?

FIPCO is proud to announce a new partnership with interface.ai. interface.ai’s artificial intelligence (AI)-Powered Phone Banking solves many of the problems faced by traditional call center, elevating the entire call center experience. The AI-Powered Phone Banking automates more than 60% of the financial institution’s call center calls using the industry’s first neural voice-powered AI assistant.

“We are thrilled to be able to partner with interface.ai to offer this world-class product to our customers,” said Pam Kelly, president of FIPCO. “We understand the need for effective service for everyone who calls an institution, while making sure call center staff are not overwhelmed and customers aren’t stuck waiting for help in a queue.”

The AI-Powered Phone Banking reduces call wait times, while increasing productivity and engagement. FIPCO and interface.ai will be hosting informational webinars on November 9 and 16 to demonstrate to capabilities of this solution.

To learn more about this solution and the upcoming demos, contact FIPCO Sales at fipcosales@fipco.com or 1-800-722-3498, option 5.

Upcoming Informational Webinars:

Date: November 9, 2021
Time: 12:30 PM – 1:30 PM CT

Date: November 16, 2021
Time: 11:30 AM – 12:30 PM CT

November 9, 2021/by Cassandra Krause
https://www.wisbank.com/wp-content/uploads/2021/09/Untitled-3_Blue.jpg 972 1920 Cassandra Krause https://www.wisbank.com/wp-content/uploads/2021/09/Wisconsin-Bankers-Association-logo.svg Cassandra Krause2021-11-09 14:15:532021-11-09 14:39:53Bringing Call Centers into the Future
Cybersecurity graphic
News, Products, Resources

What Community Banks Need to Know About Ransomware Attacks

By Cassandra Krause 

With a recent uptick in activity, ransomware attacks are a form of cyberattack that has been prevalent in recent news — and for good reason. The effects can be detrimental in terms of monetary loss and reputational damage to the victim. Ransomware is a type of malicious software (a.k.a. malware) that usually encrypts a victim’s files, and the bad actors have upped their game to steal the data first, then threaten to also publish the data to the public. Criminals set their sights on businesses with the goal of extorting money, making community banks prime targets. 

Organized crime networks are becoming increasingly sophisticated. In general, the risk of getting caught for cybercrimes is much lower than for traditional crimes like robbery, and the financial gains are far higher. Ransomware developers write and sell the software to other bad actors for a cut of the profits when they deploy it and collect ransom payment, usually in the form of cryptocurrency, which is hard to trace. Compromised data may also be used to open fraudulent lines of credit. 

“The U.S. is in a ransomware crisis right now,” said Jeff Otteson, vice president of sales at Midwest Bankers Insurance Services (MBIS), a subsidiary of the Wisconsin Bankers Association. He explained that it has created a hard insurance market with carriers tightening up on internal control requirements such as multifactor authentication (MFA) for privileged users (users with the ability to install software or change security settings on critical systems) and encryption of backups. 

In their 2021 Cost of a Data Breach Report, IBM Security and the Ponemon Institute calculate that the average total cost of a data breach is $4.24 million, a 10% increase from 2020–2021. The per-record cost of personally identifiable information averaged $180. 

Prevention 

With the incredibly high stakes in mind, banks are dedicating significant resources to preventing malicious cyberactivity, both in terms of staff and money. Respondents to a 2020 Deloitte survey of financial institutions reported spending about 10.9% of their IT budget on cybersecurity on average, up from 10.1% in 2019. In terms of spending per employee, respondents spent about $2,700 on average per full-time employee (FTE) on cybersecurity in 2020, up from about $2,300 the prior year. 

“There is an industry-standard framework for ransomware prevention and all cybersecurity,” explained FIPCO’s Director InfoSec and Audit Ken Shaurette. FIPCO is also a WBA subsidiary. A good consultant will walk the bank through a comprehensive review of their network security, improving endpoint protection to replace traditional antivirus and endpoint detection solutions, including adding authentication improvements such as MFA, improved password strength, and protecting backups. As more and more of the digital tools that bankers utilize require users to download and install software and updates, depending on signature-based solutions for malware detection is not acceptable — it has become critical to safeguard user, file, network, and device-level activities. 

A bad actor gaining access to a bank’s data may encrypt the data and demand payment in exchange for granting access back to the bank. In this situation, having a data backup is essential.  

“The rule of thumb for data backups is 3-2-1,” said FIPCO Information Security and IT Audit Advisor Rob Foxx. “There should be three copies of all data stored on two different mediums. One of the copies should be stored off site.” 

Ransomware prevention is only one part of a complete cybersecurity system. Experts agree that early detection of unusual activity within a system can help keep a minor incident from quickly escalating into a major incident like a ransomware threat. 

“Ransomware isn’t the first attack,” said Wolf & Company, P.C. Manager of the I.T. Assurance Group Sean Goodwin, who recently presented at WBA’s Secur-I.T. Conference. “Ultimately, it’s on I.T. to put controls in place because an employee will inevitably fall for a phishing email. It becomes a question of whether we can catch that quickly.” 

Social engineering remains the greatest concern; it’s easier for bad actors to trick an employee rather than break through a firewall. Verizon’s 2021 Data Breach Investigations Report found that almost half of the breaches in the financial services industry involved internal actors committing various types of errors. The report stated that the financial sector frequently faces credential and ransomware attacks from external actors, 96% of which are financially motivated (followed by small percentages of motives of espionage, grudge, fun, and ideology). 

Goodwin emphasized that I.T. must be able to act quickly when there’s an indication that someone is accessing something they don’t normally access. “Prevention is ideal. If we can prevent it, that’s best-case scenario, but if not, early detection becomes critical,” he said. This area of solution, known as endpoint detection and response, is rapidly becoming a key point of protection from ransomware and all other malicious events. 

Establishing an incident response program within a bank is an important part of the overall cybersecurity program. 

Preparation 

Creating a culture of cybersecurity awareness throughout the bank is important, so that bank employees are prepared for an incident. Employee training on what to do in the event of an attack should be standard practice. Making security part of the organization’s DNA is a best practice. 

“Every bank needs an incident response plan, and that needs to be approved all the way up through the board. Part of this plan is notification of incidents to the insurance carrier,” said MBIS’s Otteson. 

FIPCO’s Foxx emphasized that the roles and responsibilities in the incident response plan must be clearly defined, and banks should revisit their plan regularly.  

“As the insurance agent, I’m the first call a bank makes when there’s an incident,” said Otteson. “It’s important that banks choose to work with an agency that understands cyber insurance.”  

MBIS insures about 220 banks and has access to a large number of carriers that provide the right coverage for their customers. Otteson recommends reporting all incidents as even a minor incident could result in a claim down the line and having reported that incident when it occurred is key to a successful claim. He says to keep in mind that the owner of the data is liable for it whether the incident occurred in house or with a vendor the bank shared customer data with. 

Mitigation 

It’s important to work with the insurance carrier to ensure that all the bases are covered and that the vendors who participate in the response are approved. Not using the cyber insurance carrier’s approved vendors may result in expenses not being covered under the insurance policy. In the event of a ransomware attack, the insurance agent or bank will immediately notify the insurance carrier. Beazley, a carrier partner of MBIS, maintains a 24/7 helpline, which has become common with other carriers as well. Knowing how to report incidents, when to report, and what to expect is key. 

Holidays and weekends are prime times for ransomware attacks: employees who are in a rush to leave may be more likely to click on a bad link, and with employees away from work, it’s easier for the bad actors to get into the network. Even if a problem is detected, it’s more likely that staff who could help put a stop to the attack may be on vacation or unavailable, buying the criminals more time to take over. 

As soon as a cyber liability claim is made, the insurance carrier’s pre-approved vendors come into play.  

“Nobody has the resources in house to effectively manage ransomware attacks,” said Foxx, who has experience working both within a bank and as an external auditor and consultant. The specialization of skills and the amount of people needed to perform adequate analysis and remediation are so significant that even large banks will not have all the players they need on staff. 

If a bank’s data becomes encrypted and made inaccessible, a vendor such as Tetra Defense would be engaged on forensics. Managed endpoint detection and response vendors such as Cynet can help from detection and prevention to response, including providing digital evidence for a vendor performing forensics. Meanwhile, a vendor such as Coveware would handle ransom negotiations with the criminals. Wolf & Company, P.C.’s Goodwin said that you don’t really know who’s on the other side of the transaction — some criminals may be willing to negotiate and others not. He referred to ransomware as a “niche space in cybersecurity that is now getting more attention.” The criminal organizations involved in these types of attacks in some ways act like a legitimate business in that they rely on their reputation and may even have customer service departments — if they fail, it will hurt their chances of getting more business in the future.  

Typically, in the event of a ransomware attack, a legal firm will handle communications and PR for the bank — putting a statement on the bank’s website, assisting staff with customer phone calls, and determining whom to notify. Getting legal involved early protects all communications and discovery with attorney-client privilege. The requirements for notification vary from state to state, and a bank may have customers in multiple states or even other countries, making the expertise of a legal team invaluable. The language used in communications matters, as the term “breach,” for example, can have different legal implications and potentially create larger issues than terms like “incident,” “situation,” or “event.” Education of staff far in advance using regular testing of the plan is a key factor in mitigating an incident. Inappropriate statements made by employees on social media or even at informal social gatherings can have severe ramifications for the bank. 

Follow Up 

While anyone who experiences a ransomware attack may be eager to breathe a sigh of relief and move on when it is over, it is essential to review the incident and revise the bank’s incidence response plan. Assessing what went well and what needs to be improved are critical steps.  

Goodwin also warns that victims of ransomware are commonly re-targeted. A Cybereason study found that 80% of organizations that previously paid ransom demands confirmed they were exposed to a second attack. He said that once a company has paid a ransom it is known that (1) you were compromised, (2) you do not have proper backups of your files, and (3) you were willing to pay. 

Summary 

Cyberattacks are the biggest risk to a financial institution — even surpassing the risk of past-due loans. The cost of a ransomware attack can be astronomical, with many factors contributing to the price tag, including vendor fees and staff hours to resolve the issue; the cost to inform customers and offer identity or other protections; the loss of destructed data; and the down time of the business. All of this, followed by the loss of customers’ trust (and subsequent loss of their business), has the potential to put a community bank out of business.  

There are safeguards banks can put in place, including a sound incident response plan, improved monitoring with better endpoint detection and response, cyber liability coverage, and employee education. FIPCO, MBIS, and a wide range of WBA Associate Members are ready to support banks in keeping their data and that of their customers safe.  

October 20, 2021/by Cassandra Krause
https://www.wisbank.com/wp-content/uploads/2021/10/bigstock-193480438.jpg 729 1600 Cassandra Krause https://www.wisbank.com/wp-content/uploads/2021/09/Wisconsin-Bankers-Association-logo.svg Cassandra Krause2021-10-20 13:41:012021-10-20 13:41:01What Community Banks Need to Know About Ransomware Attacks

Categories

  • Advocacy
  • Community
  • Compliance
  • Credit Unions
  • Education
  • Member News
  • News
  • Products
  • Resources
  • Uncategorized

Recent Posts

  • Bailey Promoted to Vice President and Director
  • Community State Bank Announces 2023 Promotions
  • Announcing the 2023 Bank Executives Conference
  • From The Fields: Rising Interest Rates and Their Effect on Production Agriculture
  • Wolf River Community Bank Announces Promotions to Executive Team

Archives

  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • December 2020
  • November 2020
  • October 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • November 2019
  • October 2019
  • September 2019
  • July 2019
  • May 2019
  • April 2019
  • March 2019
  • November 2018
  • September 2018
  • August 2018
  • June 2018
  • April 2018
  • March 2018
  • January 2018
  • November 2017
  • October 2017
  • September 2017
  • May 2017
  • December 2016
  • November 2016
  • August 2016
WBA logo
  • About
  • Community
  • Subsidiaries
  • Staff

questions@wisbank.com

608-441-1200

4721 S Biltmore Ln.
Madison, WI 53718

Get our Newsletter!
Subscribe

© 2023 Wisconsin Bankers Association. All rights reserved. | Website Design by Bizzy Bizzy
Scroll to top

This site uses cookies. By continuing to browse the site, you are agreeing to our use of cookies.

OKLearn more×

Cookie and Privacy Settings



How we use cookies

We may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.

Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.

Essential Website Cookies

These cookies are strictly necessary to provide you with services available through our website and to use some of its features.

Because these cookies are strictly necessary to deliver the website, refusing them will have impact how our site functions. You always can block or delete cookies by changing your browser settings and force blocking all cookies on this website. But this will always prompt you to accept/refuse cookies when revisiting our site.

We fully respect if you want to refuse cookies but to avoid asking you again and again kindly allow us to store a cookie for that. You are free to opt out any time or opt in for other cookies to get a better experience. If you refuse cookies we will remove all set cookies in our domain.

We provide you with a list of stored cookies on your computer in our domain so you can check what we stored. Due to security reasons we are not able to show or modify cookies from other domains. You can check these in your browser security settings.

Other external services

We also use different external services like Google Webfonts, Google Maps, and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.

Google Webfont Settings:

Google Map Settings:

Google reCaptcha Settings:

Vimeo and Youtube video embeds:

Privacy Policy

You can read about our cookies and privacy settings in detail on our Privacy Policy Page.

Terms of Use
Accept settingsHide notification only

Subscribe

* indicates required








Membership