Posts

By Rob Foxx, CCBTO

Have you ever had a conversation with a member of your information technology or information security staff and after they left, wondered to yourself what they just said? You are not alone, and it is not an uncommon occurrence. This two-part series (the next to be released in the October 2022 Wisconsin Banker) will help non-technical and management staff better communicate with — and understand — technical staff. Before breaking down the best ways teams can improve their communication — we first should understand how we got into this situation.

Like I image many people with computer and technology background did, I came from a more technical side of IT. There were two distinct points in my education where the need for communication skills were downplayed, if not ignored entirely.

Experiences Shape Us

In high school, I was given a career aptitude test that assisted my school advisor in determining what they would best recommend I do after graduation. I scored high in many areas; however, I did not have many social experiences with my peers and spent my days labeled as a “nerd,” which skewed my results and stated that I had a low score for interpersonal skills.

My advisor suggested a career involving computers and technology, which would allow me to work independently and avoid much social interaction. While I am not a full-blown extrovert, I do very much enjoy working with and helping people — something I think many of my peers share with me, even if they are not the best at communicating it.

Though public speaking courses are often required in high schools, technical colleges, and universities, the classes often do not cover critical skills such as how to explain complex concepts to people who don’t have a baseline understanding of the requirements to understand them. In addition, many computer and technology students may only have experience communicating tech-related ideas and concepts with peers, causing a significant gap in communication and understanding between technical and non-technical individuals.

Communicate Expectations

Often the communication gap doesn’t seem as obvious in other majors or professions however, with the rise of technology in our daily lives and the increased use of computers and technologies to better facilitate and perform day-to-day tasks in nearly every industry, it is important that professionals either have a strong understanding of technology or rely on technology experts.

The major problem that often occurs with improper communication is failure to set, understand, and meet expectations. Ideally to set these expectations, experts should be able to both ask and understand business requirements and explain solutions to make informed decisions. This is something college does not prepare these experts for. In fact, it is something they have been told — either directly or by implication — is not important.

In a business scenario, the inability to pass along knowledge of the differences between options presented could lead to business leaders making decision based on what they can understand (usually financial cost). In the long term, making the wrong decision could require having to revaluate and revisit decisions before the end of their intended lifecycle.

Avoiding Common Mistakes

So, we see the problem, now how do we fix it? First and foremost, good communication is a two-way commitment. There is no shame in not understanding or asking for a clearer explanation. I promise that there are many aspects of the bank that the technology professionals do not completely understand.

The knowledge many IT professionals are trying to pass along is not expected to be learned overnight and might not even be able to be conveyed in a single meeting. However, this information is often very important for leader to consider when making informed business decisions for the benefit of the organization.

Frustration and lack of understanding can be the enemy of all productivity and growth within the organization — don’t pretend to understand a topic. Rather, non-technical individuals should ask follow-up questions or for explanations of terms that are not understood. This will assist every computer and technology professional in more effectively relaying IT-related information to all.

Foxx is director – infosec and IT audit services for FIPCO, a WBA Gold Associate Member.

WBA’s Secur-I.T. & BSA/AML Conference returns in 2022

As cybersecurity and fraud continue to be rising topics of discussion throughout the banking industry, bankers are encouraged to stay informed on the latest trends experts are seeing and how regulations will continue to impact Wisconsin banks by attending WBA’s annual Secur-I.T. & BSA/AML Conference held in Wisconsin Dells.

The two-day conference — beginning September 20 and adjourning at noon on September 21 — draws over 125 BSA/AML, operations, security, and technology professionals from around the state for over seven hours of educational presentations and networking.

This year’s keynote session will feature Bryan Seely, a world-famous cyber security expert, ethical hacker, author, and former U.S. Marine. Seely became one of the most famous hackers in 2014 when he became the only person to ever wiretap the United States Secret Service and FBI. Before he was caught, he confessed to the two agencies that there was an issue that needed to
be fixed.

Unlike many hackers, Seely is passionate about fighting for consumers rights, privacy, and educating the public about how to stay safe in a constantly changing technological landscape. In this keynote session, Seely will highlight the different ways in which hackers think and the new, creative ways professionals must approach security in order to protect the most critical information of the business and customers.

In addition to this captivating keynote speaker, the Secur-I.T. & BSA/ AML Conference offers several breakout sessions and networking opportunities that will assist banking professionals from throughout Wisconsin in further developing their bank’s customer experiences, BSA/ AML program, security, and technology capabilities as the banking and technology industries continue to evolve.

By Rob Foxx, CCBTO

I frequently get asked, “How do I or my other non-technical staff help keep my institution safe from electronic threats?” Ransomware is the topic of the day, and I don’t know that there will be changes to that any time soon. There are a few things that can make protecting yourself easier. Good security is done in multiple layers of defense and requires participation of all members of your team.

Involve Your Whole Team

Cybersecurity is the responsibility of all members of the business, not just IT. To that end, everyone needs to know what common tactics are used to compromise your security. Learning how to identify phishing emails as well as business email compromise and reporting these types of events could be the difference between fighting a breach or dodging one. This kind of mindset has been in physical security for a very long time, but it has been a lot slower to be adopted into data security. By educating your staff and yourself and reporting it to the right people in your organization, you can avoid a very common but costly pitfall.

Ensure System Maintenance is Up to Date

The next item is a task that IT performs but is something leadership should both understand the basics of and require accountability for. Keep your systems updated and patched. An alarming number of breaches over the years could have been prevented by simply keeping systems up to date. Microsoft pushes out Windows patches the second Tuesday of every month, which should be reviewed for issues with your environment and deployed as soon as possible. There are tools that make this very easy to perform should you invest in them. Less obvious patches to other software like Adobe Reader, Google Chrome, and even your remote connection software, are equally important. Keeping an inventory of your software assets and checking them regularly for updates and patches can reduce your attack surface. Updates should not only be done, but they should also be reported to management and/or the board of directors at a regular frequency.

Secure Your Passwords

Get secured passwords or, if possible, multi-factor authentication. Insurance companies offering cyber insurance policies are pushing for people to utilize tools such as authenticators on your phone for multifactor authentication. While this is ideal, it may not be in place in many institutions. The National Institute of Standards and Technology (NIST) security framework used by the U.S. Department of Defense recommends longer passwords (16+ characters) without complexity and no expiration unless you have reason to believe it was exposed. Passwords can be as simple as picking out 3 random words such as doorbluecomputer. This is easy to remember and difficult for a computer to guess. If you can’t use multifactor authentication, using a password manager can enable you to use many complex and long passwords that you could never otherwise remember.

Give IT and Security a Seat at the Table

Bring IT and information security into your decision-making process. If this is something that is not being done currently, consider adding these people to the team that makes your highest-level decisions. They will have a perspective on additional costs as well as potential problems and conflicts that may occur. While they may not represent the majority of your staff or income, they speak for a considerable portion of your assets. There are few things as frustrating as going forward with a new project and not having considered how it will work with the rest of your environment or whether you have the hardware or software to support it without extra expenditure of assets. Additionally, there are many problems that exist within a business that your more technical staff could offer a solution to that the rest of the staff may not have known about.

Keep Up With Advancements in Technology

Don’t let technology outpace you. New technologies come out every day, and while you’re not expected to be on the leading edge, you should at least keep a healthy pace with it. For example, if you are using a conventional virus scanner, you are already behind the times. Zero-day exploits (bugs that are either unknown or unpatched) and fileless malware and viruses are also not detected by traditional antivirus products. Fileless attacks are becoming more prevalent, and you can get them any number of ways. It could be as innocent as going to a website and without any need clicking or downloading — without your permission, you could have brought an unwanted problem to your institution. Though a bit on the pricier side compared to traditional antivirus, next-generation products in this field are far more capable than their older counterparts.

Most of the items presented are of a non-technical nature and should be part of making your staff work well with your information security team and vice versa. In our more modern environments of work from home, it is more important than ever to make cybersecurity a part of everyone’s day to day.

Foxx is information security and audit advisor for FIPCO, a WBA Gold Member.

Rose Oswald PoelsBy Rose Oswald Poels

I’m pleased to announce that the Wisconsin Bankers Association (WBA) is partnering with state bankers associations nationwide and data provider FedFis to offer access to Bankers Helping Bankers to WBA members.

Bankers Helping Bankers is a bankers only platform for collaboration and research. Through data tools and dynamic user groups, Bankers Helping Bankers provides community bankers with a knowledge base focused on bank technology and emerging Fintech companies, as well as hot topics such as cryptocurrencies, banking as a service, and direct digital banking.

In October 2021, the Independent Bankers Association of Texas (IBAT) was the first state banking association to partner with FedFis, a provider of fintech data analytics and a strategy system which tracks financial, M&A, and vendor data (including technology vendors) on every bank and credit union in the United States. Since then, the exclusive, banker-only platform has been expanding to states across the nation.

Given the rapidly changing landscape of banking technology, it is hard to keep up through in-person events alone. Bankers Helping Bankers provides an additional way for bankers to connect with one another via forums and access a wide range of fintech data.

WBA continues to offer our WBA Connect and CEOnly/CFOnly peer groups that provide in-person and online networking for Wisconsin bankers only. Through the new collaboration with Bankers Helping Bankers, we aim to bring even more value to WBA members by offering an additional opportunity that lets bankers connect with their peers across the country, with a focus on banking technology.

If you or any member of your team would like to take advantage of the Bankers Helping Bankers opportunity, please fill out the form to gain access to the platform. You will receive an email within a couple of weeks with details on how to create your account.

Triangle Background

The second in a series exploring the effects of the COVID-19 pandemic on banks in Wisconsin.

By Hannah Flanders

As COVID restrictions continue to subside and the days of isolation have since passed (we hope), bankers and customers alike return in droves to their community banks. However, the challenges
presented by the pandemic will forever leave a lasting impact on the way banks operate.

Like most Americans, banks were forced into the confusion and chaos of the COVID-19 lockdown with little to no time to prepare. With disaster plans in place, many banks quickly turned remote, began servicing loans through drive-ups or in the parking lot, and relied on technology to stay connected to their team and customers.

The pandemic’s ongoing impact has allowed banks around the country to reassess the needs of both their customers and staff in connection to the bank and its physical or online branches.

For well over a century, brick and mortar banks have been the cornerstones of communities throughout Wisconsin. Be it for the safety and security of their money, or the personal connection associated with meeting in person, consumers across the state highly value their local, physical bank branches. However, many banks are rethinking their approach to the ‘traditional’ bank.

“[The ways in which] banks interact with clients and where employees get their work done has changed,” says Laurie Richards, vice president and partner at LERDAHL, a workplace interiors company and WBA Associate Member. “Bank branches are remodeling their locations to accommodate a wider variety of expectations that have emerged over the last two years as competition increases for clients and employees.”

A key component of embracing post-pandemic life for Americans around the country has been implementing the lessons learned — and this is certainly no different for Wisconsin bankers. As new branches — including Capitol Bank on Madison’s east side and Farmers and Merchants State Bank in Lake Mills — pop up around the state, new challenges arise as to how banks reimagine themselves in their communities.

As the pandemic proved, accessible banking is the most important factor to both banks and consumers. “Horicon Bank has a renewed commitment to innovate the way we help our customers. The needs of our customers are changing — and in 2020 they changed rapidly,” says Grace Bruins, marketing officer at Horicon Bank. “We’ve had to take a look at the things that make us unique — personal service, community commitment — and find a way to offer that in a digital environment as well as a physical one.”

Throughout Wisconsin, community banks envision new ways of exceeding the expectations of their customers. “Our plan is to continue to invest in our people and technology to help the bank grow and be successful,” says Prevail Bank President Nathan Quinnell. Many banks throughout the state have made upgrades such as e-signatures, ITMs, and online chat functionality for customers — Prevail Bank also hopes to upgrade their online mortgage process, add online account opening functionality, and sustain remote employees.

While many banks offered remote options during lockdown, many Wisconsin bankers have returned with full force to their branches and remote employment is considered on a case-by-case basis. Finding ways to leverage technology and space within the office is not only critical to staying relevant to customers in a world with increasing interest in digital banking, but to finding and retaining talent in a competitive job market.

“As we are in the relationship business, in addition to valuing our customers, we value the presence and safety of our employees,” says Capitol Bank President and CEO Ken Thompson. With insight from having successfully navigated the challenges created by the pandemic, Thompson understands the value this new space adds for both his customers and employees.

The combination of private office locations balanced with the increasing need for open, conference-style spaces planned for the new Capitol Bank location highlights a shift from individual to collaborative work and supports the idea that the type of task, privacy, and level of collaboration required is flexible throughout the day. With the assistance of technology, bankers are now able to maintain the office environment and culture as well as offer support to branches across towns, cities, or the state.

“As well as providing legendary customer service, embracing future technology is an important aspect of nurturing our current and future customer relations,” says William Campbell, Farmers and Merchants State Bank president and CEO.

“As we transition into our new Lake Mills branch, offering secluded spaces where customers can meet with Lake Mills staff as well as virtually meet with Waterloo and Marshall team members, will not only allow for an easier transition but offer our customers a variety of services,” adds William Hogan, Farmers and Merchants State Bank CFO.

In reimagining accessibility, bankers have considered new ways customers are able to interact with bankers — via the drive-up, ITMs, and through their digital branches — and explored elevating
existing offerings.

“Since the pandemic started, [Horicon Bank] believes there are more customers looking for digital banking services,” says Horicon’s CFO Robert Traylor. Whether it be mobile banking or the desire to digitalize services already offered at the bank — there is no doubt to bankers that the use of technology in some capacity offers customers a greater personalized banking experience and, in the case of online banking, allows their money and other banking services to become accessible to customers no matter where they are.

Accessibility, be it of the physical branch or the online services, continues to be amplified by the days of COVID-19. In understanding the need for both brick and mortar and virtual banking practices as well as approaches to combine the two, Wisconsin bankers hit their stride and continue their growth looking beyond the pandemic.

Community banking is, and always has been, concerned with the relationship built between the banker and the customer. Providing safe and productive spaces — both in-person and online — that offer the relevant tools and foster growth for both the employees and clients, is ultimately beneficial to the success of any community bank.

 

Ken Thompson Headshot By Kenneth D. Thompson, WBA Board chair, president and CEO of Capitol Bank, Madison

After the challenges of the last several years, I believe I speak for everyone when I say I am continually amazed by the optimism that Wisconsin bankers hold not only for the growth of our industry, but for our economy and communities as well. Although the COVID-19 pandemic continues to wreak havoc, I expect 2022 to be a year of immense growth and transition within our industry.

As bankers, we are fortunate to have a unique perspective on our economy and communities. As many member CEOs highlighted in WBA’s recent Economic Conditions survey, despite recent obstacles, a majority of Wisconsin bankers rate the current health of the economy as ‘good’ and predict this to stay the same well into 2022.

Our work in providing flexibility to our staff and customers, as well as exceeding expectations of managing liquidity and technological growth in 2021, has absolutely aided in our efforts to provide stability in times of uncertainty. Our industry will continue to be challenged into 2022 as we face inflation; ongoing COVID protocols surrounding vaccinations, boosters, and possible mandates; as well as talent retention.

However, as mentioned repeatedly by Minneapolis Federal Reserve Bank President and CEO Neel Kashkari during WBA’s annual Midwest Economic Forecast Forum, Wisconsin’s economy and our region as a whole has been on par with the recovery of the nation. Efforts by our community banks have not gone unnoticed and have played, and will continue to play, a substantial role in rebounding our economy.

Of course, innovation will remain the name of the game as banks navigate uncertainty. The next eleven months will certainly show the flexibility, creativity, and expertise of banks in Wisconsin and set our industry apart.

Thank You, Ken Shaurette, for 13 Years at FIPCO!

By Hannah Flanders

On December 31, 2021 Ken Shaurette retired from FIPCO’s Information Security and Audit Services after 13 years with the company. Shaurette launched his IT career in 1976 after completing his associates degree in data processing. Over the past two decades, he has also garnered a collection of training courses through venders and trade schools as well as certifications by the National Security Agency (NSA) in Information Assessment Methodology. In 2008, Shaurette was hired at FIPCO to build the Information Security and Audit Service from the ground up as its director.

Shaurette shared reflections on how the industry has changed over his decades of experience. When his career began, data was stored centrally in large computer data centers. Slowly, the industry began to give more processing power and ability to manipulate data to users and as the data became increasingly decentralized, security professionals had to establish improved policies and information security programs that addressed data no longer being stored in a big computer center, but out at the desktops anywhere in the company.

As data collection and storage abilities improved, not only did it become more difficult for all the information to be properly secured, it became increasingly important. Regulations have been created today in order to meet the expectation that customer data is equally protected no matter the size of the bank. “Information security [must continue to be] part of our individual and our companies DNA” says Shaurette. “Without security controls, your business can’t grow quickly.”

Shaurette’s perspective has allowed him to help banks throughout Wisconsin protect themselves against serious attacks that could in turn affect growth, reliability, and profits. Shaurette notes that “when it comes to information security 80% is the same regardless of [the] industry when securing the data, 15% is unique to the [banking] industry, and probably 5% is the social atmosphere of [each bank].”

“Over the course of the years, his expertise and service have been greatly appreciated and well-respected by our customers and members,” says Pam Kelly, president of FIPCO. “His passion and unfailing dedication to information security and our members has helped hundreds of bankers keep critical data secure, avoid attackers, and meet the needs of their own communities. Thank you, Ken, for 13 years!”

In his retirement, Shaurette looks forward to spending time with his grandchildren, volunteering, and — he jokes — not writing audit reports. However, he leaves FIPCO customers with one last message in appreciation over that last 13 years, “I may be boating off into the sunset, but the sunrise of a new generation is transitioning behind me, and you will be left in very good hands with Rob Foxx. I’ll be waiting for you to show up for an information security peer group meeting or networking round table on the pontoon boat someday soon. Those that know me, the refreshments are always ready.”

Ken Thompson HeadshotBy Kenneth D. Thompson, WBA Board chair, president and CEO of Capitol Bank, Madison

January marks the halfway point of my time as WBA chair and as we transition into a new year, there are undoubtedly new things to look forward to as an industry and as an association.

Our successes in 2021, many of which related to the ongoing uncertainty of the COVID-19 pandemic, taught us all valuable lessons I hope can be brought with us into the new year. From low levels of past-due loans throughout our industry to excess liquidity, it’s safe to say that stepping outside of our routine has resulted in spectacular results.

Looking onward to 2022, I encourage bankers to approach challenges with the same curiosity we have for the past two years. As our industry continues to grow, how will each of us lead the way in making Wisconsin banks efficient, diverse, and robust?

WBA has long known that banks are cornerstones in our communities and as such, should be leaders in embracing societal developments. Technology, for both our customers and employees, has been and should continue to be an aspect that sets our industry apart. In embracing these digital channels, banks have a unique ability to meet the expectations of customers while also supporting them with cybersecurity and best technological practices.

Our ability to advance diversity, equity, and inclusion (DEI) efforts, as well as offer flexibility to employees, has the potential to set our industry apart. This is especially important to consider as we navigate through a competitive hiring and retention landscape.

As we all envision a brighter 2022, it serves us to remember that innovative solutions, such as PPP and advances in online banking, have provided our communities with much-needed assistance in the past. We must not be held back by what we are familiar with. This pandemic has taught us all that some of the most effective answers may not be the ones that have been tried before.

It is essential for banks to approach these situations with caution instead of resistance and as always, WBA remains a valuable resource in education, advocacy, and community involvement for each of us as we look forward to what’s to come in 2022.

By Tom Still, WTC President

The list of economic uncertainties for 2022 is long and complex, with COVID-19 variants, supply chain woes, energy disruptions, climate-change anxieties, and political frictions around the world producing jittery markets.

It’s time to look for trends in technology to calm frazzled nerves on Wall Street as well as Wisconsin’s Main Streets.

Analysts at International Data Corp., the global market intelligence firm, predict the technology industry is on track to exceed $5.3 trillion in 2022 — thus returning to the 5% to 6% annual growth rate typical before the pandemic. The United States is the world’s largest tech market, representing about a third of the projected total at $1.8 trillion.

Tech overcame the 2020 speed bump precisely because COVID-19 triggered so much change. The workplaces of today are no longer easily defined. Changes in business travel forced innovation. Cybersecurity threats led to more investment across industry lines, from financial services to “Mom and Pop” retailers. Phrases such as “quantum computing,” “virtual reality,” and “artificial intelligence” were once the exclusive lingo of computer scientists; today, they’re part of the business plans for many companies.

It all points to bigger tech budgets, greater investment and more innovation pushing through the economic super-structure.

Technology will continue to disrupt many verticals. Health care is being transformed through telemedicine and wearables, not to mention breakthroughs in diagnostics and therapeutics. The jury is out on how effective remote learning has been for students of all ages, but online education will continue to have a role in the classroom. Sales through eCommerce in the United States continue to soar (hence, some of today’s supply chain troubles) and trends such as cryptocurrency are altering the financial world.

Tech can help slow climate change effects through conservation controls in homes, offices, cities, and power plants, even if “crypto-mining” has become an energy vampire. Likewise, as technology displaces many people in the workforce, it will create more new jobs than it destroys. The trick is ensuring that people are trained to do the work and opportunities don’t bypass women and minorities.

There are some threats to U.S. tech sectors, but also opportunities for Wisconsin to grow as a tech-savvy state.

In Washington, D.C., Congress should establish data privacy rules that are national in scope versus a state-by-state approach that could hamper companies engaged in eCommerce, finance, or insurance. Congress should avoid unnecessary taxes on venture capital managers and not pass an antitrust bill that would shut down “exit” options for young companies.

Congressional consensus around bipartisan plans to invest federal dollars in key research areas could help Wisconsin, especially if the state’s research universities and private partners can compete for one or more R&D “hubs” envisioned through the National Science Foundation.

In the Wisconsin Legislature, the refining of the state’s investor tax-credit law will lead to more angel and venture capital dollars flowing into young companies. When the Qualified New Business Venture law took effect in 2005, angel and venture capital investments could be measured in the tens of millions of dollars. The 2021 total will easily exceed $500 million, in part because those credits are pulling four times their weight in private investment. Pending bills would improve the law.

The new year may be tumultuous in many ways, but growth in tech markets could help smooth choppy waters.

The Wisconsin Technology Council is the independent, non-partisan science and technology advisor to the governor and the Legislature.

Events

We will look at the red flags and scenarios for Elder Abuse, Identity Theft, Business Email Compromise Schemes, and Human Trafficking. We will look at the misuse of POAs, Cash, Fake Emails, Romantic Scams, and more. Learn what the response of your financial institution should be when these activities hit our accounts and our customers. Two of the most disturbing crimes in our country which involve harm to those who are being smuggled into the country and then those who are exploited by human trafficking. Learn how big the crime is in the U.S. and what our response should be. Learn what the differences in these two crimes are and how we can detect these criminals in the banking system.

What You’ll Learn

  • Red Flags for Elder Abuse
  • Privacy Issues in Elder Fraud
  • Romantic Scams, POAs, debit card abuse in elders
  • Identity Theft programs
  • Use of ITIN after SSN
  • Stealing purses and writing bad checks is back
  • How to detect bad identification
  • New Cyber Crimes on the New SAR are focused on business email attacks and compromises
  • Learn how good wire procedures can prevent this
  • Human trafficking
  • Human smuggling
  • Learn how your customers hide and disguise transactions
  • Filing Suspicious Activity Reports

Who Should Attend
All branch personnel, tellers, new accounts, loan officers and call centers who help and protect our customers.

Instructor Bio
Deborah Crawford is the President of Gettechnical Inc., a Florida based training company. She specializes in the deposit side of the financial institution and is an instructor on IRAs, BSA, Deposit Regulations and opening account procedures. She was formerly with Hibernia National Bank (now Capital One) and has bachelor’s and master’s degrees from Louisiana State University. She has 35+ years of combined teaching and banking experience.

Registration Options

Live Access, 30 Days OnDemand Playback, Presenter Materials and Handouts $279

  • Available Upgrades:
    • 12 Months OnDemand Playback + $110
    • 12 Months OnDemand Playback + CD + $140
    • Additional Live Access + $75 per person

Nearly every ISO and IT Manager’s greatest fear is getting that phone call — the one where a user says they have a ransom note popping up on their screen. This is one of our greatest fears as well, but with a different spin — getting that phone call from a client. Unfortunately, we’ve been in this situation before and helped numerous organizations recover from ransomware.

In this session, we’ll review two different ransomware attack scenarios from two different organizations that got different results while dealing with ransomware — and why.

What You’ll Learn

  • Current Ransomware Stats and Tactics
  • Typical Ransomware Attack Scenario Walk-Through
  • Case Study #1 and #2
  • Differences and Results
  • Top Controls to Mitigate Ransomware Risk

Who Should Attend
Information Security Officer, IT Manager, Risk Officer, Internal Auditor, Board members, or other management team members looking to understand risks from Ransomware.

Instructor Bio
Buzz Hillestad is a VP Information Security Consultant and heads the Incident Response team at SBS CyberSecurity in Madison, South Dakota. SBS is a premier cybersecurity consulting and audit firm dedicated to making a positive impact on the banking and financial services industry. Hillestad has a bachelor’s degree in Computer Information Systems for Business and has performed masters work in Information Security at the SANS Institute — an internationally recognized best source for cybersecurity education. Hillestad has been involved with Information Security practice in Healthcare, Banking, Government, and many other industry verticals since 2004 and has helped over 200 organizations improve their information security processes and programs. Hillestad additionally has numerous security publications in magazines such as 45 Magazine and MED Midwest Medical, and speaks nationally on various cybersecurity topics.

Registration Options

Live Access, 30 Days OnDemand Playback, Presenter Materials and Handouts $279

  • Available Upgrades:
    • 12 Months OnDemand Playback + $110
    • 12 Months OnDemand Playback + CD + $140
    • Additional Live Access + $75 per person

A financial institutions’ Board of Directors has the ultimate responsibility for securing customer information, as well as the responsibility for approving financial investments into cybersecurity, creating accountability throughout the institution for security operations, and setting clear expectations for management. The trouble with all that, however, is that the Board of Directors has not historically included a lot of technical or security expertise, which can limit the understanding of information and cyber security at their organizations.

What You’ll Learn

  • Trends in cybersecurity
  • Cybersecurity Regulatory expectations of the Board
  • The biggest challenges facing the Board and cybersecurity
  • A Framework for Asking Better Questions
  • IT Risk = Lending Risk
  • Most important things for the Board to know about IT/IS Risk
  • Add technical/cybersecurity expertise to the Board
  • Setting a Culture of Security

Who Should Attend
Board Members, Executive Team, and Managers responsible for Information Security. Both board members and information security professional will benefit from this session. Board and Senior Executives will receive a basic review of Cybersecurity and a strong Information Security Program, plus questions to ask of management. Members of the management team will benefit from a better understanding of what the board needs to know, how to communicate it, and tips in creating a strong culture.

Instructor Bio
Lynda Hartup is a Senior Information Security Consultant at SBS CyberSecurity (SBS), a company dedicated to helping organizations identify and understand cybersecurity risks to make more informed and proactive decisions.

Hartup maintains her Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), and Certified Banking Security Manager (CBSM) certifications. She received her bachelor of Interdisciplinary Studies from the University of Southern Mississippi and completed the Graduate School of Banking at Louisiana State University.

Hartup has 20 years of financial institution experience in various positions, including Information Security Officer and dedicated IT Examiner. She also served for seven years as a Bank Examiner-IT Specialist for the Mississippi Department of Banking. Her specialties lie in IT governance, risk management, and regulatory compliance.

Hartup is passionate about helping her clients maintain the safety and security of their information and assets.

Registration Options

Live Access, 30 Days OnDemand Playback, Presenter Materials and Handouts $279

  • Available Upgrades:
    • 12 Months OnDemand Playback + $110
    • 12 Months OnDemand Playback + CD + $140
    • Additional Live Access + $75 per person

If you’ve ever Googled yourself, you know there’s plenty of information publicly available about each person via the Internet at all times. It’s next to impossible not to leave a digital trail OR delete yourself from the Internet these days. The same can be said for your business. What information about your organization, employees, customers, vendors, and software is available via internet search tools? And even worse yet, how can cyber attackers leverage this information to build a specific, target attack against your organization or customers?

Open Source Intelligence (OSINT) is a common method hackers use to perform reconnaissance and create detailed, specific attack scenarios based on your organization. Odds are, a few searches or free tools can dig up more business information that you might initially think is readily available. The more tailored a cybercriminal can make their attack, the better chances they have at compromising your business.

What You’ll Learn

  • The OSINT model
  • Online Cyber Risk Scores
  • How to assess your internet-facing vulnerabilities
  • Other freely available “hacker tools”
  • How to reduce your attack vectors
  • Accepting the risk when necessary

Who Should Attend
Board Members, Executive Team, and Managers responsible for Information Security. Both board members and information security professionals will benefit from this session. Board and Senior Executives will receive a basic review of Cybersecurity and a strong Information Security Program, plus questions to ask of management. Members of the management team will benefit from a better understanding of what the board needs to know, how to communicate it, and tips in creating a strong culture.

Instructor Bio
Cody Delzer, CISA, is a VP Information Security Consultant for SBS CyberSecurity, LLC of Madison, SD who has a Bachelor of Science Degree in Computer and Network Security from Dakota State University and 9 years’ experience in IT and IT Security; 2 years in Systems Operations and 7 years in Information Assurance. Delzer has worked with over 200 Financial Institutions and other private industry organizations across the United States.

Registration Options

Live Access, 30 Days OnDemand Playback, Presenter Materials and Handouts $279

  • Available Upgrades:
    • 12 Months OnDemand Playback + $110
    • 12 Months OnDemand Playback + CD + $140
    • Additional Live Access + $75 per person

The challenges and stresses of 2020 and 2021 produced significant advances in bank operations, technology, and customer experience management. Bank responses elevated activities from ideas discussed at planning meetings to activities positioned to be part of “business as usual.” This webinar examines five business practices that must be part of every organization’s core competencies. Five focal points that need to migrate from unique projects to simply part of daily culture.

Five things that must be addressed as business as usual:

  • Talent management
  • Business development
  • Change management,
  • Technology as a strategy
  • Process improvement

A bonus topic will also be discussed:

  • 5.1 Customer experience management

Target Audience: Senior managers and leaders, emerging leaders, mid to upper level managers

Presenters: Tom Hershberger & Kyle Hershberger, Cross Financial

Registration Option: Live presentation $330

Recording available through December 8, 2022

Every successful Information Security Program is built on 3 key elements. It requires decision-making risk management processes, clearly documented Information Security Policies, and an effective IT Audit Program. These elements work in conjunction with each other, feeding the next component information that continually improves the Information Security Program. The IT Risk Assessment process identifies key systems and information, threats against those systems, and helps management identify which controls are necessary to mitigate risk to an acceptable level. The controls have been selected in the risk assessment and are captured and solidified in the Information Security Policies. These controls are then implemented by the institution to mitigate the actual risks. The IT Audit process comes in to validate that the identified controls are successfully implemented in the institutions daily operations and to also ensure they are adequate to address best practice and regulatory guidelines.

A well-developed IT Audit Program will govern this process and provide the Board of Directors with assurances that the Information Security Program is implemented and working. This session will examine in more detail how the IT Audit Program integrates with the Information Security Program and will discuss the following items:

  • Risk-based Audit Models
  • FFIEC IT Audit Requirements
  • FDIC InTREx Expectations
  • Internal/External Audit Processes
  • 6 Basic Audit Steps
  • Engagement Letters
  • Audit Workpapers
  • Reporting and Exception Tracking

Target Audience:  Information security officer, IT manager, risk officer, internal auditor, CIO

Presenter: Ron Jupiter, SBS CyberSecurity, LLC

Registration Option: Live presentation $330

Recording available through December 23, 2023

Are you worried about your digital future? Have you put the time, effort, and investment into your digital transformation (DT) only to see less new revenue than expected? If so, you are not alone. Wipro found that half the companies they surveyed in 2018 said they failed to execute their DT strategies despite demonstrated efforts and investments.

What’s behind this? Isn’t DT all about picking the right technology? Well, only partly. The reality is it is a “Tech-enabled” transformation. The transformation part is certain. The buy-in and commitment aren’t. Creating buy-in is probably the most difficult work during DT. So how do you create the buy-in to execute your strategies? Come for an interactive and lively conversation to find out how.

Target Audience: Any individual wanting to further their communication skills

Presenter: Nan Gesche, University of Minnesota

Registration Option: Live presentation $330

Recording available through January 25, 2022

The banking agencies have issued guidance on managing the risks of third-party relationships that will replace earlier guidance. Vendor management has been an important issue for a long time, but it is apparent that the expectations are increasing, no matter in what form the guidance is finalized. The rise of fintech companies and their participation in the banking industry has changed the landscape of risk in important ways, and financial institutions need to adapt.

In this webinar, we’ll discuss the guidance and what these new expectations are, and how to best improve your vendor management program to implement the changes and expectations. We’ll also go over the elements of a successful vendor management program in any institution, from vendor selection to monitoring.

What You’ll Learn

  • New proposed third-party management guidance from the agencies – what to expect and what this tells us
  • Managing relationships with financial technology (fintech) firms
  • Developing and maintaining risk management policies and programs regarding third-party relationships
  • Oversight of third-party activities
  • Contract negotiation and management
  • Ongoing monitoring
  • Identification of significant vendor relationships – what does this mean and what are the covered activities?
  • Vendors’ ability to comply with applicable law and regulations

Who Should Attend
This webinar is intended to anyone involved in the vendor management/third-party risk process, from compliance and risk management professionals, to counsel, management, and even directors.

Presenter Bio
Carl Pry is a Certified Regulatory Compliance Manager (CRCM) and Certified Risk Professional (CRP) who is a Managing Director for Treliant Risk Advisors in Washington, D.C. Through his working career, as well as through his experience as a banking attorney and officer, he has provided a variety of regulatory compliance and financial performance services to financial institutions and other clients throughout the country. He has written extensively regarding consumer and commercial compliance, tax, audit, and financial institution legal issues, and is a frequent contributor to and currently serves on the Editorial Advisory Board for the ABA Bank Compliance magazine. He has spoken at scores of banking, compliance, and state bar associations, and has conducted training sessions for financial institutions across the country.

Registration Options

Live Access, 30 Days OnDemand Playback, Presenter Materials and Handouts $279

  • Available Upgrades:
    • 12 Months OnDemand Playback + $110
    • 12 Months OnDemand Playback + CD + $140
    • Additional Live Access + $75 per person

Our topic for the webinar will focus on several simple steps to handle Reg E customer disputes and inquiries. Understanding the rules will help you satisfy the regulators but can also SAVE YOUR FINANCIAL INSTITUTION MONEY by only paying the claims that you are required to reimburse for unauthorized transactions. We will review the steps required to handle disputes and inquiries and the time frames for resolving a claim for an unauthorized transaction. The only way you can be sure that your front-line staff is complying with this high-profile consumer protection regulation is by providing effective training and providing sound procedures. NOTE: This session does NOT address Visa or MasterCard chargeback rules.

What You’ll Learn

  • 5 best practices for handling a Reg E dispute
  • Basic disclosure requirements of Reg E and the definitions that guide the error resolution process
  • Questions to ask a customer about a disputed transaction
  • What should be included in an investigation report
  • How to determine if a customer is liable for an unauthorized transaction
  • Best practices for auditing Reg E claims
  • New trends in debit card fraud
  • Resources to educate customers about fraud prevention

Who Should Attend
This webinar will benefit Customer Service Reps, New Account Reps, Teller Supervisors, Deposit Operations staff, Security and Compliance Officers.

Instructor Bio
Susan Costonis is a compliance consultant and trainer. She specializes in compliance management along with deposit and lending regulatory training.

Costonis has successfully managed compliance programs and exams for institutions that ranged from a community bank to large multi-state bank holding companies. She has been a compliance officer for institutions supervised by the OCC, FDIC, and Federal Reserve. Costonis has been a Certified Regulatory Compliance Manager since 1998, completed the ABA Graduate Compliance School, and graduated from the University of Akron and the Graduate Banking School of the University of Colorado. She regularly presents to financial institution audiences in several states and translates complex regulations into simple concepts by using humor and real life examples.

Registration Options

Live Access, 30 Days OnDemand Playback, Presenter Materials and Handouts $279

  • Available Upgrades:
    • 12 Months OnDemand Playback + $110
    • 12 Months OnDemand Playback + CD + $140
    • Additional Live Access + $75 per person

How quickly your financial institution can get back to serving customers after a cybersecurity attack, hurricane, wildfire, pandemic, or flood often depends on the business continuity management (BCM) program that has been implemented. The Federal Financial Institutions Examination Council (FFIEC) has provided guidance as to the contents of your institution’s BCM program but also emphasizes the importance of a continuous cycle for assessing resiliency by utilizing a ten-step approach. As technology continues to evolve so do the threats that could potentially hamper an institution’s ability to provide financial services to its customers. Business continuity and resiliency plans create a game plan for minimizing interruptions during a crisis.

Just like the emergence of new threats, your BCM program must keep pace. Join us to understand the examination procedures, how to incorporate the ten steps of the business continuity lifecycle, and resilience strategies. In addition, communication with the board and your internal auditor’s role in assessing the BCM’s design effectiveness are key program components. While we can never predict the type or timing of a disaster, we can ensure that our institution has a solid business continuity management program that not only passes an examination but is a valuable tool in the event of a disaster!

What You’ll Learn

  • Prepare to meet the 13 examination objectives outlined in the examination manual
  • Discuss the 10 steps to the business continuity lifecycle
  • Examining Third-Party Service Provider Contracts for Business Continuity
  • Ensure the board receives adequate BCP communication
  • Communicate the internal auditor’s role in assessing the BCP’s design effectiveness
  • Considering new technologies and emerging threats into the plan
  • Provide resources to share with your staff and accountholders during a disaster

Who Should Attend
This webinar is designed for senior management, business continuity team members, human resources managers, trainers, compliance officers, internal auditors, risk managers, security officers, and anyone responsible for business continuity management.

Instructor Bio
Molly Stull began her banking career on the teller line while working on her undergraduate degree and has continued working in the financial industry ever since. Some of her experience includes roles in operations, business resumption planning, consumer compliance, and conducting audits. Her favorite role is ensuring that her audience, whether on the sports field or in the financial industry, understands the “why” behind the rule. Her wealth of financial knowledge and her numerous years of experience enable her to relate the material to the audience.

Registration Options

Live Access, 30 Days OnDemand Playback, Presenter Materials and Handouts $279

  • Available Upgrades:
    • 12 Months OnDemand Playback + $110
    • 12 Months OnDemand Playback + CD + $140
    • Additional Live Access + $75 per person