Cybersecurity ranks first in importance among internal risks, as well as in current and future technological challenges for community banks.1 April is Community Banking Month and meant to be a time to celebrate you, your efforts, and everything community banking stands for, not a time to be fooled. Consider the following opportunities to boost your cyber resiliency, focusing on your most important information asset: your people.
“Right” Access vs. “Right” User
Realistically, community bankers are expected to wear many hats. Traditionally, this has resulted in elevated permissions and eliminated segregation of duties. You’ve been taught to grant the least amount of privilege to limit exposure in the event of unauthorized access, but have you considered to whom you have granted the access? During your review, you check that users have the “right” access, but do you know if these users have the “right” training, experience, and advocacy? Do they demonstrate strong cybersecurity practices and understand the risks associated with their elevated access? Going forward, this is a must.
Information Sharing Is One Size Fits All
As a community bank, you’re often expected to have the same level of expertise as an institution 10 times your size. You also are held to the same regulatory standards despite the number of hats you wear. You might be inclined to challenge this by referring to your size and complexity, but when it comes to cybersecurity, we’ve already established that rationale doesn’t exist. Here lies a tremendous opportunity. Use this to your advantage and leverage the peers in your industry. Develop partnerships with the intent to create forums to share experiences, best practices, and ideas. Forge alliances with both competitors and your regulators to strengthen community banking. This shouldn’t begin and end with subscribing to FS-ISAC (Financial Services Information Sharing and Analysis Center) only.
Use Cyber Insurance as Risk Mitigation
Cyber insurance appears to be a hot topic, especially at conferences. Attendees have admitted that the new and improved, albeit intimidating, underwriting process was so overwhelming they decided to forgo obtaining coverage at all. First, don’t look at the underwriting process as a chore. It’s basically a free audit, so use it to your advantage! When determining the amount of coverage, consider not only the controls you have in place, but also what’s out of your control, like human error. While the premiums may be increasing, it can cost you significantly less than not having any coverage in the event of breach. There are resources that can assist you with this process, so don’t let a great risk mitigation practice go unused.
Managing cybersecurity risk is an ongoing and ever-evolving challenge. You’re constantly faced with challenges from every angle, forcing you to pivot, reassess priorities, and shift your limited resources to tackle the latest threat. Raising your hand and asking for help shouldn’t be seen as a sign of weakness. It’s a great leadership quality that can show strength of character and demonstrate to your team that you’re human. At FORVIS, we can meet you where you are, while anticipating what's ahead to help you thrive. Our passion is to help you unlock your potential while providing an Unmatched Client Experience™.
Our virtual Information Security Advisory Services can assist. To learn more about how our virtual services can help you drive your business forward, reach out to a professional at FORVIS or submit the Contact Us form below.
- 1Conference of State Bank Supervisors 2022 National Study