JHA_HeaderImage_Blog_v2.png

The Future of Security Biometrics: You Knew Me at “Hello”

Posted by Hayley Turpen

Aug 30, 2017 12:01:00 PM

In today’s world, it is not just the younger generation (or Gen Z in my case) that are becoming more comfortable talking to their smartphones, Google® Home, and Alexa for everyday functions. These types of major technology companies are defining consumers’ expectations and behavior, and it won’t be long until this trickles down to the financial services sector and for consumers to expect banks to provide voice recognition technology.

Read More

Topics: Information Security, Tomorrow's Technology

Question: When Does “It” End? Answer: “It” Doesn’t.

Posted by Craig Laures

Mar 1, 2017 11:30:00 AM

Generalities aside, the “it” referenced is representative of the constant and difficult movements financial institutions (FIs) must accomplish. Movements that protect the FI and its customers from a wide array of current cyber-criminal threats, evolving threats, and the constant evolution of regulatory compliance for direction in how to manage these potentially devastating attacks.

The menace of cyber-crimes against FIs and their customers continues to evolve in frequency, on-the-surface simplicity, and behind-the-scenes complexity. Ransomware, malware, and phishing tactics are now new lines of business for criminals. In fact, criminals like to call their victims “customers,” and they work hard to provide great service to their customers in order to receive payment/ransom for returning stolen data.

Now that FIs are required to address the role of Information Security Officer (ISO), the hero-of-the-day role is filled.

Read More

Topics: Information Security, Cybersecurity

Security in the Financial Services Industry

Posted by Stephen Gilmour

Oct 12, 2016 10:15:00 AM

Have you heard of Sutton’s Law?

It’s the principle of focusing on the obvious answer to a problem. You might recognize it better from its source, the convicted bank robber Willie Sutton, who is alleged to have answered, “Because that’s where the money is,” when asked why he robbed banks. In his autobiography, Sutton says that while he probably would have said it if asked, he actually robbed banks because he enjoyed it, loved it even. Well, that’s where the money still is – in financial institutions – and it stands to reason that the attackers targeting them enjoy what they do and find it profitable. The methods used by the attackers may have moved on, with cybercrimes rising at an alarming rate, but the end result is the same: financial loss. So what is security in the financial services industry? More to the point, how do you know if you’re being effective with your approach to security?

Read More

Topics: Information Security, Cybersecurity

Identifying Gaps in your Cyber Resilience Strategy

Posted by Jackie Marshall

Oct 5, 2016 10:30:00 AM

According to the 11th Annual Global information Security Survey conducted by PWC and CSO, 84% of CEOs, 82% of CIOs and 78% of CISOs are confident in their organization’s formal cybersecurity program. However, the number of organizations reporting losses of more than $10 million per incident is up 75% since 2012. Why do these C-level members believe their cybersecurity programs are doing more than an adequate job? Perhaps it’s because their organizations are most likely spending more of their annual budget on cybersecurity defenses and applying more internal resources to manage cybersecurity controls.

Read More

Topics: Information Security, Cybersecurity

How Can I Improve My Incident Response Plan?

Posted by Jennifer Roland-Vlach

Jul 6, 2016 10:05:00 AM

Incident Response Plans have been a critical component for financial institutions (FIs) for quite some time now.

The foundation was outlined as part of GLBA and guidance was later issued on the requirements for these response programs where customer information had been accessed. So this raises the question, if Incident Response Plans have been a necessity for so long, why do so many FIs continue to have ineffective plans in place? I can only speculate as to the reasons why; however, I do know that the expectations for Incident Response Plans are beginning to change. I have spoken with a number of institutions who have shared that their examiners are honing in on Incident Response Plans. With this increasing focus on plans, I want to share with you a few of the most critical pieces that I often see missing from Incident Response Plans.

Read More

Topics: Information Security, Risk Mitigation

Am I Really Expected to Remember My Password - N@mE61520?

Posted by Hayley Turpen

Jun 8, 2016 10:00:00 AM

It has been reported that the average internet user has approximately 20 passwords. I must not be average, because when I sat down to try to count mine I came up with 75... and I probably forgot a few! That is a lot of passwords to remember. I can’t even fathom a guess as to what the password was for half of these sites. So when I try to login, I will cycle through the passwords that I “think” I used. If none of them work, then I will click the link stating I forgot my password.

Read More

Topics: Information Security, Cybersecurity

Business is About People (and Their Data)

Posted by Eric Flick

Aug 19, 2015 4:08:47 PM

While it may sound cliché, our customers and employees are people.  Without them, our business doesn’t exist.  And, in this always on world, we live in, its mind boggling the amount of data that any one individual can generate.  Do an internet search of your name, your phone number, and your home address.  You may be astounded at what comes up.  There is data about you everywhere.  If you work for a financial institution (FI), your customers and members expect the data that you have related to them to be safe, secure, and available.  Surprisingly, of those three, secure may be the most straightforward, but that’s a different conversation.  We work with dozens of prospects and customers each and every week as they look at the gigabytes and terabytes of data they have across a myriad of platforms.  Beyond secure, how do they keep that data safe and available should they experience a business disruption to their data center? 

Read More

Topics: Information Security, Risk Mitigation

6 Tips for Shipping Data Securely

Posted by Brian Sneed

Aug 19, 2015 3:59:00 PM

 

I saw a news story the other day about the amount of money we spend during the holiday season. Everyone is out buying presents for loved ones. The story reminded me how important it is to protect yourself against fraud while holiday shopping.  But it also made me think - what about data security at your work place? It is easy to let your guard down because in most cases the data is not actually your personal information. It is important to ask yourself, “How would I protect this data if it were my own money?”

One story recently came up about a widely used data encryption software called TrueCrypt. Many companies and individuals used this software to encrypt data. Some of the reasons why it was so widely used are because it was free, easy to use, and encrypted data well. However, in May 2014 the software company announced that it was no longer supporting TrueCrypt and users should find another avenue to encrypt their data as there could be issues with using it securely. If you were using the software, the news really sent chills down your spine. You can read the full story here. TrueCrypt was used by many to not only encrypt data on a laptop, but when shipping data as well.

Read More

Topics: Information Security, Risk Mitigation

Developing an Information Security Wellness Program for your Financial Institution

Posted by Karen Crumbley

Aug 19, 2015 3:47:16 PM

Ask someone how they achieve optimal physical health and you will likely hear about the following three components: exercise, diet, and annual physicals. The combination of these three items provides a straightforward approach to preventing poor health or identifying any warning signs before they have an opportunity to progress. The same principles apply to information security awareness for a financial institution’s (FI’s) stakeholders (employees, board members, and customers). That is, given the same preventative measures, an FI may reduce the number and extent of information security breaches due to fraud. Consider implementing the following three measures in order to achieve information security wellness.

Read More

Topics: Information Security, Risk Mitigation

April 2014: A Busy Month for Fraud Alerts!

Posted by Jennifer Roland-Vlach

Aug 13, 2015 9:10:46 AM


Here we are at the end of April and my Inbox has had quite a few email alerts from various regulatory entities. These alerts have covered an array of topics with the most prevalent being an apparent current uptick in cyber-related risk. So, in case you may have missed one of these, among the multitude of emails you probably receive each day, I thought I would use this opportunity to provide a brief overview of this recent flurry of activity plus suggested steps to address outlined objectives.

Read More

Topics: Information Security, Cybersecurity

Subscribe to Email Updates

Untitled Document Untitled Document