The FDIC has updated their IT Examination procedures. On July 1, 2016, the FDIC will begin using the Information Technology Risk Examination (InTREx) Program to perform IT examinations at financial institutions. The InTREx Program consists of the IT profile and three workpapers to help examiners accurately assess IT risks and the mitigating controls in place. Contine reading
Ransomware is another type of malware, but this one carries a bit of a sting. Ransomware is nothing new, and if you remember the AIDS Trojan, you know it dates back to the late 80s. Because it was the 80s, instead of paying electronically with bitcoin, the victim had to send money via the USPS to a P.O. Box. Ransomware has been the headline for 2016. If infected with this malware, access to your system will be limited until a ransom is paid. Contine reading
The FFIEC recently updated the IT Examination HandBook – Retail Payment Systems. The new information can be found in Appendix E “Mobile Financial Services”. Mobile financial services are growing in popularity and are radically changing how consumers pay for goods and services. Convenience is key; however, that means new threats and risks are introduced into a consumer’s life. Contine reading
It’s that time of the year again!
Verizon released its Data Breach Investigations Report for 2016. For those of you not familiar with the report, Verizon collects and analyzes data from real world security incidents and breaches. The current report analyzes over 100,000 incidents that occurred in 2015. It is in no way all inclusive; however, it is one of the more reputable analysis reports that utilizes a healthy sample of incident and breach data to accurately portray the cyber incident landscape. Contine reading
I hope everyone enjoyed October’s Cybersecurity Awareness Month as much as I did. To end the month, the FDIC held an industry teleconference on October 28th. The teleconference included updates on the cybersecurity landscape, cybersecurity assessment tool (CAT) and information sharing with a brief Q&A that followed. Contine reading
The FFIEC issued a tool in June of this year to aid financial institutions (FI) in identifying and mitigating cyber risks. The verdict is still out on whether or not this tool is a requirement, highly recommended or completely optional. Upon first look at this tool in PDF format, it can appear confusing and cumbersome. So let’s first break down the pieces of the CAT and then I’ll explain how Traina & Associates can help you with your CAT if you choose to implement this at your FI. Contine reading
If you’re like me, on some days, email seems to be your primary form of communication. I’m not proud of that, but it’s the truth. Second to email would be our internal instant messaging system. With all of this electronic communication, I abide by the golden rule of never exchanging any confidential or sensitive information via email or instant message. Why? EMAIL IS TOO RISKY!
The FFIEC (Federal Financial Institutions Examination Council) released two statements regarding two critical threats, destructive malware and cyber attacks to obtain compromised credentials. These statements do not serve as new guidance or regulatory expectations; however, they identify specific controls to mitigate the risks related to malware and cyber attacks.
Surely we still cannot be falling victim to phishing emails! If you look at the latest breaches in the health care industry, you will quickly see that this is exactly what is happening. In the breach aftermath, most of these breaches are deemed as “sophisticated attacks,” but we can’t possibly be categorizing phishing as “sophisticated” now, right?
Everyone is familiar with the feeling of looking at your inbox and seeing about 40 unread messages that arrived while you were away at a meeting or other engagement. A massive number of emails in your inbox is a stress producer. I have three tips to help reduce that stress.
Welcome to my blog and thanks for reading. I’ll regularly share tidbits of information pertaining to the efficient use of technology, securing technology, the changing workplace and workforce and other thoughts that can help you improve your professional and personal use of technology. If you are like me, you are alarmed any time you read the news and see a headline of a new breach or vulnerability. Here we’ll dissect the latest data breaches and also discuss the current vulnerabilities you need to be aware of.