If you are a board member of a bank or credit union, how do you know that the cybersecurity program of the organization is being managed effectively? I often try to put myself into the shoes of a...
Recent Posts
On June 6th, the Federal Reserve, FDIC, and OCC released new interagency guidance on third-party risk management. The new guidance, based on existing OCC guidance from 2013 and 2020, calls for a...
All organizations have (or should have) a firewall that blocks unexpected communications from the Internet to internal network hosts. But what about blocking unexpected communications from Internal...
While the FFIEC has released three major guidance updates since July 2019, the FDIC has not updated its examination program to include the newer guidance. This is one of the findings of the January...
Over the past month, many have written about the latest LastPass breach. If you have not kept up with the breach, you can see the disclosure from LastPass here. Since the breach was publicized,...
Recently, the New York Department of Financial Services (“DFS”) released a proposed update to its 2017 “Cybersecurity Requirements for Financial Services Companies" law (also known as “23 NYCRR...
A little over a year ago, banking regulators released the “Authentication and Access to Financial Institution Services and Systems” guidance. Since that time, Bedel Security has been taking the...
“How long should a password be?” “Should passwords even be used any longer?” These are questions that organizations have been grappling with as we enter the end of 2022. Each day, we are seeing...
A little over a year ago, bank regulators published new proposed guidance on managing third-party risk. One of the more controversial topics in this guidance is whether a data aggregator needs to be...
A few weeks ago, in my life outside of cybersecurity, a person said to me: “You are always thinking three steps ahead of the rest of us”. I am not sure if it was meant as a compliment or not. I...