Financial institutions are required to regularly assess the authentication controls, security layers, and monitoring of Internet Banking to prepare for current threats and comply with FFIEC guidance.
Recent Posts
Most financial institutions understand the importance of Multifactor Authentication (MFA) in keeping unauthorized parties from gaining access to user accounts. The volume of phishing attacks...
In August, the FFIEC released new guidance titled “Authentication and Access to Financial Institution Services and Systems”. Because the guidance replaces the previous “Authentication in an Internet...
We often run into situations where different staff in an institution have different understandings of the goals and operations of their backup system. The IT department tends to think of backups as...
Phishing remains one of the top threats to organizations today. Every user regularly receives emails designed to trick them into clicking on a link, opening an attachment, or providing credentials...
Being on the board of a financial institution is not easy. Board members are expected to not only be knowledgeable about the operational and financial workings of the institution but also to...
It is a good practice to identify a cybersecurity framework as part of an institution’s Information Security Program. A framework helps to identify gaps that might exist and leave the institution...
Multifactor Authentication (MFA) is one of the most important controls to block account takeover fraud. There are many different forms of MFA available, and many banks support more than one method...
Today I am writing to those who wish to sell their products or services to a financial institution. If you work at a financial institution, feel free to pass this on to any prospective vendors to...
You started with an Information Security Policy that covered the basics. Then one day an auditor walked in and asked to see your Data Destruction Policy, so you wrote one. In the next exam,...