When acquiring another company, it is common to perform due diligence to ensure that there are no surprises. For a financial institution, this due diligence usually focuses on auditing financials...
Brian Petzold
Recent Posts
When Applying a Patch isn't Enough
by Brian Petzold | Apr 12, 2019
One common situation that we see occurring in financial institutions is that IT departments apply patches diligently, but that vulnerability management systems still show some patches are missing....
How to Create a Data Classification Policy
by Brian Petzold | Apr 5, 2019
Every financial institution should have a data classification policy that defines classes of data based on risk. The policy should also define how each class of data is handled throughout its life,...
What You Need to Know About TrickBot
by Brian Petzold | Mar 15, 2019
Yesterday MS-ISAC released a document summarizing the capabilities of the TrickBot malware. TrickBot focuses on obtaining consumer financial credentials, so should be a concern for all financial...
How to Use Password Managers Safely
by Brian Petzold | Mar 8, 2019
The number of passwords that each person needs to remember grows exponentially each year. The password manager industry has emerged to help people securely keep track of their passwords, and many...
Upcoming Microsoft End of Life Dates
by Brian Petzold | Feb 15, 2019
Most institutions have been in the situation of having end-of-life hardware or software systems present in their environments. These systems quickly become the focus of compliance staff,...
Should I get a .BANK Domain?
by Brian Petzold | Feb 8, 2019
Since 2015, banks have had the ability to obtain Internet domains that end in .BANK instead of the more common .COM or .NET domains. As the popularity of the new .BANK top level domain increases,...
Remote Employee Access
by Brian Petzold | Feb 1, 2019
Determining what level of employee remote access is appropriate for your institution is an important decision. If you provide no remote access to employees, you risk lower productivity and less...
What Monitoring Should be Included in Management Reports?
by Brian Petzold | Jan 25, 2019
The IT department of a financial institution usually monitors threat indicators from many different systems. It is best practice to provide reporting of the most important metrics from this...
Protecting Against DNS Hijacking
by Brian Petzold | Jan 18, 2019
The National Cybersecurity and Communications Integration Center (NCCIC) recently issued an alert that they were aware of a Domain Name System (“DNS”) hijacking campaign. The possibility of these...