Brian Petzold

Recent Posts

Cybersecurity Due Diligence During an Acquisition

by Brian Petzold | May 3, 2019

When acquiring another company, it is common to perform due diligence to ensure that there are no surprises. For a financial institution, this due diligence usually focuses on auditing financials...

When Applying a Patch isn't Enough

by Brian Petzold | Apr 12, 2019

One common situation that we see occurring in financial institutions is that IT departments apply patches diligently, but that vulnerability management systems still show some patches are missing....

How to Create a Data Classification Policy

by Brian Petzold | Apr 5, 2019

Every financial institution should have a data classification policy that defines classes of data based on risk. The policy should also define how each class of data is handled throughout its life,...

What You Need to Know About TrickBot

by Brian Petzold | Mar 15, 2019

Yesterday MS-ISAC released a document summarizing the capabilities of the TrickBot malware. TrickBot focuses on obtaining consumer financial credentials, so should be a concern for all financial...

How to Use Password Managers Safely

by Brian Petzold | Mar 8, 2019

The number of passwords that each person needs to remember grows exponentially each year. The password manager industry has emerged to help people securely keep track of their passwords, and many...

Upcoming Microsoft End of Life Dates

by Brian Petzold | Feb 15, 2019

Most institutions have been in the situation of having end-of-life hardware or software systems present in their environments. These systems quickly become the focus of compliance staff,...

Should I get a .BANK Domain?

by Brian Petzold | Feb 8, 2019

Since 2015, banks have had the ability to obtain Internet domains that end in .BANK instead of the more common .COM or .NET domains. As the popularity of the new .BANK top level domain increases,...

Remote Employee Access

by Brian Petzold | Feb 1, 2019

Determining what level of employee remote access is appropriate for your institution is an important decision. If you provide no remote access to employees, you risk lower productivity and less...

What Monitoring Should be Included in Management Reports?

by Brian Petzold | Jan 25, 2019

The IT department of a financial institution usually monitors threat indicators from many different systems. It is best practice to provide reporting of the most important metrics from this...

Protecting Against DNS Hijacking

by Brian Petzold | Jan 18, 2019

The National Cybersecurity and Communications Integration Center (NCCIC) recently issued an alert that they were aware of a Domain Name System (“DNS”) hijacking campaign. The possibility of these...

Want these articles delivered weekly to your inbox? Subscribe to our Newsletter!

Recent Posts

Stay in the Loop!