TOPIC: Business Continuity

Is it worth your reputation?

At 10-D Security we see a fair number of organizations where the Risk and Vendor Management programs aren’t understood or don’t get the attention they deserve.  Combine those issues with weak BCP or incident response plans and training, and you have conditions for a perfect storm.  The whole point of these controls is to help the institution prepare for the day when things just go bad. Sometimes the guidance provided by regulators seems like mindless oversight and busy work to comply with regulations, but these areas of concern under the Information Security Program are not to be trivialized and can be as important as physical security.  The wealth is in the information, not in the cash drawer.  That’s not to say physical security is not important, but failure to implement and follow good vendor and risk management controls can increase potential harm to customers or reputational harm to the institution. A recent incident related to a large IT support vendor that was breached resulted in their customers being targeted by the attackers.  If this were to occur at one of your critical vendors, would they be contractually obligated to notify you, and if they did would your Incident Response Plan be useful in responding to the situation?  Review your Vendor Management Program to ensure critical vendors are contractually accountable for responding to and quickly communicating a security incident, and that your Incident Response Plan is similarly complete.  [For more info on the alleged breach, visit https://krebsonsecurity.com/2019/04/experts-breach-at-it-outsourcing-giant-wipro/] If your institution needs some assistance in these areas, visit the 10-D Security website , including our Certified Banking ISO classes (https://10dsecurity.com/10-d-academy/).  Our sister company, Applied Compliance Services, provides virtual Information Security Officer services or can provide a complete overhaul of your Information Security Program to match regulatory guidance and best practices. Let us know how we can assist you.

    Business Intelligence Department

    AVP at a bank ($459MUSA)

    Does anyone's institution have a Business Intelligence department currently? At what asset size did your institution add a Business Intelligence department to the team? What is your current asset size if you are looking to develop one? By Business Intelligence I mean a team that is dedicated to analyzing processes within your institution and gathering data to find ways to improve. Additionally they would be responsible for working with the department leads to explore new business opportunities. Specifically they would be responsible for gathering quantifiable data that would assist the department/senior management with making those decisions rather than relying simply on feelings and assumptions.

      Free December Webinar! Tracking Exam and Audit Findings

      You are invited to our December webinar discussing best practices for tracking and avoiding exam and audit findings. Register for free today! If you are not able to make it to the live event, the recording will be available for download afterwards.

      Standard compliance protocols are set to ensure that processes are followed by management and employees, internal audit, external audit, and government review. In spite of those checks and balances, examiners and auditors uncover deficiencies in your processes, and it falls to your team to resolve them. These issues can be the proverbial ‘hot potato’ on who takes the necessary action on the findings. It’s common for the findings to revolve around third-party risk, business continuity issues, and compliance areas. This webinar will address:

      • The dangers of only using Excel spreadsheets to manage findings
      • Best practices for policies and procedures to avoid findings in the first place
      • How to track to guarantee complete remediation of findings
      • The benefits of testing your remediation to ensure changes take effect
      • Best practices of vendor management, business continuity planning, and compliance to help your financial institution avoid findings

      Register Today!

        CBANC Premium - Workspace Tips

        Here is a quick tutorial on how to add users to your CBANC Premium Workspace application. Workspace is a central source of truth for your policies, procedures, and other important documents. It also includes 25 policy & procedure checklists, updated by experts as regulations change, to help your team hit the ground running. Workspace is great for collaborating with your board of directors, impressing your examiners, and streamlining policy and procedure management. Works great on iPads without the need to download additional software and has bank-level security built in.

          Free July Webinar - Lessons Learned: What a First-Hand Account of 9/11 Can Teach Us About Business Continuity Planning

          Join us for our July webinar! Lt. Col. Darling discusses critical lessons learned on 9/11 and what they teach us about BCP - whether we are leading a bank or the United States of America. Register for free today! If you are not able to make it to the live event, we will send you the recording afterwards.

          LESSONS LEARNED: What a First-Hand Account of 9/11 Can Teach Us About Business Continuity Planning

          On September 11, 2001, Lt. Col. Darling worked for the White House Military Office, Airlift Operations Department. It was in this position that he supported the President, Vice President and National Security Advisor in the underground President’s Emergency Operations Center and witnessed unprecedented leadership and decision-making at the highest levels of our government. With this life-changing attack on our nation, Lt. Col. Darling saw first-hand how imperative it is to have proper planning in place in the event of a disaster.

          This special joint webinar will showcase the compelling parallels in planning for and executing on business continuity planning and disaster recovery while Darling shares his story. Key takeaways include:

          • The role of leadership in a crisis – and how to adapt when the leader is absent
          • Determining how much training/planning is enough
          • Best practices for crisis decision making
          • Understanding the difference between business continuity planning and disaster recovery – and putting plans for both in place

            Becoming Unbreakable: Why Business Continuity is Critical for FIs

            Hello, Bankers! Today we are discussing the importance of BCP to the overall health and longevity of your institution. This post originally appeared on the Ncontracts blog.

            Becoming Unbreakable: Why Business Continuity is Critical for FIs

            Effective business continuity plans (BCPs) are essential for any business but especially critical for financial institutions. Though they vary from bank-to-bank (or credit union), the fundamentals of retail banking are the same...

            READ THE FULL ARTICLE: Download the attached PDF