TOPIC: Information Technology

New CBANC member benefit: CBANC Network announces the acquisition of Lendwell

Director at a Company (USA)
Originally Posted by Mike Snavely, Chief Commercial Officer of CBANC, on 30 Apr 2019 to CBANC FI Professionals Community.


     Pleased to announce a new benefit for the CBANC community.  We've acquired Lendwell, a mortgage settlement services provider used by hundreds of small- and mid-sized FIs. 


Our acquisition of Lendwell is the next step in our strategy of unlocking the power of cooperation and the collective purchasing power of thousands of financial institutions within the CBANC Network. The Lendwell platform will help our network members reduce the cost of lending operations while improving their ability to serve their customers.


FIs can expect to save up to two hours of time per mortgage file and 15-20% on services like AVMs, property assessments, flood certifications and many others. Best of all, there's no up front fee for CBANC members, and it'll take about half an hour to get up and running with Lendwell.


          Learn more and start the sign-up process at www.cbancnetwork.com/lendwell

    Securing IoT

    Right now, today, Internet of Things (IoT) devices are generally a security issue.  Unless you plan to ban every mobile device, Dot, Echo, Google Home, Siri, Bixby, and Alexa from earshot of all your spoken business, it is possible these services are capturing this information.  Although not subject to unwanted eves-dropping, even IoT enabled hair straighteners – yes you read that right – are subject to malicious attack, to the point that a hacker can burn down your house. These days we hear about functionality being implemented to allow the deletion of voice data recorded by Alexa, Bixby, and Siri.  However, some of that data is listened to in real time and some of it is retained by the likes of Amazon to “improve” voice recognition.  Just ask Senator Chris Coons (D-Delaware) who asked Jeff Bezos (CEO of Amazon) in May about how Amazon uses and keeps voice data.  Wait don’t they have something like 650,000 employees, many of whom can speak in entire sentences? Check out the current 10-D blog post of a real-world scenario that could result in IoT audio snooping of Non-public Personal Information. https://10dsecurity.com/securing-iot/ 

      Policy Upkeep

      How is your sea of policies?  Policies are necessary… and sometimes a confusing, boring chore to maintain and update.  The following can help reduce the burden of training and increase the comprehension and management of your policies:
      1. Target:  All policies should have a defined audience and the policy should be addressed to that audience.  For example: Passwords can be covered in two policies, one directed at the end users that would detail how the end users are to manage their passwords, and the second directed at IT staff on how the institution implements password requirements.  This keeps the end users from having to read policy that does not affect them or is not in their control.
      2. Consolidate:  You can reduce the number of overall polices by combining all policies directed at specific audiences or that have similar content.  This makes policy management and training much easier.  For example, by combining all policies directed at end users into an Acceptable Use Policy, and all IT related policies in an Information Technology Security policy.
      3. Supersede:  If your policy has language in it that no longer applies, get rid of it.  Writing replacement policies is sometimes easier than trying to keep an old policy alive.  This will keep the audience from having to read and train on obsolete policies.  For example, that “Micro Computer Processing Policy” drafted in 1992 still addressing floppy drives should be superseded (retired) by other policies. 
      4. Keep them Simple:  Complex documents can be harder to read and absorb, so reduce the amount of verbiage in the policy and use simple terms.  Additionally, avoid specifically naming vendors or products you use in policy.  If your policy says that you use “SuperAV by Davesoft for antivirus on all desktops” and you switched to “Virus Killer Elite” two years ago, well, your policy is wrong - Your auditor or examiner might ask “what else is incorrect” and go digging.  Consider a more generic statement such as “All desktops and servers will be protected with an antivirus client with current definitions” instead.
      5. Keep them Together:  Store policies in the same place electronically so they are easier to manage and access.