Is Your Bank Prepared For More Rigorous Cybersecurity Standards?
Community banks and credit unions need to prepare for the more rigorous cybersecurity exams being implemented by banking regulators. These updated exams will likely scrutinize the security awareness efforts of all banks and credit unions. Due to that, many institutions need to look for ways to ensure that their executives and boards are educated about critical security issues.
In response to the constantly changing cybersecurity environment and its increasing importance, the Department of Homeland Security and the Federal Emergency Management Agency have helped produce a free cybersecurity education program.
This cybersecurity training includes a group of classes tailored for executives and business professionals who do not have an IT background. This education is important because the FFIEC stated that it planned to issue new regulatory guidance specifically geared toward cybersecurity preparedness, an area where community banks and credit unions were found to have glaring weaknesses. Texas A&M University’s Engineering Extension Service is one of several that offer the training. The goal of this program from FEMA and DHS is to ensure that executive leadership is involved in cyber-planning, rather than just delegating this critical responsibility.
Banks and other financial institutions should be taking advantage of this federally funded program. While CIOs and CTOs with a knowledge deficit on any of these topics should take advantage, other senior executives can benefit from better understanding basic cybersecurity terminology and issues. A culture of security awareness is something regulators value.
One area emphasized by regulators in their assessments of community institutions was a lack of cyberthreat awareness among C-level executives and boards of directors. Security experts say examiners will want to know that top executives and boards of directors are aware of emerging cyberthreats and are communicating regularly with their fraud and security teams to ensure they fully understand the steps being taken by their institutions to address threats and mitigate risk. Institutions should take advantage of educational opportunities that the federally funded program offers. Banks need to ensure their training programs are up to par. Unless programs are adhering to acceptable standards or best practices, their value will be questioned.
To find out more about the courses offered by Texas A&M go to http://teex.org/teex.cfm?pageid=keprog&area=ke&templateid=2016
It is also important to be aware of organizations offering “certifications” in cybersecurity and other topics. If it is a true certification, a certifying body will be setting requirements for curriculum, continuing education and professional organizations. Certifications are usually not inexpensive either. Before investing in a certification program, ensure it is legitimate. If it’s just a class and it’s reasonably priced, it may be worthwhile, but it’s not a true certification.
If you’d like to learn more about how ITPAC can ensure that you’re prepared for a cybersecurity audit give us a call today.