SHEFFIELD — According to Security magazine, there are more than 2,200 attacks each day. That breaks down to nearly 1 cyberattack every 39 seconds, equating to more than 800,000 attacks each year.
With those numbers, it isn’t any wonder that cybersecurity is still one of the biggest risks facing financial institutions today and according to Bank Independent, it is always top of mind for its cybersecurity team.
“Not only is cybersecurity always a priority, but financial services is one of the most highly regulated industries out there, so there are a lot of cybersecurity regulations with whom we are required to comply,” said Stacy Suggs, chief operations officer at Bank Independent. “We have regulatory exams and annual external audits that focus on cybersecurity, and we do extensive testing and reviews.
“This is a huge help to us to remain compliant and ensure that our systems are independently reviewed.”
In recent years, cybersecurity products and services are in high demand across many industries – healthcare, automotive, personal services, etc. – but none so much as the banking industry.
As people are moving closer to a cashless society, there is a huge increase in online transactions. Meanwhile, digital money such as debit cards and credit cards require increasingly more stringent safeguards under a strong cybersecurity plan.
Bank Independent outsources some of its 24/7 monitoring, but Suggs said the bank doesn’t try to get too proprietary with in-house customizations as part of its cybersecurity.
“We try our best to utilize industry standard best practices and with that, we utilize industry standard tools and make sure we are using the right tools for the right applications,” said Greg Solomon, director of Information Technology at Bank Independent and winner of the Alabama CIO of the Year in 2022. “There are a lot of reasons for that.”
Customization, he said, can create internal hurdles especially in maintaining regulatory compliance and audit processes.
“A lot of the audits and regulations recognize the same industry standard and best tools so we try to stay within that realm, and we use off the shelf tools for all of our antivirus, malware, monitoring, and filtering processes,” Solomon said. “And we look at our cybersecurity systems internally and externally, as well.”
In addition to regulatory guidelines, the bank has core providers who play a big role in assisting them with customer data. But, Solomon said, Bank Independent is ultimately responsible for that data and that requires a joint effort between the bank and their customers.
“As far as our customers go, we protect their data to the nth degree, but they have to protect their account on their side – it’s a joint effort,” he said.
Bank Independent educates customers through a weekly and monthly blog and other publications and communications about cybersecurity and they share ways they can protect themselves and their bank accounts.
The first step is to avoid sharing any account information or account passwords with anyone the customer doesn’t know. Trusting family members that need access is one thing, but even that should be as minimal as possible; and it is really critical customers always avoid sharing any account information with anyone outside of family or those with a need to know.
“Make sure your accounts are locked with good, strong passwords and keycodes and use multifactor authentication with every account you have where it is available,” Solomon said. “We require stringent log-on requirements through multifactor identification and things like that on the bank side, but many people link several accounts together today and they have access to them on their phone, a computer or tablet.
“It just takes getting into one account to get into the other.”
He said in addition to strong authentication and passwords, customers should also monitor their own information at least weekly to ensure they catch any unauthorized activity.
“Never leave your phone or laptop lying around because in a flash, someone can grab it, see it and use it,” Solomon said.
Suggs again touted the highly regulated financial industry itself as the strongest protection for customer account information.
“We take it seriously,” she said. “It’s top of mind for us – our top priority, not just because we want to protect the customers data, but it can be a huge reputation risk if banks stop protecting our customers information.”
Solomon elaborated.
“Every institution is constantly scanned in today’s environment, that’s pretty much a norm, so we have systems in place and firewalls in place to monitor and deny those things that shouldn’t be there, and we track those on a monthly basis,” he said.
Solomon said there are different types of attacks but Bank Independent’s firewall and perimeter-based security products are designed to figure those attacks out.
“And we have an intrusion detection and intrusion prevention system in place that we monitor all the time too,” she said. “If we see anything suspicious, we can apply policies and filters based on that activity.”
What are the most common questions Bank Independent gets from customers concerning account safety?
“Customers often contact us about phishing emails and how to handle them,” Suggs said. “They have a lot of questions and concerns about those, but especially our business customers and consumers are kept aware of how to recognize phishing emails and they know not to click on downloads or attachments from people they do not know.
“And we have to remind them the bank will never request account information so do not be fooled by anyone trying to get them to do so.”
Both Suggs and Solomon said they are proud Bank Independent has a strong cybersecurity culture from within, which is important in today’s world.
“Cybersecurity is woven into everything we do,” said Suggs. “We have ongoing training for our team members both internally and externally, and we attend as many conferences as we can to stay up to date on the latest threats because it changes everyday.
“This way, we stay ahead of the bad guys and that is a challenge in today’s world. We are constantly trying to keep ourselves educated on the latest threats too.”
Solomon said the bank has a dedicated person in the information technology department that watches this every day.
“Their sole purpose is cybersecurity, security, monitoring, and maintaining our posture and they report on it weekly and monthly,” he said. “And they track it – in today’s environment, you have to have someone in that role and position to make sure we are doing the right things.”
What do they do if someone gets through their defenses and in-depth cyber strategy?
“We have multiple barriers to entry,” Solomon said. “If someone does get through, we research and rely on outside vendors and agencies to help us understand what we are seeing and also help us identify vulnerabilities.
“We analyze where our weak points are so we can put a program in place to ensure we are staying up to date and staying patched and ahead of the game.”
Not all cyber attacks however are intended to steal data. Some of them are intended to disrupt banking services and often don’t impact customer data at all. But that is no comfort for Bank Independent.
As far as the bank’s safeguards against attacks on bank services, Suggs said they have a comprehensive cyber response plan and a big continuity plan in place that they test regularly to ensure the bank is prepared for outages related to service disruption.
Don’t miss out! Subscribe to our email newsletter to have all our smart stories delivered to your inbox.