Four Letters. Infinite Potential.
How to Best Avoid a Cyber Attack

How to Best Avoid a Cyber Attack

By Charles Shanley, Executive Vice President

If we’ve learned anything from the recent Facebook/Cambridge Analytica debacle that affected 87 million people, it’s this: our personal data is ripe for the picking. Mitigating cyber security risks should rank at the top of every CEO’s priority list. For that, you need a thorough understanding of the topic and the ability to recruit the right people with the necessary skills to stay (at least) one step ahead of cyber threats.

Know thy enemy.

To stay ahead of hackers, it’s important for management and those dedicated to overseeing an organization’s data to be aware of the types of data breaches occurring today.

According to former Acting Comptroller of the Currency, Keith Norieka, “Phishing is a primary method for breaching data systems and is often the entry mechanism to perpetrate other malicious activity, such as installing ransomware, accessing confidential information, compromising internal systems to effect payments, or conducting espionage.”

Pay attention.

In many cases, cyber attacks can be avoided by simply keeping up with your own technology. The massive 2017 Equifax data breach that compromised the personal information of 143 million people could have been avoided by simply installing a web application vulnerability patch that had been available for two months prior. Experts also recommend using an Intrusion Detection System (IDS) to immediately alert you to a data breach, thus allowing you valuable time to react before too much time passes.

On the other hand, even with due diligence, financial institutions find themselves attacked through another avenue: their vendors. A 2017 report by BitSight found that, in most cases, companies in the finance industry supply chain do not meet the same security measures that finance companies hold for themselves. The report found outdated, unsupported and highly vulnerable machines all over third-party vendors that provide legal, technical, and business services to financial institutions.

Being vigilant of this possibility and properly scrutinizing vendors’ threat prevention plans makes your institution more secure against cyber attacks.


Be prepared.

Let’s all hope we only encounter the best when it comes to cyber security; but to be realistic, anything less than preparing for the worst could bury your institution.

Your people are your most important asset, and in times of crisis, this will become evident. According to Deloitte’s 2018 Banking Industry Outlook, hiring high-quality data managers (or Chief Data Officers, in very large companies) has become a top priority.

Cyber security affects HR in the recruitment process, workforce planning, and compensation planning. In this new and fast-growing job market, excellent data managers are difficult to find and earn a sizable salary, with many hiring departments unsure of what to look for in a candidate. For these reasons, experts recommend using a third-party recruiter with experience hiring data experts.

In my experience, when recruiting candidates for leadership positions, I not only make sure they have great credentials — I want to see them prove their capability in crisis management and disaster recovery. An important part of the process consists of having a candidate articulate how they would react during a potentially real-life crisis scenario. We ask candidates to take us through the first four hours of response to the emergency, all the way up through Day 10, detailing specific recommendations and actions they would take concerning employees, account holders, shareholders and policymakers.

This sort of hands-on, behavioral scenario tells us and our clients more about a candidate than any resume or LinkedIn profile ever could.

Play offense and defense.

It doesn’t end with hiring the right individuals, though. Your institution should, of course, have a robust crisis management plan in place, and it should be revisited and updated frequently. In addition, putting cyber security at the forefront of your 2018 initiatives is essential and something other financial institutions are already adopting.

In a new ABA study on Community Bank CEO Priorities, an overwhelming majority of respondents planned to implement the following measures to protect their banks against data breaches or cyber threats:

  • Staff training (95%)
  • Network security (91%)
  • Customer education (84%)
  • Anti-malware/anti-virus software (81%)
  • Mock cyberattack/tabletop testing (75%)
  • Joining Sheltered Harbor (69%)


Hackers never sleep, but you can.

Hackers attempt cyber attacks all day, every day. While you can’t personally stay on watch 24/7, you can take significant steps to minimize your financial institution’s likelihood of suffering a data breach. Staying alert to the current state of cyber security; installing patches and updates to your software and applications; vetting your vendors; hiring competent data managers, and continuing to implement cyber security measures can keep your institution one step ahead of the enemy.


account holder account holder retention account holder strategies account holder strategies; growth strategies; account holders Advice Agreement Analytics announcement ATMs attracting talent Automation B2B Bank Bank of Pacific banking services banks batching Benefit best practices board governance board member board of directors bottom line branch equipment branch profitability branding Bryan Hanks budget business culture business environment business practices business processes business strategies career advice Case Study CEO onboarding CFPB change Charles Shanley Cher Cheryl Lawson Choose Chris Karstens Cloud Communication communications Competitive Compliance compliance examinations compliance risks compliant Consistent Consumer Consumer FInancial Protection Bureau consumer protection Consumers Contingency Contract contract negotiations Contract Optimizer Contract Renegotiations contract review contract staffing Contracts core processor contracts Cornerstone Credit Union League corporate culture corporate governance CPE credits credit card contracts credit cards Credit Union credit unions Crissandra Fry CSS culture customer service cyber security Darin Byrd Data Deal debit card contracts Decisions Dick Miller digital directors economy Education efficiency studies election employee employee retention employees EMV migration evaluation Evolve executive search Expectations expense management expense reduction expense studies expenses Expert Federal Reserve Board fees financial services financial stability FinTech Floyd's Forum Free Analysis full disclosure Generating Income generating leads generation governance government hiring HR HR Consulting HR policies human capital human resources improved efficiencies improved results income income enhancement Innovate Innovative interview strategies interview tips IT contracts Jan Southern Jennifer Peoples Jim Griffis JMFA Academy JMFA clients JMFA News job search John M. Floyd Keith Hughey Kelly Flynn Kim Kreps leaders leadership Learning lending program Lesson Linda Meyer Literacy litigation loans Long Term Long-Term Maintenance management Mark Roe marketing measurable Members Midwest Region Millennial Millennials Missouri Mobile Banking NAFCU NCUA Negotiate negotiating contracts Net Operating Analysis NOA Non-Interest Income Oliver Ireland onboarding Organizational Health outsourcing Overdraft overdraft compliance overdraft coverage overdraft fees overdraft practices Overdraft Privilege overdraft program Overdraft programs overdraft protection programs overdraft service overdraft services overdraft strategy overdrafts Partner Paul McFarland payday loans Pennsylvania performance performance improvement personnel planning Press Release Privilege Manager CRM proactive