Four Letters. Infinite Potential.
How to Best Avoid a Cyber Attack

How to Best Avoid a Cyber Attack

By Charles Shanley, Executive Vice President

If we’ve learned anything from the recent Facebook/Cambridge Analytica debacle that affected 87 million people, it’s this: our personal data is ripe for the picking. Mitigating cyber security risks should rank at the top of every CEO’s priority list. For that, you need a thorough understanding of the topic and the ability to recruit the right people with the necessary skills to stay (at least) one step ahead of cyber threats.

Know thy enemy.

To stay ahead of hackers, it’s important for management and those dedicated to overseeing an organization’s data to be aware of the types of data breaches occurring today.

According to former Acting Comptroller of the Currency, Keith Norieka, “Phishing is a primary method for breaching data systems and is often the entry mechanism to perpetrate other malicious activity, such as installing ransomware, accessing confidential information, compromising internal systems to effect payments, or conducting espionage.”

Pay attention.

In many cases, cyber attacks can be avoided by simply keeping up with your own technology. The massive 2017 Equifax data breach that compromised the personal information of 143 million people could have been avoided by simply installing a web application vulnerability patch that had been available for two months prior. Experts also recommend using an Intrusion Detection System (IDS) to immediately alert you to a data breach, thus allowing you valuable time to react before too much time passes.

On the other hand, even with due diligence, financial institutions find themselves attacked through another avenue: their vendors. A 2017 report by BitSight found that, in most cases, companies in the finance industry supply chain do not meet the same security measures that finance companies hold for themselves. The report found outdated, unsupported and highly vulnerable machines all over third-party vendors that provide legal, technical, and business services to financial institutions.

Being vigilant of this possibility and properly scrutinizing vendors’ threat prevention plans makes your institution more secure against cyber attacks.


Be prepared.

Let’s all hope we only encounter the best when it comes to cyber security; but to be realistic, anything less than preparing for the worst could bury your institution.

Your people are your most important asset, and in times of crisis, this will become evident. According to Deloitte’s 2018 Banking Industry Outlook, hiring high-quality data managers (or Chief Data Officers, in very large companies) has become a top priority.

Cyber security affects HR in the recruitment process, workforce planning, and compensation planning. In this new and fast-growing job market, excellent data managers are difficult to find and earn a sizable salary, with many hiring departments unsure of what to look for in a candidate. For these reasons, experts recommend using a third-party recruiter with experience hiring data experts.

In my experience, when recruiting candidates for leadership positions, I not only make sure they have great credentials — I want to see them prove their capability in crisis management and disaster recovery. An important part of the process consists of having a candidate articulate how they would react during a potentially real-life crisis scenario. We ask candidates to take us through the first four hours of response to the emergency, all the way up through Day 10, detailing specific recommendations and actions they would take concerning employees, account holders, shareholders and policymakers.

This sort of hands-on, behavioral scenario tells us and our clients more about a candidate than any resume or LinkedIn profile ever could.

Play offense and defense.

It doesn’t end with hiring the right individuals, though. Your institution should, of course, have a robust crisis management plan in place, and it should be revisited and updated frequently. In addition, putting cyber security at the forefront of your 2018 initiatives is essential and something other financial institutions are already adopting.

In a new ABA study on Community Bank CEO Priorities, an overwhelming majority of respondents planned to implement the following measures to protect their banks against data breaches or cyber threats:

  • Staff training (95%)
  • Network security (91%)
  • Customer education (84%)
  • Anti-malware/anti-virus software (81%)
  • Mock cyberattack/tabletop testing (75%)
  • Joining Sheltered Harbor (69%)


Hackers never sleep, but you can.

Hackers attempt cyber attacks all day, every day. While you can’t personally stay on watch 24/7, you can take significant steps to minimize your financial institution’s likelihood of suffering a data breach. Staying alert to the current state of cyber security; installing patches and updates to your software and applications; vetting your vendors; hiring competent data managers, and continuing to implement cyber security measures can keep your institution one step ahead of the enemy.


12 months 2020 2020 vision 40 years Academy account holder account holder retention account holder strategies account holder strategies; growth strategies; account holders accountability Achieve achievements Advancements Advice Agreement analysis Analytics announcement Assistance ATMs Attendees attracting talent Automation B2B Balance Bank Bank of Pacific Banking banking services banks banks and credit unions batching Benefit best practices board governance board member board of directors Bob Layendecker bottom line branch equipment branch profitability branding Bryan Hanks budget bundling business business culture business environment business practices business processes business strategies career advice Career Goal case studies Case Study CEO onboarding CFPB Challenges change Charles Shanley Cher Cheryl Lawson Choose Chris Karstens Classroom clients Cloud Cohron commitment Communication communications Competitive Complaint Compliance compliance examinations compliance risks compliant Conferences Consistency Consistent consultant Consultation consulting Consumer Consumer FInancial Protection Bureau consumer protection Consumer-focused Consumers Contingency Contingency Pricing contingency-based fees Contract Contract Analysis Contract Negotiation contract negotiations Contract Optimizer Contract Renegotiations contract review contract staffing Contracts Convenience core processor contracts Cornerstone Credit Union League corporate culture corporate governance Courtesy Pay CPE credits Credit Card credit card contracts credit cards Credit Union credit unions Crissandra Fry CSS culture customer service cyber security Damian Darin Byrd Data database Deal debit card contracts Debt Decisions Development Dick Miller digital directors Disclosed discounts Discussion Donna Sumrall Dynamic economy Education efficiency studies election Email Emergencies Emergency employee employee retention employees EMV migration Engagement evaluation Evolve executive search Expectations Expense expense management expense reduction expense studies expenses Experience Expert expert negotiations Experts Facilitators FastTrack Federal Reserve Board Feedback fees Financial Financial Institution financial institutions financial services financial stability Financial Worry FinTech Fixed limits Floyd's Forum Free Analysis full disclosure Fully fully disclosed overdraft program Gen Z Generating Income generating leads generation Generation Z Gift Goals governance government Grow Gym Halloween Hammond Happiness hiring HKW Holiday Holidays HR HR Consulting HR policies Hubur