Four Letters. Infinite Potential.
How to Best Avoid a Cyber Attack

How to Best Avoid a Cyber Attack

By Charles Shanley, Executive Vice President

If we’ve learned anything from the recent Facebook/Cambridge Analytica debacle that affected 87 million people, it’s this: our personal data is ripe for the picking. Mitigating cyber security risks should rank at the top of every CEO’s priority list. For that, you need a thorough understanding of the topic and the ability to recruit the right people with the necessary skills to stay (at least) one step ahead of cyber threats.

Know thy enemy.

To stay ahead of hackers, it’s important for management and those dedicated to overseeing an organization’s data to be aware of the types of data breaches occurring today.

According to former Acting Comptroller of the Currency, Keith Norieka, “Phishing is a primary method for breaching data systems and is often the entry mechanism to perpetrate other malicious activity, such as installing ransomware, accessing confidential information, compromising internal systems to effect payments, or conducting espionage.”

Pay attention.

In many cases, cyber attacks can be avoided by simply keeping up with your own technology. The massive 2017 Equifax data breach that compromised the personal information of 143 million people could have been avoided by simply installing a web application vulnerability patch that had been available for two months prior. Experts also recommend using an Intrusion Detection System (IDS) to immediately alert you to a data breach, thus allowing you valuable time to react before too much time passes.

On the other hand, even with due diligence, financial institutions find themselves attacked through another avenue: their vendors. A 2017 report by BitSight found that, in most cases, companies in the finance industry supply chain do not meet the same security measures that finance companies hold for themselves. The report found outdated, unsupported and highly vulnerable machines all over third-party vendors that provide legal, technical, and business services to financial institutions.

Being vigilant of this possibility and properly scrutinizing vendors’ threat prevention plans makes your institution more secure against cyber attacks.


Be prepared.

Let’s all hope we only encounter the best when it comes to cyber security; but to be realistic, anything less than preparing for the worst could bury your institution.

Your people are your most important asset, and in times of crisis, this will become evident. According to Deloitte’s 2018 Banking Industry Outlook, hiring high-quality data managers (or Chief Data Officers, in very large companies) has become a top priority.

Cyber security affects HR in the recruitment process, workforce planning, and compensation planning. In this new and fast-growing job market, excellent data managers are difficult to find and earn a sizable salary, with many hiring departments unsure of what to look for in a candidate. For these reasons, experts recommend using a third-party recruiter with experience hiring data experts.

In my experience, when recruiting candidates for leadership positions, I not only make sure they have great credentials — I want to see them prove their capability in crisis management and disaster recovery. An important part of the process consists of having a candidate articulate how they would react during a potentially real-life crisis scenario. We ask candidates to take us through the first four hours of response to the emergency, all the way up through Day 10, detailing specific recommendations and actions they would take concerning employees, account holders, shareholders and policymakers.

This sort of hands-on, behavioral scenario tells us and our clients more about a candidate than any resume or LinkedIn profile ever could.

Play offense and defense.

It doesn’t end with hiring the right individuals, though. Your institution should, of course, have a robust crisis management plan in place, and it should be revisited and updated frequently. In addition, putting cyber security at the forefront of your 2018 initiatives is essential and something other financial institutions are already adopting.

In a new ABA study on Community Bank CEO Priorities, an overwhelming majority of respondents planned to implement the following measures to protect their banks against data breaches or cyber threats:

  • Staff training (95%)
  • Network security (91%)
  • Customer education (84%)
  • Anti-malware/anti-virus software (81%)
  • Mock cyberattack/tabletop testing (75%)
  • Joining Sheltered Harbor (69%)


Hackers never sleep, but you can.

Hackers attempt cyber attacks all day, every day. While you can’t personally stay on watch 24/7, you can take significant steps to minimize your financial institution’s likelihood of suffering a data breach. Staying alert to the current state of cyber security; installing patches and updates to your software and applications; vetting your vendors; hiring competent data managers, and continuing to implement cyber security measures can keep your institution one step ahead of the enemy.


100% 12 months 14 years 20 years 2020 2020 vision 40 years abusive abusiveness Academy account holder account holder retention account holder strategies account holder strategies; growth strategies; account holders accountability Achieve achievements Advancements Advice Agreement agreements alerts Americans analysis analytic Analytics announcement ask the expert Assistance ATMs Attendees attorneys attracting talent auto loans Automation B2B Balance Bank Bank of Pacific Banking banking services banks banks and credit unions batching Benefit best practices board governance board member board of directors Bob Layendecker bottom line branch equipment branch profitability brand loyalty branding Bryan Hanks budget budgets bundling business business culture business environment business practices business processes business strategies calendar card processing cardholders career advice Career Goal CARES Act caring case studies Case Study cash CDC CEO CEO onboarding certainty CFPB Challenges change charitable Checklist Cher Cheryl Lawson Choose Chris Karstens civil litigation claim clarity class action class-action lawsuit Classroom clients Cloud Cohron collections CommFirst Federal Credit Union commitment committed Communication communications communities community community banks Community Outreach Referral Program Competition Competitive Complaint Compliance compliance examinations compliance risks compliant condition conduct Conferences confidence connection Consistency Consistent consultant Consultation consultative consulting Consumer Consumer FInancial Protection Bureau consumer protection Consumer-focused Consumers Contactless Contactless cards Contingency Contingency Pricing contingency-based contingency-based fees Contract Contract Analysis Contract Negotiation contract negotiations contract negotiator Contract Optimizer Contract Renegotiations contract review contract staffing Contracts Convenience core processor contracts Cornerstone Credit Union League coronavirus corporate culture corporate governance cost costs Courtesy Pay COVID-19 CPE credits Credit Card credit card contracts credit card processing credit cards credit report Credit Union Credit Union Vendor Management credit unions crisis Crissandra Fry CSS culture customer customer experience customer service customers CUVM cyber security Damian Data Data Analytics database Deal debit debit card contracts debit cards Debt deceptive Decisions Demand Letters Department of Labor Deposit deposits Development Dick Miller digital digital wallet directors Disclosed disclosures discounts Discussion Dodd-Frank Act dollars donation Donna Sumrall Dynamic earnings Economic economic recovery economy Education efficiency studies election Email Emergencies Emergency employed employee employee retention employees EMV migration enchancing productivity enforce enforcement Engagement environment Errors evaluation Evolve examiners executive search Expectations Expense expense management expense reduction expenses Experience Experiences Expert expert negotiations expertise Experts expire Facilitators families family FastTrack FDIC Federal Reserve Federal Reserve Board fee Feedback fees Field Consultant Financial Financial Institution financial institutions financial integrity financial security financial services financial stability Financial Worry FinTech fit Fixed limits Fixed-limit Floyd's Forum Forrester Franklin First Federal Credit Union Free Analysis full disclosure Fully Fully Disclosed fully disclosed overdraft program fund funds future Gen Z Generating Income generating leads generation Generation Z Gift Gil Johnson global Goals governance government government agencies Greenwood Credit Union Grow growth guidance Gym Halloween Hammond Happiness health Heartland Tri-State Bank hiring HKW Holiday Holidays Houston Area Food Bank Houston Livestock Show and Rodeo HR HR policies Hubur human capital human resources Implementation implementing important Improved improved efficiencies improved results Inc. incentives income income enhancement Industry Innovate Innovative in-person Institution interest rates interests internet banking services interview strategies interview tips IT contracts Jackson Jai Jai Darden James Jamone Moore Jan Southern Jennifer Peoples Jennifer Simmons Jessica Pickett Jim Griffis Jimmy Nguyen JMFA JMFA Academy JMFA clients JMFA News JMFA Next Generation Overdraft Privilege JMFA team Joe Marsh John Cohron John M. Floyd John M. Floyd & Associates judicial justification Kelli Silvernale NCUA Kelly Flynn Kennedy knowledge law lawsuits Lawyer leaders leadership Learn Learning Legal legal risk legislative lending program Lesson leverage Limit Limits Literacy litigation litigators lives loans local Long Term Long-Term lost revenue Maggie Thompson Maintenance manage Managed management management experience Mark Roe marketing marketplace Mary Soergel MasterCard matrices Matrix Matrix-based measurable measurable results meeting Member Members mergers Midwest Region Millennial Millennials mindset minimalism minimalist Mississippi Missouri mobile Mobile Banking mobile phone app Model monetary Money Morrison & Foerster Partner mortgages Most Valuable Provider NAFCU NCUA Needs negative balance Negative Settlement Negotiate Negotiating negotiating contracts negotiator Net Operating Analysis New Decade new revenue New Year New Year's Next Generation JMFA Overdraft Privilege NOA Non-Compliant non-disclosed non-interest Non-Interest Income North Carolina NSF NSF fees Obrea Poindexter OCC Officer Oliver Ireland onboarding Online operational Opportunities Opportunity Opt-In organization Organizational Health Outcomes outsourcing Overdraft overdraft compliance overdraft coverage overdraft fees overdraft practices Overdraft Privilege overdraft privilege program overdraft program Overdraft programs overdraft protection programs Overdraft Protection Service overdraft service overdraft services overdraft strategy overdrafts overdrawn Overspending pandemic Part 2 Partner partnership Paul McFarland paycheck emergency payday loans payment cards Payments Penalties Pennsylvania performance personnel physical distancing plan planning Plus4 Credit Union podcast Podcasts policies policies and procedures Policy POS Positive Swipe post-pandemic practice practices Press Release Privilege Manager CRM proactive problem-solving procedure Procedures process process improvement Processing product profitability Productivity Products Professional Profitability Improvement Program Program Management programs prohibited project staffing Promotions Proposals Provider providers PwC Quality quantity Reactive reality Reassess Recruitment Services recruitment strategies reduce expenses refer referral Reg E regional director regulation Regulation E regulations regulators regulatory relationship Relationships reliability remote Renegotiate Renewal Reporting Reputation resolutions Resources Results Retail retail operations Retaining Employees Retention Retirement revenue revenue enhancement review Richard Miller risk risks ROI Ron Jennings Roy Roy Seifert Rules Ryan Armstrong safety Sales Salesforce Satisfaction savings Scrutiny secrets Security senate Senior Relationship Manager service service agreements service contracts service delivery Services Sessions settlement shareholders Sheila Bridges Shopping social distancing Social Events social media socially distanced Software Solution South Carolina specialization speed Spending staff staff development staff spotlight staff training staffing staffing gaps staffing studies staffing study stakeholders standard Statistics stimulus payments Strategic Planning strategic vision Strategies Strategy streamline Stressful study succeed Success success factors successful Succession plan succession planning Support survey Susan Prell system talent team team members technology technology costs technology upgrades technology utilization temporary staff term terms Text Third-Party Expert third-party providers third-party vendor contracts third-party vendors threat three Tim Strandquist Time Tools Tools and Resources Tracking Trainer training transaction transactions Transparency Transparent Travel Treats trend trends Trey Martin Trust turnkey UDAAP uncertain times unemployment unfair updates Upgrades Value Variable Variable Limits Vendor vendor agreements vendor contract negotiations vendor contracts vendor management services vendor performance vendors video violation Virginia VISA volunteer Walker Washington Washington D.C. Washington Savings Bank Webinars weeks well-rounded Westmoreland Community FCU Whitney & Company Wish list women work work ethic Workshops YouTube