How do you prioritize cybersecurity for your environment? It's easy to get enamored in this week's 'shiny object' or the next cybersecurity company that gets funding, but it really comes back to the basics:
- Update and actively manage your routers and firewalls
- Focus on anti-virus and patch management procedures
- Ensure appropriate due diligence for your high-risk, critical vendors
Just focusing on these three things is a great start to ensure the fundamentals are covered. Once you have that locked in you can expand from there.
Anne Benigsen: These are small institutions. Most of them are under a billion asset size. A chunk are under 500 million. How are they able to secure themselves as well as a big business? Are they able to do something like that? And, if they had to choose which areas, what areas should they choose?
In my eyes, banks should look at basic security fundamentals first, and that can be anything from the off the line virus protection, anti-malware protection, firewalls, making sure all those things are configured correctly. We can spout out a dozen different things that people can do for security and for cyber security. But if the tools are being used, they absolutely worthless.
So I will go with making sure patches are done, making sure vendor management is appropriately done, making sure when you have patches, those are appropriately put on in a timely manner, having virus protection, having malware protection and being able to educate your staff, as well as if you're a consumer bank educating your consumers as well.