Pub. 4 2014-2015 Issue 2

O V E R A C E N T U R Y : B U I L D I N G B E T T E R B A N K S - H E L P I N G C O L O R A D A N S R E A L I Z E D R E A M S September • October 2014 19 gather information about your network, then pick the best time to strike. Once inside, they steal or distort confidential data and often damage security features to enable larger future attacks. Let Ethical Hackers Test Your Vulnerabilities Perhaps the best tactic for thwarting hackers is employing a trusted third-party security tester to flush out your weak spots. A social engineering tester—often referred to as an ethical or white hat hacker—will work to uncover any inadvertent weak- nesses in employees’ ability to keep information confidential. The tester will conduct exercises to determine the effectiveness of institutional efforts to educate employees on the components of the institution’s Information Security Program. After the exercises have been conducted, the tester will com- pile an objective report that provides the financial institution with a realistic assessment of how its employees responded to the social engineering exercises, as well as comprehensive rec- ommendations for safeguarding your network. For external threats, two main types of security testing can protect financial institutions: vulnerability assessments and external penetration testing. Both can benefit institutions by showing the impact of an attack rather than theorizing about it. A vulnerability assessment can be performed either by a skilled consultant onsite or through a remote scanning de- vice—configured by a certified provider—that is plugged into the organization’s network. The device will scan the entire network, including hardware and software, and perform internal vulner- ability, patch management and port scanning functions. The assessment provider will then analyze the data and prepare a de- tailed report with recommendations for securing your network. By contrast, a penetration test’s ethical hackers seek to achieve a specific, attacker-simulated goal. A typical goal could be to access the internal network and gain privileged account usage, obtain contents of the prized customer database on the in- ternal network, or modify a record in a human resources system. Remember, given the widespread threat of cybercriminals, as well as strict regulations regarding consumer information privacy, it is of utmost importance for a financial institution to maintain bulletproof networks and systems—ideally through security testing. To download CSI’s full white paper, Think Like a Hacker, go to compliance. csiweb.com . Tyler Leet is director of Risk and Compliance Services for CSI Regu- latory Compliance, a provider of industry-leading solutionsincluding consulting, social media compliance, testing and watchlist screening. Tyler oversees the development and maintenance of risk and compliance-related services for a variety of financial institutions and organizations. Tyler Leet is director of Risk and Compliance Services for CSI Regulatory Compliance, a provider of indus- try-leading solutions including consulting, social media compliance, testing and watch list screening. Tyler oversees the development and maintenance of risk and compliance-related services for a variety of financial institutions and organizations. 1 http://www.ic3.gov/media/annualreport/2013_ic3report.pdf  Think Like a Hacker – continued n Minimize your risk with CHFA’s Cash Collateral Support program. Banks that use the CCS program will receive cash deposits as collateral for a business loan when the business cannot meet the collateral requirements. Close the deal with more customers. Contact CHFA Community Development today. look out for your small business clients 800.877. chfa (2432) www.chfainfo.com financing the places where people live and work