Community Bank Cybersecurity Mitigation Checklist

By Joel Williquette

As the transformation to a digital-first industry grows, so, too, do the accompanying threats. Between March and June of last year banks experienced a 520% increase in phishing and ransomware attempts. Though these trends were exacerbated by COVID, cybersecurity has been a top concern for the financial services industry for years, with more than 4,000 ransomware attacks occurring daily in the United States.

The good news is that community banks can thwart or reduce their risk with strong cybersecurity mitigation strategies. While every bank differs in its approach, the following checklist offers a snapshot of steps community bank IT departments can take to help limit their exposure to attacks.

Cybersecurity Checklist

Technical Recommendations

• Rapidly patch VPN servers
• Block single-factor remote desktop protocol (RDP)
• Watch for Windows server message block (SMB) or PowerShell lateral movement
• Use a virus scan aggregator (like VirusTotal) to assist with rapid malware analysis

System Monitoring

• Monitor traffic flowing into and out of a business and flag anomalies
• Monitor traffic and activities flowing between devices and systems on a network and flag anomalies
• Monitor vendor and third-party connections, traffic, and flag anomalies
• Institute 24/7 security management and monitoring services
• Run regular internal vulnerability assessments
• Incorporate security information and event management systems to catch and track anomalies and cyber incidents

Organizational Efforts

• Require custom cybersecurity training
• Develop a culture of security where all employees see security and cyber security as part of their role
• Create metrics and tracking to improve employee and bank security performance
• Develop good cyber hygiene practices, including patching, upgrades, investment in tools and training for IT and cyber security staff
• Audit and limit user access rights in bank active directory, systems, and software platforms

External Reviews

• Use strong multifactor authentication for customers, employees, and third-party service providers
• Document and understand network topology and system connectivity, data flows and data access, including internal and external systems and data connections
• Search the web and dark web for debit and credit card bank identification numbers (BINs), copycat websites and apps, and VIP (staff and board) impersonations on social media

For additional insights and best practices, read, “Cybersecurity Experts Offer Tips to Help Community Banks Shore up Defenses,” and visit ICBA’s Operational Risk resource center.

Joel Williquette is ICBA senior vice president of operational risk policy.