OPERATIONAL RISK

Cyber & Data Security

Prevention and risk mitigation are key components in every aspect of bank operations - the same holds true in the protection of customer data.

Cybersecurity is the prevention of damage to, protection of, and restoration of data, systems and processes.

Cybersecurity has three main components, data security, user security, and infrastructure security. Data security is the concepts or strategies used to keep data secure.

Data security focuses on protecting personally identifiable information (PII) from unauthorized access as one would see during a cyber breach or other significant cyber incident. Prevention and risk mitigation are key components in every aspect of bank operations - the same holds true in the protection of customer data.

Educate Your Customer

Share these cybersecurity resources with your customers to help them protect their businesses and data.

FTC Announces Resource for Small Business Owners

FDIC Financial Institution Letter on Cybersecurity Awareness Resources

FTC Information on Consumer Identity Theft

FTC Steps to Repair Identity Theft

Federal Trade Commission: Consumer Information

Federal Trade Commission: Privacy & Identity

Federal Trade Commission: How to Keep Your Personal Information Secure

StaySafeOnline.org: Privacy Tips

USA.gov: Scams and Frauds

Key Resources for Your Bank’s Cybersecurity Program

The following links will lead you to cybersecurity assessment tools to help you better understand where your bank stands.

Name	Source	Date
CIS - CIS Controls	CIS	11/18/2020
CSBS - Ransomware Mitigation Tool	CSBS	11/18/2020
#Protect2020 Rumor vs. Reality	CISA	10/21/2020
FBI Internet Crime Complaint Center (IC3)	FBI	09/10/2020
US-CERT Alerts	CISA	09/10/2020
Financial Services Information Sharing and Analysis Center	FS-ISAC	09/10/2020
Carnegie Endowment for International Peace: Cyber Resilience Capacity-building Tool Box	CEIP	09/10/2020
FDIC Cyber Challenge: A Community Bank Cyber Exercise	FDIC	09/10/2020
FBIIC Financial Sector Cyber Exercise Template	FBIIC	09/10/2020
FDIC Information Technology and Cybersecurity Banker Resource Center	FDIC	09/10/2020
FFIEC Cybersecurity Resource Guide	FFIEC	09/10/2020
FSSCC Automated Cybersecurity Assessment Tool v.2.1	FSSCC	09/10/2020
NIST Cybersecurity Framework	NIST	09/10/2020
FFIEC Cybersecurity Assessment Tool		09/09/2020
FFIEC IT Handbook	FFIEC	09/09/2020
CISA Cybersecurity Detection and Prevention	CISA	09/09/2020
CISA Cybersecurity Assessments	CISA	09/09/2020
CISA Cybersecurity Training and Exercises	CISA	09/08/2020
CISA - Cyber Resiliency Resources for Public Safety Fact Sheet	CISA	09/06/2020

Educate your Customer

Key Resources for Your Bank

Vulnerabilities & Mitigation

Sheltered Harbor

.Bank

Vulnerabilities & Mitigation

Cybersecurity and data security vulnerabilities come in many forms. Use these resources to know what you are dealing with and how to stay one step ahead.

Name	Source	Date
Scam Awareness Materials for Groups and Organizations	SSA	11/02/2020
Security Alert Pandemic Related Fraud Chargeback Scheme	Visa	10/21/2020
Advisory on Unemployment Insurance Fraud During COVID-19	FINCEN	10/13/2020
Pandemic Response Portal		09/28/2020
Unemployment Insurance Fraud Consumer Protection Guide		09/28/2020
USSS SBA OIG Joint Alert - PPP EIDL Fraud - TLP Green		09/28/2020
Cyber Fraud Task Force Bulletin - September 2020	USSS	09/25/2020
Selecting and Safely Using Collaboration Services for Telework	NSA	09/10/2020
FBI Alert: Increased use of Mobile Apps Could Lead to Exploitation	FBI	09/10/2020
Compromised Managed Service Providers	USSS	09/10/2020
State UI ACH ID List	USSS	09/10/2020
U.S. Secret Service Cyber Fraud Task Force Map	USSS	09/10/2020
Contact U.S. Secret Service Cyber Fraud Task Forces	USSS	09/10/2020
USSS-DOL OIG UI Advisory	USSS	09/10/2020
FBI Sees Spike in Fraudulent Unemployment Insurance Claims Filed Using Stolen Identities	FBI	09/10/2020
FinCEN Advisory on Imposter Scams and Money Mule Schemes	FinCEN	09/10/2020
Contact U.S. Department of Labor Cyber Fraud Task Forces	DOL	09/10/2020
Cybersecurity: Ransomware Alert	OCIE	09/10/2020
OCCIP Cybersecurity Alert 1 - Ransomware	OCCIP	09/10/2020
Indicators Associated with Netwalker Ransomware	FBI	09/10/2020
Malicious Cyber Actor Spoofing COVID-19 Loan Relief Webpage	CISA	09/10/2020
SBA Information Notice	SBA	07/21/2020
SBA Lender Alert EIDL	SBA	07/14/2020

Sheltered Harbor

Sheltered Harbor is the not-for-profit, industry-developed standard for protecting and recovering customer account data if a catastrophic event causes critical systems - including backups - to fail.

Its purpose is to promote the stability and resiliency of the financial sector and to preserve public confidence in the financial system in the face of an extended systems outage or destructive cyberattack.

The Sheltered Harbor standard combines secure data vaulting of critical customer account information and a resiliency plan to provide customers timely access to their data and funds in a worst-case scenario.

In many cases your core processor may provide a Sheltered Harbor solution. Please read ICBA's Core Processor Guide.

How Does Sheltered Harbor Achieve Greater Protection for Community Bank Customers?

Industry Response — Resiliency standards established by the financial services industry ensure that consumers receive timely access to their accounts in the event that their bank or brokerage firm becomes inoperable due to a major cyber event.

Standard Data — All participating institutions make a daily copy of the consumer’s account data in a standard format, which enables the restoration of account by another institution or processor in the event of a major loss of operations.

Monitored Regularly — All participating institutions update their adherence reviews to ensure that the Sheltered Harbor standards are exercised consistently and in accordance with Sheltered Harbor specifications.

Secure Vault — Your customers’ account data is archived in a secure data vault that is protected from alteration or deletion. The data will stay intact and accessible if needed-exactly as when it was archived. Think of this as a fall-out shelter for customer data, with each institution providing its own data vault.

Sheltered Harbor in the News

Join Now

Sheltered Harbor participation is currently open to U.S. banks, broker-dealers, and service providers of all sizes.

Joining entitles participants access to the standard, support content and experts to help with implementation, and the knowledge that the institution is being proactive in protecting its customer account data.

Join Sheltered Harbor

Does Your Bank Have a .Bank Domain?

.BANK is an evolution in relationship management, offering a trusted, verified, more secure, and easily identifiable location on the internet for your customers and your bank, regardless of size. .BANK provides a trustworthy stamp of approval for your online offerings.

Manage your .Bank domain or register one:

EnCirca Website:
Formed in 2001, EnCirca is an ICANN-Accredited registrar and registry validation provider based in Boston. EnCirca is the leading domain name registrar for .BANK domain names. EnCirca specializes in complex and custom registrar solutions for the domain name industry. Contact sales@encirca.com to request a consultation.
fTLD Website

What Makes .BANK Safer?

Through verification and mandatory security requirements the .BANK domain creates a safer space and acts as a visual security cue for bank employees or customers.

The .BANK at the end of an email address or website URL confirms that the email communication is authentic and that the website is owned by a bank and is a safe place to manage his or her finances. This simple visual cue enables security that employees and customers can recognize and participate in, ensuring the space remains safe for everyone.

.BANK domains have 6 critical security requirements beyond a standard .COM domain creating additional layers of protection to the consumer, plus verification, which when combined with email authentication, creates security that cannot be replicated in the .COM space. Consider the following difference between .COM and .BANK requirements:

Protect Your Customers

Get a .bank domain

Activate Your .BANK