Pub. 13 2018-2019 Issue 1

WWW.NEBANKERS.ORG 16 NCR Solution Provider of the Year NORTH AMERICA FINANCIAL SERVICES At DBE, we have always valued the relationships that are built by doing the right thing for our customers. The creation of those partnerships over the years allowed us to be honored with the “Solution Provider of the Year” for North America from NCR Corporation. We are truly honored to receive this award and want to say a special thanks to the customers who continue to choose DBE for their technology decisions. Also, a special thanks to our valued employees who, on a daily basis, do everything in their power to represent our core values. For more information, contact Jacob Tewes at Kutak Rock LLP at (402) 346-6000 or jacob.tewes@kutakrock . com. Tewes is a member of Kutak Rock LLP’s intellectual property and information technology group where he concentrates on privacy and data security. mechanisms in place to notify your users when their ac- count information is changed unexpectedly, and include an easy way for them to report unauthorized changes. In addition, make sure you can detect and shut down banking Trojan botnet attacks by limiting the number of login attempts from a given IP address or device within a short timeframe. These were the single most common type of attack against banks in 2017, 26 and ultimately the way that hackers exposed TaxSlayer. 5. Audit your company’s data security performance with penetration tests and other exercises. The amount of time between a hacker’s initial act and the first com- promised asset is “most often measured in seconds or minutes.” 27 Like the TaxSlayer attack, 68 percent of all breaches took multiple months or longer to discover. 28 6. If you need help, don’t give up or put it off for another time. Ask.  1 In the Matter of TaxSlayer, LLC, 162-3063 (October 20, 2017), available at https:// www.ftc.gov/enforcement/cases-proceedings/162-3063/taxslayer ; 113 Stat. 1338 (1999), codified at 15 U.S.C. §§ 6801ff. 2 Complaint at ¶ 5. 3 Complaint at ¶ 8. 4 15 U.S.C. § 6801(b). 5 See 12 C.F.R. pt. 208, App. D–2 and 12 C.F.R. pt. 225, App. F (FRB); 12 C.F.R. pt. 364, App. B (FDIC); 12 C.F.R. pt. 30, App. B (OCC). Assessing 3rd party risk is also vital for financial institutions to meet guidance issued by the OCC (Bulletin 2013-29), FRB (SR 13-19), FDIC (FIL-44-2008) and the Consumer Financial Protection Bureau (Bulletin 2012-03). 6 16 C.F.R. pt. 314. 7 Complaint at 3-4. 8 Id. 9 Id. at 4. 10 Verizon, 2018 Data Breach Investigations Report, Available at https://www. verizonenterprise.com/verizon-insights-lab/dbir/. The DBIR is widely regarded as among the best representative samples of data breach activity, but it is not a com- prehensive survey. Breaches that are not publicly disclosed using the Vocabulary for Event Recording and Incident Sharing (VERIS) system, and a wide variety of attempted attacks that fall short of meeting VERIS’ threshold for a breach, may not be included. 11 See DBIR. 12 DBIR at 4, 12. 13 DBIR at 31. 14 DBIR at 5. 15 DBIR at 32. 16 DBIR at 15. 17 DBIR at 31 18 DBIR at 15. 19 DBIR at 31. 20 DBIR at 31-32 (approximately half of those in the “Everything Else” category were phishing attacks). 21 DBIR at 18. 22 DBIR at 12. 23 DBIR at 32. 24 Jeff Makovicka, Cybersecurity: The Danger of Using Data Security as a Marketing Opportunity, Nebraska Banker May/June 2016, 14, available at http://thenewslink- group.com/clients/NBA/pdfs/may2016/NBA_MayJune2016_Web.pdf. 25 DBIR at 13. 26 DBIR at 31. 27 DBIR at 10. 28 DBIR at 5. Counselor’s Corner — continued from page 15