Pub. 14 2019-2020 Issue 1

NEBRASKA BANKERS ASSOCIATION 21 Fully registered Dealer Bank • Not FDIC Insured • No Bank Guarantee • May Lose Value FROMONE COMMUNITY BANK TOANOTHER. Country Club Bank Capital Markets Group has assisted community banks build high- grade bond portfolios that reflect specific markets expectations, product preference, income goals and overall risk parameters, since 1985. Operating in over 30 states, the Capital Markets Group is always ready to meet the needs of our fellow community bankers. We keep investing simple so that banks can focus on what really matters— lending to the communities who support us. • Portfolio Strategy, Fixed Income Sales and Service • Bond and Securities Underwriting/Trading • balanCD Brokered CD and TBA Programs We speak the same language. Testing your People involves Social Engineering Assessments (phishing emails, physical impersonation, phone impersonation, dumpster diving, etc.). Testing your Processes involves an External IT Audit. And testing your Technology typically involves technical scans around the inside (Vulnerability Assessment) and outside (Penetration Test) of your network. Out of those three processes, People is the weakest link, meaning that you should test this area of your organization MOST frequently, not least frequently. Cybersecurity Starts at the Top To truly ensure your organization is onboard in thinking you are a technol- ogy company, the message must be con- sistently portrayed from the top down. Cybersecurity conversation between em- ployees, the steering committee, and the board of directors need to happen on a regular basis, not just once per year. The integrity and availability of institution’s technology and data pose a much greater risk to your organization than nearly anything else, including a bad loan. A data breach, loss of customer data, or significant electronic banking downtime could cause irreparable damage to a community bank whose reputation is its more important asset. Starting at the top means sharing the technology-focused message and vision with the whole organization, then back- ing up the message with appropriate investment into not only the technology but the resources needed to deploy the technology, including roles and responsi- bilities of the staff. A shift from treating technology as an expense to a critical business function means aligning your actions with your message. Training and education of not only your employees, but also your customers, is another key component to building a cybersecurity culture. It shows everyone that you mean what you say and that you’re committed to doing what’s best for your employees and customers. The last component to building a cybersecurity culture means that you must also hold People accountable for their actions. If you are testing your People’s cybersecurity awareness with regular phishing email tests, there must be accountability built into the process for it to be effective. Phishing is the #1 attack vector used by attackers to compromise your network and steal customer information. Allowing em- ployees to fail phishing assessments by clicking on links repeatedly sends a very loud message to the organization that cybersecurity doesn’t matter. The same goes for testing your employees but not your senior management or Directors. Everyone should be on an even playing field when it comes to testing your People because attackers don’t discriminate between employees and Directors either. By thinking of your organization as a technology company, and acting accord- ingly, you will set yourself up for success in the future on numerous fronts. Ad- ditionally, viewing your organization as a technology company will change your perspective on how you protect your net- works and customer information.  For more information, contact David Edwards at 913-225- 6382 or david.edwards@ sbscyber.com . SBS delivers unique, turnkey solutions tailored to each client’s needs, including risk management solutions, consulting, auditing and education. Learn more at www.sbscyber.com.