Pub. 14 2019-2020 Issue 6

WWW.NEBANKERS.ORG 24 Recommendations Workwith your insurance risk consultant/provider. Most cyber insurance carriers offer on-boarding services and interactive resources to help you create, organize and enhance your incident response plan. Perform penetration testing. Establish a baseline of understanding the types of security vulnerabilities that exist in banking applications, mobile apps, application program interfaces, networks and cloud infrastructure. Tabletop or fire drill test your incident response plan regularly and put it in writing. Regulators will be requesting this documentation, especially when you experi- ence an event. Utilize your cyber liability resources. The premiums paid reflect consultative services the various carriers offer. Hy- pothetical questions are acceptable. If you suspect you have an event or have questions about services provided, both pre- and post- event, ask your carrier. Avoid using the word “breach” in email or verbal correspondence. Breachhas legal and compliance implications For more information, contact Mitch at (402) 904-7014 or mitch.florea@nebankers.org. due to 49 of 50 Consumer Protection laws currently in place. Use “event” or “incident” as alternatives. Have your HR/payroll administrator implement tracking responses for increases in the number of checking or savings account changes . Cyber criminals will wait until they have multiple emails and account numbers within a network and submit a wave of changes in bulk. Implement dual or triple factor authentication for employees with company issued mobile phones and laptops employee. As you review your institution’s cyber incident prevention and recovery plans as well as your cyber liability coverage, I would be happy to review, analyze and present options for your consideration.  The Nebraska Bankers Insurance & Services Co. (NBISCO) is the wholly owned NBA subsidiary formed in 1981 to provide insurance products and services to member financial institutions. NBISCO also serves as the administrator of the NBA VEBA Program handling enrollment, billing, and marketing activities. Through NBISCO, NBA member institutions have access to a variety of competitively priced products and services. PHASE 1 DISCOVERY & ASSESSMENT PHASE 2 INVESTIGATION PHASE 3 RESPONSE PHASE 4 CLAIMS DEFENSE INCIDENT RECOVERY TRIGGER INCIDENT RESPONSE PLAN PRIVACY COUNSEL FORENSICS CONCLUSIONS AND RESULTS CRISIS MANAGEMENT COMMUNICATIONS AND SERVICES CLASS ACTION LAWSUITS REGULATORY INVESTIGA- TIONS, FINES, PENALTIES REPUTATIONAL DAMAGE BUSINESS INCOME LOSS RISK CAN STILL BE MANAGED CANNOT UN-RING THE BELL Data Breach Response Methodology Minimize Exposure — continued from page 23