New FFIEC Guidance Highlights Mobile Banking Risks

Posted by Greg Mancusi-Ungaro on Thu, Jun 09, 2016
The FFIEC has just published new examiner guidelines focused on institutional risks arising from mobile banking technologies and practices. Financial Institutions are now likely to face tough questions about their security practices around mobile apps, and mobile banking websites and infrastructure. This new guidance applies to all FDIC institutions, including those with assets less than $1Billion.

From the April FFIEC Guidance on Mobile Banking:
  • The appendix emphasizes an enterprise-wide risk management approach for effectively managing and mitigating the risks associated with mobile financial services.
  • The appendix discusses the technologies used in the mobile delivery channel, elevated risks that may result, and appropriate controls implemented by institutions or third-party providers.
  • The appendix contains a work program to assist examiners in determining the risks posed by an institution’s mobile financial services and assessing the controls that have been implemented to mitigate those risks.

For the first time, the FFIEC is emphasizing that institutions gain visibility to and understanding of ALL mobile apps and mobile banking infrastructure that appear to be related to the institution. Some of these will be legitimate, implemented and authorized by the institution. But others will have been deployed by cyber criminals to attack the institution, the institution's customers, and the institution's partners.To help CISOs and security teams better understand the guidance, and to provide useful strategies for addressing these new security requirements, BrandProtect subject matter expert Dylan Sachs will review the recent guidance in a free one-hour webcast schedule for June 23, 2016 from 1:00 - 2:00 p.m.

Read More

Topics: mobile app monitoring, cyber threats, Chief Security Officer, bankSMART, FFIEC

BrandProtect Anti Phishing Adds MX Record Monitoring.
CISOs: Why This Matters To You.

Posted by Greg Mancusi-Ungaro on Thu, Mar 24, 2016

Over the past 18 months there has been a phenomenal increase in the frequency of socially targeted email attacks. 

The FBI recently reported that global losses related to these Business Email Compromise (BEC) scams experienced a 270% increase from January to August 2015. These kinds of attacks do real damage, including the compromise of internal networks, the inappropriate disclosure of company IP or PII, the incorrect transfer of funds from the company treasury, to name a few of the most common outcomes. Hundreds of millions of dollars have been stolen through these schemes, directly affecting corporate bottom lines.

In these sophisticated attacks, employees, and/or business partners are targeted

Read More

Topics: Identity Theft, Domain Management, cybersquatting, Phishing, cyber threats, online risk, Spear Phishing, CISO, CSO, FFIEC

Changing Tides of Social Media Compliance

Posted by Matthew Brienza on Sun, Sep 29, 2013

What started as a fad viciously grew into a worldwide source for communications. Today the tides of social media continue their fast changing and unpredictable course. The difference between now and then is the far superior widespread use of social communication. Insurance companies, banks, telephone companies, you name it they use it and most companies use social media in the majority of their internal departments. It’s used to send communications externally as well as internally. It’s used to recruit new employees, to send marketing campaigns, to research consumer habits. Social media is an extremely valuable and cost efficient asset for companies to communicate with a massive consumer base. Marketing, Human Resources, Customer Service, Legal, all of these departments are reaping the benefits of social media but do they understand the risks involved?

Read More

Topics: risk management, online brand protection, Social Media Monitoring, social media, Internet Threats, FFIEC

Recent Posts

Posts by Topic

see all