Cybersecurity Awareness Month is an annual observation each October that encourages consumers and businesses to take steps to protect themselves from cyberattacks.

The theme of Cybersecurity Awareness Month 2021 is Focusing on the Fundamentals. While many believe that most cybersecurity breaches are the act of sophisticated hackers and foreign agents, most successful cyberattacks are because of a failure to follow well-established cybersecurity practices.

To ensure your institution is following these best practices, we encourage you to take the steps to collaborate with your regulators and your peers. Your institution and Kansas are not an island. Cybersecurity has no borders and crosses infrastructures. We must collaborate and share information. To help you better collaborate and focus on the fundamentals, we recommend you follow this three step process now to get your organization started:

  1. Select a specific industry recognized cybersecurity framework(s), for example NIST Cybersecurity Framework, FFIEC Cybersecurity Assessment Tool, and the Center for Internet Security Controls.
  2. Adopt a budget for meeting your cybersecurity strategy within a reasonable time period.
  3. Hire an audit firm to review the implementation of your framework rather than for minimum regulatory guidelines (a mock FFIEC exam).

Staying cyber-secure is not as simple as completing a single checklist. It is not a project that you do once and are finished, it is an ongoing process that evolves with the industry and emerging threats. By following the above steps, you will be better positioned for a more secure future.

The Office of the State Bank Commissioner works with other state regulators across the U.S., federal regulatory agencies, the U.S. Treasury Department, Federal Law Enforcement agencies to identify ways to protect institutions from cyber-attacks.

Ransomware

CSBS Ransomware Self-Assessment Tool

CISA – Stop Ransomware / Ransomware Best Practices

Self-Assessment Tools

NIST Cybersecurity Framework

FFIEC Cybersecurity Assessment Tool

Security Controls

Center for Internet Security Controls

NIST – Security & Privacy Controls for Information Systems

Remote Work

CISA – Telework Guidance

CISA/NSA – Hardening Remote Access VPN

Additional Resources

KeepMyBankSecure.com

CSBS Cybersecurity 101

FFIEC IT Examination Handbooks

SANS – Cybersecurity Training

StaySafeOnline.org

Comments are closed.

Close Search Window