October is National Cybersecurity Awareness Month. Promoted by the U.S. Cybersecurity & Infrastructure Security Agency (CISA), it’s an annual reminder of how organizations—including financial institutions—need to do their part to ensure cyber defenses are strong.

You may not feel like you need a reminder—after all data breaches, including at FIs and their third-party vendors, regularly make the news. Examiners make cybersecurity a high priority.

But just in case, we put together a collection of our top cybersecurity blogs for 2020 to help refresh you on the latest cybersecurity trends and best practices. From enforcement to regulatory insights, our freshest takes on managing cyber risk are all in one place so you can more confidently manage cyber risk at your institution—even if you’re not an IT expert.

Which FI’s Cyber Mismanagement Got Them in Trouble This Year?

Find out so you don’t make the same mistake.

• 9 Risk Management Failures That Lead to Charges Under NY’s Cyber Law
  How does a cyber mistake of this size happen? The answer touches upon nearly every area of risk management including risk assessments, findings, and internal controls as well as ineffective manual processes.

• Board & Management Fail: Operational Risk Management Weaknesses Leads to $80 Million Fine
  There’s no excuse for mismanaging operational risk these days. The regulatory agencies have been emphasizing risk management for years, frequently warning that operational risk has been increasing. Yet Capital One made many basic operational risk management weaknesses at both the board and management level.

Related: Creating Reliable Risk Assessments

An Ounce of Cyber Prevention is Worth a Pound of Cure

Cybersecurity goes way beyond the IT department. It involves the entire risk management team. Make sure yours is up to the task with these best practices for cybersecurity risk management.

• 4 Reasons to Add Cyber Monitoring to Your Vendor Management Program
• With cybersecurity regulations and the growing problem of cyberattacks and breaches, vendor cyber monitoring is a wise investment for financial institutions that want to be sure third-party vendors are doing everything they can to protect systems and data.
  
  
• Risk Management Tips for Avoiding Ransomware
  Don’t get caught off guard by ransomware. Make sure you assess this risk to your FI and implement and monitor controls to keep your systems and data safe.

• Misinterpreted Cyber Guidance & 4 Tips for Avoiding the Same Mistake
  It’s easy to misinterpret guidance, but there are things you can do to avoid it.

• How to Reduce the Cost of a Data Security Breach at a Bank or Credit Union
  It turns out that many of the cyber risk management controls that reduce the risk of a data security breach occurring also reduce the total cost of a data breach. That means those cyber controls actually serve double duty—mitigating both data breaches and the cost of a breach.

• When Customers Invite Third-Party Risk
  Risk management, including careful risk assessments and controls, will continue to be an FI's best defense while waiting for fintech regulation to catch up. Make sure your FI’s risk and vendor management platforms
  have the structure and tools to recognize and assess the risks presented by fintech partnerships—including those initiated by consumers.

What Are the Regulatory Agencies Saying?

In a year of heightened cyberattacks, in part due to the new risks and vulnerabilities introduced by the COVID-19 pandemic, the agencies have offered valuable insights.

• FFIEC: Risk Management Is Essential to Safe & Sound Cloud Computing
  Understanding FI and cloud provider responsibilities makes it possible for FI’s to mitigate risk by reviewing the  vendor contract, developing processes to identify, measure, and monitor the risks and assessing and implementing appropriate controls.
  
  
• Risk & Exams: Insights into Where Examiners Will be Looking in 2021
  Are your strategic priorities aligned with the OCC’s supervisory objectives? Here’s a clue: If your financial institution is actively engaged in risk management, you’ve got a good head start.
  
  

• Pandemic Preparedness & BCP Department-by-Department Series: COVID-19 & IT
  While IT oversees technology, make sure it’s not working alone when it comes to managing the operational risks of COVID-19. It should be coordinating in efforts with other departments, including human resources, operations/back office, frontline/branch management, compliance, risk, vendor management, and credit/lending, among others.

Want to learn more? 

Register for our upcoming webinar co-presented with ABA, Cyber Risk Management in 2020: What You Need to Know Now to be held on
October 28, 2020 | 2 - 3 PM ET.