by Zach Duke | Oct 10, 2024 | User Access, Community Banking, Cybersecurity, Data Access Governance, FFIEC, Governance, Information Security Governance, IT
The FFIEC has updated their expectations for access management with the Authentication and Access to Financial Institution Services and Systems Guidance. This guidance expands beyond traditional customer authentication and places a significant emphasis on...
by Zach Duke | Sep 26, 2024 | User Access Reporting, Community Banking, Cybersecurity
Managing access to banking systems has become increasingly complex as financial institutions navigate legacy reporting systems, API access, and cloud solutions. These challenges, along with the risks posed by unmanaged systems, emphasize the need for maintaining a...
by Beth Sumner | Sep 12, 2024 | AI, Community Banking, Financial Institutions, IT, IT Security
Several months ago, I wrote a blog on Shadow IT, emphasizing the risks of unapproved software and systems used by employees without the knowledge of the IT department. Shadow IT can lead to significant security vulnerabilities, as it is impossible to protect...
by Zach Duke | Aug 29, 2024 | Uncategorized, Budgeting, Community Banking, Cybersecurity, Information Security, IT
In the current economic environment, community banks face unique challenges such as rate compression, shrinking margins, liquidity and commercial real estate concerns. These factors make the upcoming budgeting season particularly daunting for IT and information...
by Zach Duke | Aug 15, 2024 | User Access, Community Banking, Data, Data Access, Data Access Governance, Data Protection, Financial Institutions, Information Security, User Access Reporting
Preparing for your next examination can feel overwhelming as the regulatory expectations continue to expand. As you gear up for your next regulatory examination (or audit), it is crucial to align with the expectations outlined in the Federal Financial Institutions...
by Beth Sumner | Aug 1, 2024 | Community Banking, Employee, Employee Records, Financial Institutions, Information Security, IT, Risk, Security, Terminated Employees, User Access
When I first entered the banking world, user access reviews were much more straightforward. Spreadsheets were used to capture the basics of who had network and core application access. There was a page in each employee’s file listing the keys and codes they had, and...
