The recent hack of the Colonial Pipeline – which stretches 5,500 miles from Texas to New York – has brought to light once again the vulnerability of many of our systems to international hackers. In this instance, a group called DarkSide claimed responsibility for the attack using ransomware to steal a large amount of data and hold the entire pipeline hostage. This hacking event drew international attention because of the potential risk of the entire eastern seaboard going without gasoline. Eventually, the company that operates the pipeline paid the ransom and the pipeline began to flow again at a cost of $4.4 million.
The Chairman of the Federal Reserve, Jerome Powell issued a warning that banks may also be at risk from attacks like these. Realistically, banks have always been targets of hacking, but many are just now realizing that it is up to them to take necessary steps to protect their business and their clients.
Often bank leaders make the false assumption that only very large banks and businesses are targets of hacking events like these. Over the years we’ve heard of companies like Costco, Exxon, Apple, Amazon being hacked. As well as financial institutions like JP Morgan, Equifax, and more. However, we know that all financial institutions risk becoming vulnerable to cybercriminals, regardless of our size, as we move into an infinitely more digital world.
As the leader of a community bank, digital security is one of my utmost concerns. We are regularly investing in systems that enable us to take better care of our customers’ money. In addition to security systems that prevent hacking, some important internal processes can help.
No one wants to think that someone they hired and who they work with every day might be putting their organization at risk to hackers. Even well-intentioned employees with no malicious intent can impact the security of your company’s data. It’s important to monitor employee network access at all times. Not everyone at your bank needs access to the same level of information, and by limiting access you minimize your risk.
No matter what kind of business you run, if you store important personal information digitally you should have an outside company review your digital security. This process may take place quarterly, or possibly even more frequently depending upon your business. Outside digital security auditing firms are specially prepared to find the greatest risks to your business and your customers that exist within your system. Don’t leave this important work exclusively to internal monitoring systems.
As they say, when you know better you do better. In my experience as a leader in the community banking world, I’ve seen firsthand that there is no such thing as too much training. Your employees want to do their best, and it’s up to the leaders of your organization to invest in training to provide them with the resources that they need. Ongoing security training is a must-have for any organization that is working to be more proactive against future hacking risks.
We’re being warned that banks might be next when it comes to these dangerous hacking attacks, but as the leader of a bank, I can tell you this risk is nothing new. Most often these attacks take place against large international banking organizations, but we community banks mustn’t ever rest on our laurels. Let’s do our due diligence today to keep our clients safe before the hackers come calling.
