CYBERSECURITY & COMPLIANCE

Financial Institutions

U

FINANCIAL INSTITUTIONS

Consultants Leading Dayton Area Financial Institutions in Information Security and Cybersecurity

FINANCIAL INSTITUTIONS

Consultants Leading Dayton Area Financial Institutions in Information Security and Cybersecurity

IT specialist reviewing data for security in Dayton OhioFinancial institutions of all sizes continue to be a prime target for cyber-attacks. The financial services sector faces the most complex security requirement standards and the highest data breach cost-per-record. Apart from the immediate financial impact of a data breach recovery, a data breach can extend from brand and reputation damage to loss of revenue, degraded consumer confidence, lower employee morale, and greater regulatory scrutiny.

As the industry advances in technology, social trends, and continues to build consumer trust, we must continue to evolve and adapt with the increasingly complex cyber threats. CISOs and Information Security Officers play a strategic role in providing the knowledge necessary for financial services firms to advance and conduct business efficiently and securely. By developing strong security and risk management programs, financial institutions can continue to innovate, grow, and offer advanced solutions to their membership with confidence. LMS is a Dayton-based consulting firm that will partner with your IT team and provide oversight for senior level executives and Board of Directors.

Financial institutions of all sizes continue to be a prime target for cyber-attacks. The financial services sector faces the most complex security requirement standards and the highest data breach cost-per-record. Apart from the immediate financial impact of a data breach recovery, a data breach can extend from brand and reputation damage to loss of revenue, degraded consumer confidence, lower employee morale, and greater regulatory scrutiny.

IT specialist reviewing data for security in Dayton Ohio

As the industry advances in technology, social trends, and continues to build consumer trust, we must continue to evolve and adapt with the increasingly complex cyber threats. CISOs and Information Security Officers play a strategic role in providing the knowledge necessary for financial services firms to advance and conduct business efficiently and securely. By developing strong security and risk management programs, financial institutions can continue to innovate, grow, and offer advanced solutions to their membership with confidence. LMS is a Dayton-based consulting firm that will partner with your IT team and provide oversight for senior level executives and Board of Directors.

FINANCIAL INSTITUTIONS

Create A Customized Security Program

FINANCIAL INSTITUTIONS

Create A Customized Security Program

LMS Consulting is a Dayton area firm which goes beyond the “check a box” approach to information security compliance standards. Information security is not a “One size fit all” program. As your virtual CISO, LMS navigates the complex industry requirements and develops a customized Information Security Program for your financial institution. LMS guides Ohio credit unions and community banks to achieve higher security standards, stronger security awareness, and a more mature security posture by using a framework consisting of five core functions: Identify, Protect, Detect, Respond, and Recover.

IDENTIFY

The financial institution must develop an understanding of managing cybersecurity risk to systems, data, people, assets, and capabilities. This is done through a series of assessments: FFIEC Cybersecurity Risk Assessment, GLBA Information Security Risk Assessment, and a Business Impact Analysis.

PROTECT

The financial institution must then outline the appropriate safeguards and protocols to protect all items identified. This may consist of access control changes, security awareness training, and/or adoption of policies and procedures.
U

DETECT

The financial institution must have a way of detecting potential security incidents. Monitoring software, policies and procedures are necessary to quickly identify any new threats posed to the financial institution.

RESPOND

The financial institution must develop an Incident Response Plan. This consists of plans for communication measures, system forensic analysis, mitigation actions, and incorporating future improvements.

RECOVER

A strong recovery plan supports timely recovery to normal operations to reduce the impact from a cybersecurity incident. The plan should consist of actions necessary to maintain resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.

FINANCIAL INSTITUTIONS

Dayton Based Cybersecurity Consultants with Financial Institution Experience

FINANCIAL INSTITUTIONS

Dayton Based Cybersecurity Consultants with Financial Institution Experience

Our founding partners bring over 35 years of experience in financial institutions, giving LMS a deep understanding of the industry and uniquely positioning LMS to partner with your financial institution. Our firm has experienced professionals with extensive knowledge in Bank Secrecy Act, FFIEC Cybersecurity Risk Assessments, GLBA Information Security Assessments, Business Impact Analysis, and Information Security Awareness Training for your staff.

FFIEC CYBERSECURITY RISK ASSESSMENT

A cybersecurity risk assessment is critical to helping your company identify, manage, and safeguard data and information. The Federal Financial Institutions Examination Council (FFIEC) has developed a framework called the FFIEC Cybersecurity Assessment Tool (CAT) which is designed specifically for financial institutions. This framework helps companies identify their risk level and determine their current maturity level.

LMS Consulting guides your leadership through an extensive assessment to identify your financial institution’s risk level (footprint) and current maturity level. Then we identify the appropriate maturity level based on industry standards. Once these have been identified, LMS Consulting will develop a scheduled plan to elevate your financial institutions maturity level to meet and exceed the industry standard.

GLBA INFORMATION SECURITY RISK ASSESSMENT

The Gramm Leach Bliley Act is a United States federal law requiring financial institutions to explain how they protect and share their member’s private information. In 2001, the GLBA Act (Section 501(b)) began requiring financial institutions to establish “standards for protecting the security and confidentiality of financial institution customers’ non-public personal information”.

LMS Consulting partners with your financial institution to walk your leadership through a comprehensive Information Security Risk Assessment, which identifies how your company secures, transmits, and disposes member information.

PHISHING SIMULATION AND SECURITY AWARENESS TRAINING

Phishing is the most common method used by cyber criminals to compromise a company’s system. Simulating these attacks consistently helps train employees how to spot and report phishing attempts. Additionally, security awareness training is critical to protecting your company from sophisticated cyber-attacks. Employees should be able to identify a threat, contain the threat, and report the threat.

LMS Consulting believes a security program should be a positive experience for all associates. We properly train your staff to become the “eyes and ears” of your security. With our simulation and training programs we turn a vulnerability into a human firewall.

CULTURE OF COMPLIANCE PROGRAM

Financial institutions are utilized constantly by criminals as a way to make their illegal funds appear legal. Over the past 50 years, Congress passed laws through the Bank Secrecy Act, impacting the way financial institutions detect and report this type of criminal activity. Non-compliance with these laws can result in penalties and/or fines for the financial institution. In recent years, it has become critical for a financial institution to create a “Culture of Compliance”.

Compliance is said to be just as important as revenue and thus should not be compromised. Having a strong compliance program will save a financial institution from the economic and social consequences of money laundering.
With over 35 years of experience in the financial sector, the CAMS certified consultant at LeBrun Management Solutions, LLC. (LMS) will help your financial institution develop its own Culture of Compliance. We will assist in the preparation of policies, procedures, and controls for an Anti-Money Laundering (AML) Program.

NEW HIRE AND ANNUAL TRAINING

LMS consultants will provide staff training from frontline to senior management and the Board of Directors as required by regulators. LMS is poised to provide instructor-led classroom training, as well as video and online training. We will assist with the development of a new program or the enhancement of a current program.

When the regulators come to town, we make ourselves available to meet you and help prepare for the visit. We will also meet with the regulators on your behalf if requested.

LMS is a Dayton-based firm that is highly experienced and ready to partner with you. Call or email us today for a free consultation.

WHAT ARE CREDIT UNION CYBERSECURITY REQUIREMENTS IN DAYTON AND OTHER OHIO AREAS?

Industry requirements typically depend on the asset-size of your financial institution. NCUA, FDIC, and other regulators are increasing compliance mandates for small and medium-sized financial institutions. This means that credit unions in Dayton, as well as other Midwest areas, should expect to see some of the following requirements:

  • FFIEC Cybersecurity Risk Assessment
  • GLBA Information Security Risk Assessment
  • Business Impact Analysis
  • Business Continuity Planning
  • Security awareness training for employees, board of directors, and membership

SHOULD MY DAYTON-BASED CREDIT UNION HIRE A CISO?

Whether your organization is based in Dayton, other Ohio areas, or anywhere in the Midwest, a Chief Information Security Officer (CISO) can be critical in helping your financial institution develop an Information Security Program and maintain a strong security posture. Many companies have discovered a virtual CISO (vCISO) to be an effective and cost-efficient way to achieve their goals. A vCISO will perform many of the same functions at a fraction of the cost.

CISO Services should include:

  • Security Plan and Risk Assessment Framework 
  • Governance and Board Strategy Development
  • Corrective Action Plan Development and Execution Strategies
  • Compliance Audit Guidance and Assistance
  • Policy Development
  • Security Awareness Program Development
  • Social Engineering
  • Incident Response Plan Development
  • Business Continuity Planning
  • Vulnerability Assessment and Penetration Testing

HOW MUCH DOES A CISO COST IN DAYTON, OH?

A Chief Information Security Officer (CISO) earns an average estimated salary ranging from $120,000 – $250,000 annually. This investment may be too much for a small to medium-sized company to handle. Many Dayton-based companies have discovered a virtual CISO (vCISO) to be an effective and cost-efficient way to achieve their goals. A vCISO will perform many of the same functions at a fraction of the cost.

IS MY MIDWEST COMPANY TOO SMALL TO BE ATTACKED?

According to a 2018 Verizon Data Breach Investigations Report, 58% of cyber-attack victims were small businesses. While all companies are susceptible to a cyber-attack, small businesses often have a more difficult time recovering from such an attack. Therefore, it is increasingly important for small businesses to develop strong Information Security Programs to protect their data.

HOW DO I STOP PHISHING?

Phishing is the most common method of cyber-attacks. The most common delivery method is through email. These attempts are becoming sophisticated and clever, making detection increasingly difficult for the average employee and/or member.  While you cannot stop all phishing attempts, the following items can significantly reduce the risk of a data breach due to a phishing attempt:

  • Email Filtering – Many of the top-recommended filtering software programs will block most spam emails. While this is necessary, it may also create a false sense of security since these phishing attempts are increasing in sophistication.  
  • Website Filtering – Companies should have filters setup to prohibit their users from navigating to potentially malicious websites. These websites may contain malware that can be downloaded onto your employee’s devices.
  • Phishing Simulation – Building a strong security awareness culture is much like building a muscle. With routine simulation and training, your staff will build these security “muscles”, which helps detect any attempts not stopped by software filters. 
  • Security Awareness Training – Security awareness training can improve your staff and make them your “eyes and ears” for cyber-defense. Strong security awareness programs help turn your staff into a human firewall. They should understand how to detect phishing attempts (whether from email, phone, or text), in-person masquerading by social engineers, USB drop attempts, etc.

WHAT IS BSA AML COMPLIANCE?

A BSA compliance job involves assisting and supporting management and coordination of the AML/BSA/OFAC compliance functions corporate wide. A BSA compliance person will direct work efforts to ensure that applicable programs, policies and procedures of the corporation and affiliates comply with BSA/AML/OFAC laws and regulations.

WHAT IS THE PURPOSE OF THE BANK SECRECY ACT?

Its creation was to prevent financial institutions from being used as tools by the criminals to hide or launder their ill-gotten gains.

HOW ARE DAYTON FINANCIAL INSTITUTIONS USED FOR MONEY LAUNDERING?

The illegal funds are usually placed into a financial institution in order to layer those funds into different products offered by the financial institution to hide their original source. Then the funds appear to be legitimate when they are withdrawn from the financial institution. This is true whether you are based in Dayton, Midwest, or anywhere around the country.

WHAT MAKES A GOOD COMPLIANCE PROGRAM?

There are 5 pillars to a good compliance program:

  1. System of internal policies, procedures, and controls
  2. A designated compliance officers
  3. Ongoing employee training
  4. Independent audit function
  5. Customer Due Diligence

HOW DO YOU DEVELOP COMPLIANCE CULTURE?

There are 6 steps to develop a compliance culture:

  1. Leadership must understand and support compliance efforts
  2. Compliance efforts must not be compromised by revenue
  3. All departments must share information with compliance
  4. Compliance department must have adequate resources
  5. Must do independent testing of compliance program by third party
  6. Staff must be trained to understand the purpose of compliance and how suspicious transaction reporting is used

WHO IS RESPONSIBLE FOR COMPLIANCE IN A DAYTON-BASED ORGANIZATION?

The ultimate responsibility for the Bank Secrecy Act (BSA) compliance is with the Board of Directors.

WHAT IS THE DIFFERENCE BETWEEN TERRORIST FINANCING AND MONEY LAUNDERING?

Terrorist financing uses funds for an illegal political purpose, but the money is not necessarily derived from illicit proceeds. Money laundering always involves the proceeds of illegal activity. The purpose of laundering is to enable the money to be “cleaned” and used legally.

WHO IS FINCEN AND WHAT DO THEY DO?

FinCEN stands for Financial Crimes Enforcement Network and they are the U.S. Treasury Bureau in charge of managing the Bank Secrecy Act.

WHAT IS AN FIU?

A Financial Intelligence Unit. It is FinCEN for the United States. Their job is to receive suspicious transaction reports from financial institutions, analyze those reports and disseminate the findings to law enforcement and other foreign FIU to fight money laundering.

WHO IS OFAC AND WHAT DO THEY DO?

Office of Foreign Asset Control. They administer and enforce economic and trade sanctions based on US foreign policy and national security goals against targeted foreign countries, terrorists, international narcotics traffickers, and those engaged in activities related to the proliferation of weapons of mass destruction.

WHO IS FATF AND WHAT DO THEY DO?

Financial Action Task Force. They provide anti-money laundering guidance to governmental bodies around the globe. Best known for their 40 Recommendations. There are 9 FAFT style regional bodies in the world.



LeBrun Management Solutions, LLC
3562 Dayton Xenia Rd
Beavercreek, Ohio 45432

Phone (937) 912-9045
Email info@lmsolutionsllc.com
Website
In addition to Dayton, we also serve those in Kettering, Centerville, Englewood, Huber Heights, Springboro, Columbus, Cincinnati, and other Ohio areas as well as Indiana and Kentucky.


LeBrun Management Solutions, LLC, Aerospace Industry, Beavercreek, OH
© 2020 LMS Consulting | Powered by Modern Website Design
css.php