Call (937) 912-9045 | Email Us

CYBERSECURITY & COMPLIANCE
Financial Services
FINANCIAL INSTITUTIONS
Consultants Leading Dayton Area Financial Institutions in Information Security and Cybersecurity
FINANCIAL INSTITUTIONS
Consultants Leading Dayton Area Financial Institutions in Information Security and Cybersecurity
Financial institutions of all sizes continue to be a prime target for cyber-attacks. The financial services sector faces the most complex security requirement standards and the highest data breach cost-per-record. Apart from the immediate financial impact of a data breach recovery, a data breach can extend from brand and reputation damage to loss of revenue, degraded consumer confidence, lower employee morale, and greater regulatory scrutiny.
As the industry advances in technology, social trends, and continues to build consumer trust, we must continue to evolve and adapt with the increasingly complex cyber threats. CISOs and Information Security Officers play a strategic role in providing the knowledge necessary for financial services firms to advance and conduct business efficiently and securely. By developing strong security and risk management programs, financial institutions can continue to innovate, grow, and offer advanced solutions to their membership with confidence. LMS is a Dayton-based consulting firm that will partner with your IT team and provide oversight for senior level executives and Board of Directors.
As the industry advances in technology, social trends, and continues to build consumer trust, we must continue to evolve and adapt with the increasingly complex cyber threats. CISOs and Information Security Officers play a strategic role in providing the knowledge necessary for financial services firms to advance and conduct business efficiently and securely. By developing strong security and risk management programs, financial institutions can continue to innovate, grow, and offer advanced solutions to their membership with confidence. LMS is a Dayton-based consulting firm that will partner with your IT team and provide oversight for senior level executives and Board of Directors.
FINANCIAL INSTITUTIONS
Create A Customized Security Program
FINANCIAL INSTITUTIONS
Create A Customized Security Program
LMS is a Dayton area firm which goes beyond the “check a box” approach to information security compliance standards. Information security is not a “One size fit all” program. As your virtual CISO, LMS navigates the complex industry requirements and develops a customized Information Security Program for your financial institution. LMS guides Ohio credit unions and community banks to achieve higher security standards, stronger security awareness, and a more mature security posture by using a framework consisting of five core functions: Identify, Protect, Detect, Respond, and Recover.
IDENTIFY
The financial institution must develop an understanding of managing cybersecurity risk to systems, data, people, assets, and capabilities. This is done through a series of assessments: FFIEC Cybersecurity Risk Assessment, GLBA Information Security Risk Assessment, and a Business Impact Analysis.
PROTECT
DETECT
RESPOND
RECOVER
Our founding partners bring over 35 years of experience in financial institutions, giving LMS a deep understanding of the industry and uniquely positioning LMS to partner with your financial institution. Our firm has experienced professionals with extensive knowledge in Bank Secrecy Act, FFIEC Cybersecurity Risk Assessments, GLBA Information Security Assessments, Business Impact Analysis, and Information Security Awareness Training for your staff.
FFIEC CYBERSECURITY RISK ASSESSMENT
LMS guides your leadership through an extensive assessment to identify your financial institution’s risk level (footprint) and current maturity level. Then we identify the appropriate maturity level based on industry standards. Once these have been identified, LMS will develop a scheduled plan to elevate your financial institutions maturity level to meet and exceed the industry standard.
GLBA INFORMATION SECURITY RISK ASSESSMENT
LMS partners with your financial institution to walk your leadership through a comprehensive Information Security Risk Assessment, which identifies how your company secures, transmits, and disposes member information.
PHISHING SIMULATION AND SECURITY AWARENESS TRAINING
Phishing is the most common method used by cyber criminals to compromise a company’s system. Simulating these attacks consistently helps train employees how to spot and report phishing attempts. Additionally, security awareness training is critical to protecting your company from sophisticated cyber-attacks. Employees should be able to identify a threat, contain the threat, and report the threat.
LMS believes a security program should be a positive experience for all associates. We properly train your staff to become the “eyes and ears” of your security. With our simulation and training programs we turn a vulnerability into a human firewall.
NEW HIRE AND ANNUAL TRAINING
LMS consultants will provide staff training from frontline to senior management and the Board of Directors as required by regulators. LMS is poised to provide instructor-led classroom training, as well as video and online training. We will assist with the development of a new program or the enhancement of a current program.
When the regulators come to town, we make ourselves available to meet you and help prepare for the visit. We will also meet with the regulators on your behalf if requested.
MEMBER/CUSTOMER INFORMATION SECURITY EDUCATION
Cybersecurity education is something every single individual needs to take seriously. Although most companies offer some kind of information security training for their staff, very few people have access to quality courses that provide up to date information on the latest threats in their day-to-day personal lives.
Help engage, educate, and protect your customers and members from cyber-attacks with our information security awareness content. This program provides monthly, bite-sized video content to keep your viewers up to date on the latest scams and cyber risks so they can better protect their personal information. We provide the content to your company with your brand.
The FTC issued a Safeguards Rule that requires dealers to undertake steps in protecting consumer and personal data. These businesses are held to very similar standards as financial institutions, requiring them to develop, implement, and maintain an information security program with all of the technical and physical safeguards necessary for protecting customer information.
The information security program must be written and designed based on the size and complexity of the business. The FTC breaks down these requirements into nine elements:
DESIGNATE A QUALIFIED INDIVIDUAL TO IMPLEMENT AND SUPERVISE YOUR COMPANY’S PROGRAM
This “Individual” can be someone on staff or a third-party service provider.
CONDUCT A RISK ASSESSMENT
DESIGN AND IMPLEMENT SAFEGUARDS TO CONTROL THE RISKS IDENTIFIED THROUGH YOUR RISK ASSESSMENT
Some safeguards include data encryption, implementing multi-factor authentication, proper disposal of sensitive information, evaluating changes to the information system and controls, and maintaining logs of user activity.
REGULARLY MONITOR AND TEST THE EFFECTIVENESS OF YOUR SAFEGUARDS
Outside of continuous monitoring, these tests include annual penetration testing, vulnerability assessments, and system wide scans.
STAFF TRAINING
A well-trained staff is the number one defense in cybersecurity. Providing employees with ongoing security awareness training will help in spotting risks, multiplying the information security programs effectiveness.
MONITOR YOUR SERVICE PROVIDERS
When selecting service providers, be sure they maintain appropriate safeguards as well.
KEEP YOUR INFORMATION SECURITY PROGRAM CURRENT
CREATE A WRITTEN INCIDENT RESPONSE PLAN
In the event that a cybersecurity incident occurs, the information security program is no good if no one knows the steps to take after an incident. Having a written plan, along with frequent testing of that plan, can drastically reduce the impact from an incident.
REQUIRE YOUR QUALIFIED INDIVIDUAL TO REPORT TO YOUR BOARD OF DIRECTORS
LMS has a strong history in assisting businesses within the financial services industry with the implementation of programs that cover all required areas. We realize that there is no one-size fits all program that will work for every dealership, that’s why the LMS approach is unique in designing customized packages that fit your business needs.
COMMON QUESTIONS RELATED TO FINANCIAL INSTITUTION CYBERSECURITY
WHAT ARE CREDIT UNION CYBERSECURITY REQUIREMENTS IN DAYTON AND OTHER OHIO AREAS?
Industry requirements typically depend on the asset-size of your financial institution. NCUA, FDIC, and other regulators are increasing compliance mandates for small and medium-sized financial institutions. This means that credit unions in Dayton, as well as other Midwest areas, should expect to see some of the following requirements:
- FFIEC Cybersecurity Risk Assessment
- GLBA Information Security Risk Assessment
- Business Impact Analysis
- Business Continuity Planning
- Security awareness training for employees, board of directors, and membership
SHOULD MY DAYTON-BASED CREDIT UNION HIRE A CISO?
Whether your organization is based in Dayton, other Ohio areas, or anywhere in the Midwest, a Chief Information Security Officer (CISO) can be critical in helping your financial institution develop an Information Security Program and maintain a strong security posture. Many companies have discovered a virtual CISO (vCISO) to be an effective and cost-efficient way to achieve their goals. A vCISO will perform many of the same functions at a fraction of the cost.
CISO Services should include:
- Security Plan and Risk Assessment Framework
- Governance and Board Strategy Development
- Corrective Action Plan Development and Execution Strategies
- Compliance Audit Guidance and Assistance
- Policy Development
- Security Awareness Program Development
- Social Engineering
- Incident Response Plan Development
- Business Continuity Planning
- Vulnerability Assessment and Penetration Testing
HOW MUCH DOES A CISO COST IN DAYTON, OH?
A Chief Information Security Officer (CISO) earns an average estimated salary ranging from $120,000 – $250,000 annually. This investment may be too much for a small to medium-sized company to handle. Many Dayton-based companies have discovered a virtual CISO (vCISO) to be an effective and cost-efficient way to achieve their goals. A vCISO will perform many of the same functions at a fraction of the cost.
IS MY MIDWEST COMPANY TOO SMALL TO BE ATTACKED?
HOW DO I STOP PHISHING?
Phishing is the most common method of cyber-attacks. The most common delivery method is through email. These attempts are becoming sophisticated and clever, making detection increasingly difficult for the average employee and/or member. While you cannot stop all phishing attempts, the following items can significantly reduce the risk of a data breach due to a phishing attempt:
- Email Filtering – Many of the top-recommended filtering software programs will block most spam emails. While this is necessary, it may also create a false sense of security since these phishing attempts are increasing in sophistication.
- Website Filtering – Companies should have filters setup to prohibit their users from navigating to potentially malicious websites. These websites may contain malware that can be downloaded onto your employee’s devices.
- Phishing Simulation – Building a strong security awareness culture is much like building a muscle. With routine simulation and training, your staff will build these security “muscles”, which helps detect any attempts not stopped by software filters.
- Security Awareness Training – Security awareness training can improve your staff and make them your “eyes and ears” for cyber-defense. Strong security awareness programs help turn your staff into a human firewall. They should understand how to detect phishing attempts (whether from email, phone, or text), in-person masquerading by social engineers, USB drop attempts, etc.
When are Dayton area dealers required to comply with the FTC Safeguards Rule?
Which dealerships in the Dayton area are required to comply with the FTC Safeguards Rule?
The FTC amended the rule in 2021 to include finders as an example of a financial institution, which are companies that bring buyers and sellers together and assist with negotiating and consummating the transaction, bringing the majority of dealerships into this category. The only exemption would be those that “maintain customer information concerning fewer than five thousand consumers.”

LeBrun Management Solutions, LLC
3572 Dayton Xenia Road, Suite 210
Beavercreek, Ohio 45432
Phone (937) 912-9045
Email info@lmsolutionsllc.com
Website https://lmsolutionsllc.com
In addition to Dayton, we also serve those in Kettering, Centerville, Englewood, Huber Heights, Springboro, Columbus, Cincinnati, and other Ohio areas as well as Indiana and Kentucky.

FINANCIAL INSTITUTIONS
Dayton Based Cybersecurity Consultants with Financial Institution Experience