Providing HIPAA compliance auditors with complete documentation of every aspect of your privacy and security strategy, along with evidence of corrective action taken to mitigate risks, is essential, says consultant Cliff Baker.
A new social-media-management tool provided by the ICBA aims to help community banks monitor social media communications, streamlining posts and comments that appear about banks on and through a number of channels.
"What banks need to be aware of is that much of this fraud is occurring on the consumer and business-customer side, and not all of them will invest in technology that catches these attacks," says Phil Blank of Javelin Strategy & Research.
New York State Office of Cybersecurity Director Tom Smith says an information asset classification policy implemented by his office is helping agencies identify their critical data and apply appropriate controls to protect it.
Philip Reitinger's appointment as Sony's first chief information security officer comes more than four months after a massive breach of Sony's PlayStation gaming system that exposed the personal identifiable information of some 77 million customers.
Ohio is relatively new to enterprise information security, and according to David Shaw, the state's chief information security officer, there is still much to do to ensure that all the agencies' critical infrastructure is protected.
According to the Pasco County, Fla., Sheriff's Dept., at least 44 customers were defrauded of thousands of dollars, after their cards were skimmed at two walk-up ATMs at area banks, including Bank of America.
A new California law requires that organizations experiencing a data breach provide more detailed information to the individuals affected. The law, which covers breaches involving financial, healthcare and other personal information, goes into effect Jan. 1.
In an ironic twist, a new phishing scheme, purporting to be from the Federal Deposit Insurance Corp., actually claims to offer assistance with ACH and wire fraud, but instead delivers malware that could enable fraud.
More pressure from the FFIEC to increase online security authentication practices can be leveraged with interchange incentives being offered by the Fed for debit- fraud-prevention investments mandated by the Durbin amendment, and institutions should take advantage.
"If [employees] aren't being treated right and they don't think leaders at the bank are running the bank correctly, they can rationalize committing fraud," says banking/security expert George Tubin on the risk of insider crimes.