Webinars

Date: Wednesday, April 24, 2019
Time: 2:00-3:00 PM CDT
Complimentary webinar series. 
Time not work for you? That's ok! All registrants will receive a recording of the webinar.

Description: Cybercriminals and software companies are in a race to the finish line - finding a vulnerability - with very different ideas of what winning the race means. Software companies are looking to cross the finish line first by identifying a vulnerability and releasing a patch to protect against an exploit. While the criminal is looking to "win" by exploiting any unpatched systems. As a result, we are seeing more organizations of all shapes and sizes looking to implement a more robust scanning program to identify any unpatched vulnerabilities and protect the integrity of their network.
 
Join SBS as we discuss the answers to your common vulnerability assessment questions and offer guidance on what you can do with your program.

 

Complete this form to register:

 

Trouble viewing the form? Register at https://attendee.gotowebinar.com/register/2239647309433797644.

Date: Wednesday, April 17, 2019
Time: 2:00-3:00 PM CDT
Complimentary webinar series. 
Time not work for you? That's ok! All registrants will receive a recording of the webinar.

Description: You asked for it.  You got it!  Join us as we host a second session on SOC 2 reporting.  We will take a deeper dive into the challenges of completing a SOC 2 review.

 

Complete this form to register:

Trouble viewing the form? Register at https://attendee.gotowebinar.com/register/3637371779437645581

Join us as we discuss the struggles that organizations have when dealing with SOC 2 reporting. We will review what a SOC 2 report entails, why they are important, tips on going through the review process, and how to read and document responses. Registrants will also receive a SOC 2 questionnaire.

Business email compromise (BEC) is a scam where an attacker sends an email that appears to be from an executive in an attempt to trick recipients into clicking a malicious link, sharing sensitive information, or even sending money directly to the attacker. The FBI recently warned that this type of attack has cost U.S. businesses more than $1.6 billion in losses over the past six years. In 2018 we saw BEC become one of the leading attack types, mainly because of how difficult it is to detect.

Join SBS as we discuss common BEC attacks, tips to tell your customers, and simple steps in an initial  BEC investigation.

The “Gramm-Leach Bliley Act” (GLBA), also known as the Financial Services Modernization Act of 1999, mandates that financial institutions protect the confidentiality and security customer personally identifiable financial information.  Communicating to the Board of Directors what was truly accomplished during the past year in an annual state-of-information-security report allows them to understand and approve how the organization is complying with GLBA. Creating a repeatable, specific GLBA report template will improve the efficiency of the reporting process and relieve some of the stress of aggregating all the data needed for a comprehensive report. 
 

Join SBS as we outline a comprehensive and repeatable template that can be used to build your own annual GLBA report. We will walk through the essential report components and troubleshoot common issues.

The FSSCC has released a new cybersecurity framework called the “Cybersecurity Profile.” The Profile is a standards-based tool to help guide financial services institutions in developing and maintaining a cybersecurity risk management program.  The new framework option has people asking a lot of questions:

• How is it different than the Cybersecurity Assessment Tool?
• Will it be used by US regulators?
• Is it more efficient than the other frameworks on the market today?

Join SBS as we review the framework and provide answers to these and other common questions.

With the new year quickly approaching, it's time to start looking forward to what will be coming our way in the world of cybersecurity. Join SBS as we countdown the top cybersecurity trends to watch in 2019.

While most horror stories are works of fiction designed to keep you up at night, the horror stories we will be sharing are real-life cybersecurity events with outcomes that will haunt your dreams if you aren't properly prepared. Join SBS, if you dare, as we wander deep into the dark and scary corners of cybersecurity, full of data loss, reputational damage, business closing, and financial devastation. We will share a variety of cybersecurity horror stories and what could have been done to prevent the unfortunate outcomes. 

We are bringing it back!  Last year, as part of our celebration of National Cybersecurity Awareness Month, SBS hosted a special Hacker Hour that featured a virtual security awareness round table.  We focused the discussion on building a stronger security culture in your organization. In the end, over 300 registrants shared ideas that we put into a free downloadable guide called "34 Unique Ideas to Create a Culture of Cybersecurity."

We would like to invite you to join us for this open discussion as we discover new security awareness ideas and techniques that are helping organizations create a stronger security culture.  An updated download documenting the 2018 ideas for creating a culture of cybersecurity will be shared following the webinar.

A Business Impact Analysis (BIA) is the first and most important step to creating an effective Business Continuity Plan, yet many organizations skip or skim through it. Join SBS as we examine the essential components of a simple, but powerful, BIA and discuss how your table top testing program can be used to verify that your BIA is sufficient.

The heavy adoption of the FFIEC CAT Tool, the release of the INTREX examination procedures, and the unrelenting focus on cybersecurity have caused financial institutions to be a little more anxious about their upcoming IT examinations. 

Fortunately, SBS works with institutions in nearly every state, so we have seen a very wide, but consistent, set of examination findings that your financial institution should know about.

Join this webinar as we discuss our experience and share some ideas of what you can do to better position your institution for a successful IT examination.

Every year SBS send its finest to Las Vegas to the annual DEF CON convention, which is one of the oldest and largest hacker conventions around. These annual conferences feature presentations by leading ethical hackers, FBI, and NSA agents. Join this special edition hacker hour as we discuss what we experienced at 2018 DEF CON, and what could impact you in the near future.

Topics will include:
- Kids hacking voting machines
- Social engineering village
- New way of accessing online banking data using OFX 
- Bypassing two-factor authentication by hacking voicemail
- NSA warnings

According to our research, the development of a Data Flow Diagram (DFD) is one of the most commonly missed baseline statements in the FFIEC Cybersecurity Assessment Tool. Many organizations struggle to find the value in a DFD and have a hard time getting started.

Join SBS as we discuss the guidance around DFDs and walk through examples of how you can create a DFD for your organization - and get value from it.

NOTE: Unfortunately, we had technical difficulty with the video recording of the live Hacker Hour. A CyberByte video of the topic was recorded in its place.

Research shows that 96% of the internet is not accessible by search engines like Google or Yahoo, and that number is growing at a much faster rate than the surface web. What does that mean for us? 

Join SBS as we get caught up with what is going on in the dark web. We will discuss how the dark web started, who uses it, and why everyone should be aware of what's lurking in it.

It has been seven years since the term "Corporate Account Take Over" or CATO took the industry by surprise and challenged financial institutions to do more to help secure their small business customers. Is CATO still happening today? You bet it is. 

Join SBS as we review guidance centered on CATO and walk through recent types of CATO that are challenging financial institutions.

According to the latest Verizon Data Breach Report, there were over 53,000 security incidents and 2,200 registered data breaches in 2017, which is an increase of about 20% from the year prior.

The increased probability of your organization experiencing a cyber incident enhances the need to create and maintain an incident response plan that can detect, contain, and eliminate the issue, then fully recover business operations. All while minimizing the overall reputational and financial damage to the company.

Join SBS for this free webinar in which we will discuss best practices to write and test your incident response plan.  We will also walk through some common scenarios that should be considered in your plan.

Regulators have made it clear that cybersecurity risk management and oversight is ultimately the responsibility of the Board of Directors. In theory, it makes sense for the board to be interested and engaged in what is going on in cybersecurity, however, that is not the case in some situations. 

For this Hacker Hour, we went straight to the source. We asked a selection of past Hacker Hour attendees to share the most common issues they struggle with when communicating cybersecurity needs to their Board. The responses fell into three main categories: 

• Frequency of FFIEC Cybersecurity Assessment completion and utilization of risk assessment data. 
• Information that should be provided to the Board on a consistent basis. 
• Tips for engaging and educating the Board. 

Join this month's Hacker Hour as we discuss how to boost cybersecurity from its hiding spot in the basement to a consistent topic in the boardroom.

Join us to review the proposed changes to the safeguard controls, scope of covered entities, how you can make comments on the proposed changes, and insight into the impacts on our banks, critical vendors, and business in our communities.

In recent years, financial institutions have seen a significant amount of new guidance on third party risk management and new terms coined such as Fourth Party Management. We will explore best practices for Vendor Management, Third Party Risk Management, Fourth Party Management and Customer Risk Management.

In addition to the guidance, we will explore applied risk management concepts for mobile banking solutions. Focus will include Mobile Risk Assessments, integration into Information Security Programs, Third Party Risk Management, and effective IT Auditing.

This discussion will overview different types of incidents that are more frequent for financial institutions and illustrate how to prepare for them.

Join us in this discussion to learn about trending issues with ransomware and best practices to prepare for an attack.

This discussion will highlight the advancements in cybercrime and social engineering that are targeting our people resources. Best practices will be discussed for processes necessary to improve the weakest links in our institutions.

In this presentation, we will review both FFIEC CAT and InTREx processes; best practices using each, comparison of their differences, and how to leverage them together.

Join this session to see how the risk assessment process can not only be useful for conducting an organization-wide assessment for cybersecurity, but for many other aspects of information security risks.

Our upcoming webinar is a quick, no obligation way to learn more about our Certified Banking Security Manager course and the many benefits of certification to you and your institution. See why so many banking professionals rely on SBS Institute for their security training and education.

Explore traditional ways education has been deployed and look to improve those processes with more advanced and effective methods of patching our people. We will also look at best practices for addressing similar issues with business customers and highlight common educational practices.

A solid understanding of all the cybersecurity-related guidance released by FFIEC is key in ensuring all aspects of cybersecurity compliance are being addressed at your institution.

The FFIEC Cybersecurity Assessment guidance has introduced a new term for our risk management practice: External Dependency Management. We will explore this new term in our guidance and better understand the requirements provided.

This discussion demonstrates a practical approach to business continuity and disaster recovery that builds upon your IT risk assessment.

Your information security program can be more than a document created for compliance. We will help develop a program that provides your institution with clear direction and guidance that meets and exceeds regulatory expectations while addressing real-world risks.

FFIEC Cybersecurity Assessments Tool encourages financial institutions to expand questioning around third party risk management practices and suggests more rigorous oversight. This webinar will explore best practices for Vendor Management, Third Party Risk Management, and Customer Risk Management.

Demos are held on Thursday of each week. You can pick a date that works for you upon registering. Join this webinar to discover the power of TRAC and easily create your company's detailed IT risk assessment. Develop your inherent risk, residual risk, and future risk scores that help make sound business decisions.

Demos are held on Thursday of each week. You can pick a date that works for you upon registering. Join this webinar to discover the power of TRAC and how it centralizes and manages all of your vendor relationships. We will walk through the risk assessment and selection process, and discuss how TRAC can instantly improves your ability to manage vendors.

Demos are held on Wednesday of each week. You can pick a date that works for you upon registering. Join this webinar to view a demo of the software and learn how SBS can partner with you to create a stronger security awareness program.