Webinars

Hacker Hour: Common Questions About Business Continuity Planning
Description: A business continuity plan is a strategic collection of documents, procedures, and other information that prepares a business for interruptions that arise from unexpected events or situations. Join SBS as we address the most common questions/issues that arise when creating and maintaining a strong business continuity plan.

Hacker Hour: Remote Work Security Assessment
Description: Remote work has been a trend in the workforce for years, but the COVID-19 pandemic reignited the growth and adoption of remote workers.  Organizations around the globe implemented a variety of innovative solutions to continue to serve customers and allow employees to work from home.  Unfortunately, organizations had to react quickly and skip certain security steps to make sure the business was able to operate. 

Join SBS as we discuss the most common steps that were missed and how you can ensure that your business has a handle on the security of remote work.  We will cover risk assessment, policy/programs, remote access testing, and more.

The COVID-19 pandemic has caused abrupt changes in operations for organizations around the world. The result has been the implementation of a variety of innovative solutions to continue to serve customers and allow employees to work from home. Collaborate with SBS and your peers for an interactive round table discussion focused on sharing innovative ideas and ways of leveraging technology that has kept our businesses running in a mostly virtual world. 

Cyber insurance has become a common risk mitigation strategy to lessen the financial impact of a cyber incident. However, it's not until an incident happens that we really think about the type of coverage we carry and how it affects our ability to recover.  Join SBS and Dickinson Law as we discuss common questions and issues that arise during an incident as well as what information you should know about your policy to quickly take action. Additionally, we will review a couple of case studies that cover real-world scenarios that will arm your institution against the next incident.

Hacker Hour: Understanding Office 365 Security
Cohosts: Tyler Gross and Dylan Kreutzfeldt
Complimentary webinar series.

Description: According to Forbes.com, over 50% of companies have deployed a cloud solution such as Microsoft Office 365. That number is looking to surpass 70% in the next few years. When deploying Office 365 or other cloud solutions in your environment, it is important to understand the security and advanced tools that can be used to reduce risk in the organization.  

Join SBS as we discuss how you can:

•  Capture Office 365 or cloud solution in your risk assessment
• Address Office 365 in vendor management
• Identify and implement basic services that can impact security
• Understand how to audit the security controls

As expected, 2019 challenged security professionals to define and mature their security programs to protect their organizations from the changing threat landscapes. A good practice for any organization is to conduct periodic IT audits or exams to ensure that security teams are evaluating the company's program and enhancing insight into where the business can improve on security posture.

Join SBS as we reflect back on the some of the most impactful and valuable audit findings of 2019, and discuss what you can be looking for in your next IT audit or exam.

Description: An IT strategic plan defines how an organization will leverage technology to grow their business.  Inherently, it is supposed to serve as the company's north star when making IT and security decisions, but many times it sits on a shelf waiting to be updated.  

Join SBS as we discuss how the IT strategic plan can become the driving force for your information security program and IT strategic decisions.

Audio only.

Earlier this year the Department of Homeland Security issued a warning about the growing number of cyber attacks targeted at managed service providers (MSP) and other IT services providers. Criminals target MSPs because they can get more bang for their buck. By breaching a single MSP system they can potentially gain access to all of the networks the MSP services. 

Join SBS as we discuss the benefits and risks associated with MSP and MSSP relationships.  We will highlight specific steps to take to understand and mitigate risk with your MSP relationships.  We will also walk through what to look for when selecting a new MSP.
 

Servers and domain-administrator user accounts are some of our most critical assets to secure on your network. Through Active Directory (AD) tiering and the use of Privileged Access Workstations, organizations can create a network where access is allowed on an “as-needed” basis.

Join us and learn more about what AD tiering is, how separating critical and non-critical assets through Active Directory can protect information, and how, when coupled with other controls, it can help secure your network from a wide array of threats.

 

Cohost: Jon Waldman, Co-Founder and Executive Vice President, IS Consulting - SBS CyberSecurity
Description: We would like to invite you to join SBS in celebrating National Cybersecurity Awareness Month with a security awareness round table. We will have an open discussion focused on building a stronger security culture for your entire organization - from your Board of Directors and employees to your customers. 

Join us as we share new cybersecurity awareness ideas and techniques that organizations have implemented to support their security culture.  An updated "Unique  Ideas to Create a Culture of Cybersecurity" download documenting the 2019 ideas will be shared following the webinar.

Request Password | View Webinar

 

Vendor management is one of the most critical components of an effective Information Security Program.  It is also the most challenging for organizations to manage effectively. From the amount of time and energy it entails and knowing which questions to ask, there’s a lot to sift through.  Conducting a vendor risk assessment sets the foundation of a well-managed program, however, this step often gets skipped.

Join SBS as we dive into conducting vendor risk assessment and classification, and discuss how these activities drive the overall effectiveness of your third party vendor program.

Cohost: Buzz Hillestad, SVP Information Security Consultant - SBS CyberSecurity
Description: Cybercriminals are using ransomware attacks to shut down government entities, businesses, and financial institutions all over the world.  Variants of the BitPaymer ransomware attack have emerged as a real threat that are hitting close to a business near you. 

Join SBS as we examine BitPaymer and other attack types that your organization should be aware of.  We will dissect current attack events and what you can do to prevent, detect, or recover from an attack.

The past 5-10 years have brought such big changes to the roles and responsibilities of the information security officer (ISO) that many small to medium-sized organizations struggle to define the most critical responsibilities. Guidance tells us that management should designate at least one ISO to be responsible and accountable for implementing and monitoring the information security program. But what does that mean?
 
Join SBS as we discuss the most critical responsibilities of the Information Security Officer and share some insight on what small to medium size organizations can do to fulfill the ISO's most critical responsibilities.

Many organizations are implementing valuable internal phishing programs in order to ensure their employees can spot and report phishing emails.  At some point, organizations struggle with how to continue to challenge their employees and keep the phishing emails fresh.

Join SBS as we discuss tips and tricks to keep your internal phishing program fresh and continually push the maturity level of your security awareness program.

The “Gramm-Leach Bliley Act” (GLBA), also known as the Financial Services Modernization Act of 1999, mandates that financial institutions protect the confidentiality and security customer personally identifiable financial information.  Communicating to the Board of Directors what was truly accomplished during the past year in an annual state-of-information-security report allows them to understand and approve how the organization is complying with GLBA. Creating a repeatable, specific GLBA report template will improve the efficiency of the reporting process and relieve some of the stress of aggregating all the data needed for a comprehensive report. 
 

Join SBS as we outline a comprehensive and repeatable template that can be used to build your own annual GLBA report. We will walk through the essential report components and troubleshoot common issues.

The FSSCC has released a new cybersecurity framework called the “Cybersecurity Profile.” The Profile is a standards-based tool to help guide financial services institutions in developing and maintaining a cybersecurity risk management program.  The new framework option has people asking a lot of questions:

• How is it different than the Cybersecurity Assessment Tool?
• Will it be used by US regulators?
• Is it more efficient than the other frameworks on the market today?

Join SBS as we review the framework and provide answers to these and other common questions.

Regulators have made it clear that cybersecurity risk management and oversight is ultimately the responsibility of the Board of Directors. In theory, it makes sense for the board to be interested and engaged in what is going on in cybersecurity, however, that is not the case in some situations. 

For this Hacker Hour, we went straight to the source. We asked a selection of past Hacker Hour attendees to share the most common issues they struggle with when communicating cybersecurity needs to their Board. The responses fell into three main categories: 

• Frequency of FFIEC Cybersecurity Assessment completion and utilization of risk assessment data. 
• Information that should be provided to the Board on a consistent basis. 
• Tips for engaging and educating the Board. 

Join this month's Hacker Hour as we discuss how to boost cybersecurity from its hiding spot in the basement to a consistent topic in the boardroom.

Join SBS and other bank leaders on a short webinar to learn how virtual CISO services can support your business goals and enhance your security team, allowing you to take technology in stride in your race to success.

Recording available. How can you allow employees to work from home and be secure at the same time? This session will cover five security tips for working remotely.

Recording available. ​This session will provide detailed information on how to prevent the latest information security threats or ways to mitigate the latest vulnerabilities with controls from common security frameworks and best practices.

Recording available. This webinar will cover the current state of the COVID-19 - the Wuhan Coronavirus - and what financial institutions need to do from a Pandemic Preparedness and Business Continuity perspective.

Recording available. In recent years, financial institutions have seen a significant amount of new guidance on third party risk management and new terms coined such as Fourth Party Management. We will explore best practices for Vendor Management, Third Party Risk Management, Fourth Party Management and Customer Risk Management.

Recording available. This session covers how your IT Strategic Plan can help you to make decisions about which types of technology you WANT to deploy and WHO your institution wants to be when it comes to deploying technology.

Recording available. This session reviews these 25 most common baseline controls not implemented by financial institutions, as well as practical solutions your institution can use to implement these controls. We will also discuss the next steps beyond the assessment to provide a comprehensive cybersecurity framework which institutions can repeatedly follow.

Recording available. This webinar will review various regulatory guidance that outlines ISO responsibilities and reporting structures. Additionally, various educational paths that can help develop your skills in the future will be covered.

Recording available. Join us in this discussion to learn about trending issues with ransomware and best practices to prepare for an attack.

Before you know it, the calendar will turn to 2020.  There's still time to get your cybersecurity training in this year or put it on the books for 2020.

The theme for this year's National Cybersecurity Awareness Month is Own IT.  Secure IT. Protect IT.  Join SBS as we discuss how a comprehensive and repeatable Information Security Program (ISP) is a map of exactly how your organization owns, secures, and protects your confidential customer information, computer systems, networks, and applications.

Our upcoming webinar is a quick, no obligation way to learn more about our Certified Banking Security Manager course and the many benefits of certification to you and your institution. See why so many banking professionals rely on SBS Institute for their security training and education.

Demos are held on Thursday of each week. You can pick a date that works for you upon registering. Join this webinar to discover the power of TRAC and easily create your company's detailed IT risk assessment. Develop your inherent risk, residual risk, and future risk scores that help make sound business decisions.

Demos are held on Thursday of each week. You can pick a date that works for you upon registering. Join this webinar to discover the power of TRAC and how it centralizes and manages all of your vendor relationships. We will walk through the risk assessment and selection process, and discuss how TRAC can instantly improves your ability to manage vendors.

Demos are held on Wednesday of each week. You can pick a date that works for you upon registering. Join this webinar to view a demo of the software and learn how SBS can partner with you to create a stronger security awareness program.