Pub. 6 2016 Issue 2

For Smaller Banks, Information Security is Paramount By BONNIE DALLUM, MOSS ADAMS LLP I N FORMATION SECURITY BREACHES HAVE BECOME A NEW FAVORITE HEADLINE FOR MEDIA OUTLETS. WE’VE ALL HEARD ABOUT ATTACKS against major banks, such as JPMorgan Chase, but what about smaller banks? With limited IT resources compared with the Fortune 500 companies, they still store and process sensitive informa- tion that may be targeted by hackers. Though the significance of information security may not be as apparent to a smaller organization, in reality, it’s just as important. WHY IS INFORMATION SECURITY IMPORTANT? Compliance with the Gramm-Leach-Bliley Act Smaller banks often have limited resources, and they may not be doing enough to safeguard their customers’ sensitive information, which is — in the first place — a violation of the Gramm- Leach-Bliley Act. Bank customers want the convenience of technology and telecommunications, with transactions just a click away and the assurance that their information is safe from unauthorized access. Whether your bank is the largest in the nation or the smallest, those demands ought to put cybersecurity and mitigating risk at the very top of your priority list. Cybersecurity is one of the most important challenges facing banks today, with the threat of unauthorized access, disruption, or even outright theft of information increasingly top of mind. How should smaller banks make decisions about safeguarding their customers’ sensitive information with limited resources? Sure, cybersecurity can be costly, and banks need to weigh the costs with the benefits of added cybersecurity resources, but remember that while the cost of coverage can be expensive, the cost associated with a breach could be catastrophic. Small Banks Are Easy Targets Hackers know smaller banks have limited resources, making them favorite targets. As cyberthreats evolve rap- idly and become more sophisticated, smaller banks are often hard-pressed to keep up with the latest developments, according to a 2014 report by the New York Department of Financial Services. While larger banks are more likely to spend on expensive in-house systems for protection, smaller banks may lack the resources or even awareness to imple- ment strong cybersecurity. This leaves smaller banks more vulnerable, and because smaller banks have more to lose, cybercrime could have a debilitat- ing effect on their business. ASSESS YOUR BANK’S SECURITY For starters, smaller banks should look into a layered approach of securing 18 www.azbankers.org