Summer is here with its beautiful weather, fun family vacations, and a heightened risk of digital scams. As the banking industry continues to evolve, allowing business to be conducted from a smartphone, it is more important than ever that banking leaders are conscious of the cyber security risk associated with traveling. Below are practices you can implement during you and your employees’ travels.
Connections – Nothing is Free. Be very aware of what public and free connections you utilize. Public WIFI, although convenient, is just that – public. These networks can collect personally identifiable information, capture account details, and view your internet traffic. If you plan to use public WIFI, do not use it to make online purchases or access essential accounts.
Travel Lightly. Devices now carry more personal data, and scammers are increasing their attempts to target those items. With the increase in cloud connectivity paired with device synchronization, it is crucial to only travel with the devices you need to minimize the risk of them being virtually and physically stolen. Be sure all devices are password protected and biometric protected (fingerprint, Face ID), and research if sensitive applications have additional security features that can be enabled.
Before, During, and After International Travel. The Federal Communications Commission provided great tips on traveling internationally, which include some of the guidance above.
Artificial Intelligence(AI) can. A growing number of AI tools spanning from task-based to emulating voice. (We wrote about voice spamming in the last edition of Information Technology for Banking Leaders) AI is poised to bring the potential for improved efficiency for all industries.
Microsoft has invested multi-year $10 billion in Open AI, the company behind the famous ChatGPT. Microsoft has also announced it will be tightly integrating AI into its suite of Office products to drive productivity and continued use.
An AI use case could be that your bank compliance office needs to present to the board for annual BSA/AML training. By simply asking an AI engine, “Create a presentation to a bank board of directors for annual BSA and AML training,” and within seconds, AI can return a 600+ word written breakdown with slides.
Risks associated with AI are also increasing. Cyber attackers are utilizing AI to automate and create many variables of viruses and malware. Students of all degrees are using AI to write term papers at a doctoral level. Users are putting personal, premise, and client information into tools without thinking of the impact that could have if the tool’s data were to be compromised. All leaders must look at their business and personal life to see how AI will be used in daily activities.
Release on 3rd Party Oversight
On June 6th Federal bank regulatory agencies issued final joint guidance designed to help banking organizations manage risks associated with third-party relationships, including relationships with financial technology companies. The guidance continued to relay the importance of adequate risk assessment. A sound risk management process is key to engagement, ongoing monitoring, and oversight of 3rd party relationships.
Nearly 50% of MRAs are for Operational Risks
The OCC released its Semi-Annual Risk Profile. The release stated that Operational Risk is elevated, with nearly 50% of all MRAs issued by the OCC being due to Operational Risk items. Operational Risk is primarily driven by Cyberattack evolution & sophistication; Complex Operating Environments from the adoption of new products, services, and expanded fintech relationships; Third Party Oversight & Risk Management Deficiencies; and Compliance Deficiencies as expanded digital & electronic offerings are introduced. Read more about Tech Debt in our recent release.
OCC New Cybersecurity Work Program
On June 26, 2023, the OCC released a statement of notification that they have developed and distributed a new work program to their examiners specifically around Cybersecurity. This work program is designed “to more effectively address evolving risks and support risk-based bank information technology examinations.” This is further evidence the regulators are continuing to focus more on banks’ cybersecurity preparedness. OCC Cybersecurity Supervision Work Program Bulletin.