ARTICLE
22 January 2020

FDIC And The OCC Remind Banks Of Importance Of Cybersecurity

CW
Cadwalader, Wickersham & Taft LLP

Contributor

Cadwalader, established in 1792, serves a diverse client base, including many of the world's leading financial institutions, funds and corporations. With offices in the United States and Europe, Cadwalader offers legal representation in antitrust, banking, corporate finance, corporate governance, executive compensation, financial restructuring, intellectual property, litigation, mergers and acquisitions, private equity, private wealth, real estate, regulation, securitization, structured finance, tax and white collar defense.
The FDIC and the OCC reminded financial institutions of the importance of implementing sound cybersecurity risk management principles that include both (i) preventative controls and (ii) preparation for worst-case scenarios.
United States Technology

The FDIC and the OCC reminded financial institutions of the importance of implementing sound cybersecurity risk management principles that include both (i) preventative controls and (ii) preparation for worst-case scenarios.

In a joint statement, the banking regulators urged financial institutions to include in their cybersecurity controls:

  • response, resilience and recovery capabilities by (i) maintaining comprehensive and current incident and business resilience plans in order to respond and recover successfully from destructive cyberattacks and (ii) establishing comprehensive system and data backup strategies;
  • identity and access management, in order to prevent phishing attacks that could compromise login credentials, including through the use of multifactor authentication to safeguard critical systems and data;
  • network configuration and system hardening, which provides access only to approved ports, protocols and other services and is continually monitored;
  • employee training in recognizing cyber threats, phishing and suspicious links, in addition to measuring the success of the training programs;
  • security tools and monitoring procedures, such as (i) hiring qualified cybersecurity, (ii) reviewing system and network audit logs and (iii) implementing sufficient internal and external testing programs to assess firms' ability to detect cyber threats; and
  • data protection systems to implement (i) a data classification program and (ii) the encryption and tokenization of confidential data.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More