Put Your System to the Test - Proactive Security & User Protection

By Gina Smith

In today's environment, your financial institution's computer network and online product offering are essential to business operations. This becomes painfully evident when system downtime prevents employees from completing their daily work and communicating with financial institution's customers. Furthermore, network resources, which include systems containing confidential customer data, are vulnerable to unauthorized access and damage from internal and external threats. Ensuring that the institution's information systems have adequate controls has never been more important. Your customer depends on you to keep their information safe, but what is the best plan of action to accomplish the most secure environment without crippling access to online conveniences? First on the list of the IT professional is planning (including disaster recovery), followed closely by a comprehensive security audit. Planning should be an ongoing process consisting of development of the plan, implementation of current best practices, testing of the plan and revision on a regular basis to meet the changing needs posed by updated product offerings and back office processes.The planning process should be a constant cycle making sure that your network environment is appropriately safeguarded and that your ongoing plan is meeting and exceeding the needs of the IT staff and ultimately the end-user.

Audits of the system are becoming extremely important with the growing risk of information theft. Two key factors driving your decision to conduct an assessment or IT audit are 1) the desire to identify potential risk to your financial institution's customer and confidential information, and 2) the need to meet Federal regulatory requirements and guidelines. Recognizing the importance of network security, financial institution regulators are requiring that independent security assessments are performed at least annually. If your IT environment has not been comprehensively tested, you may fail to meet the guidelines. When considering the depth of the audit, you should make sure that every area is thoroughly examined including compliance, lending, deposit operations, payment systems, finance & accounting, human resources, record retention, trust services, investment sales, and data management.

In order to accomplish this daunting task effectively consider:

• Conscientiously budget for audit-related expenses in order to obtain all of the tools and resources you may need to establish and maintain an effective and compliant audit program.
• Establish an internal audit group and team leader in order to put the audit policy in place and follow up with audit findings through out the year to be sure that you are in compliance at all times. Team members should have current technical expertise in the operating systems, applications, equipment and protocols that are relevant for your financial institution's IT environment.
• Contracting with an outside firm will allow the use of specific techniques and certified documentation that will be required for compliance.
• Develop a written audit plan and keep your plan in check. The scope of the assessment should be comprehensive and customized for your financial institution's environment and the results of the test prioritized by risk.
• Stay updated on recent trends and changes, including changes in laws, regulations, and best practices - assuring that your internal audit program is fully up to date, effective and what the regulators expect.
• Familiarize your staff by implementing audit policy education and review the specific practices for the institution regularly.

With specific compliance and audit requirements regarding customer identification programs and information security becomes one of the most important issues in the financial world, you can't afford not to face any weakness proactively. Proper staff education in the matter of customer data and the checks and balances provided with the audit process can mean all the difference in maintaining the integrity of your system and a systematic failure resulting in the loss of huge amounts of money. Are you meeting all of the established security criteria with your current plan? Do you have sufficient resources allocated for the proper execution of the necessary security measures required for the protection of your end users' information?

For more information on how uMonitor can be of assistance in protecting your users, go to www.umonitor.com or call 901-757-1212 and speak to a sales representative.