Search
RSS
Subscribe

Enter your email address to receive new posts in your inbox:

Delivered by FeedBurner

Share

Like what you see? Share!

Our Attorneys
Twitter
Twitter

Entries in Cyber-security (3)

Tuesday
Nov182014

New England Financial Institutions Face Increased Cybersecurity Risks

Noted cyber security blogger and journalist Brian Krebs recently gained an exclusive interview with a New England bank that reported a sharp rise in fraudulent charges on debit cards. The scammers were making purchases on stolen card numbers from plain-old magnetic strip cards but making them look like they were made on EMV (“chip”) cards, although the bank had not yet issued such cards. This “EMV-spoofing” technique had been picked up by Canadian banks earlier this year and traced to Brazil.

“The recent EMV-spoofing cases point to the continued need for fraud detection mechanisms that even small banks and credit unions must implement to protect themselves,” said Ande Smith, a principal at the forensics and data security firm Deer-Brook, with whom Verrill Dana works closely in data breach cases. “During the transition phase, which may take years, the mish-mash of magnetic and chip/pin point-of-sale systems in the US will create opportunities to mask fraudulent activity.”

A recent report by the Federal Financial Institutions Examination Council (FFIEC) supports this call for improved risk management at regional banks and other financial Institutions.  The results of the FFIEC’s 2014 survey of 500 community financial institutions indicate that these institutions have room to improve in terms of employee education and training on cyber risks; improving cybersecurity controls; understanding their vendors’ cybersecurity risks; and establishing incident management procedures, among other things.

Rita Heimes is a privacy and cybersecurity attorney in Verrill Dana’s Intellectual Property & Technology practice group. She and her team help companies with comprehensive information risk management programs including privacy policies, incident response plans, third-party contracts, employee training, and breach response.

Friday
Oct102014

Cyber-security: FDIC Issues Warning on “Shellshock” and “Bash”

On September 29, 2014, the FDIC, on behalf of the Federal Financial Institutions Examination Council, issued an alert to banks on recently discovered material vulnerabilities in the security of the GNU Bourne-again shell system software -- nicknamed “Bash” -- commonly used by bank servers and computers. Researchers reported the newly discovered vulnerability -- nicknamed “Shellshock” -- in Bash versions 1.14 through 4.3 on September 24, 2014.

Click to read more ...

Friday
Apr182014

FDIC to Banks: Be Vigilant about Cyber-Security

Earlier this month, the FDIC issued guidance to financial institutions to help them address risks associated technology outsourcing and cyber security. On April 7th, the FDIC issued FIL-13-2014 entitled “Technology Outsourcing: Informational Tools for Community Bankers.” Three days later, on April 10th, the FDIC issued a press release entitled “FDIC Urges Financial Institutions to Utilize Available Cyber Resources.”

Click to read more ...