FFIEC Releases Two Statements on Cybersecurity

Regulators are continuing to emphasize that bank CEOs and directors must understand the risks
they are undertaking with regard to cyber security, the same as understanding credit, liquidity and
other risks inherent in banking.

Are You Performing Due Diligence on Your Vendors’ Vendors?

You may be surprised to learn that many of your bank’s vendors actually outsource to a third party certain critical functions that you perhaps believed your vendor was directly performing for you. As an example, your vendor may not be directly providing a secure e-mail system for you, but instead uses a third party company to host and support your secure e-mail. Maybe your vendor offers data storage for your bank—but your vendor doesn’t provide that service directly.

A Critical Deadline Is Approaching to Replace Your Windows Server 2003.

The countdown to July 14, 2015, is on. That’s the rapidly-approaching date when Microsoft ends support for its popular Windows Server 2003.

Has your bank upgraded to new servers yet? Lots of banks haven’t. Analysts are predicting that many businesses will ignore the deadline and continue operating with the familiar and stable Windows Server 2003. But the consequences could be very serious.