October is National Cybersecurity Awareness Month, which means it’s a fitting time for financial institutions to examine their cybersecurity efforts and protocols, and make any necessary adjustments.
However, with such high-profile cybercrimes as WannaCry, Petya and the Equifax breach dominating headlines this year, financial institutions hardly need a reminder of the threats that cyberattacks pose. The frightening diversity and sophistication of these immense attacks, as well as the unfortunate promise of future strikes, have left pressing questions on how best to quell them—many of which remain largely unanswered.
But where do financial institutions even begin? The nature of cybercrime is complex, and the relentlessness of ransomware, the diligence of DDoS and the frequency of fraud are enough to leave even the most seasoned cybersecurity professionals cross-eyed. Although these cyber adversaries are indeed daunting, there’s no need to be overwhelmed. The best place to start is with a fundamental element of any institution’s cybersecurity efforts—a strong firewall.
What is a Firewall?
A firewall is one of the most basic, yet essential, cybersecurity tools available to financial institutions. Firewalls act as a gatekeeper for your network, protecting it from the outside global network by inspecting all inbound or outbound traffic and determining if it meets the criteria to pass through. Without a firewall, any hacker could easily breach your network and cause havoc. Likewise, a misconfigured or out-of-date firewall provides little protection.
Regulations Surrounding Firewalls
In 2011, the FFIEC issued its Cybersecurity Assessment Tool, or CAT, which details financial institutions’ regulatory requirements for maintaining firewalls. In understanding the tremendous risk that follows poor firewall architecture, the FFIEC also mandated that financial institutions be subject to quarterly audits of their firewall security protocols.
These regulatory requirements, coupled with the threat of looming cybercrime, have forced the hands of many credit unions across the country. Now, more than ever, financial institutions must look at their firewall security efforts and ensure they are not only compliant, but also risk averse.
5 Steps to Strong Firewall Security
Firewall security starts with these five steps, which ensure your institution’s firewall remains strong and secure:
- Get in the Head of a Cybercriminal. Ask yourself the question: is our firewall hackable? Answer that question by actively attempting to bypass your firewall, or incorporate the services of a firewall security vendor to weed out any vulnerabilities. Once you’ve identified these vulnerabilities, or “holes,” patch them to ensure cybercriminals don’t have access.
- Verify Rule Efficiency. Firewalls operate on a set of rules that allow certain traffic in and out of your network. Be sure to update this ruleset regularly, accounting for new threats, and that all current rules are still efficient and relevant. Often, breaches result from old configuration that’s no longer applicable or relevant at the time of the breach.
- Monitor Security Proactively. Deploying a firewall and ensuring it remains current with regular vulnerability checkups and firewall reviews is important. Take it a step further by proactively monitoring firewall events. This gives you a fighting chance toward knowing when attacks are happening and if a breach occurred, so that proper steps can be taken.
- Examine Password Credentials. Passwords are an essential element for keeping your institution’s data secure. Ensure that all employees with rights to sensitive data have complex passwords that have the appropriate length and strength.
- Keep Your Firewall Updated. Remember, the FFIEC requires quarterly audits to review your institution’s firewall security. However, just sticking to the bare minimum of these requirements exponentially increases both your risk and vulnerability—putting your institution at the mercy of cybercriminals eager to steal passwords, customer data and even funds.
It is imperative that you keep your institution’s firewall security top of mind. Ensure that your institution has adequate firewall security and meets regulatory guidelines with a firewall review and audit. Doing so allows you to discover and address any vulnerabilities ahead of regulators—and more importantly—cybercriminals.