What is the FSSCC Cybersecurity Profile? The FSSCC Cybersecurity Profile was published on October 25, 2018 by the Financial Services Sector Coordinating Council (FSSCC). The FSSCC is a private entity comprised of 70 members from financial services organizations. Their cybersecurity profile has multiple tiers, which allow users to answer a scalable set of questions. This scaling is designed to provide an expedited assessment of the user's organization's cybersecurity preparedness.

Cybersecurity budgets for financial institutions are continuing to increase in an effort to keep pace with advances in technology. CoNetrix conducted a survey to gain insights into cybersecurity and how institutions are using their funds to support their cybersecurity program. 

On April 2, 2019, the Federal Deposit Insurance Corporation (FDIC) released a new financial institution letter (FIL-19-2019) called "Technology Service Provider Contracts." Why was this guidance published? When FIL-19-2019 was published, it had been five years, almost to the date, since the last vendor management guidance was released by the FDIC (see FIL-13-2014, published on April 7, 2014). Presumably, it was a good time for a reminder about vendor management expectations.

On April 24th, CoNetrix released their inaugural report, The State of Cybersecurity in the Financial Institution Industry. In order to understand the industry better, CoNetrix distributed a 44-question survey to individuals of financial institutions. The survey remained open from November 1, 2018 through January 31, 2019. At the end of that timeframe, CoNetrix received 243 completed survey responses.

Nearly 200 auditors, bankers, examiners, and credit union professionals gathered in Allen, Texas for the 9th annual CoNetrix KEYS Conference. Designed to provide Knowledge Essential to Your Security (KEYS), the April 2019 event attracted attendees from financial institutions across the United States.

In the course of my work, I find myself visiting several financial institutions throughout the year. Although these institutions vary in size and complexity, many of them share several common deficiencies. Some of the prevalent security mistakes listed in this article may be resolved with relatively simple implementations, but others can take more substantial amounts of time and user training to remediate. Fixing these five deficiencies would greatly help to improve the security of any institution.

Many businesses and financial institutions have seen an increase in the number of employee-owned devices over the past few years. Employees are using these devices to access email, download files, launch a remote desktop, or use a Virtual Private Network (VPN) connection for a remote "on network" experience.

Microsoft has been emphasizing Office 365 subscription services since the public introduction in 2011. As a result, the popularity of these services has grown to over 155 million active users as of October 2018, and is gaining new users at over 3 million seats per month. With this growth, on-going marketing, and the increasing acceptance of public cloud services, many businesses and financial institutions are starting to look at Office 365.

When something really messes up Chrome, being logged into your Google account and having Chrome sync settings makes repairing things pretty painless.  Recently, I couldn't get my LastPass Chrome extension to log into my LastPass account. Since I rely heavily on LastPass to handle various website credentials, I'm handicapped if I can't get it working in the browser extension.

I came across a few customers having trouble opening PDF attachments while in Quickbooks. The following message would be displayed, and sometimes it would be random. "There is a problem with Adobe Acrobat/Reader. If it is running, please exit and try again. (523:523)"

I recently had a patching issue with SQL Server 2014 SP3. When I tried installing the SP3 update it kept failing with error code 0x858C001E. It turns out that this can be caused if the program files directories for SQL Server are compressed.  The folder paths to check are listed below as documented here: https://wiert.me/2017/03/16/fixing-0x858c001e-error-on-sql-server-20122014-updates/ 

We have a customer who is in the process of migrating from one domain ("domain 1") to another so the domain name that will match their current company name ("domain 2"). They have moved a majority of their client PCs from domain 1 to domain 2. The Exchange servers are still in domain 1 and using credentials for domain 1.