Blog

On April 2, 2019, the Federal Deposit Insurance Corporation (FDIC) released a new financial institution letter (FIL-19-2019) called "Technology Service Provider Contracts."

Why was this guidance published?

When FIL-19-2019 was published, it had been five years, almost to the date, since the last vendor management guidance was released by the FDIC (see FIL-13-2014, published on April 7, 2014). Presumably, it was a good time for a reminder about vendor management expectations.

In addition, the guidance stated FDIC examination findings recently noted some financial instruction contracts with Technology Service Providers (TSP) lack of sufficient detail around business continuity and incident response. 

What does it mean when the guidance states "contracts do not adequately" address some risks?

In recent exams, the FDIC was looking for a few key areas to be covered in TSP contracts, but the contracts did not always meet those expectations. Missing items included:

  • A Business Continuity Plan (BCP): Contracts should require TSPs to have BCP and acceptable recovery standards.
  • Remedies: Contracts should include assurance of compensation if a business disruption occurs and the TSP fails to restore services in the established timeframe.
  • Notification Requirements: Contracts should define who the TSP should contact (e.g., the financial institution, regulators, law enforcement, etc.) and in what timeframe, if an incident occurs.
  • Key Terms: Contracts should define what constitutes a "business disruption" or an "incident," since rights and responsibilities could be debatable without clear definitions.

How can you ensure TSP contracts are "adequate?"

It would be beneficial for you to review your TSP contracts again with these items in mind, especially if they are long-term or automatically renewing contracts. If your existing contracts are not sufficient in these areas, it is important to note that the financial institution is still responsible for assessing and applying controls to mitigate the risk.

What controls can you apply to ensure you are covered?

In vendor management, your primary control is performing adequate oversight, which is something you should already be doing. The FDIC seems to recognize this since a significant percentage of the FIL recaps guidance that already exists.

For more specific recommendations though, if your contract with a TSP does not clearly define business continuity and incident response requirements:

  • Request and Review Their BCP: Find out if your TSP actually has one and if they'd be willing to share it with you. You don't necessarily need their whole BCP; you just need to know that they have a plan and it is routinely tested.
  • Update Your BCP: If the TSP does not have a BCP or you find it inadequate, it is the financial institution's responsibility to compensate. Update your BCP to describe how you would continue to offer services to your customers or members if your TSP's services are unavailable.
  • Conduct More Frequent Reviews: Whatever the contract says, it is important to periodically confirm the TSP is holding up their end of the deal. You may want to assess this more often if the contract is weak in the areas of business continuity and incident response.
  • Renegotiate the Contract: Depending on the financial institution's risk tolerance, if the contract is deemed "inadequate," it may benefit the financial institution to consider renegotiation or an alternative TSP.

In Summary

Contracts with TSPs should address business continuity and incident response. The FDIC recommends financial institutions contractually require the TSP to have a BCP, as well as contractually define remedies, notification requirements, and key terms.

If existing TSP contracts do not stipulate these items, you should consider additional oversight options, such as requesting and reviewing their BCP documentation, updating your BCP, reviewing the TSP more frequently, or renegotiating the contract.

Does CoNetrix have anything that can help with this?

Absolutely. The Tandem Vendor Management software includes suggested significance questions, designed to help you determine if you need BCP documentation from your vendors. The module also includes a contract review template, designed with business continuity and incident response in mind. Learn more about Tandem Vendor Management.


 

There are times when I want to remove password protection from a PDF that has been "protected" from this type of removal. For example, if I receive a utility bill via email and the attachment is password protected. I'd rather save the bill so I can open at a later date without having to lookup the password. However, the utility company has protected the PDF and a different password is required to "unprotect" it.

I found that, if I open the PDF in a Chrome browser then print from the browser to a PDF, it will create an unprotected PDF.


 

When I was performing a Windows Server 2019 Standard install, the license key was not available at the time of hardware receipt so I decided to install Server 2019 and license it later once the key was received. Upon receiving the key and activating Windows the activation would return the error "This product key didn't work. Please check it and try again, or try a different key."

I double checked the version installed and the license key version were both 2019 Standard and not another edition, but found no discrepancy. I ran Windows Update check, restarted, and double checked I was logged in as the local Administrator account. Research of others finding this issue returned the recommendation of re-installing the OS and entering the license key during install to successfully activate Windows. Instead I decided to give it one last effort and decided to use the "slmgr.exe" utility accessible via Command Prompt - "Slmgr.vbs /ipk" successfully activated my Server 2019 install


 

When adding a Cisco switch to an existing switch stack, there is always the chance that the firmware of the new switch will be an older version than the firmware version of the existing switches in the stack. One way to resolve this issue is to enter the command "boot auto-copy-sw" in the existing stack configuration before adding the new switch. The newer firmware version will be copied to the new switch and rebooted to apply the firmware, when it is powered up and connected to the switch stack.

The copy does take some time so it may be prudent to console to the new switch to monitor the status of the copy.


 

We recently migrated a customer to a new RDS server, including moving their QuickBooks application. Users began experiencing issues where QuickBooks would not retain their desired printer settings, and would revert back to the default QuickBooks settings each time the user would log back in.

I ensured the desired printer was set as the user's default printer on their local machine, as well as in their individual session on the RDS server. Still QuickBooks would revert to its default settings at each log in. Please note that users were using network shared printers as their defaults.

To resolve this issue, I had to install the desired printers locally (not as a network shared printer) on the RDS server. I did so by adding the printer by IP instead of adding it from the print server. You can then share that printer from the RDS server so any user that logs into the RDS server has access to said printer. Once that was done, we were able to set this local printer as the default, and QuickBooks was able to retain the printer settings.


 

I came across a strange issue with one customer's multiple laptops where they could not print from Office programs or a test page. PDF documents printed through Adobe Reader were working.

While troubleshooting, I ran a capture of file access procedures through Microsoft's Process Monitor application. What I found in the capture was an access denied event to C:\Temp on the laptop.

I edited the permissions on C:\Temp by adding Everybody modify access to the folder and was able to print normally after that. This fixed the issue on the rest of the laptops also.


 

For the past few months, my computer has been having intermittent issues where it would partially freeze for several minutes at a time. Most of the time, it was Windows system applications that froze like opening the Start Menu, opening Task Manager, and locking/unlocking my computer. The applications would not open, but I could continue to use other applications like Firefox without any problems. After a few minutes, the application that would not open would open, often multiple times as I had tried to open it several times while my computer was not responding.

At first, I had assumed it was a bad Windows update that caused the issues, but the next month's updates did not resolve the issue. I updated all drivers that needed an update, but that did not resolve the issue either. I ran "sfc /scannow" and "dism /online /cleanup-image /restorehealth /Source:D:\sources\install.esd" to attempt to fix corrupt system files and both seemed to resolve the issue for a few days, but then several days later I would have problems again.

One day when I was having problems, I checked the Windows Defender settings and found that real-time protection was enabled. This means that Cylance and Windows Defender would both be trying to perform antivirus protection when a file was accessed. I disabled real-time protection box and performance on my computer immediately improved. I found that the other engineers' Windows Defender Security Center settings recognized that CylancePROTECT was installed and had disabled the Windows Defender virus protection completely. We checked several other PCs that were having similar issues as mine and their Windows Defender did not recognize that Cylance was installed either. I reinstalled CylancePROTECT and it reregistered with Windows Defender. My guess is that CylancePROTECT did not reregister correctly after an update and since Windows Defender no longer saw it installed, Windows Defender turned on the built-in protection.

There are two ways to fix these type of issues when CylancePROTECT or another third-party antivirus becomes unregistered.. The first is to uninstall and reinstall CylancePROTECT, which should reregister CylancePROTECT as an active third-party antivirus. The second is to create a Group Policy to disable Windows Defender Antivirus, which is safe if CylancePROTECT is installed.

To check if this is a problem for you on Windows 10 do the following:

  1. Click the Start button
  2. Click the Settings gear
  3. Type Windows Defender Security Center in the search bar and click the result

Windows Defender should show as below if CylancePROTECT is installed and working correctly. The "Status unavailable" just means that Windows Defender cannot see the settings inside of Cylance and you should open CylancePROTECT to see information about it.

An icon that looks like one of these means that Windows Defender does not recognize CylancePROTECT or other third-party antivirus is installed and Windows Defender Antivirus is active:


 

How to initialize a Fortigate UTM appliance for disposal or re-use after it has been replaced by a new Fortigate appliance.

Power up the device. Interrupt boot by pressing a key during boot. A menu will be displayed:

Select "F" to format the boot device, and respond "y" to the next question:

The boot device will be formatted and the appliance is now ready for disposal.


 

I had setup a distribution list where one user had the rights to send as / send on behalf configured. I knew that we needed to show the From field by clicking on the appropriate menu item.

However, to change the from e-mail address to the distribution list's e-mail address was not as straightforward as I thought. I figured that the user would be able to click the down arrow next to "From" and select the other e-mail address, but no other address shows up.

What you have to do is right click on your e-mail address and delete it. Then you can start typing the e-mail address you want to use and "Search Directory". You'll see something like this in which you can select which e-mail to send as.


 

Many businesses and financial institutions have seen an increase in the number of employee-owned devices over the past few years. Employees are using these devices to access email, download files, launch a remote desktop, or use a Virtual Private Network (VPN) connection for a remote "on network" experience.

Some customers prohibit or restrict personally-owned devices from connecting to the network. However, in some cases, this is not feasible, such as employees or contractors who rarely visit the home office, or employees with very specific device requirements and preferences. The common term for the policy of allowing personal devices is Bring Your Own Device or BYOD.

Unprotected personal devices connecting to the network are a significant security risk. The most common issue with these devices is inadequate anti-virus and anti-malware software. Built-in free solutions like Windows Defender are not up to the task of protecting against the sophisticated zero-day threats which are common today. Additional strategies to manage a BYOD environment include Mobile Device Management (MDM) and Network Access Control (NAC).

CylanceProtect is widely recognized as the leader in the endpoint protection segment, winning multiple industry awards for their machine learning approach to stopping security threats. Over the past 2 years since CoNetrix has been a Cylance partner. We have installed almost 5,000 endpoints for customers across the US.

Last year Cylance released a home version of CylanceProtect called Smart Antivirus. This product is specifically designed to provide the same technology as the corporate version, with easy self-administration and the ability to protect multiple devices in a household for a low annual cost. Windows and macOS devices are currently supported, with support for iOS and Android devices coming later this year.

Smart Antivirus is a great option for an employee security awareness program or as a company-paid benefit for employees and business partners. Individual licenses can be purchased from Cylance using the link below.

https://conetrix.com/cylance-smart-antivirus

Smart Antivirus licenses of 50 or more are available through CoNetrix for a discounted price. Contact CoNetrix Technology sales at techsales@conetrix.com for more information about licensing for CylanceProtect and Smart Antivirus.