As a follow up to our August 14 cybersecurity alert, we are advising bankers to consider the following questions:
  1. Who, at my bank, is getting the fraud alerts this weekend for:
    • Debit cards?
    • Credit cards?
    • ATM activity?
    • Online banking?
    • Mobile banking?
    • Bill pay?

2.  If we have an intruder on our internal network, how would we know, who is watching that activity, who would get that alert, and what action would be taken?


3.  Can our core banking system be accessed by our users outside of normal banking hours and can debits and credits be entered?  Note: This does not include real-time interfaces such as online banking and ATMs which must poll the core.


4.  Are we following our wire transfer and ACH origination policies, procedures, and insurance requirements to mitigate the risk of fraud, today and every day?


5.  Have we implemented multifactor authentication for our email systems to mitigate the risk of Business Email Compromise (BEC) incidents?


We encourage you to be especially diligent over this Labor Day weekend as buzz continues to indicate that cybercriminals may be planning to strike.  Now is the time to verify that your alerting systems are in place, your people are prepared and diligent, and that you can effectively respond to a cybersecurity incident.  It’s good to have these systems in place all the time but especially over holiday weekends.  Feel free to share this alert within your organization.
Now scheduling engagements for 2019.  To request a proposal, please visit