Does Your Financial Institution need an
affordable Internet security audit? Yennik, Inc. has clients in 42 states
that rely on our penetration testing audits
to ensure proper Internet security settings and
meet the independent diagnostic test requirements of
FDIC, OCC, FRB, and NCUA, which provides compliance with
Gramm-Leach Bliley Act 501(b).
The penetration audit and Internet security testing is an
affordable-sophisticated process than goes far beyond the simple
scanning of ports. The audit
a hacker's perspective, which will help
you identify real-world weaknesses.
For more information, give R. Kinney Williams a call today at
806-798-7119 or visit
REMINDER - This newsletter is
available for the Android smart phones and tablets. Go to the
Market Store and search for yennik.
Community Bank Technology Conference -
If you have nothing on your plate, plan to attend the Independent
Community Bankers of America’s Community Bank Technology Conference,
September 12-14, 2012 in Las Vegas. I will be speaking Thursday on
auditing community banks. For more information please visit
- Federal appeals court raps bank over shoddy online security - The
case marks another sign that banks are being taken to task for
inadequate wire transfer systems - A construction company in Maine
may stand a greater chance of recovering some of the $345,000 it
lost in fraudulent wire transfers that it blames on poor online
banking practices of its bank.
- Appellate ruling leaves bank security responsibilities unclear - A
federal appeals court has reversed a lower court's decision, ruling
that the security measures implemented by a Main bank were
"commercially unreasonable" to protect its business customers.
- Cyber security market to reach $120B by 2017 - The value of the
global cyber security market is expected to reach $120 billion by
2017, driven by changing threats and technologies, according to a
- ‘The Analyzer’ Gets Time Served for Million-Dollar Bank Heist -
“The Analyzer,” was quietly sentenced in New York this week to time
served for a single count of bank-card fraud for his role in a
sophisticated computer-hacking scheme that federal officials say
scored $10 million from U.S. banks.
- EU court rules resale of used software licenses is legal -- even
online - Europe's highest court ruled on Tuesday that the trading of
"used" software licenses is legal and that the author of such
software cannot oppose any resale.
- U.S. Cyber Challenge and Delaware Universities to Host 3rd Annual
Cyber Security Summer Camp & Competition - Top Cyber Security Talent
will Convene for Training & Competition as Nation Strives to Fill
Need for Network Security Professionals.
- GAO - Information Technology Reform: Progress Made but Future
Cloud Computing Efforts Should be Better Planned.
ATTACKS, INTRUSIONS, DATA THEFT & LOSS
Server breached at a Vancouver-area school - A computer server
housing personal medical data on nearly 13,000 students and staff at
Canada's British Columbia Institute of Technology (BCIT) was
Phisher Faces Up To 50 Years For Role In $1.5 Million Scam - An
Atlanta man faces a stiff sentence this week following his
conviction for the role he played in a phishing scam that defrauded
customers of several major financial institutions out of some $1.5
AT&T won't pursue hacker phone bill - AT&T Monday decided not to
pursue a phone bill for nearly $900,000 run up on a Massachusetts
company's phone system by hackers.
confirms breach, passwords appear not encrypted - Yahoo on Thursday
confirmed that its database was hacked to steal about 400,000
usernames and passwords of members who belong to the company's
Contributor Network, which formerly was known as Associated Content.
disables user accounts after password leak - The social networking
Q&A site Formspring has been hacked, and hundreds of thousands of
password hashes were leaked.
Return to the top
of the newsletter
WEB SITE COMPLIANCE -
We continue covering
some of the issues discussed in the "Risk Management Principles for
Electronic Banking" published by the Basel Committee on Bank
Principle 8: Banks should ensure that adequate information is
provided on their websites to allow potential customers to make an
informed conclusion about the bank's identity and regulatory status
of the bank prior to entering into e-banking transactions.
To minimize legal and reputational risk associated with e-banking
activities conducted both domestically and cross-border, banks
should ensure that adequate information is provided on their
websites to allow customers to make informed conclusions about the
identity and regulatory status of the bank before they enter into
Examples of such information that a bank could provide on its own
1) The name of the bank and the location of its head office (and
local offices if applicable).
2) The identity of the primary bank supervisory authority(ies)
responsible for the supervision of the bank's head office.
3) How customers can contact the bank's customer service center
regarding service problems, complaints, suspected misuse of
4) How customers can access and use applicable Ombudsman or
consumer complaint schemes.
5) How customers can obtain access to information on applicable
national compensation or deposit insurance coverage and the level of
protection that they afford (or links to websites that provide such
6) Other information that may be appropriate or required by
the top of the newsletter
INFORMATION TECHNOLOGY SECURITY -
We continue our series on the
FFIEC interagency Information Security Booklet.
INSURANCE (Part 1 of 2)
Financial institutions have used insurance coverage as an effective
method to transfer risks from themselves to insurance carriers.
Insurance coverage is increasingly available to cover risks from
security breaches or denial of service attacks. For example, several
insurance companies offer e - commerce insurance packages that can
reimburse financial institutions for losses from fraud, privacy
breaches, system downtime, or incident response. When evaluating the
need for insurance to cover information security threats, financial
institutions should understand the following points:
! Insurance is not a substitute for an effective security program.
! Traditional fidelity bond coverage may not protect from losses
related to security intrusions.
! Availability, cost, and covered risks vary by insurance company.
! Availability of new insurance products creates a more dynamic
environment for these factors.
! Insurance cannot adequately cover the reputation and compliance
risk related to customer relationships and privacy.
! Insurance companies typically require companies to certify that
certain security practices are in place.
Return to the top of
INTERNET PRIVACY - We continue
our series listing the regulatory-privacy examination questions.
When you answer the question each week, you will help ensure
compliance with the privacy regulations.
23. If the institution delivers the opt out notice after the initial
notice, does the institution provide the initial notice once again
with the opt out notice? [§7(c)]
24. Does the institution provide an opt out notice, explaining how
the institution will treat opt out directions by the joint
consumers, to at least one party in a joint consumer relationship?