Continuing with question two on Assessing Your Core Provider's Service, we take a look at cybersecurity, which continues to be a critical issue in the industry and is especially heightened during the pandemic. Your core provider needs to be doing everything possible to minimize your risk, so we have to ask:
With many big businesses hit with cyberattacks this past year, did your provider review their cybersecurity protocols and business continuity plan with you?
With the climate's unpredictability, there’s a higher chance that the unexpected can negatively impact your operations. Many bad actors are out there looking to take advantage of a business' technology vulnerabilities. To minimize the damage that can result from cyberthreats and attacks, your core vendor needs to have a strong business continuity plan and data recovery plan in place. Having strict plans reduces the risk of your business’ data getting compromised or lost and enables your business to stay up and running.
But, it doesn't stop there. Every vendor can say they have a business continuity plan, but does it work? Is it up-to-date? Has it been tested? You need to ensure that:
- Your system is current and updated. We heard the unfortunate story that a big box vendor had been running legacy software and they chose to forgo much needed updates because they would jeopardize their software system. This left their operating system vulnerable and cyber attackers took advantage, crippling the banks’ operations and preventing the bank’s customers from being served. Had the updates and securities been put in place to protect the systems, this situation could have been avoided.
- A fail safe procedure exists in the event of a natural disaster. During Hurricane Sandy, a big box vendor experienced a shut down, as a result of the storm. Although this vendor had met their own objectives during testing, when put into action, they failed. Unfortunately, they were unable to recover the bank's data and it took many days to restore operations.
- Proper disaster recovery testing is performed, and you are confident with the results. Often, vendors have a disaster recovery plan, but when a shutdown occurs, a bank isn't able to use their data after it’s been recovered. Ask your vendor if they test out their plans and how often, what the results are, and if they test with customer participation. Incidents happen, but it’s not the incident that matters as much as the outcome.
At IBT Apps, we know that cybersecurity is a critical issue in the industry and take it very seriously. We walk our clients through our business continuity plan that prepares for the unexpected. We test routinely to ensure the procedures and processes in place will work when needed in a live environment instead of waiting until it's too late. Additionally, we perform special backups throughout the day and archive offline because should the unfortunate occur, your data can be recovered faster with little to no service interruptions to your bank. Learn more about the business continuity plan.