Florida Banking December 2024-January 2025

accounts if a password has been compromised or caught up in a breach. Cybersecurity Threat #3: Overexposed Services or Devices Admin login pages or other services that should be restricted, such as firewalls and routers, are commonly found open to anyone. This leaves them vulnerable to criminals using scanning tools to detect open ports to use as an initial attack vector for vulnerabilities unknown to the public. These are referred to as zero day vulnerabilities. These are especially dangerous because the attackers are the only people who know about them. Once they have infiltrated a network vulnerability, criminals can immediately attack or wait for the most advantageous time to do so. The Solution: System Testing and Hardening Keep all software and operating systems up to date.

cybersecurity. Our SHAZAMSecure® team provides you with a menu of security services so you can pick what’s right for you. We can help your financial institution evaluate your information security and IT policies to identify areas where you’re most at risk for a cyberattack. We also can test for any internal or external vulnerabilities to help you better understand any internal or external weaknesses that may exist to ensure all your systems remain secure. Together, we can ensure your accountholder’s financial information is secure from their first log in. As vice president of information security, James Boyd is responsible for developing and maintaining SHAZAM’s security program. An active technology and cyber security professional with over 20 years’ experience, he’s earned designations as certified chief information security officer, information security manager and information systems security professional.

These updates include security patches to cover any identified vulnerabilities in previous releases. Additionally, disable unnecessary services and features to minimize any potential vulnerabilities. Use secure configurations to prevent anyone from engaging in unauthorized web activities and to help prevent malicious activity. Cybersecurity Threat #4: Unlimited User Access Not all users should have access to every network, IT infrastructure, or computer system at your financial institution. Giving employees unlimited access is like giving them a master key. If the master key gets into the wrong hands, all your systems are at risk. The Solution: Principle of Least Privilege The principle of least privilege is giving employees access to the networks and folders necessary for their job. It strikes a balance between usability and security to safeguard critical data and systems. This limits the damage of compromised user credentials or accidental data exposure. Staying Secure with SHAZAM As cyberattacks become more prevalent and sophisticated, financial institutions are under growing pressure to beef up their

WWW.FLORIDABANKERS.COM DECEMBER 2024/JANUARY 2025 — 13