January 7th, 2021

2021 Security & Compliance Checklist - WST

Yep, another year has flown by and a new year is here. Now is a great time to take a close look at your 2021 schedule to make sure the critical elements of your information security and compliance programs are mapped out.

Items you may want to schedule:

  • Information security awareness training
  • Policy review, updates, and approval (annually)
  • IT Risk Assessment review and update
  • FFIEC Cybersecurity Self-Assessment Tool Review and update
  • IT security report to the board (GLBA)
  • Program Training & Testing:
    • End user training
    • Tabletop exercises
    • Walk-through exercises
    • Partial or full tests of the following:
      • Business Continuity Plan
      • Disaster Recovery Plan
      • Business Impact Analysis
      • Evacuation Plan
      • Pandemic Continuity Plan
      • Incident Response Plan
  • External security assessment and audits
    • External penetration test (expected annually)
    • Vulnerability assessment (internal and external, expected annually)
    • Social engineering testing (expected annually)
    • Web compliance review (recommended with ADA regulations)
    • Independent IT audit (expected annually)
  • Internal assessments and audits
    • User account review/audit
    • User permission testing and audits (suggested quarterly)
    • Testing backups
    • Power generator and UPS testing
    • Firewall configuration and rule review (expected quarterly)
    • Vendor management and due diligence
    • Physical security training
    • After-hours walkthrough security review of branches
  • Continuing education for IT security and IT administration
  • Review and finalize IT security budget
  • BSA/AML & OFAC risk assessment (suggested annually to 18 months)
  • BSA/AML & OFAC training (annually)
  • BSA/AML & OFAC audit (annually to 18 months)
  • BSA/AML model validation (suggested every 24 months, assuming no change in BSA risk)
  • ACH NACHA audi (required annually)
  • Lending, deposit, and administrative compliance audits

A new thing we recommend this year is the Ransomware Self-Assessment Tool (https://www.csbs.org/ransomware-self-assessment-tool). It’s not required, but can help you understand your ransomware risk, and associated control needs.

Other items that may need attention:

  • Have you remediated all findings from your past audits and examinations?
  • Have all your employees read and signed your institution’s:
    • Acceptable Use Policy
    • Employee Handbook
    • Confidentiality agreements
  • Have you reminded your users that social engineering testing can occur at any time?
  • Will you attend any technology or compliance seminars, or trade shows this year?
  • Have you visited 10-D Academy lately? (https://10dsecurity.com/10-D-Academy.html)

Link to our IT Security Services: https://10dsecurity.com/10-D-Security-services.html

Link to our Compliance Service: https://10dsecurity.com/10-D-Compliance-services.html

You May Want to Read More:

Keep Yourself from being Roasted - WST

April 9th, 2020

April 9, 2020 Keep Yourself from being Roasted...

Increase in Cybercrime During COVID-19 – WST

September 3rd, 2020

September 3, 2020 Increase in Cybercrime During COVID-19...

IT Asset Management-Secure your environment & save money too! - WST

September 17th, 2020

September 17, 2020 IT Asset Management-Secure...

Keep your institution off the evening news.

Contact Us