What do you suggest for annual security training for back office (mostly non-customer contact) employees? We have completed the retail (front-line) training and robbery is not likely to effect the back office staff. Are we required to train the back office staff on robbery each year?
DirectPointe provides managed computing services that include remote PC and Network Management services. We are working with a community bank in Utah that is interested in our services, but is concerned with any regulatory issues that may not allow us to have remote access to their network and PCs (since their network is connected to a service bureau, which has confidential information). Can you provide any information/insight into this issue? Can we provide remote services and if so, does our company need to meet certain requirements? Please let me know if you have recommendations.
Physical and Digital Threats to Financial Institutions in the Wake of the Terrorist Attacks
Do the GLB requirements concerning safeguarding customer information apply to affliates. (Specifically the data protection requirements that are required by July 1, 2001.) The holding company (financial) that owns the bank also owns 1/3 of a non-bank affliate.
What is your take on disclosing the SSN on UCC documents? Are ther any Privacy issues that arise there?
Are we required to notify our customers of possible computer intrusions? Where can I find regulatory information regarding intrusions or hacks and the notification of customers?
- 66% of community banks say they do not share any customer information with any third parties, affiliated or unaffiliated. 5% share with unaffiliated third parties. 26% share with affiliates.
We have had many discussions concerning keys to our branches. What is the recommended procedure for employee keys and key logs? Who should have access to the bank on a 24 hour basis and what procedures should we implement to know who has the keys?
I would appreciate any advice on where to start when developing our information security program.