Is your bank prepared if a breach happens? Maybe not at your bank but at one of your key vendors?
Do you know the steps your bank will take?
While you may think your vendors are just as secure as your organization, it just takes one employee mistakenly clicking on one link or one attachment to open the door to trouble.
You may have a written IT Incident Response/Disaster Recovery plan – but have you practiced it? Tested it for gaps and incorrect assumptions?
An Incident Response Exercise – which the National Institute of Standards and Technology (NIST) calls “Tabletop Exercises” – serves much the same purpose as the training drills that First Responders and military units practice. It helps you develop a hierarchy of actions to improve outcomes while also exposing gaps and assumptions that need to be addressed.
If you have a plan but haven’t run a drill based on it, how do you know you have all the law enforcement contacts you need? The right executives taking the right steps at the right time?
You could run the risk of your board of directors failing their fiduciary responsibility to ensure your bank’s stability and continued operations. An untested plan is not an action plan. It is a collection of suggestions.
We help clients rehearse their Security Incident Response Plans with NIST-based Tabletop Exercises. We provide real-world scenarios and unexpected twists so your team can really think through your response plan and fix any gaps it may have.