Archive - Financial IT RSS Feed

Vertical Strategies and Top Vertical Markets

vertical-market-blog-big

Vertical markets are a great way to expand your business. Going after more and more clients no matter their industry is also a great way to expand your business. And doing both at once isn’t a bad approach either.

So how do you figure out what to do? As an MSP professional that is really your call. Rather than telling you what to do, we’ll talk about the value, and the protective value, of being a vertical MSP.

A big reason to go vertical is that you aren’t just selling your expertise in managing and securing general-purpose systems. Instead you can make these systems shine in particular industries, such as finance, public companies and healthcare – all three of which require compliance expertise. Continue Reading…

Security You Can Take to the Bank

password-protection

How Banks and Credit Unions Can Safeguard Data and Ace Audits

In today’s rough and tumble environment where hackers no know bounds, every financial institution, regardless the size, has to beef up security and remain ever vigilant.

According to recent surveys, 83% of the financial leaders who responded felt that data is their most important asset, and 79% said that having a strong technology infrastructure was critical to ward off cyberattacks. Unfortunately while most feel that security is a top IT budget priority, fewer than one in five believe they have strong security in place.

It shouldn’t be that way – nor does it need to be. Smaller banks may feel that they can’t afford to implement measures to detect and prevent security breaches. The truth is they can’t afford not to. Let’s look at why security is so important to financial institutions, and how even the smallest institutions can achieve their security goals without “breaking the bank.”

Continue Reading…

How Banks Can Stop Fearing the IT Audit

lion-tamer

There are few things people fear more than a tax audit. If you are an IT pro in a community bank or credit union, the pain of an individual tax audit is multiplied many fold when it comes time for a business-wide IT audit. These audits can happen anytime, not just once a year, and financial IT pros must always be prepared.

Making sure that you constantly stay in compliance with company policies, and the many and sundry local and federal rules and regulations, can be a nightmare. That’s only part of the issue — proving that you are in compliance by acing an audit is just as hard on IT and IT Ops departments. These groups must show that their organization is in compliance, including that patches are up-to-date, security is proven to be tight, and deep and careful activity logs are kept to record who has done what on the network.

In a recent survey of audit professionals, respondents were asked about audit practices. The results:
Continue Reading…

Simplifying IT Compliance for Credit Unions & Community Banks

compliance

As a CIO, IT manager, or MSP servicing financial institutions, you realize that compliance is an important priority. You need to be able to manage both internal compliance, ensuring employees follow operational policies to mitigate risk, and external compliance following rules and regulations established by outside entities such as the government.

Realizing the need for compliance is just half of the equation. Being able to effectively manage that compliance in an efficient and cost-effective manner is the second part. Let’s briefly look at some of the issues facing financial institutions concerning compliance, and then look at how you can achieve the second part without a big bank budget.

Compliance Worries of Financial Institutions

Compliance, auditing, and security issues keep financial professionals awake at night, and rightly so. Security lapses and failures in compliance can lead to huge fines, ruined reputations, and lost customer confidence. A CDW sponsored survey in 2015 asked senior executives at banks what concerns they had for their banks:
Continue Reading…

How Endpoint Management (aka Remote Management) Helps Support Enterprise Growth

remote-endpoint-managementIf you are considering growing your business, you are not alone. However, have you analyzed what that growth might mean to your IT operations? For example, when you grow your business through mergers and acquisitions, how do you integrate it all so everything runs smoothly? How do you manage security measures over a widening network? How do you effectively troubleshoot when your infrastructure may be spread over multiple locations? How do you make sure any regulatory compliance is met throughout your growth?

Most importantly, how do you do all this with limited resources while trying to keep costs in check?  You need to make endpoint management a part of any growth strategy. IT managers in all industries face a similar struggle, but let’s look at the banking and credit union industry in particular.

Continue Reading…

Strategic Issues in Systems Management Part 2: Mobile

Kaseya BYOD containerization

If there is one IT issue C-level managers understand it’s the connection between mobile devices and workforce morale, productivity and agility. After all, most of them are big smartphone users themselves. That raises the question of what to do about BYOD.

One challenge is platform diversity. Gone are the days when IT could enforce a Windows-only or Internet Explorer-only standard.  So IT has the management challenge of how to bring all these devices together in a single holistic view with a common set of metrics and controls despite their differing technical attributes. The other alternative — having a different management view for every platform — defeats the purpose of unified system management and in fact would be unworkable.

Continue Reading…

Strategic Issues in Systems Management Part 1: Compliance and Security

IT directors looking to engage their company’s C-level leadership on issues of strategic relevance might wish to consider systems management as a worthy topic. Few other activities offer as much enterprise leverage — whether you’re talking compliance, security, mobile, or distributed environments. Here is part one we are going to look at compliance and security:

Compliance

Systems management is how you enforce compliance when handling information across the enterprise — and a key part of that is policy automation. The ideal scenario is a single dashboard that provides one unified point of control over all IT assets, including remote endpoints such as employee laptops, tablets, and mobile phones. Policy automation, as part of that scenario, means you assert control in a scalable, auditable and timely way — especially if your management tools come with “out-of-the-box” scripts you can tailor rather than build from scratch. Such “out of the box” system management can, for example:

  • Assign multiple policies to each machine
  • Determine which policies are obeyed or ignored if a conflict arises
  • Check that each machine assigned one or more policies is in compliance
  • Show policy status across the organization on a consolidated dashboard
  • Enable manual policy overrides

Security

One of the fastest ways for IT can attract C-level attention, and not in a good way, is to be the target of a successful cyber attack. Yet, even though data security is an obvious strategic concern, there’s a temptation to regard the issue as “handled” once a tactical solution, namely data security software, has been adopted. The reality is, however, that addressing data security at a strategic level calls for marrying data security with comprehensive systems management.

In fact, system management and data security solutions have a complementary relationship. Data security solutions can, for example, detect wireless intrusion, control system access, manage passwords and protect against viruses and spyware. What it can’t do (but good system management can) is provide a single holistic view of system health, including any security alerts generated by the data security software. That also includes monitoring suspicious spikes in utilization of bandwidth or other resources — conditions that might indicate an attack in progress. And it can also provide detailed logging of critical events across all IT, which, among other things, would be vital for reconstructing everything that occurred leading up to a security event. But perhaps most importantly, what good system management is uniquely qualified to do is monitor the software update status (including virus signature updates) and enable patches to be applied easily and automatically across the entire enterprise as needed.

Join us for Part 2 when we talk about how to handle BYOD and most importantly how to secure employees’ personal mobile devices within enterprise system management — without ruffling employee feathers over privacy or ruffling the business’ feathers over data security.

 

image: getty images

NYSE Revisits Disaster Recovery Plans: Lessons for IT Pros

 

Disaster Recovery Plans for IT pros

Approximately 14 months before Superstorm Sandy walloped Manhattan and shut down the NYSE, the impending arrival of Hurricane Irene had made NYSE put disaster recovery plans in place to keep the big board operating, even if its Manhattan trading floor was inoperable or inaccessible.

Continue Reading…

Mobile Device Management Technology for Bank IT Networks

“When I go to Starbucks, I just click one button and I’m on the network. Why do I have to go through all these layers of security to get onto our network?” Sound familiar?

Banks have good reasons for their strict adherence to security and compliance regulations. Even so, you can’t afford to limit the productivity mobile access enables. Caught between needing to enable mobile device technology in the workplace and securing data, bank IT administrators are faced with making tough and sometimes unpopular decisions when it comes to mobile device management. To ensure success it’s a question of enabling relevant, secure access across the entire network, while protecting corporate assets and delivering an optimal user experience.

Continue Reading…

Bank IT Security Experts Clash over Branded Domain Extensions as Anti-Phishing Measure

Some larger banks are adopting a new bank IT security strategy to try to thwart phishing attacks. According to a recent post by Andrew Seidman at the Wall Street Journal online, banks and financial services firms are buying new Internet addresses with extensions over which they will have exclusive control.

Banks that have purchased extensions, such as .bofa and .citi, believe that these extensions will make phishing attacks more difficult because owning a branded domain extension will give the bank exclusive control over all of the addresses with that extension. Of course, the banks also hope that consumers will become familiar enough with the extensions to recognize them as a crucial identifier of the bank’s legitimate sites.

Continue Reading…

Page 1 of 212»
-->