The Garland Group would like to welcome and introduce Mark McSpadden to our team! We’ve worked with Mark as a contractor for a while, and he has been instrumental in designing and developing our risk assessment software, RiskKey. Mark will be key in working with Brad on a variety of other new ideas and services that The Garland Group will be offering in the near future.

You can email Mark at: mark(at)thegarlandgroup.net

WELCOME!!!

Why do financial institutions spend hundreds of thousands of dollars on firewalls, 24/7 intrusion monitoring, multi-factor authentication, spy ware and anti-virus systems, but security training ends with an acceptable use policy that no one ever reads? With 80% of all fraud and security attacks coming from internal sources, a greater emphasis needs to be put on security training and awareness for financial institution employees.

The reasons for not implementing employee training and awareness are obvious. First and most importantly to management is obviously the time and money involved to adequately train everyone. Upper management is just as susceptible from password hacking, social engineering, and security breeches as anyone else. Next, is the issue of finding a program that works. If employees are forced to do some on-line training when they can find some time, who is to say that they are not just clicking through and guessing at the questions just to get the boring thing over with.

The answer to this is integrating information security into the culture of the organization. Something that everyone buys into will be successful and not a burden or hassle for employees. In an environment where passwords written on a post-it note on someone’s desk is appalling to everyone is a culture that understands information security.

I encourage you and your organization to explore Security Training options. A good program will educate people on Social Engineering, importance of complex passwords, clean desk policies, phishing and much much more. Also, try to make it fun for your employees. Find a training firm that knows what they are talking about, but won’t put you to sleep while doing so. Interactive training is always easier to keep employees attention. Finally, let them take something tangible away from the training, like notes, pens, desk toys, or anything that keeps information security on the front of their minds.

The benefits of security training are great. Besides the obvious of data protection, it keeps regulators at bay on how information security rates in your organization. Give security training a serious thought.

Financial institutions have a real challenge in either selecting a new Core Software package or negotiating an updated contract in today’s world. There are SO many options with different vendors on the Core side, not to mention the plethora of ancillary products. To add to this challenge, many of the vendors have a large menu of Core products and sometimes are just taking a shot in the dark to put the right product with the right bank, credit union or savings bank.

The Garland Group provides consulting services to assist institutions with these choices,  but frankly it’s even hard for those of us that stay close to the market place and informed on what products are available.  It’s been our experience with vendor responses to Request for Proposals(RFP), that they are choosing from their menu of products based solely on the asset size, what the institution has installed now and not on the real requirements. Some of the problem is ours. We have been burying the specific needs of the institution in our standard requirements for a financial institution.  All new RFPs will have these requirements highlighted to the vendors. We will also include a disclaimer that brings to the vendors attention special requirements.

More to come later on in-house vs. outsourced, what are the things that are REALLY different in Core systems, and where  the savings are normally found.

I would just like to thank everyone for the invitation to the Jack Henry Southwest Users Group this evening. I wanted to go ahead a post the PDF download as well as the link to a similar presentation on this topic just in case you’d like to forward it along to someone in your institution.

Feel free to email me any additionals questions you might have or you can of course comment below.

Thanks everybody!