Wednesday, July 28, 2021

Week of March 9

In This Issue…

Information coming out on Microsoft Exchange Server  cyber vulnerability issue

The OBA learned recently from its friend in working on bank-related fraud, Brian Krebs, that concerns about the Microsoft Exchange Server cyber vulnerability continue to grow among government officials and cybersecurity experts.

Please continue to work with your IT security team and service providers to assess your vulnerability and to monitor the latest updates from Homeland Security’s Cybersecurity & Infrastructure Security Agency.

They added: “With multiple groups now attacking the vulnerabilities, the hacks are expected to disproportionately impact organizations that can least afford to defend against them, like small businesses, schools, and local governments, said former US cybersecurity official Chris Krebs.”

It means community banks could be at risk. On Saturday, CISA announced the release of Microsoft’s Indicator of Compromise Detection Tool for Exchange Server Vulnerabilities. Your bank can use the tool to help determine if your systems are compromised: click here.

The Cybersecurity and Infrastructure Security Agency (CISA) strongly urges its partners to follow guidance provided to Federal Civilian Executive Branch Departments and Agencies at cisa.gov/ed2102. This CISA Emergency Directive outlines key steps federal officials must take to immediately address this vulnerability. We cannot stress enough the seriousness of this vulnerability; it is widespread and is indiscriminate.

Additionally on this topic, as a follow up to the conference call The Cybersecurity and Infrastructure Security Agency held last week regarding the Microsoft Exchange widespread vulnerability affecting on-premise deployments, CISA published the following current activity supplemental guidance to ensure all partners understand the severity of the vulnerability and steps to detect and mitigate potential compromise.

All information surrounding this vulnerability can also be found directly at www.cisa.gov.

NOTE: Exploitation of this vulnerability before patch installation permits an adversary to gain persistent access to and control of entire enterprise networks which is likely to persist even after patching.

Please immediately speak with your IT officials to determine what steps your organization has taken, and if your organization does not have the technical capability to verify network integrity please consider bringing in a third party to assist you as soon as possible.

Everyone using Microsoft Exchange on-premise products must:

  • Check for signs of compromise.
  • Immediately patch Microsoft Exchange with the vendor released patch.
  • If unable to patch, remove the products from the network immediately.
  • Upgrade to the latest supported version of Microsoft Exchange.

Response to indicators of compromise are essential to eradicate adversaries already on your network and must be accomplished in conjunction with measures to secure the Microsoft Exchange environment. Patching an already compromised system will not be sufficient to mitigate this situation; therefore, CISA strongly encourages partners to immediately disconnect any Microsoft Exchange systems suspected of being compromised.

Please contact CISA for any questions or to report an incident regarding this vulnerability at Central@cisa.gov. Also, be aware of an upcoming IS MAFIA meeting concerning this subject – contact Elaine Dodd at the OBA for more information!

Back to top

Get your photos in for OBA 2022 Views & Vistas photo contest

The Oklahoma Bankers Association is proud to offer again the customized calendar, “Oklahoma Views & Vistas” from photographs of Oklahoma submitted by Oklahoma bankers and their family members and board of directors and their family members.

These calendars will be sold exclusively to banks across the state of Oklahoma for bankers to give to their customers to enjoy all year long!

If you or a family member is an amateur photographer and would like the opportunity to have your creativity displayed in homes and businesses across Oklahoma, the OBA has a great opportunity for you! So send us your photos of farms, barns, agricultural activities, historical Oklahoma locations, county fairs, carnivals, parades or festivals, fall colors, winter snowfalls, spring flowers or summer fun; any photo that shows the history and beauty of the great state of Oklahoma.

The deadline to submit photos is March 31. All photos submitted will be scored by a panel of judges. The top-scoring photos will be featured in the 2022 Views & Vistas calendar!

Click here for more information and for the registration form.

Back to top

OBA education corner …

We’re only a week away from spring breaks for many folks! Before you put on your sunglasses and relax, though, check out the upcoming OBA education events so you can have them on your schedule.

NOTE: Effective March 16, 2020, and until further notice, TTS (our webinar provider) has extended the OnDemand access period for all ‘Live Plus Five (Days)’ registrants to 60 days (versus five business days). Also, they are waiving the $75 per location fee for additional locations.

  • Controlling Risks of Power of Attorney Documents, webinar, March 18 — This session will focus on the best practices that can be employed by banks rather than looking at any particular state laws.
  • Event ACH Origination and Same Day Entries, webinar, March 18 — We will discuss the benefits of ACH Origination for your bank and your customers.
  • What Goes Into a Valuable Impact Analysis?, webinar, March 22 — A good Business Impact Analysis helps you make important recovery decisions, specifically which business processes should you restore first (and in what order), and what is needed to restore those business processes. This webinar will cover how to build such a valuable BIA.
  • COVID Vaccines, Paid Leave and Accommodations, webinar, March 23 — The objective of this session is to provide attendees with most recent legal/regulatory guidance. We will include time for questions, to make the session as interactive as possible.
  • BSA: CIP and CDD, webinar, March 23 — This program will evaluate CDD and EDD regulation, exam guidance and provide thoughts on how to proceed with a program that is sales friendly to the account holder.
  • 2020/2021 IRA Reporting Requirements 101, webinar, March 25 — While we will mostly focus on the IRA reports required by the financial institution vs. the client’s own required forms filed with their tax return, the other forms will also have a quick overview.
  • Treasury Management: A Powerful Took To Increase Deposits And Fee Income, webinar, March 25 — You will walk away from this course with a deeper knowledge of Treasury Management, learn to conduct risk assessments on new products, and learn strategies to increase core deposits.
  • 2021 Workshop for Loan Assistants and Loan Processors, April 20-Oklahoma City; April 21-Tulsa — This seminar is designed to increase the lending knowledge and administrative effectiveness of one of the most important positions in a community bank’s lending staff – the loan assistant/loan processor.
  • 2021 Spring Human Resources Seminar, April 22, Oklahoma City — Today’s HR professionals must be well-versed in areas such as employment law, workplace safety, staffing and the latest technologies that impact the HR role. This makes ongoing Human Resources education and training an absolute necessity.

Back to top