The following tip was provided by our friend, Jim Edman, CISA Cybersecurity Advisor for South Dakota.

We spend a majority of time talking about the software and hardware vulnerabilities and related aspects of cybersecurity. It’s important that we remember the physical aspects also. Though we are a small state and considered by some to be somewhat geographically isolated, a critical aspect of cybersecurity continues to be the physical aspects. Reports surfaced this week of Russian nationals attempting to gain access to critical infrastructure facilities across the country. Recommendations for in-person and voice I/T support include:

A majority of the nation’s small business owners—78%—say they are concerned about the threat of a Russian cyberattack in light of recent news coverage, according to new survey data released by New Jersey-based Provident Bank earlier this week. Looking ahead to the next 12 months, three in 10 survey respondents said it is “very likely” their business will experience a cyberattack or cybersecurity breach, compared to just 11% who said it was not likely at all.

Seven in 10 small business owners said that addressing a cyberattack or breach was part of their business continuity plan; however, just half said they are actually fully prepared to face a cyberattack on their organization. A similar percentage (around 50%) said that the threat of a cyberattack is something they think about nearly every day.

ABA will host a second free webinar April 4 at 1 p.m. CDT for ABA bank members and state association staff on how Russia’s invasion of Ukraine affects banks and the financial sector. The webinar will feature ABA President and CEO Rob Nichols and K2 Integrity’s Juan Zarate and Danny Glaser. Attendees will hear the latest updates on Ukraine, the financial costs being imposed on Russia beyond sanctions, and the challenges U.S. banks should prepare for next. Register for the webinar. View ABA’s resources on the Russia/Ukraine conflict.

“It really needs dedication,” Almeida says, noting that the DEI goals of the $2.5 billion Massachusetts mutual bank required more than a cross-departmental committee but rather the focused attention of full-time bank professionals. Almeida discusses how her role as a community bank CDO facilitates DEI partnerships and initiatives both within and outside of the bank. She shares advice for individuals transitioning into community bank CDO jobs and talks about BayCoast’s pilot program to boost diverse talent through a three-year bachelor’s program that provides a full scholarship and part-time bank job.

In the wake of Russia’s invasion of Ukraine, western governments have imposed unprecedented financial sanctions on individuals, businesses, banks and governments in Russia, Belarus and Russian-occupied areas of Ukraine. With new sanctions continuing to be announced and a rolling series of compliance deadlines, the latest episode of the ABA Banking Journal Podcast — sponsored by IntraFi Network — features ABA VP Rob Rowe for a discussion of:

• The overall view of sanctions and what banks should be anticipating in the near future.
• How banks of all sizes, including small banks, can have exposure to sanctionable transactions.
• The role of software — and regular updates to it — as well as correspondent banking relationships in facilitating sanctions compliance.
• Red flags for sanctions evasion bankers should watch out for.

Click here to listen.

The Treasury Department last Friday issued a new round of sanctions against individuals who have supported Russian President Vladimir Putin’s invasion of Ukraine, including the management board of VTB Bank, which was also previously sanctioned. The sanctions followed an executive order signed by President Biden that established several additional steps to limit imports, exports and new investment with Russia in light of the ongoing conflict.

Additionally, the Office of Foreign Assets Control issued new guidance aimed at preventing sanctions evasion, including through the use of cryptocurrencies. “This guidance continues to make clear that Treasury’s expansive sanctions actions against Russia require all U.S. persons to comply with OFAC regulations, regardless of whether a transaction is denominated in traditional fiat currency or virtual currency,” Treasury said.

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a joint cybersecurity advisory on Tuesday with technical details, mitigations, and resources regarding previously demonstrated ability of Russian state-sponsored cyber actors to gain network access through exploitation of default multifactor authentication (MFA) protocols and a known vulnerability in Windows Print Spooler, “PrintNightmare.”

As early as May 2021, the Russian state-sponsored cyber actors took advantage of a misconfigured account set to default MFA protocols at a non-governmental organization, allowing them to enroll a new device for MFA and access the victim’s network. The actors then exploited a critical vulnerability “PrintNightmare” (CVE-2021-34527) to run arbitrary code with system privileges, and then were able to access cloud and email accounts for document exfiltration.