Posts Authored by David K. Stein

Ohio DFI issues data security guidelines

In response to increased financial fraud issues, the Ohio Division of Financial Institutions (DFI) recently issued data security guidelines. While the DFI specifically addressed debit card issues, its language indicates expectations for all institutions, requiring active steps to implement data security measures.

The DFI emphasized the following obligations:

  • Daily review of security-related issues
  • Email security and encryption
  • Timely review of security and activity reports
  • Suspicious activity report (SAR) training
  • Standardized security controls
  • After hours mechanisms to control suspicious activity

At its Ohio Banker’s Day on March 31, 2016, the DFI spent considerable time discussing financial fraud. It is apparent that further guidelines and bulletins will be forthcoming and will apply to all consumer-related activity, including lending. In light of its supervisory bulletin, verbal statements and the Consumer Financial Protection Bureau’s recent order in Dwolla, it is expected that data security will be a priority item in any future Ohio financial institution examinations.

Data Breach, General News

Data security and the myth of ostriches

There is a common saying that those who refuse to confront or acknowledge a problem are simply burying their head in the sand, like an ostrich. Apparently, a myth exists that ostriches stick their head in the sand when facing attacks from predators. Origins of this myth date back as far back as the Bible. For the record, ostriches do not really do this — they just hide.

What does this have to do with data security, you ask? Plenty.

Read more in the latest Cybersecurity Insight

Prevention

Do your company’s cybersecurity practices deceive consumers?

Not a day goes by without breaking news of a cybersecurity breach. Indeed, thoughts of a system hack keep many executives up at night. Small- and medium-sized businesses often fear that they do not have the robust resources or staff to adequately handle these threats.

The Consumer Financial Protection Bureau (CFPB) has now weighed in on these issues with a consent order that delivers cybersecurity guidelines.Of particular importance is the fact that the CFPB has now used its ultimate weapon — Unfair, Deceptive, or Abusive Acts or Practices (UDAAP) — as a tool to ensure that companies adopt effective security protocols.

For a detailed analysis of the CFPB's consent order and what it means for consumer-facing businesses, read the latest Cybersecurity Insight

Court Decisions, Prevention