Operational risk resources to help community banks stay secure amid cyberattacks

June 03, 2021

By Joel Williquette

In the wake of the high-profile cyberattacks on SolarWinds and Colonial Pipeline affecting national security and the everyday lives of Americans, cybersecurity has never been a more pressing concern to community banks.

Fortunately, ICBA offers access to various resources to help community banks maintain their edge in cyber defense.

Operational Risk

ICBA recently updated its Operational Risk resource center to ensure community banks have the latest information and resources on internal and external forces affecting their business continuity planning.

ICBA’s resource center includes distinct sections dedicated to:

Each section includes alerts, educational tools, sample notifications and other communications resources, training opportunities, advocacy initiatives, and more.

Sheltered Harbor

With traditional backup and recovery systems at risk of compromise in the event of a malware attack on community bank IT systems, ICBA also continues to encourage community banks to join Sheltered Harbor.

This not-for-profit industry initiative protects against cybercrime by:

  • Backing up participating banks’ critical customer account data each night.
  • Storing the data in an encrypted data vault.
  • Restoring it in the event of a disaster.

Unlike traditional disaster recovery systems that are vulnerable to malware attacks, an “air gap” between the bank’s network and the Sheltered Harbor vault prohibits the spread of malware, protecting customer data from corruption and accelerating account recovery.

With regulators expected to increasingly push for such “air gaps” to demonstrate malware protections, Sheltered Harbor provides community banks with an essential backup to their backup.


Finally, community banks can demonstrate their commitment to cybersecurity by adopting a .BANK domain.

Available exclusively to banks, savings associations and related organizations, the .BANK top-level domain adheres to higher security requirements than other commercially available TLDs, such as .COM or .NET.

For instance, community banks that register a .BANK extension must use domain name system security extensions, which ensures that website visitors are directed to the correct website. Additionally, .BANK extensions require email authentication to protect against phishing attacks and email spoofing.

While the impact of cybercrime has stretched from the nation’s national security apparatus to the mundane trip to the gas pump, these resources can help community banks stay a step ahead.

Joel Williquette is ICBA senior vice president of operational risk policy.