Self-Assessment Tool for Mitigating the Risks of Ransomware
October 19, 2020
To: Chief Executive Officer
Subject: Self-Assessment Tool for Mitigating the Risks of Ransomware
Ransomware has become the top cybersecurity threat today and incidents are in the news almost daily. The attached Ransomware Self-Assessment Tool (R-SAT)
was developed to assist your institution in mitigating this risk. The R-SAT is a brief questionnaire that walks you through key measures to protect your bank and to communicate and discuss with your Board the measures you have taken.
The R-SAT was developed by a national task force of community bank CEOs in partnership with state bank regulators and the US Secret Service. It was specifically developed to address the unique needs of community financial institutions. We think you will find it a very helpful resource and we strongly encourage you to complete the tool as soon as possible, as ransomware threats continue to escalate and expand. Please submit the completed questionnaire to the State Bank Department at email@example.com by March 31, 2021.
Because of the extreme impact that Ransomware can have, our agency will be contacting you during the first half of 2021 to discuss your progress in implementing Ransomware mitigation measures. Although we will review all aspects, we will focus discussion on your backup practices and efforts to implement multi-factor authentication.
If your financial institution is scheduled for an IT examination between now and the end of the second quarter 2021, we will review your completed R-SAT during the upcoming examination. If you are not scheduled for an IT examination prior to June 30, 2021, our agency will call your institution to conduct our review of the R-SAT.
Due to the increased use of Ransomware by adversaries and the severe impact it can have on the community banking industry, we are working with the US Treasury Department to schedule tabletop exercises in the coming months for bank CEOs and a member of their technical staff. These will most likely be held virtually. We will send more information and registration details as we get the tabletops scheduled for our state.
If you have any questions regarding the R-SAT, please contact Jeff Cameron, IT Exam Manager at 501-324-9019 or firstname.lastname@example.org or Donna Dodge, Certified Senior Examiner at email@example.com.
< Back to News