Begin Main Content Area

 Content Editor ‭[3]‬


 Content Editor ‭[2]‬

What is Cybersecurity?

Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. 


  • The Bankers Electronic Crime Taskforce, state bank regulators, and the United States Secret Service collaborated to develop this tool to help financial institutions periodically assess their efforts to mitigate risks associated with ransomware and identify gaps for increasing security.  
  • This document provides executive management and the Board of Directors with an overview of the institution’s preparedness towards identifying, protecting, detecting, responding, and recovering from a ransomware attack.  It may also assist other third parties (such as auditors, security consultants, and regulators) that might review your institution’s security practices.
October 2022 - FFIEC Cybersecurity Resource Guide (PDF)
  • The Federal Financial Institutions Examination Council (FFIEC) issued an update to the 2018 FFIEC Cybersecurity Resource Guide for Financial Institutions.  The 2022 guide lists programs and initiatives designed for, or are available to assist, financial institutions.
June 2022 - CISA Cyber Assessments (PDF)
  • Cyber Hygiene Vulnerability Scanning
May 2022 - Cybersection - The Quarter Newsletter (PDF)
    •  CISA Shields Up
February 2022 - CISA Guidance

January 2022 - Cybersection - The Quarter Newsletter (PDF)
    •  Apache Log4j Vulnerability Guidance
    •  FinCEN Advisory on Ransomware
    •  Mortgage Servicing Regulation Updated to Incorporate CFPB's 08-31-2021 Changes
December 2021 - Apache Log4j Vulnerability

November 2021 -  FinCEN Ransomware Advisory

    •  FinCEN Advisory on Ransomware

October 2021 - Cybersection - The Quarter Newsletter (PDF)

    •  FinCEN Releases Ransomware Trends Analysis
    •  Updated Online Cybersecurity Guide
    •  New Federal Ransomware Website Launched

August 2021 - 

  •  CISA Ransomware Resources

July 2021 - Cybersection - The Quarter Newsletter (PDF)

    •  CISA's CSET Release Ransomware Readiness Tool
    •  Federal Cybersecurity Response

April 2021 - Cybersection - The Quarter Newsletter (PDF)

    •  Department reminds firms to contact regulators with issues related to        SolarWinds Breach
    • CISA:  CHIRP IOC Detection Tool
    • Microsoft Exchange Cyber Attack
    • Randsomware Self-Assessment Tool

March 26, 2021 - NEW ALERT: 

CISA has issued a new alert for detecting post-compromise threat activity using the CHIRP IOC Detection Tool.  The tool to assist network defenders with detecting activity related to the supply chain compromises affecting SolarWinds and Active Directory/Microsoft 365.    

March 16, 2021 UPDATE:  Microsoft Exchange Server Vulnerability

CISA has updated Alert AA21-0762A regarding the Microsoft Exchange Server Vulnerability with further guidance. ​

March 2021 - Microsoft Exchange Server Vulnerability

CISA Emergency Directive 21-02:  The Cybersecurity & Infrastructure Security Agency (CISA) has issued Emergency Directive 21-02 regarding Microsoft Exchange On-Premises Product Vulnerabilities.  Additional information may be found here.  All institutions should be assessing their own and vendor exposure to the Microsoft Exchange vulnerability and taking necessary mitigation steps.    

February 2021 - Ransomware

The Bankers Electronic Crimes Taskforce (BECTF), State Bank Regulators and the United States Secret Service has developed a Ransomware Self-Assessment Tool.  The tool was developed to help financial institutions assess their efforts to mitigate risks associated with ransomware and identify gaps for increasing security.  This tool provides executive management and the board of directors with an overview of the institution’s preparedness towards identifying, protecting, detecting, responding, and recovering from a ransomware attack.  

For more information click here.

January 2021 - Cybersection - The Quarter Newsletter (PDF)

​Cybersecurity ALERT:  SolarWinds Orion Platform Software IT Incident



December 2020 - Alert - SolarWinds Orion Platform Software IT Incident

On December 13, 2020, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert regarding an active exploitation of SolarWinds Orion Platform. See  All financial institutions should be assessing the risk to their systems and implementing necessary remediation measures. 

Financial Institutions are encouraged to obtain updates and threat and vulnerability information from the Cybersecurity and Infrastructure Security Agency at or through the Financial Services Information Sharing and Analysis Center (FS-ISAC) at

The below are links to additional resources financial institutions may refer to as they conduct their risk assessments and determine applicable remediation steps. 

October 2020 - Cybersection - The Quarter Newsletter (PDF)

  • FinCEN Issues Advisory on Ransomware
  • FTC Data Shows Big Increase in Social Media Scams
  • Stay Vigilant Online
  • NIST: Integrating Cybersecurity and Enterprise Risk Management (ERM)
  • Consumer Cybersecurity Tips
  • FBI - Increased Use of Banking Apps Could Lead to Exploitation
  •  Tips to Avoid Coronavirus Financial Scams, Investment Schemes
  • Stimulus Payment Phishing Scams
  • Strategies to Help Pennsylvanians Protect Themselves Online and on the Phone
Fall 2019 - CyberEssentials - Volume 1 (PDF)
  • Essential Elements of a Culture of Cyber Readiness
  • Essential Actions for Building a Culture of Cyber Readiness
  • Phishing Reminder
  • Protect Yourself Against Ransomware
  • Your Voice Counts! Social Media Feedback

April 2019 - Cybersection - The Quarter Newsletter (PDF)

  • NIST Launches Cybersecurity Website for Small Biz
  • State Regulators Appeal to Congress on Marijuana Banking Fix
  • FINRA Issues Cybersecurity Practices Report for Broker-Dealers
  • PA Supreme Court Holds Businesses Have Legal Duty to Safeguard Employee Information
  • DOBS Staff Recognition 


October 2018 - Cybersection - The Quarter Newsletter (PDF)
  • Personally Identifiable Information
  • Free Cybersecurity Assessments, Services Available
  • Position Issued on Use of Investor Client Username, Passwords
  • DoBS Cybersecurity Efforts Expand
  •  Third-Party Risk Management
  • Cyber Insurance:  Right for Your Company?   
  • Department Issues Cybersecurity Guidance 


November 2017 - Secretary's Letter on Cybersecurity
Cybersecurity continues to be a top priority of the department, as it should be for every financial services institution and business. The department continues to develop and share resources available to companies and organizations to assist them in developing strong practices to address cybersecurity threats.

October 2017 - Cybersection - The Quarter Newsletter (PDF)

  • New Cybersecurity Resource to Protect Pennsylvanians
  •  NIST Cybersecurity Guidance for Small-Business Owners
  •  2016 - Cybersecurity Year in Review
  •   Personal Identifiable Information 

U.S. Securities and Exchange Commission (SEC) case involving Cybersecurity dated June 8, 2016.  Click here for more information (PDF)
  •  Cybersecurity Awareness Month      
  •  Finance and Technology
  •  PA $AFE
  •  National Cyber-Forensics & Training Alliance
  •  New Video to help Consumers
October 25, 2016 - FinCEN IssuesAdvisory to Financial Institutions on Cyber-Events and Cyber-Enabled Crime (PDF) - The Financial Crimes Enforcement Network (FinCEN) issued an advisory to financial institutions on cyber-events and cyber-enabled crime. Cybercriminals target the financial system to defraud financial institutions and their customers and to further other illegal activities. Financial institutions can play an important role in protecting the U.S. financial system from these threats. In addition to the advisory, FinCEN also issued Frequently Asked Questions (FAQs) (PDF) regarding the reporting of cyber-events, cyber-enabled crime, and cyber-related information through Suspicious Activity Reports. 

October 2016 Secretary's Letter on Cybersecurity
The Department continues to work collaboratively with federal regulators, other states financial regulators, and other Commonwealth agencies to address cybersecurity challenges.

October 2016 - FFIEC Announces it will host two webinars in observance of Cybersecurity Awareness Month. Register for the webinars here.

September 2016 - The FFIEC issued a Revised Information Security Booklet on September 9, 2016, which is part of the FFIEC Information Technology Examination Handbook. 

July 2016 - A Presidential Policy Directive (PPD-41) released on July 26, 2016, sets forth principles governing the federal government’s response to any cyber incident, whether involving government or private sector entities. For significant cyber incidents, PPD-41 also establishes lead federal agencies and an architecture for coordinating the broader federal government response.  Presidential Policy Directive - United States Cyber Incident Coordination

  • Ransomware

June 2016 - FFIEC issues Joint Statement on Cybersecurity  of  Interbank Messaging and Wholesale Payment Networks FIL-37-2016 

April 2016Cybersection - The Quarter Newsletter (PDF)
  • Federal Resources for Businesses
  • Patch-Management and Software Security Precautions
January 2016 - Cybersection - The Quarter Newsletter (PDF)
  • Federal Regulators Release Revised Management IT Booklet
  • Data Breach Protocol
  • Cybersecurity Act of 2015
  • DOBS Staff Recognized at PA Digital Government Summit


  • Cybersecurity Task Force Announced         

September 2015Cybersecurity Efforts and Resources (PDF)

A letter from the Secretary of Banking and Securities to all state-chartered and licensed entities announcing the formation of a Cybersecurity Task Force, describing Commonwealth cybersecurity efforts, and encouraging the development of cybersecurity attack prevention and mitigation plans using available and recommended resources.