Case Study
|
April 14, 2021
|
No items found.

Helping a bank identify customer data risks

No items found.

Bank management asked Elliott Davis for help: “We have lots of data from customers applying for Paycheck Protection Program loans (PPP); is it protected? Additionally, we had a previous firm perform testing, but we need to validate their results. Can you help?”

Customer Background

    • Top nationwide lender
    • Previously had completed a cybersecurity assessment and penetration test with another firm, needed confirmation of findings
    • Needed to protect client data received through their PPP loan portal
    • Wanted to assess overall security posture of applications and systems

Our Approach

1. External Penetration Testing occurred first due to sensitivity of PPP application data.

    • Testing performed uncovered data customers submitted was not adequately protected
    • Found path to key documents that included sensitive personally identifiable information
    • Team alerted bank in afternoon with steps for remediation; IT team resolved issue following morning

2. Internal Penetration Testing completed on entire network.

    • Elliott Davis team mimicked multiple threat scenarios to demonstrate impact of findings on internal network
    • Result: Ability to capture passwords and access domains- specifically card issuance system that prints credit cards
    • Remediation path developed for Customer IT team to implement

3. Cybersecurity Assessment completed analysis of bank security posture against CIS Framework.

Customer Results

    • Identified PPP loan portal was at risk and remediated in less than 24 hours
    • Performed a complete and thorough external and internal penetration test of systems and applications; previously not fulfilled
    • Pinpointed additional areas of risk across multiple systems
    • Established clear path for remediation
    • Successfully completed assessment to help company understand cybersecurity posture

We Can Help

For more information on this and other topics related to Cybersecurity, contact a member of our team.The information provided in this communication is of a general nature and should not be considered professional advice. You should not act upon the information provided without obtaining specific professional advice. The information above is subject to change.

“Elliott Davis" is the brand name under which Elliott Davis, LLC (doing business in North Carolina and D.C. as Elliott Davis, PLLC) and Elliott Davis Advisory, LLC and its subsidiary entities provide professional services. Elliott Davis, LLC and Elliott Davis Advisory, LLC and its subsidiary entities practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations and professional standards. Elliott Davis, LLC is a licensed independent CPA firm that provides attest services to its customers. Elliott Davis Advisory, LLC and its subsidiary entities provide tax and business consulting services to their customers. Elliott Davis Advisory, LLC and its subsidiary entities are not licensed CPA firms. The entities falling under the Elliott Davis brand are each individual firms that are separate legal and independently owned entities and are not responsible or liable for the services and/or products provided by any other entity providing services and/or products under the Elliott Davis brand. Our use of the terms “our firm” and “we” and “us” and terms of similar import, denote the alternative practice structure conducted by Elliott Davis, LLC and Elliott Davis Advisory, LLC.

links and downloads.

Ready to find your business’ potential?

get in touch

download the white paper

contact our team

contact our team.

contact our team.

meet the author

meet the team

meet the authors

No items found.