To ensure your institution is following these best practices, we encourage you to take the steps to collaborate with your regulators and your peers. Your institution and Kansas are not an island. Cybersecurity has no borders and crosses infrastructures. We must collaborate and share information. To help you better collaborate and focus on the fundamentals, we recommend you follow this three step process now to get your organization started:

- Select a specific industry recognized cybersecurity framework(s), for example NIST Cybersecurity Framework and the Center for Internet Security Controls.

- Adopt a budget for meeting your cybersecurity strategy within a reasonable time period.

- Hire an audit firm to review the implementation of your framework rather than for minimum regulatory guidelines (a mock FFIEC exam).

Staying cyber-secure is not as simple as completing a single checklist. It is not a project that you do once and are finished, it is an ongoing process that evolves with the industry and emerging threats. By following the above steps, you will be better positioned for a more secure future.

The Office of the State Bank Commissioner works with other state regulators across the U.S., federal regulatory agencies, the U.S. Treasury Department, Federal Law Enforcement agencies to identify ways to protect institutions from cyber-attacks.

Resources below are provided by trusted sources and are generally considered industry best practices: