Mascoma Savings Bank improves network security, raises efficiency, and lowers costs with Cisco Unified Wireless Network.
Established in 1899, Mascoma Savings Bank (MSB) is a mutually-owned financial services company serving the residents and businesses of New Hampshire and Vermont. Beyond its commitment to providing safe and convenient financial management services, the bank is also dedicated to the concept of community banking. Through the Mascoma Savings Bank Foundation, the bank continually participates in civic affairs and donates to various local groups and activities. "With 300 employees and 19 banking facilities providing a wide array of customer and community services, protecting our network from internal and external threats has always been of utmost importance," says Chris Irish, assistant vice president of Information Technology at MSB.
In 2008, MSB's president, Stephen Christy, posed an important security question to the bank's IT team. With social engineering becoming more prevalent, Christy wanted to know if the bank had the capability to detect and prevent rogue wireless devices from functioning on or near its premises. "Christy brought up a disturbing issue," says Irish. The IT team knew of cases in which employees had run their own businesses by simply setting up rogue access points and tapping into their employers' networks. "We really had no way of detecting if an employee set up an unauthorized access point in our organization," says Irish. "Our internal auditors agreed that we needed to find a solution that could locate and mitigate potential wireless threats to our network."
MSB turned for help to Red River, an infrastructure consultant and a Cisco Gold Partner based in Claremont, New Hampshire. Over the years, MSB had worked with Red River on deploying a complete Cisco
® network throughout its branches. "We asked the Red River team to propose a solution that would alert us of rogue wireless devices in real time," says Irish. "We were surprised when they recommended deploying a wireless network." Generally perceived as a security risk by the banking industry, wireless networking solutions were prohibited at MSB.
According to Irish, "Red River outlined how the Cisco Unified Wireless Network could be used as a preventative security tool, as well as a secure guest access network. This was a winning combination for us." Within three months, MSB had deployed a complete Cisco Unified Wireless Network, including 13 Cisco Aironet 802.11n access points and a Cisco Wireless Control System and Location Appliance, in the bank's Operations Center.
The network now makes it possible for the MSB IT team to detect rogue wireless devices easily. "The Cisco Wireless Control System visually shows us all of the wireless devices and their locations, as well as which are friendly and which are rogue," says Irish. The system provides the flexibility the team needs by enabling them to define the alerts they receive from the system based on the level of criticality and to generate reports for auditors. "The reports help us track important network activity, providing us with a history of devices added and removed, for instance."
MSB now uses the guest access network to provide wireless connectivity for visitors and organizations that frequently work and meet at the bank. "Because we're a community-based bank, many of our executives are members of the Chamber of Commerce, Kiwanis, and other local organizations," says Irish. "Wireless access makes it very convenient to host their meetings in our conference room." In addition, the bank's auditors, employees from other branches, and a variety of vendors, including research and security providers, now have access to the Internet as well as their own VPNs. The Cisco Wireless Control System ensures maximum network security by tracking detailed information on who logs in and when. "With Cisco guest access," says Irish, "we can monitor how the network is being used by our visitors at all times."
To extend mobile communications within its Operations Center, MSB replaced all of its 2.4 GHz phones with 12 Cisco Unified Wireless IP Phones. "Now our employees can go into areas, such as our network room and the outside ATM, without losing reception," says Irish. "The phones keep our staff connected wherever they are." The location-based capabilities of the Cisco Unified Wireless Network enable the IT team to track the location of the phones from the Wireless Control System. "Since each department's employees share the phones, the ability to locate them quickly makes it easy to maximize their usage," he says.
The wireless network has resulted in significant benefits for MSB and its visitors. In the past, the IT team had to set up Internet connectivity manually the day before visitors arrived and then had to disconnect it after they left. The wired network was also limited to only three IP addresses at a time. Now, the IT team simply sets up a user ID and password with an expiration date for each visitor, and has an unlimited number of IP addresses. "Using Cisco's wireless guest access capabilities has reduced network configuration time from two hours to five minutes per visitor," says Irish. "Simplified configuration translates into at least eight hours of time savings per month for us, and visitors can perform their onsite work more quickly and return to their offices faster."
Wireless efficiency results in reduced operation costs for MSB and better value for the bank's customers and communities. The centralized architecture of the Cisco Unified Wireless Network facilitates network management, eliminating the need to hire extra contracting staff. "Now, we can manage the network right from our desktops, which translates into cost savings," says Irish. "And keeping the bank's expenses down means we can offer better pricing to our customers." Offering reliable and secure mobility services helps MSB reinforce its position as a community leader. "We pride ourselves on providing the most reliable, cutting-edge technology that benefits the communities we're in, and wireless is now part of this mission."
MSB's improved network security also improved its audit review ratings by the Office of Thrift Supervision (OTS). "On the day we finished installing the Cisco Unified Wireless Network, OTS came in for an audit," says Irish. "Not only did we show them how we could block rogue wireless devices, but we provided them with wireless Internet access to facilitate their work. They gave us a rave review." OTS performed an external penetration test by deploying a rogue access point, which immediately appeared on the Cisco Wireless Control System screen. "We didn't even think about wireless a year ago. Now our auditors are giving us high marks, and our senior management is completely confident that we can mitigate any type of threat."
MSB is happy to have become an early adopter of wireless technology in the banking industry. "The Cisco Unified Wireless Network opened up so many opportunities we never expected," says Irish. "What started as a preventative measure turned into added value, convenience, and productivity for our employees, customers, and communities."
MSB is planning to deploy the Cisco Unified Wireless Network and IP phones in its main corporate office in Lebanon, New Hampshire and is considering expanding it to all of its branches. The bank is currently in the process of extending wireless access into its production network for lenders. "Lenders have to move between branches while they're in the middle of closing deals," says Irish. "Using MAC address restrictions, we can now provide them with secure wireless access that will facilitate their work tremendously while enabling us to track their activity."