---

Bangladesh Bank has issued a security alert amid concerns over possible large-scale cyberattacks targeting banks, financial institutions, and digital payment service providers in the country.

The warning came through a letter from the Information and Communications Technology (ICT) Division of Bangladesh Bank. According to the letter, critical information infrastructure (CII), banks, financial sectors, healthcare systems, and both government and private organizations are at risk of cyberattacks in the coming days, based on intelligence from various sources.

The letter instructed banks, financial institutions, and payment service providers to urgently implement necessary cybersecurity measures.

Security Measures Advised by Bangladesh Bank:

1. Regularly update servers, databases, and IT systems.
2. Close unnecessary ports and ensure access is at least permission-based.
3. Maintain regular backups and restore capabilities based on data sensitivity; the 3-2-1 backup strategy is encouraged.
4. Encryption is mandatory for data transmission, storage, and processing.
5. Multi-factor authentication (MFA) must be enabled on all critical systems.
6. Emphasize security monitoring and use of security tools.
7. Ensure endpoint detection and response (EDR), antivirus software updates, and effectiveness.
8. Prepare an incident response plan and a dedicated team to deal with potential attacks.
9. Monitor suspicious logins, file modifications, or external connections and report to authorities as needed.
10. Regularly review remote access, VPNs, and privileged accounts, and enforce necessary controls.
11. Take immediate action and notify Bangladesh Bank if any sign of a cyberattack is detected.
12. Ensure adequate manpower for operating a 24/7 security monitoring center.
13. Install load balancers and prepare contingency plans to ensure high system performance and stability.
14. Update and implement the organization’s Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP).

The letter emphasized that these steps aim to prevent potential cyberattacks, minimize damage, and ensure swift response to risks.

Bangladesh Bank has sent this directive to the Chief Executive Officers of all scheduled banks, financial institutions, and payment service providers.

It also urged institutions not to delay in taking preventive measures. The central bank warned that failure to ensure cybersecurity could cause major disruptions in the country’s financial system.