Hackers are using sophisticated, automated tools to cast a wider net than ever before. Even small and medium-size community banks need to continually review their security procedures. This is especially true this year, with major breaches showing that nobody is safe.

Here are five best practices that IT system security experts recommend to stay on top of the cyberattacks continually aiming against your community bank.

1 Know your software environment. This sounds fundamental, but some banks may not have a complete handle on tracking all of the systems they have in place. Old, out-of-date, unpatched software could be quietly running in the background, presenting a convenient backdoor for hackers to enter a network.

Central databases also need to be kept under tight security controls. Some banks might have workflows that require employees to make printouts or send faxes. Until these processes are fully digitized, this paper needs to be kept secure as well.

"You need to know what's in your environment," advises JeffMan, security expert at Tenable Network Security Inc., a company in Columbia, Md., that offers network security monitoring systems.

It's not just software that companies need to stay on top of. Too many banks focus disproportionate security time and effort to their one most critical system, such as their online banking system, says Jacob West, chief technology officer for the enterprise security products division of Hewlett-Packard Co., a technology company in Palo Alto, Calif. "And they forget about all the other systems and components their employees and customers depend on."

Not all systems require the same levels of security and, given limited budgets, community banks need to allocate resources based on risk levels. Compiling a list of all the systems and applications, and tracking workflows and data flows, is a labor-intensive job, but it needs to be done vigilantly. And, depending on the size of the organization, automated tools can help banks with some parts of the task

2 Stay on top of patches and alerts. The Heartbleed and Shellshock malware that emerged last year revealed vulnerabilities in widely used open source software. The National Institute of Standards and Technology and the National Vulnerability Database issues alerts about known vulnerabilities that your community bank can use to check its own code and components.

In addition, individual vendors will issue announcements about the security patches for their own software. So it's a matter of assigning employees to be consistent about applying patches as they come out, keeping software up to date, and keeping antivirus protections current. One way that some banks reduce this workload is using cloudbased software when feasible, which allows a vendor to handle all the updates and patches.

3 Monitor third-party vendors. One potential security problem for many businesses, including many community banks, is that they often outsource many of their systems or processes. Security audits need to extend to all of these providers as well because these days, hackers can come in from any direction, as the Target Corp. retail data breach showed last year.

In addition to asking each software vendor about its security policies, community banks also need to keep an eye out for any weak areas that they should follow up on in person, says Sean Cronin, general manager for risk management solutions for the IT auditing software firm ProcessUnity Inc. in Concord, Mass.

"You can say, 'We believe that you have locks on the doors and are patching the software, but let's go in and do a sampling,' " he says.

4 Don't forget the weakest link: people. These days, hackers aren't just launching bruteforce attacks against network firewalls. They're making friends with bank employees on social media, sending enticingly worded phishing emails, and making direct phone calls and even visits to physical locations- they are attacking not just on the technical front, but the human one, as well.

To address these social engineering attacks, employees need to be trained to report unusual behavior, to spot suspicious communications and to never, ever use computer equipment not authorized, including any USB stick, that they encounter or receive outside of the bank.

5 Consider automated network monitoring software. Unfortunately, even if all of your community bank's systems are patched and up-to-date, and even if its vendors and employees maintain a solid wall of defense, it could still be fighting last year's cyberwar. Your community bank can only train its employees to guard against the threats it knows about, and its antivirus software will only protect against known viruses.

But hackers will keep inventing new viruses and finding new security weaknesses. Meanwhile, the interval between the time a hacker discovers a security vulnerability or invents a new virus, and the time the security community reacts could be a long one. After all, it's in a hacker's best interest to get the most value out of his vulnerability by attacking high-value targets first. So staying on top of cyberthreats requires continually monitoring network activity for unusual behaviors or patterns.

Certainly, several kinds of malware detection software- including anomaly detection, heuristics, behavioral analytics and machine learning-are increasingly available and can learn what a typical computing and transaction day at the bank looks like and spot anything out of the ordinary. However, because these systems can generate a large number of alerts, community banks should consider systems smart enough to detect minor changes that could be a sign of a critical breach. Otherwise, security staffers could be flooded with too many alerts to deal with. In addition to zero-day attacks, such systems can also detect unusual behavior by employees.

"It's called unsupervised machine learning. It will learn what are normal patterns of behavior and focus on the things that are abnormal," says Kevin Conklin, vice president of marketing and product strategy at Prelert Inc., an anomaly detection software company in Framingham, Mass. "This is artificial intelligence technology that's evolved in the last decade. It's not mandated, and not a lot of security teams know about it."

According to Conklin, some of Prelert's customers have reduced the number of security alerts from thousands a day to just a few.

However, many technology and security vendors offer intelligent monitoring systems. Some companies that sell intrusion detection and prevention systems, for example, are adding analytics to make their systems smarter. Big data vendors offer tools to analyze system logs and network traffic, looking for unusual behaviors. The security information and event management space, which tracks systems alerts, is evolving quickly by adding artificial intelligence to prioritize these alerts.

Check with your community bank's security vendors to find out how they, or their partners, are making their systems smarter to get ahead of the crooks.