Hackers are using sophisticated, automated tools to cast a wider net than ever before. Even small and medium-size community banks need to continually review their security procedures. This is especially true this year, with major breaches showing that nobody is safe.

Here are five best practices that IT system security experts recommend to stay on top of the cyberattacks continually aiming against your community bank.

1 Know your software environment. This sounds fundamental, but some banks may not have a complete handle on tracking all of the systems they have in place. Old, out-of-date, unpatched software could be quietly running in the background, presenting a convenient backdoor for hackers to enter a network.

Central databases also need to be kept under tight security controls. Some banks might have workflows that require employees to make printouts or send faxes. Until these processes are fully digitized, this paper needs to be kept secure as well.

"You need to know what's in your environment," advises JeffMan, security expert at Tenable Network Security Inc., a company in Columbia, Md., that offers network security monitoring systems.

It's not just software that companies need to stay on top of. Too many banks focus disproportionate security time and effort to their one most critical system, such as their online banking system, says Jacob West, chief technology officer for the enterprise security products division of Hewlett-Packard Co., a technology company in Palo Alto, Calif. "And they forget about all the other systems and components their employees and customers depend on."

Not all systems require the same levels of security and, given limited budgets, community banks need to allocate resources based on risk levels. Compiling a list of all the systems and applications, and tracking workflows and data flows, is a labor-intensive job, but it needs to be done vigilantly. And, depending on the size of the organization, automated tools can help banks with some parts of the task

2 Stay on top of patches and alerts. The Heartbleed and Shellshock malware that emerged last year revealed vulnerabilities in widely used open source software. The National Institute of Standards and Technology and the National Vulnerability Database issues alerts about known vulnerabilities that...