We no longer support this browser. Using a supported browser will provide a better experience.

Please update your browser.

Close browser message

Treasury and Payments

Improve your working capital, reduce fraud and minimize the impact of unexpected disruptions with our treasury solutions—from digital portals to integrated payables and receivables—all designed to make your operations smoother and more efficient.

Learn more about our treasury solutions:

Credit and Financing

Prepare for future growth with customized loan services, succession planning and capital for business equipment or technology.

Learn more about our credit and financing solutions:

Commercial Real Estate

Get the strategic support to be successful throughout market and real estate cycles with insights, hands-on service, comprehensive financial solutions and unrivaled certainty of execution.

Learn more about our commercial real estate solutions:

International Banking

Global opportunities mean global challenges. But real success means understanding the local markets you serve—which is why we bring the business solutions, insights and market perspective you need. 

Learn more about our international banking solutions:


Discover the latest numbers, news and market moves to know about each week with Ginger Chambless, Commercial Banking’s Head of Research.

Cybersecurity and Fraud Protection

Mitigating Risk When Migrating Legacy Systems

Upgrading to a new digital operating system? Learn how to protect your business from security risks in this Q&A with our own cybersecurity expert. 

Upgrading to a new digital operating system? Learn how to protect your business from security risks in this Q&A with our own cybersecurity expert. 

What are the risks of migrating to a newer digital operating system? And, more importantly, what steps can you take to protect against those risks? Mike Kelly, former Head of Cybersecurity and Technology Controls for Commercial Banking, discusses the steps you can take to make sure the transition for your company and your customers is a smooth one.

Upgrading legacy systems to a newer digital platform can be transformative. What’s the single most critical element of success in a migration?

That’s easy—your people, the end users. A migration is more than a technical project. It’s a people project. People are going to be using the new system, so you’ve got to take them with you on the migration journey, starting with a good marketing and communication strategy. Make sure people understand “the why” behind the change, and communicate every step of the way. I’d even argue that you need to make them feel loved, so when their legacy systems go away, they’re ready to get on board with the new one. 

Migrations can be expensive. How can companies keep the price in check?

If you want to keep migration costs as low as possible, you need to have your data as clean as possible. Migrating data is more complicated than you think. It’s never a smooth process. I recommend companies consistently practice good data hygiene. Clean data keeps your price lower and spares you the headache of a stressful, time-crunched cleanup.

You’ve helped countless companies through migrations. What are some mistakes you commonly see?

Many organizations make the mistake of migrating outdated processes into their new systems. Doing things the way you’ve always done them is not the way to realize the full benefits of your new system. But the fact is, process change can be really hard for some people. They might be attached to a particular functionality. They might tell you it’s the most important thing in the world. And, if you give in, if you migrate those legacy processes over, you’re accruing technical debt right off the bat. It’s important to be very clear on your objectives and to use them as a lens for all your decision-making. 

What about the migration strategy itself? Is there a best process?

There are a lot of migration processes that you can consider: “the big bang,” phased, staggered or parallel. There’s not one catch-all process, and there’s no real right or wrong. You have to look at your business and decide what’s going to work best for your needs. The critical part is to communicate whichever process you choose with your end users. They need to know what approach your organization is taking and why. You don’t want people saying, “I don’t know what they’re doing. They’re crazy.” Those kinds of complaints are a sign of a poor migration plan—and a sign that your end users have already given up on you. 

What are the security risks that companies need to think about during migration?

There are threat actors out there waiting for opportunities. And change makes for an opportune time to interject a threat scenario. Why? A lot of weak points get created in times of transition. It’s amazing how much intelligence gathering these threat actors will conduct. You know the old image of the bank robber who sits outside the banks, watching and learning all the ins and outs? It’s the same thing. Now they can do it digitally. They know when migrations are happening. And they’re looking for them. 

What can companies do about it?

First of all, you can’t let your guard down during a migration. Stay diligent about following all your procedures and policies. Make sure you’ve got controls in place to account for weaknesses. For example, say you’re emailing sensitive data to a vendor or an outside consulting company. Think carefully about what procedures you need to protect your data. If they’re not there, create them before you get too far down that track. 

As a risk expert, you’re a big advocate of preparedness. How can companies ready themselves for a cyberattack?

One way is to work with an expert. Our cybersecurity teams are well versed in helping companies prepare. We never let them go through migration alone. Another way is to start with the assumption that a cyberattack will happen. Once we instill that mindset in the company about to transition, we can then help them plan for it. We run through worst-case scenarios with them in order to determine and put in place the right controls. When you don’t prepare for the worst, you can end up with a situation like one I saw recently. A new client was in the middle of a ransomware attack, and as I went through my questions to assess the threat, it became clear that they could’ve predicted and been ready for the problem in advance. 

New digital systems always require training. What are some best practices?

Really and truly focus on your end users and the training they need. A single training session in a conference room won’t do it. You can’t just check off the training box and call it done. Learning a new system can take months. Training has to be ongoing. Account for that. I’ve seen too many companies spend a lot of money on a system and then assume users are going to migrate over and start using it. Instead, what happens is users look at the new system and say, “I don’t understand how to use this.” They give up on it, and it fails. 

Why are planning and preparedness such consistent themes when you talk about migration?

That’s a big takeaway to get across. Take the time to think through eventualities and have all of your strategies in place before you begin. Not only will it force you to examine what you want your outcomes to be, but it will give everyone confidence in you and your strategy. That makes people more adaptable and open to positive change. That’s what digital transformation is really all about. 

How can your firm help businessowners on their migration journey?

No two companies are alike. Our firm’s experts specialize in weighing all your company’s unique variables and can help you see where the beacons and markers are in order to lead you down the most useful migration path for your organization’s needs.

The Final Takeaway

Migrating your digital operating system is one of the toughest things you can do. Our firm has helped companies around the globe do exactly that—and can help you make your transition a smooth one. We understand that no two companies are alike, and we specialize in developing roll-out plans, risk assessments and cybersecurity strategies that are customized for your unique situation.

Get in Touch

Prefer to talk directly to one of our experts?