Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

DATA SECURITY ESSENTIALS FOR BANKS AND FINANCIAL INSTITUTIONS

By Thomas Fischer, threat researcher and global security advocate at Digital Guardian

Thomas Fischer
Thomas Fischer

Cyber crime is big business; it’s now the second most reported crime globally according to PwC. When it comes to stealing data, some verticals are more desirable to cyber criminals than others, and financial services – with its host of confidential customer information– tops that list. Getting cyber security right is integral to longevity. Just one big breach could have a detrimental impact on reputation and with the increasing amount of wide-scale data breaches occurring, consumers are more aware than ever of the amount of sensitive data these institutions hold.

With such high stakes, financial services firms need to get data security right. Below are the top data security essentials for keeping confidential information out of the wrong hands:

Conduct a risk assessment

With the GDPR coming into play in less than twelve months, you need to perform a thorough review – if you haven’t already – of your environment. It’s important to identify gaps where confidential data, including information contained on mobile devices, could be at risk. You don’t have to conduct this risk assessment yourself. There are a number of services available that can quickly help you understand where sensitive data lives and how it is being used.

Think beyond the network

Most financial organisations’ security starts and ends “on the network.” Why? Because it’s easier. Racking a security device on the network causes very little organisational friction. Yet IT teams then spend almost every day purposely punching holes in the network. VPNs are a common example; their widespread use makes them popular targets for attackers due to the high number of potential entry points and often lax attitude towards security from users.

These inevitable holes mean the network will always be vulnerable to attackers. Added to this, is the fact that many employees operate in a mobile environment and demand access to business information on their phones and tablets – devices that traditional network security measures can’t protect. A layered approach to security is becoming increasingly important for companies, with device-focused technologies such as mobile device management (MDM) playing a big role.

Focus on protecting data

The proliferation of the cloud has made the traditional network perimeter obsolete.Focusing on technologies that aim to protect the perimeter simply isn’t enough anymore, because data regularly moves beyond it.

Several proven data protection solutions on the market ensure security travels with the data. Called data loss prevention (DLP), these solutions help classify data, put a usage policy against it and strictly enforce it. DLP is a must-have for any company wanting to protect sensitive customer and business data.

By making it fractionally harder to steal sensitive information, or render data useless once outside the network, attackers will move to another company that presents an easier target. As data remains the target and its attack surface continues to grow, protecting that data must be at the core of every company’s security approach.

Investigate the benefits of outsourcing

A way around the challenges associated with implementing advanced data protection strategies is to outsource to a managed security provider. Many of these companies have deep DLP expertise and proven infrastructure, meaning that you can concentrate on your business while they keep your data secure. If your IT team is already stretched, this approach gives you the comfort of knowing that customer data is being protected without taking valuable staff time. This will also help you meet the various standards demanded by customers, banks, and other security-sensitive organisations.

Train and re-train your employees regularly

Employee security awareness is a critical step to protect customer data. The key to effective employee security training is to go beyond the annual refresher that no one takes notice of. Innovative companies are using technologies to help employees self-correct any risky data habits, such as using real-time, pop-up prompts that give employees a reminder of what corporate policy is, and how they can adhere to it.

Regulators, customers and business partners will increasingly demand that companies show proof of security and monitoring to protect sensitive data. The security of the information supply chain is gaining traction within IT security circles and companies are realising that the weakest link in their security posture may not be within their own walls, but rather inside the walls of those they choose to do business with.

These essentials form the foundations of effective data security for the financial sector. Avoiding breaches and keeping data secure is essential to maintaining the trust of customers, circumventing reputational and financial damage, and keeping in line with regulatory requirements.