Connect with us
Our website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Investing

Four steps you can take to protect your strategic information

Four steps you can take to protect your strategic information 1

By Rick Vanover, Senior Director, Product Strategy, Veeam

The COVID-19 pandemic has shifted the spotlight back on that pesky security issue that organisations have struggled with for years. Workers are connecting to corporate networks from more devices than ever before – but moves to protect, manage and back up the sensitive information in those networks aren’t keeping pace.

The problem’s getting worse. Studies show the number of connections spiked suddenly during the pandemic, as workers handle more mission-critical tasks from remote locations. Rogue, shadow IT continues to intensify year after year. Financial services (FS) organisations are particularly concerned, keen to offer employees the flexibility and better work-life balance remote working can provide, but at the same time mindful of being able to comply with audit and compliance requirements. IT departments, already stretched thin by pandemic-related layoffs, are scrambling to do more with less at a time when threats are getting more serious.

That’s not all. Workers are not only hooking up more laptops, tablets and phones to give themselves more work flexibility – they’re getting sloppier about the way they manage the connections under their control. They’re replacing devices more quickly than they used to, upgrading phones every year or two. But consumers don’t always wipe their old phones clean when they give them away, sell them or trash them. IT might not always be keeping track as they perhaps did when everyone was in the office every day. The data from that confidential presentation, sensitive information from a financial deal or client proposal doesn’t go away by itself.

Hackers are watching this trend closely – and capitalising on it. Rather than storm a corporate network with a “Game of Thrones”-style, all-out attack, hackers prefer to find an unguarded endpoint, slip into a network, poke around and pilfer assets quietly before setting off any alarms.

In the context of financial services, the consequences could be even bigger. It’s an industry built on trust, and clients count on their investments and needs being met in a discrete, professional way. A data breach, leak or other insider activity is the last thing a financial services brand needs.

It’s time for organisations, particularly in the financial services sector, and workers themselves to step up. They need to protect data and ensure it’ll be there for future use by backing it up. But it can’t stop there, because many have been doing that for years. Backups are just the start – part of a larger strategy that includes things like two-factor authentication and more dedicated use of VPNs. As they say, “If you connect it, protect it.” Here are four key cybersecurity strategies financial services organisations and their employees can deploy to protect and manage the growing issues imposed by the era of ultraconnectedness.

Strengthen your remote access strategy

Rick Vanover

Rick Vanover

This is “job one” for IT departments – especially with remote work promising to play a bigger role in the future. Banks and financial organisations have typically been more office-focused than other sectors, but many of the changes we’ve seen over the past year to working patterns will, for some, become permanent. IT needs to be able to cope. Equipping corporate networks with VPNs for sensitive data is a good start, and should be seen as the absolute bare minimum. Just as important is the follow-through. Sophisticated role-based management tools can enable employees to work productively while also blocking them from accessing information outside of their assigned areas or sharing strategic documents. Train employees in the do’s and don’ts of accessing information remotely, and regularly review your strategy to ensure it’s meeting your corporate needs.

Manage devices ‘from cradle to grave’

Too much sensitive information is sitting on devices waiting to be had. For FS organisations, this is a compliance nightmare, not to mention the impact on things like client relations. IT departments need to take the lead on any corporate-issued phones and laptops – equipping them with security features up front and doing thorough wipe-downs before issuing to a new user. This goes for loaner devices, as well. Workers connecting to network information need to do their part, too. Kill old corporate emails from home devices, and before selling or destroying models make sure to purge any materials. Keeping accurate logs of what devices have been loaned, and their status, is invaluable.

Use encryption and Two-Factor Authentication

Security breaches are all too common – and most are preventable. Basic steps like encrypting sensitive documents can protect  FS organisations and their clients from disaster scenarios where client data, details on trades or deals, or a highly classified report inadvertently falls into the wrong hands. Passwords provide a moderate level of protection – and, if they’re updated regularly and managed properly, they can do the job. But they’re really a basic first line of defence. If you’re accessing important information that could compromise the company in any way, equipping all private devices with two-factor authentication is a better option.

Doubling down on diligence

Phishing forays aren’t new, but they’re still dangerous. Staff in FS organisations may receive requests to transfer funds or share highly sensitive data many times a day, as part of their usual roles. But they should continue to be watchful of threat actors taking advantage. IT departments can circulate refresher notes and conduct periodic trainings reminding people to exercise basic cautions like don’t enter credentials online, don’t click on documents from unknown sources and when in doubt contact IT. Keep the time-tested slogan in mind: “Trust but verify.” You don’t want to find out the hard way that a communication isn’t what it appears to be, when what seemed like a legitimate request to transfer funds or provide access, was far from it.

Global Banking and Finance Review Awards Nominations 2022
2022 Awards now open. Click Here to Nominate

Advertisement

Newsletters with Secrets & Analysis. Subscribe Now