Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Top Stories

HOW TO COMBAT THE GROWING THREAT OF DATA BREACHES

HOW TO COMBAT THE GROWING THREAT OF DATA BREACHES

By Andrew Bridges, Data Quality and Governance Manager at REaD Group

Modern technology has transformed the way we process information, allowing us to work more efficiently than ever before. However, as we increasingly turn to digital formats to store our information, hackers are simultaneously devising more sophisticated means of gaining access. As a result, it is crucial that the financial sector works hard to avoid a potentially costly breach. Just this month, the UK retailer Debenhams announced that personal information belonging to 26,000 customers of its Flowers website had been accessed in a security breach. A third party ecommerce company called Ecomnova was targeted as part of the attack, which is likely to result in costly fines and damaged reputations for all involved.

Withstories of major data breaches on high profile corporations continuing to dominate the news agenda, it would be easy to assume that information security is only an issue for big businesses. In reality, the issue is much broader. Although often characterised as the work of large criminal gangs, incidents are more commonly caused by human error. For example, a former Jefferies banker was recently fined almost £40,000 for accidently disclosing confidential client information over mobile messaging service WhatsApp. This is astark reminder that the Financial Conduct Authority (FCA) takes the issue extremely seriously.

Working with large quantities of personal and financial consumer data, the financial sector is often targeted by hackers. It is therefore important to protect against both internal and external risks. A cyber attack is not only damaging for financial corporations, but also costly and stressful for their customers.

ISO certification is one area finance companies should explore; something we are already working towards at REaD Group. It is widely considered to be the ultimate indicator of information security, requiring organisations to complete rigorous audits and risk assessments. Part of the ISO information standard requires implementation of an information security management system (ISMS) to pro-actively manage company information so that it remains secure and ultimately reduce risk. We believe achieving this level of vigilance will both reduce the likelihood of a data breach and provide current and prospective clients with confidence in our ability to protect the information we work with.

So what else can companies do to avoid an embarrassing and potentially costly breach?

Training

It may seem obvious, but companies often overlook the fact that employees cannot protect the information they work with unless they fully understand the risks involved. Educating staff is essential and making training interactive is a key requirement.  This is a potentially dry topic, so delivering training in a creative way ensures employees are fully engaged and stand a better chance of retaining information.Practical exercises and interactive discussions are likely to result in the biggest change in behaviour and cultural shift

Password practices

In today’s security conscious age, it is staggering that the most popular password of 2016 was ‘12345’, highlighting the need to advise employees on how to set secure passwords. I would suggest including a combination of numbers and letters, both upper and lower case. Passwords do not have to be limited to one word and often a short phrase is stronger. In addition,extending the length of passwords lowers the overall risk of a security breach;I would advise at least 20 characters as a required minimum. It is also important to ensure you have implemented a company wide password policy. It goes without saying that remembering a password is important, which means storing it in a safe place. This does not include post-it notes stuck to screens. Anyone who spots this on a colleague’s desk should be encouraged to remove it and in-line with ISO, raise it as an internal incident. This intern allows your information security team to understand where more education and training might be needed across your work force.

Staff reviewing

This brings me on to implementing a self-reviewing system. Encouraging staff to monitor each other’s behaviour adds a competitive element and is a good way to engage people in the subject. If someone has left their computer unlocked, has confidential information lying around on their desk or has not collected personal documents from the printer, other members of staff should be encouraged to give them a friendly reminder not to do so, and as above, these occurrences should be raised as an incident. A light hearted note is a great way to help staff break old habits and maintain this new office culture, which is often the most difficult step.

HR policy

Consider adding a clause into your HR policy detailing specific disciplinary matters associated with an information security breach.All fun and games aside, employees should be made well aware just how seriously your business takes matters of data security.

Information security is no longer the sole responsibility of IT and compliance departments, as it previously has been. With employees dealing with ever increasing volumes of information, across multiple formats and devices, individual accountability is now paramount. Facilitating a cultural shift internally is perhaps the most challenging part of achieving this, but you’d be foolish not to make it a priority. After all, the biggest security threat to an organisation comes from within.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post