Financial institutions have multiple options when it comes to protecting customer transactions, including advanced software products that adhere to stringent security standards to prevent data loss. But as with any other business, the main vulnerability point for a bank is its people, particularly now that we’ve entered the era of “Bring Your Own Device” (BYOD).
Banks are hard-pushed to regulate the business use of personal devices and monitor security practices for a workforce that is increasingly mobile. And with BYOD the risks are even greater than normal – due to the variety of platforms on which sensitive information is accessed. As a result, financial regulators are paying more attention to mobile financial services when developing industry regulations than ever before.
Faced with this new range of cyber security threats, there are a number of steps that managers can take to rein in the risk and maintain a high level of security. These include:
Create strong passwords
Despite significant advances in security technology, the password is still the primary line of defence for most bank PCs, laptops and personal mobile devices that are used. Unfortunately, many employees still use extremely weak passwords, such as their job title, children or pet’s names, name and birth year, and other personal information that can easily be found on sites such as Facebook.
Bank managers should look to educate employees on proper password protection methods, such as creating memorable yet complex passwords. One popular technique is to use a combination of upper and lowercase letters, symbols and numbers. Strong passwords incorporating those elements can also be easy to remember if the employee uses symbols and numbers that resemble letters in a simple password, such as “Fri$b33” for “Frisbee.” Adhering to a structure such as this is both relatively simple, and acts to significantly lessen the possibility of security systems being breached by hackers.
Train your employees to take precautions
Bank employees who use weak passwords and fail to take basic security precautions generally don’t intend to inflict any harm on their company, they simply fail to fully understand the risks of this behaviour to both their business and personal information. While bank managers are primarily concerned with the possibility of company data falling into the wrong hands, employees who use personal devices for company business are also putting their own information at risk, including bank account details and ecommerce accounts.
To address these risks, bank managers should hold training sessions, providing employees with the basic knowledge they need to protect valuable data and secure their devices. The training programme could cover fundamentals such as techniques for creating secure passwords, including automated password management systems. In addition, it could include tips on how to avoid keylogger scams and phishing cons, and information on how to shield devices against viruses and malware.
Put a company policy in place
The BYOD trend is still a relatively new development within the corporate sphere, and so many financial institutions are still playing catch up. However, a large number of banks have formulated policies to govern employees’ use of personal devices for business purposes, as well as routine use of company-owned technology assets, but many don’t have a system in place that holds employees accountable.
In order to remedy this situation, managers can ask employees to read and sign a written statement acknowledging that they understand the company’s policy on cyber security and agree to comply with best practices, generally after receiving training from the company or reviewing detailed policy guidelines that include tips on keeping data and devices safe. The policy should also include directions on how to ask for support.
Financial institutions typically tend to focus on transactional security compliance, which is unquestionably important given the primary function of a bank. But employees in the banking sector are just as vulnerable to hackers and data breaches in their day-to-day business operations as staff at other types of companies.
It is important to encourage better security practices, particularly given that the BYOD trend has significantly expanded the risks. By identifying the most pressing vulnerabilities, and taking the appropriate steps to mitigate them, banks can operate more safely, and be more effective in their protection of data and devices.