Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.


James Pattinson, Vice President, EMEA, Absolute

James Pattinson
James Pattinson

Financial services organisations are entrusted with incredibly sensitive customer data and as a result, they allocate significant resources to maintain the trust of their customers. Despite their best efforts, financial services firms continue to be victims of data breaches. In just the past few months, a number of major financial institutions, such as Lloyds, have suffered major leaks, highlighting that no sector is safe from a loss of customer data. The most worrying part of this is that these breaches are a result of everyday, internal activities, and not the kind of attention-grabbing external hack that hit TalkTalk recently.

Of course, the sector is more than aware of the issues it faces around data security. A recent study showed that cybercrime makes up 39 per cent of all economic crimes against the financial services sector, compared to 17 per cent for other types of business. As an industry it faces a number of stringent regulations designed to protect this data, and when financial services firms look for a one stop solution for all of their data protection needs, this can be where problems occur, as even the best single solution can fail. The financial services sector needs to take a layered approach to data security, using multiple and complementary methods to guard sensitive data. Below are some aspects of a layered security approach that can have the biggest impact in the financial services sector:

Protect your endpoints

The increased digitisation of data and mobile devices has made it easier than ever for employees to work remotely. While the benefits are clear, for many financial services organisations, it is of vital importance that particularly sensitive information doesn’t leave the premises. While there are clearly a number of draconian initiatives that can tackle this, a more nuanced approach can help preserve mobile working flexibility. This is where geo-location can be used to set up invisible ‘fences’ that can flag whenever a device that doesn’t have authorisation has left the premises. Once alerted, IT can take steps to safeguard that data, whether by blocking access to the device or deleting the data it contains.

Hidden Data

Of course, it’s not just those that are authorised to view sensitive data that can gain access to it. Other employees on the corporate network can download it, whether for malicious reasons or not. Once data is downloaded to a work device that can leave the premises, it can easily travel beyond the boundaries of the corporate network. The challenge for the IT department is maintaining the balance between employee freedom and wider security. Simply locking down IT systems won’t solve the problem and will reduce the massive productivity benefits of modern approaches to IT, such as mobile and flexible working. One solution is to implement technology that can detect whether a device contains sensitive data. A key part of this is recognising the characteristics and format of the sensitive data (such as credit card numbers, sort codes or account numbers) and financial related terms, and flagging when a device contains sensitive data. It is then possible for the IT team to take a closer look at the device if they’re concerned there has been a breach, or take actions such as deleting those sensitive files remotely in the event of a breach.

Find The Weakest Link

Even with a multi-layered technology approach, there is always one element that can let any organisation down – its employees. Employees should be considered a key part of your security. Broadly, there are two elements to this, along with the technology solutions. The first is policy, which should outline, in non-technical and non-legal language, exactly what employees are allowed to do with data and their work devices. The second element is training – ensuring your staff understands security policies and the risks and consequences of a data breach. These data security best practices need to be engaging, relevant and tailored to the jobs people are doing.

There is no magic bullet for security in the financial services sector. The only way companies can protect themselves is to take a truly holistic, layered approach to security and look at a myriad of ways that data can be lost or compromised. The sheer volume of sensitive data and the massive implications of a breach mean the financial sector can never be too safe when it comes to having the right technology and processes in place to guard against data breaches. Ultimately, anyone delivering financial services needs set the standard when it comes to data security, and those companies falling below that will quickly realise the value their customers place on this trust.