Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

WHAT BANKS NEED TO KNOW ABOUT CLOUD SECURITY

Five Tips to Protect Against Data Theft

By Mark Stevens, Vice President of Global Services, Digital Guardian

It seems like every day brings news of another high-profile data breach, targeting a range of industries, including banks, health insurers, popular retail chains and other organisations. While the likes of Ashley Madison, Sony and Ebay are taking the lion’s share of news headlines, the increasing threat to cloud data should be a concern for even the smallest local bank or credit union. After all, financial institutions safeguard some of the most sensitive data that must be protected, including bank account information, home and email addresses and more. A breach exposing that kind of information could quickly lead to disastrous consequences for customers, as well as the financial institutions themselves.

Whether a small local credit union or a large national bank, no financial organisation is safe from being the next victim of a cyber-attack. In October 2014, one of the biggest data breaches in history targeted a national bank chain that offers credit cards, mortgages, commercial and consumer banking and loan services. The breach affected millions of households and small businesses.

Protecting sensitive information is key to a bank’s long-term survival and its ability to maintain a positive relationship and reputation with its customers, so it is critical to ensure appropriate steps are taken. Below are five tips that will help banks and credit unions keep their most valuable asset – the data – safe while it is stored in the cloud:

  1. Prioritise Data Protection – Don’t Ignore It

Despite all of the concerns from the C-Suite about cybersecurity, few banks have meaningful data protection programs in place. All too often, financial institutions implement an outdated, traditional network-centric approach to IT security. However, with so many devices being brought into the financial space, such as the proliferation of mobile banking, it’s critical that a data-aware strategy be taken. This way, organisations aren’t just protecting the system or the device, but instead, locking the valuable sensitive data stored within. Regardless of the security methodology, data protection needs to be an executive priority or it won’t get done.

  1. Identify Your Most Important Data Assets
Mark Stevens
Mark Stevens

Before identifying details of where and by whom valuable data is stored, banks must first know what their sensitive data is if they want to prevent it from being stolen. Identifying which IT assets within your business are the most valuable and what type of sensitive data they hold will provide the visibility and control capabilities needed to prevent attackers from accessing and stealing your sensitive data.

Simply identifying the crown jewels can feel like a daunting task, but it doesn’t have to be. Start with your most critical data — the data you know a cybercriminal is after. For a bank or credit union, this is often PCI information, bank account and routing numbers and other customer data needed to finance a loan, start a bank account and/or access an ATM. Get that identified first and then move to the next organisational function.

  1. Safeguard Those Data Assets; Consider Labeling

Once sensitive data is identified, label it. It may seem obvious but classifying sensitive data with digital labels such as “internal only” or “confidential” will help with tracking sensitive information that will be targeted by attackers. In addition, have complete visibility over who is accessing data and how it’s being used and shared, both internally and externally. Regardless of whether the document is stored digitally in the cloud or locally, this is an efficient method for classifying data based on its security level. It provides employees with a visual cue to treat the document with care, as employees are often the ones targeted most by cybercriminals.

There are also additional technologies that you can employ to ensure your sensitive financial data stays safe. From encryption to digital rights management, from persistent document tagging to policy-driven data protection, there are numerous approaches to ensure data flows freely, for example from a bank teller to a loan officer, but only on a need-to-know basis.

To help protect your organisation’s data, think like a cybercriminal. Take a look at all of your business processes to determine where data theft might occur. Assess your data from an outsider’s standpoint — what would you want to steal and how would you do it? Then, set to work plugging those holes. The security pros call it “threat modeling” and it’s one of the most effective ways to ensure security within any financial institution.

  1. Improve Employee Awareness

As mentioned earlier, the weakest link in data defence is the employee — from the C-level executive to the bank teller processing simple bank transactions. Add data protection to manuals and employment agreements, and train workers on your policies regarding the use of confidential customer data.  Think about employing effective software data protection solutions that will automate much of this training for you, and can be extended to cover your partners as well.

  1. Be Prepared if Your Data is Stolen

Have an incident response plan at the ready. The reality is that even the banks that have their data protected can still become victims of breaches. Today, cybercriminals are more nimble and financially motivated than ever before, so it pays to be prepared.

There is no list of tips that can prevent a breach from occurring – system breaches are simply inevitable. However, sensitive data loss is not. Banking leaders must take the proper steps to ensure that employees know what the most important data is, where it is held, and whom it is going to – this alone is a major move in the right direction.

About the Author

Mark is an accomplished, results-driven senior information technology leader with extensive experience managing diverse technology organisations. At Digital Guardian, he is responsible for driving customer success across professional services, managed services, and support and training.