By Ron Arden
Retain security practices; retain customer trust.
It is hard to turn on the news today and not see headlines about high profile security breaches targeting credit card companies and other financial institutions. These attacks result in compromised account information and unhappy, unnerved, customers.
Every organization, regardless of size, will be subject to a cyberattack, and the recovery period will be more trying than discovering the actual security breach. In addition to theft of data, customer trust is compromised and the company name may be forever tarnished. It is critical that all financial institutions, from small and community banks to large international banks, be one step ahead of today’s threat environment when protecting what matters most to their customers: personally identifiable information and account information.
Just as there are multiple layers to bank branch security, there must be layers to a financial institution’s database and online banking security. Consumers are demanding assurances that their financial institution realizes the importance of the information entrusted to them and is protecting that information thoroughly. A consumer’s trust and confidence in their financial institution translates to a loyal customer. The approach to security must be proactive and data-centric, not just reactive after a breach has already occurred and the damage is done.
Marketing this proactive approach should not expose past problems with security gaps.
Rather it should address consumer concerns in the wake of recent high profile breaches and remind them of the many security measures the financial institution has in place to prevent the theft of their own data.
Unpeel the multilayered data centric approach for the consumer.
The first step in a data-centric approach to securing high valued account data is encryption. Encryption should be used across the board, on all files and documents, to ensure they cannot be compromised, whether they are accessed inside or outside of the system. This includes reports run from database systems. If a malicious attacker were to find a back door to a bank’s online services, the information they have access to would be useless because the encryption would prevent high value data from being revealed. Corporate and consumer bank customers feel secure knowing their information is always encrypted for their protection.
An often overlooked but still important factor to address is human error.
How well are bank branch employees trained? They handle deposit slips, accounts numbers, funds, funds transfers, credit approvals—the list goes on. Each piece of documentation holds some confidential information. Are they educated and consistently trained in the proper practices for handling, filing, and disposing of these documents? In most cases, employees are the first line of defense, but unfortunately for that reason, as revealed by a recent Ponemon survey, careless employees are the biggest reason for data leakage. Increase the training, lower the risk.
In addition to training, financial institutions should establish a hierarchy of security:
- Which employees need access to more confidential information?
- Which employees can accomplish their daily tasks with limited access?
The notion of “too many cooks in the kitchen” applies here, as the more hands touching the information, the greater the risk of compromise. The IT security professionals within the financial institution should monitor each employee’s access and approve or restrict permissions as needed. The Ponemon study highlighted that more than three quarters of IT practitioners could not confidently protect against a data breach nor did they have a clear understanding of what employees were accessing within their system. Do not be this statistic—customers will appreciate it.
Today’s threat environment is becoming increasingly more advanced, which has led to large scale cyberattacks resulting in thousands of customers leaked credit card information available for sale. Customers want to know that their financial institution is employing all possible methods when keeping their information safe. A data centric approach to security will put customer concerns at ease, without noting past security gaps. Maintaining and protecting the integrity of customer financial information using a proactive method will help prevent unnecessary breaches.
Ron Arden is executive vice president and COO of Fasoo, a provider of data, application, and mobile security.
Online training in digital, mobile and social media from ABA.
