But it is also due to the huge number of transactions involving different potential victims - retailers, financial institutions and consumers.
This makes it more difficult to secure a financial services business than other industries. An extra level of complexity is that financial services businesses must meet the requirements of the Irish Financial Services Regulatory Authority.
Financial services organisations clients’ expect their finances to be looked after by a completely secure business. But unfortunately, that doesn’t exist. The majority of data breaches are started innocently. Remember The Good Wife and the ransomware attack that Diane started by clicking on an email?
It is critical to ensure that your applications and data are protected in order to minimise reputational damage, financial loss and customer confidence.
It takes a combination of technology and people to secure a financial services business.
Technology
- The first thing is a security audit. The average data breach takes 210 days to be detected and an awful lot of damage can be caused in 7 months. Securing your business goes beyond implementing firewall rules, anti-virus software and data backup solutions. An Infrastructure Security Audit evaluates the security of a company’s information system by measuring how well it conforms to a set of established criteria.
- Financial Services companies need a number of different pieces of security software so the second thing is endpoint security. This ranges from network auditing and firewalls to two factor authentication (2FA) and endpoint protection. You may wish to choose a Managed Endpoint Protection service that offers a fully managed solution across all devices and can be deployed either on-premises or via the cloud.
- Don’t forget about implementing scheduled backups and a disaster recovery process. Disaster Recovery as a Service uses the cloud or a second physical location as a target site for replication of critical data and applications enabling you to be back up and running quickly.
- Keep a look out for companies using phishing techniques and running online ads that look like your business. In November 2017, the Microsoft search engine, Bing, had to remove an ad that looked very much like an ad for TSB, but in fact was a phishing operation.
People
People play a critical role in cyber-attack prevention. Here are some things you can do to encourage your people to be security aware:
- Share security awareness articles
- Provide data security training and ensure they know not to click on dodgy links
- Send regular reminders about the importance of data security using different channels such as video, intranet or internal newsletter
Further information
The Irish Central Bank has produced a brochure “Cross Industry Guidance in respect of Information Technology and Cybersecurity Risks”.
By Trilogy Technologies.
