The financial services industry remains a prime target for cyber-crime. According to an article by The Telegraph, in 2016, consumers of financial services lost an estimated £8bn due to cyber-attacks. Now, with the GDPR in full swing, financial institutions are under even more pressure to tighten up their security posture. After all, a data breach could potentially lead to fines of up to €20 million or 4% of global turnover, whichever is greater. To make matters worse, the popularity of online banking and e-commerce will only increase in the coming years.
Below are 5 key steps financial institutions can take to ensure that they are able adequately protect their critical assets.
1. Security awareness training
Financial institutions still need to invest a lot more into educating employees about security best practices. Training should highlight the importance of cyber-security, promote good data management techniques, and ensure that all staff members know how to dispose of data securely.
2. Financial institutions need to collaborate
Many institutions use the same technology, and thus share the same vulnerabilities. They will need to work together so that if one company experiences a breach, others can quickly learn from the breach and adapt their systems accordingly.
3. Security by design
In the past, companies would typically patch up vulnerabilities as and when data breaches occurred. However, this approach is no longer acceptable. These days it is imperative that institutions adopt an approach that is preventative, as opposed to responsive. Intrusion Detection Prevention Systems (IDPS) with advanced AI/threat intelligence, used alongside a sophisticated suite of real-time auditing tools, will give institutions the visibility they need, when they need it.
4. Dispose of old data securely
As firms incorporate new technologies, they will need to dispose old equipment. However, some of this old equipment may contain sensitive data, and so they will need to ensure that the data has been securely disposed of. Your average user could just use a drill or a hammer and chisel to securely destroy an old device. They could even go as far as using a HD disposal service. For organisations that store highly sensitive data, a more robust strategy should be used. Firstly, the destruction process must be well documented and include details about industry specifications. Additionally, there will need to be an audit trail of the destruction. Use photographs or even video footage of the destruction, which you can present to the supervisory authorities if necessary. It is better to keep the destruction of data in-house, as that will remove the possibility of a third-party interfering with the data.
5. Audit sensitive data
Given that almost 90% of security incidents are result of negligent or malicious insiders, if you are not already using real-time change auditing tools to keep track of your critical assets, then there is a high chance that you will suffer a breach of some sort. Assuming you have some sort of access control system in place to ensure that your employees have restricted access to sensitive data, you will need to monitor those permissions and receive real-time alerts when they are modified. You will also need detect, alert, report and respond to suspicious file and folder activity, inactive user accounts, unauthorised mailbox access, and more.
For this, you will most likely need to deploy a third-party solution that aims to secure the data first. One such data-centric audit and protection solution is LepideAuditor. For more information on how this solution will help improve your cybersecurity posture, contact us today.