Today’s financial organizations need to be able to conduct business in real-time while also protecting against cybercriminals that are targeting the highly-valuable data they possess. This is a tall task that requires dedicated staff and resources.
But, where should you start? We’ve put together this financial services cybersecurity checklist to assist.
A survey conducted in 2015 revealed that nearly three-quarters (74%) of organizations are already employing or are planning to use BYOD strategies. While this trend may lead to more satisfied and productive employees, financial services security teams need to take note.
It’s important that IT knows about all the devices being brought to the workplace and being connected to the network. This will allow the IT team to encrypt data as needed or remotely erase devices should they be lost or stolen. All devices, whether they’re being brought from the outside or are located in-house, should run regular updates to clear out system clutter and patch potential holes in security. It’s also important that employees and institutions as a whole select passwords based on the latest best practices (more than 8 characters long, and using a combination of letters, numbers, and special characters.)
Employees that don’t require administrative permissions should simply not have access. IT security teams at financial institutions should set regulations on in-house devices as well as those being brought in from the outside.
It’s important to understand and limit the number of people that have permissions to bypass, change, or override system configurations, as this kind of control can lead to catastrophic organizational damages if it lands in the hands of a cybercriminal.
As we mentioned in an earlier post, employee negligence is one of the biggest threats financial institutions are faced with today. Employees that are unfamiliar with cybersecurity policies (and cyber risks in general) could open the organization up to vulnerabilities, and cybercriminals know this.
IT security teams in the financial services industry should have training programs in place as well as resources available to educate employees, especially new hires.
New data and content are almost constantly being added to financial organizations through a wide variety of channels. It’s important that the IT team has a handle on where the most valuable assets are and how well they are protected.
Make sure private data cannot be accessed from a single entry. It’s also best practice to rate the level of risk associated to various items, as well as the impact that would be realized if losses were to occur.
Once these assets and their locations have been identified, be sure to conduct penetration tests to see how easy or difficult it is for unauthorized individuals to gain access.
This is arguably the most important item on the financial services cybersecurity checklist:
All IT teams should have a dedicated team that conducts tests, and puts policies, procedures, and other processes in place to protect the organization.
Highly qualified individuals that are willing to assess and reassess new and existing technologies should be the ones considered.
These teams should also establish security policies so the entire group understands what matters should be escalated and how to handle specific issues (loss of customer data, data corruption, denial of service, etc.). Some things to consider when putting teams together and processes in place:
Putting teams and processes in place will ensure there is structure to the operation and will limit the amount of panic should a security issues occur.
While the above techniques will almost certainly improve security posture, the financial services industry is consistently under attack, and the appropriate technologies need to be in place for the best chance of defense. Effective financial services security vendors have the technology on their side that provides high-performing and broad protection against today’s dynamic threats.
Some of the key areas for security improvement in today’s financial sector include internal segmentation, low latency infrastructure, next-generation edge security, virtualization, and more. In addition, solutions should be evaluated on their capacity for interoperability with other security solutions, unified management and centralized threat analysis, and their ability to share and consume threat intelligence. These are just a few of the items that should be considered when evaluating a vendor.
While every organization faces its own challenges and threats, we encourage those in the financial services industry to check these items off their list when it comes time to improve or implement a security strategy.
Let’s get a conversation going on Twitter! What steps do you see as critical when developing a cybersecurity strategy?