With the rapidly increasing interconnectivity of information, more endpoints than ever before are accessing the corporate network and the sensitive financial information therein. At the consumer perspective, the primary point of interaction has shifted from in-person to in-hand, as tablets and smartphones become the primary way financial services are conducted. While there have been incredible benefits from this technology transformation, sensitive data now resides beyond the bounds of traditional IT infrastructure: off the network and outside the organization’s control.
Cybercriminals view the valuable information that resides on each employee device as a prime target, and unfortunately malicious or negligent employee activity has become an increasing threat. All it takes is a single compromised endpoint to impact the entire organization and its customers.
In an article I contributed to TechZone360, Financial Services: Investing in Data Security Risk Mitigation, I talk about the importance of measurement as a means to management. The first step in mitigating data security risk requires measuring device activity and status, no matter where that device is or who is using it. So, how do you do this?
In the article, I go into great detail about the following risk mitigation process:
- Quantify the risks – lack of visibility and awareness are the biggest challenges. No single tool can remove all points of weakness; using a layered approach can bolster your defences. Key points to recall: a) you must have visibility into the status of your defences, b) you must be able to identify, manage, monitor and respond to threats or to minimize the potential of a data breach.
- Lifecycle security – there are different risks associated with the lifecycle of a device. I talk about the different risks with newly provisioned devices, devices in transit, social engineering / phishing and hardware lifecycle.
- Prepare to respond to events – an immediate response can go a long way to mitigating the consequences of an incident. These responses could range from freezing a device, monitoring a device, remotely deleting data or more.
- Extend security framework to intellectual property
The regulatory landscape in the financial sector, which includes everything from the Gramm-Leach-Bliley Act to PC DSS and State laws, offers organizations a base minimum of security standards that must be met. Rather than constantly struggling to tweak security standards to match the shifting regulations, organizations can strive for a higher standard of security based upon their own risk standards, a position that will ride out many of the small tweaks happening in the regulatory landscape. Read more of my thoughts on securing data in the financial services here.
With Persistence technology by Absolute, organizations stay connected with each device in their deployment. This persistent connection allows them to monitor status and take proactive and reactive measures regardless of device location or user. Learn more about our solutions at Absolute.com