Financial services organisations are entrusted with incredibly sensitive customer data and as a result, they allocate significant resources to maintain the trust of their customers. Despite their best efforts, financial services firms continue to be victims of data breaches. We’ve seen the headlines, such as the recent breach at Lloyds, proving that no industry is immune to data breaches. As the protectors of our most sensitive information, financial services organizations face increased criticism from regulators and customers alike following a data security incident.
Data breaches in the financial sector have shown us that it’s not masked outsiders hacking networks that we should be worried about; breaches are the result of everyday, internal activities. In an article on Global Banking & Finance Review, Three Approaches for Improving Data Security in the Financial Services Sector, I outline the current challenges the financial sector faces in protecting data and three ways to reduce the risks and impacts of a data breach.
A recent report indicates that cybercrime makes up 39% of all economic crimes against the financial services sector, compared to 17% for other types of business. Faced with an increased level of pressure to protect data (such as the SECs new enforcements), many financial services firms are looking for one-stop-shop solutions to their problems. Unfortunately, there is no single solution to protect data.
The financial services sector, as with other industries, needs to take a layered approach to data security, using multiple and complimentary methods to protect sensitive data. As outlined in detail in my article, this approach would include:
- Endpoint protection, given the increased mobility of data. There is a middle ground that preserves mobile working while protecting data, such as the use of geo-fences to flag when devices move beyond expected locations or the ability to remotely lock or delete devices that are determined to be at-risk.
- Know where your data is, and when that data is on the move. Knowing what kind of data you have and recognizing if it’s been downloaded to an endpoint device gives you the ability to investigate why that data is on the move and remotely deleting it if need be.
- Know your weakest link – employees. Pairing technology with policies and engaging education can reduce the risk that people place on your data, whether intentionally or not.
The sheer volume of sensitive data and the massive implications of a breach mean the financial sector can never be too safe when it comes to having the right technology and processes in place to guard against data breaches. Ultimately, anyone delivering financial services needs set the standard when it comes to data security, and those companies falling below that will quickly realize the value their customers place on this trust.