The new “cy-fi”
How can financial institutions that store and transfer massive amounts of sensitive information protect data, accounts and clients from cybercriminals? They can start by understanding security trends, minimizing risks and making sure their security policies are leading the field.
Michael Moyle, a manager at a global security software firm, has 15 years of experience consulting on online security for the banking industry. Here he shares his insights on the coming “Cy-Fi” trends shaping cybersecurity in the financial world.
1. Third parties can be your weakest link
Three respected stalwarts in the U.S. finance industry paid over $530 million to settle complaints directly related to the behavior of third-party suppliers in the past several years. Because they are being held accountable for vendor practices, financial firms are closely inspecting them, even when “the pressure to deliver quickly and inexpensively can lead to circumventing security procedures,” Moyle says. He adds that to protect the business of both parties, “it’s important that vendors and banks keep audit and security teams in the loop.” (Likewise, in the mailing industry, working with certified vendors when handling sensitive financial, health and personal client documents is a must.)
2. Risk mitigation takes the lead
With high-profile data breach cases coming to light, institutions want protection from data breach liabilities. A savvy plan might include having your network protected by a single security suite that coordinates all protections — firewall, anti-virus, anti-spyware, anti-malware — as security programs from multiple vendors may end up working against each other. Also, employees should be taught how to thwart cybercrime — by not opening emails, email attachments or social networking links from suspicious or unknown persons, for example. Coupling savvy security protocol with business insurance will help to protect not only a company’s financial position, but also its brand reputation and consumer trust.
Moyle has seen both vendors and clients mishandle data. He sees leaders in the security field instituting training on simple procedures to prevent leaks. “Understanding best practices on data usage and storage is key for everyone — not just IT — who comes in contact with data,” Moyle explains.
3. Wearables increase threats
Those new high-tech watches sure look stylish; however, they and other connected devices may transmit sensitive personal or business data to the wrong hands. Moyle advises: “If it’s connected, it needs to be protected.” And don’t be fooled: “Just because a device may be small and cheap — like a thumb drive — it can very well have Trojan horses [malicious computer programs] waiting to be activated,” he warns.
4. Privacy fears continue
Every time there is a major data breach of a previously trusted company, brand trust plummets and consumers head elsewhere, hurting a breached business’ bottom line. Each attack increases pressure on regulatory agencies in the U.S. and abroad. Combined with new accounting regulations, these concerns are creating a perfect storm where more stringent regulatory and compliance rules may be implemented. In response, many vendor certification programs are now becoming more strategic in nature, and are educating businesses on how to detect and head off issues before they occur.
5. Cybercrime — the new norm
Unfortunately, this trend won’t burn out. The tactics hackers use are amorphous, the speed faster and the technologies more sophisticated. No matter the stellar effort put in, most IT departments cannot compete with cybercrime.
Moyle shares smart words of advice: “I liken cybercrime to household break-ins. They won’t stop, no matter how many locks you have on the door. You can’t live in a vault. Just be smart, be proactive and be prepared, so when break-ins happen, you have a system in place to fall back on.” Vendors that institute a system of best practices, and invest in certification training will be in the best position to win future business.
© Pitney Bowes 2015. All rights reserved.