How Financial Services Firms Can Manage Cybersecurity Threats
Cybersecurity and data privacy issues are a top challenge for financial services firms. Careful planning and implementation can help meet these challenges.
Cyber threats and issues around privacy and data security management are significant challenges for all businesses, but especially financial services firms. In fact, according to Forbes, the financial services industry is the most breached sector, accounting for 35 percent of all security breaches. These two issues also present the most legal risks to financial services firms, according to a Forbes Insight/K&L Gates survey.
Specifically, financial institutions face three significant types of threats to security and data management;
- Web application threats that come about as a result of many business applications residing online.
- Distributed denial of service attacks (DDOS), such as trojans and malware, which cause servers, websites or apps to crash.
- Threats from employees. Many of these are unintentional, such as employees who unwittingly open phishing emails, but some are intentional.
Financial institutions can take steps, however, to make their systems more secure and to protect their data.
Plan
Although no plan is foolproof, a good plan can improve security and lower legal risks. The first step is to become knowledgeable about the dangers. The next step is to draft internal policies related to security procedures and the identification and reporting of breaches. Then, a firm will make sure it is insured against all the types of potential threats. It will articulate how to develop a security-conscious culture throughout the firm. Finally, as part of the planning process, firms will identify outsourcing partners who can work with their internal IT departments to prevent threats and mitigate damages if security is breached.
Best policy practices
When establishing policies, firms will want to consider best practices. One best practice is to require that employees keep their business and personal lives separate — no checking of personal emails, personal social media or personal online banking while at work. This prevents a hacker from gaining access to business data by first hacking into a personal account. Having two-step authentication is another good practice, as is strengthening passwords. Another essential security policy is limiting what an employee can do on the computer to only what is required for his or her job. Policies also should be developed around what happens when employees leave the company, whether voluntarily or involuntarily; for example, how does IT know to disable their passwords and how can they do this quickly.
Developing a security-conscious culture
In a security-conscious culture, cybersecurity and data-protection plans should become part of every company meeting and day-to-day discussions. Every employee should understand the security plan. Employees also should be trained to be alert and to recognize threats, such as phishing emails.
Finding an outsourcing partner
An outsourcing partner can extend the ability of your internal IT department to keep data secure. A right partner can help an organization identify potential places where a hacker can enter and find ways to prevent this. It also can add cybersecurity expertise beyond what many financial services firms might have inhouse. Finally, being able to outsource some of the security responsibilities will free up the internal IT team for other projects.