Matt Goulet, chief operating officer at Globalscape.
The digital revolution hasn’t missed many industries. The threat from cybercriminals has put even more pressure on enterprises, especially in the banking and finance space. More consumers are turning to digital banking services for their ease of use and innovative means to manage finances. Just last week, Tandem, a mobile banking startup, was given the go ahead by the Bank of England to start trading in the UK. It follows a long list of 29 new mobile and online banks who have asked the regulator for approval in the last few years.
Concern about data safety is very much in the minds of business and government leaders. The European Safe Harbour ruling from earlier this year encouraged greater scrutiny of the whole banking sector and how it manages data. Mark Field, MP for the Cities of London and Westminster, has called on the Government to better insure the banking industry against the cyber-terrorism threat. He argued that a big cyberattack in the finance industry could, in a worst case scenario, damage the UK’s economy.
The consequences of a data breach will, at best, result in a bit of negative press coverage. As a result, the pressure to follow regulatory guidelines and protect an organisation’s data while avoiding fines or serious repercussions is enormous. Getting data requirements right and keeping sensitive information secure, in such a high-pressure industry, could not be more important.
Meeting security needs and challenges – not to mention staying compliant in heavily regulated industries —requires organisations to understand the value of data, address the correct level of security required, and evaluate access.
It’s estimated that bank login credentials for an account with just $2,200 in it are worth as much as $190 on the ‘dark web’, but the damage to consumers is of course higher if they then lose all of the money in their account. Establishing the value of data from the outset will put organisations in the best possible position to evaluate security needs and where protective measures need to be tightest.
Ranking data is a good first step, matching the purpose of security technology with the types of data to be secured. Consider how much of the information involved is sensitive in nature. The process will make clearer how to approach tightening data security across your organisation and where it is most required.
This must however, be approached with a level of wariness. For consumer facing organisations, ease of use plays an even larger factor. Complex authentication tools may be the most secure, but they might not be user friendly enough for wider consumer use. Finance companies must therefore consider which permissions are necessary for specific processes, and work to achieve that tricky balance between protection and functionality.
Research by the Computer Technology Industry Association revealed 53 percent of data breaches have been attributed to deliberate or accidental staff error. Retaining control of data is critical. If a data breach can be attributed to staff error or a lack of oversight from senior leadership, the consequences will be even greater. Data security includes ensuring staff understand the value of the data they control and how to distribute it safely, both internally and externally. Finance organisations are taking enormous unnecessary risks by allowing employees to distribute information via improper means, such as through unencrypted USBs. The embarrassing headline, ‘Finance organisation leaves customer data on USB stick on train’ comes to mind. Instances such as these also run the risk of bringing organisations out of compliance with the Data Protection Act, adding legal costs to the fallout.
The need to manage data effectively could not be more important. More consumer data is making its way into the connected world and it must be protected. Failure to do so risks large data breaches. Understanding both the value of data and how to secure it appropriately are of equal importance. However, as it becomes more necessary for organisations to provide staff with greater access to sensitive information, risks rise; therefore, a clear data protection policy and tools to keep data secure are essential. Ultimately, breaches will happen, but mistakes of the past can be lessons of the present. No breach should be the same, and certainly shouldn’t be brought about by internal error or malpractice.