September 15, 2016

Data Security in Financial Services: It’s Likely Not What You Think

With so much confidential information in their keeping, you’d think that banks and other financial institutions would have stellar financial data security in place.

But new research has shown quite the opposite to be true.

In the Financial Services breach report from Bitglass, data leaks nearly doubled between 2014 and 2015, and the same trend is being seen in 2016. Last year 87 breaches were reported in the financial services sector up from 45 in 2014. In the first half of 2016, 37 banks reported breaches.

In other research, only one of the top 10 largest banks around the world received an overall ‘A’ grade in cyber security. The Security Scorecard’s 2016 Financial Cybersecurity Report, which evaluated cyber security risk of over 7,000 financial institutions, also showed that the bank with the lowest security posture is one of the top 10 largest financial service organizations in the U.S.

Almost all – 95% - of the top 20 U.S. commercial banks received just a ‘C’ grade or worse for network security.

Here are the top causes of a financial data breach as well as recommendations for data security in financial services.

• Missing devices: According to the Bitglass report, lost or stolen devices caused the most data leaks in this sector accounting for over a quarter or 25.3% of breach events. Solutions for workplaces: Create a comprehensive Mobile Devices security policy. Equip all hard drives with security safeguards including encryption. Partner with a reliable document destruction company, and have all obsolete hard drives securely destroyed.
• Cyber criminals: Hacking caused one in five leaks, according to the report. Solutions: Implement detection and intervention strategies, which are now just as important as prevention, advised Swiss banker Michael Meli at the European Identity & Cloud Conference 2016. Share threat intelligence, and stay on top of best in class security practices.
• Unintended disclosure: The research showed that 14% of leaks were attributed to accidentally sharing information or emails. Solutions: Educate employees at all levels. Post security awareness reminders throughout the workplace. Create a culture of security “where every employee feels they have a role to play in make the organization safer”, said Meli.
• Malicious insiders: In the Bitglass report, insiders were to blamed for 13% of leaks. Solutions: Control access to data so that employees can access only the information they need to do their jobs. Educate employees about fraudulent behavior, and provide a Fraud Hotline.
• Third parties: Last year the New York State Department of Financial Services showed that fewer than half of the banks surveyed conduct any on-site assessments of their third-party vendors. Solutions: It’s critical to evaluate the security policies and commitment of all companies you do business with.
• Paper: Lost paper records accounted for 8.1% of breach incidents in the Bitglass report. Solutions: Implement a Clean Desk Policy, and partner with a document destruction company that provides locked consoles for documents that are no longer needed.

There are several areas in the workplace where hard drives and/or paper documents are often not secured – and that increases the risk of a data breach. Learn how to prevent office fraud.