June 19, 2018
Security has to be a bigger priority in the financial services sector – and better employee training is the key, according to more than one-third of Chief Information Security Officer’s (CISO’s) polled in a 2018 Financial Services Information Sharing and Analysis Center (FS-ISAC) report.
Data Breach Prevention
The financial sector is a huge target area for criminals looking for data and dollars but employees are the first line of defense. According to 2017 IBM research, information from financial firms was breached 65% more than the average organization. According to a white paper by Shred-it, breaches have tripled over the past 5 years, and 42% of financial services firms have experienced a data breach.
The IT Department Can't Do it Alone
While IT takes the lead on providing technology-based safeguards, the entire workforce of a financial institution must be committed to data security and understanding risk management and emerging risks.
Compliance is Dependant on Proper Training
The financial sector is heavily regulated and privacy laws are constantly being updated and improved. For example, the General Data Protection Regulation (GDPR) which went into effect this past May, the Gramm-Leach-Bliley Act, the Payment Card Industry’s Data Security Standard and the Disposal Rule, are just a few of the regulations that employees should be aware of. Employee training will help.
In its Top Financial Services Issues of 2018 report, PwC security experts warned that phishing is going to “migrate more aggressively toward social media to trick users to download and run malware” in this sector. Educating employees on phishing, business email compromise (BEC) and other social engineering based attacks will protect individuals – and organizations. Training should be practical and teach how to recognize phishing scams and avoid downloading and executing unknown applications.
Carelessness on the Job
Employees who don’t follow proper policies and procedures are one of the biggest security threats in organizations. Up to 25% of information breaches are caused by employee error, negligence, and poor judgment, according to Cost of a Data Breach Study 2017 by Ponemon. Employee training should teach security-driven work habits. For example, don’t share passwords, carry sensitive information unnecessarily, use a thumb drive found in the parking lot or drop confidential documents into recycling.
High Employee Turnover
This sector has the highest churn rate at 7.1% of all industry sectors (churn rate, in this case, refers to the number of customers who leave after a data breach). Employees represent the company when customers are affected by data compromises. Emphasizing customer retention to employees in training can help - to keep customers from leaving and to preserve the company's reputation and brand value.
Research has shown that insider threats are still one of the leading causes of data breaches. In the financial sector more than half of the reported data breaches are the result of insider activity, according to the IBM research. Good training along with a culture of security in the organization will help employees feel like they’re partners in the company – and spot and report suspicious activity.