Get your FREE information security risk assessment from Shred-it*

Book Now

Data Security Threats: Financial Industry Edition

Download PDF Version

The financial services industry is tightly regulated on many levels, including the protection and privacy of customer information. Know the facts:

FACT #1
LEGALLY, A FINANCIAL ORGANIZATION MUST:

» Maintain the security, confidentiality and integrity of its customer information – in all its forms (hard copy, CD, online)
» Prevent unauthorized disclosure, misuse, alteration or destruction of this information

FACT #2
FAILURE TO COMPLY COULD LEAD TO:

» Significant civil and criminal penalties – for individuals as well as businesses
» A security breach that could significantly harm your organization’s:
› Reputation and brand
› Customer churn rate and business relationships
› Financial bottom line results

FACT #3
THREATS CAN COME IN MANY FORMS, SUCH AS:

 

RISK: CYBER ATTACKS INSIDER THREATS LACK OF EMPLOYEE TRAINING AND AWARENESS
TACTIC: MALICIOUS INTENT MALICIOUS INTENT INADVERTENT OVERSIGHT

CHALLENGES AND SCOPE:
 

» Theft of information assets and business disruption
» Denial of service (DOS),
web application attacks and
payment card skimming
represent 88% of all security
incidents in the financial
services sector1
»In 2016, DoS attacks were the
most common type of attack1
 
» Employees have access to many electronic and printed files
» Often hard to detect or prevent breaches
» 59% of financial organizations said privileged user accounts are the top insider threat3
 
» 47% of businesses say social engineering and phishing scams are their greatest concern - and that human error is the reason these attacks succeed5
» Human error is caused by lack of awareness or training on policies and procedures
» 48% of C-Suites train employees once a year or less on organizational information security policies; 38% of SBOs never train them at all6
 
IMPACT:
Approximate annual cost to the financial industry: $16.53 million per company2

Careless employees cause 56% of data breaches4

38% of companies will prioritize privacy and training awareness over the next 12 months7

Proactive Solutions are the Best Line of Defense

Proactive solutions combine people, processes and technology to mitigate the business and operational risks associated with data security threats and breaches.

Here are some helpful guidelines to get you started:

  • Understand the legal obligations for your organization

  • Conduct a comprehensive risk assessment

  • Establish detailed policies and procedures to ensure compliance on the collection, processing and disclosure of personal information (customer and employee records)

  • Create the necessary internal governance framework and technology infrastructure, including back-up and recovery/business continuity plans

  • Designate key staff to be responsible for the document management system

  • Educate and train all staff on the risks and the importance of their role

  • Ensure compliance from all staff and third party suppliers on secure document storage, accessibility and destruction

  • Document and monitor ongoing compliance, including regular security audits

Sources:
1. Verizon, 2017 Data Breach Investigations Report
2. 2016 Cost of Cyber Crime Study & the Risk of Business Innovation by Ponemon
3. 2016 Vormetric Data Threat Report Financial Services Edition
4. 2016 Ponemon survey: Risky Business: How Company Insiders Put High Value Information at Risk
5. https://teiss.co.uk/news/social-engineering-phishing-scams-potent-malicious-attacks
6. 2017 State of the Industry Report, North America, Shred-it
7. PwC 2017 Global State of Information Security

Request a Quote

Fill out the form below and we’ll contact you with a free quote within the hour! (Between 8:00am and 5:00pm, Mon - Fri)

Select Service




Company info

Your info

Additional Info

×