In the first half of 2018, corporations exposed approximately 4.5 billion records in 945 breaches— an increase of 133% over the same period in 2017. As a prime target, the growing number of security breaches continues to draw attention to security measures and protocols employed by financial institutions.
The increased pressure to secure customer data within the financial industry requires companies to weave strong security protocols throughout the entire risk management structure. When seeking to reduce security failures, there are five key areas to consider:
1) Protecting Sensitive Information and Assets
Securing information and assets from a security leak primarily includes protecting where it is stored, where it is sent, and when it is used. Top vulnerabilities include the following:
Removable Media: Limiting or eliminating storage of confidential information on removable media. These devices pose high levels of risk because they can contain large amounts of data on a small device that is easy to transport and easy to lose.
Secure Data Transfer Points. In many cases, the weakest link in data security is the point of transfer. Whether an employee downloads a file to bring home or accepts a hard copy of confidential information, to scan later, the point of transfer is also an easy point of interception from a hacker.
Ban the Storage of Sensitive Information in Unsecured Areas. Implementation can include banning the use of unencrypted devices or networks, and the mandatory storage of all sensitive information or assets in locked drawers or file cabinets.
2) Automate Processes and Procedures
Security breaches come from either internal and external sources. In 2018, 56% of the lost data came from external sources, where the other 44% resulted from internal failures. Out of the internal losses, 33% were deemed accidental, meaning the employee did not intentionally leak sensitive data to a prospective thief.
Companies rely on a system of policies and procedures, to combat accidental loss. However, the best procedures are only as good as the employee who implements them. Forgetting to insert a dye pack, adjust the video feed, or lock a drawer, leaves the company vulnerable to losses. Automation is an effective method to reduce or even eliminate data or asset losses due to accidental exposure.
New technologies make it easier for companies to automate security protocols and procedures. Automation might involve computer settings requiring an employee to resign in after a short idle time. Electronic locking systems with an auto locking feature, such as Senseon keyless locks, can relock drawers if an employee forgets, protecting assets held in teller drawers or office cabinets.
3) Identify and Track Threats
Tracking the right metrics can identify gaps and weaknesses in current security protocols, which could lead to data loss or a security breach. The most effective metrics will identify suspicious activity and track the motion of data or assets. Such measures can identify both intentional data leaks and unintentional lapses due to employee behavior.
For example, innovative technologies, such as Senseon’selectronic locking systems, provides managers with an audit trail, identifying who entered which secure access point when. Tracking individual employee access can provide training opportunities and identify deviant behavior quickly in the event of intentional data theft.
4) Define Accessibility
Companies must make important decisions about which employees have access to what based on their role with the company. Appropriately controlling employee access to information and assets is an effective way to reduce data losses. Policies and procedures can address issues such as the use of removable media or personal electronic devices. However, financial institutions maintain sensitive information and assets on site, which employees use in the course of their daily assignments. The ability to control data access by employee adds an additional layer of security without increasing the company’s security costs.
Tracking technologies allow companies to limit employee access based on location and device. For Instance, Senseon technology allows a manager to identify access levels by the employee. They can grant unlimited access to all secure areas within an office, or only to certain locations. For example, a teller might only have access to their teller drawer, where the branch manager will have access to all teller drawers and office files. Service and sales personnel might only have access to drawers and files within their designated office or kiosk.
Assigning employee access based on duties provides better internal security and can identify an employee who fails to follow established procedures.
5) Onboarding and Termination Processes
Financial companies typically have a formal onboarding and termination process for full-time employees. This process often involves issuing a company ID and granting access to certain buildings and offices, which could contain a sensitive company or customer information or assets.
A secure process may not be in place for other types of workers who do not meet the requirements of the companies formal onboarding and termination policies. For example, temporary workers, contractors, and third-party vendors may need access to secure areas for only a few hours or a few days. Failing to implement security procedures for granting and canceling access can lead to the loss of data.
For example, issuing and returning physical keys can become complicated when a manager provides access to a secure area for a temporary agent. The manager must issue a key and then retrieve the key before the worker leaves or after the project’s completion. Failure to follow this process can lead to expensive rekeying costs to protect the company and customer assets.
On the other hand, using RFID technology, Senseon improves the security access process because a manager can issue and cancel access credentials within seconds, without the need to retrieve the physical RFID card.
Security concerns plague the financial industry as hackers, and identity theft reaches epic levels. Financial companies must transform their offices and workspaces with new technologies, which better align with their security needs.