- Security breaches from external threats elevate costs beyond the direct losses experienced by the financial institution
- Poor employee implementation can sabotage the best policies and procedures leading to preventable losses
- Security at the office level requires protecting multiple points of access. Financial institutions face vulnerabilities in each office, desk, and file cabinet, which contains proprietary information, customer data, or cash
Financial service companies routinely gather, maintain, and store sensitive information on the businesses and individuals they serve, increasing their risk of outside security threats. A survey of 1,100 senior security executives revealed that 86% believe their company is vulnerable to a security breach. In 2017, 42% of financial service companies experienced a breach of security, making the industry among the most targeted for both physical and cyber attacks.
The following are three key problems plaguing financial companies, increasing the risk of loss from external threats:
Problem: High Accumulated Losses
External security breaches cost financial companies much more than the direct financial loss caused by a breach. Whether the company experiences a cyber attack, robbery, or other theft, impacted companies incur costs associated with the investigation into the cause of the breach and the implementation of new protocols to prevent future losses. Solutions often involve the introduction of new technologies, requiring additional staff training.
Extensive regulatory requirements within the financial industry could increase losses, in the form of fines, penalties, and legal costs to defend the company in lawsuits directly related to the security breach. Other related expenses might include the cost of business disruption, notifying customers of the incident, and the replacement of lost information. Beyond the hard costs, companies also face public relations costs and lost customers, which can directly impact revenues.
These factors can exponentially increase losses beyond that of the initial event.
Solution: Identify Vulnerabilities and Take Proactive Measures to Prevent Security Breaches
Relying solely on company-wide security policies can leave individual offices vulnerable to a physical security breach due to the unique configuration or circumstances found in satellite offices. Beginning with a comprehensive program and then tailoring the approach to each individual building is the most effective way to protect all company and client assets and information.
“A threat and a vulnerability are not one and the same. A threat is a person or an event that has the potential for impacting a valuable resource in a negative manner. A vulnerability is that quality of a resource or its environment that allows the threat to be realized.”
After identifying both threats and vulnerabilities, security departments can address issues at the office level before a security breach occurs.
Problem: Poor Employee Implementation of Company Policies and Procedures
Regulatory oversight demands that companies within the financial industry have policies and procedures designed to protect customer data, vendor information, proprietary company data, and cash in place. Failures can lead to corporate fines in the billions of dollars.
A company can have extensive protocols designed to secure each office and building properly. However, if employees do not effectively implement all corporate policies and procedures, the company can remain vulnerable to a cyber or physical security attack.
When the security process becomes cumbersome, employees often ignore the recommended or even required procedures. For example, a company might have the policy to keep drawers containing sensitive customer information or cash locked at all times. Employees, finding it inconvenient to lock and unlock a frequently used drawer, could fail to lock the drawer after each use, leaving the company both vulnerable and liable for any lost or stolen information.
Solution: Upgrade Technologies to Automate Procedures
New technologies allow companies to automate many processes, which reduce the breakdown and failed implementation of company-initiated protocols. For instance, financial companies can upgrade external door systems to automatically lock behind each employee, to automatically log off an employee who logs into to a second computer and automatically lock drawers left unattended.
Problem: The Need to Secure Multiple Areas
Thieves look for company vulnerabilities from every direction. They stake out an office by posing as a customer and seek to locate file cabinets, drawers, devices, or rooms, which house secure company data or cash. The potential thief wants to identify points of weakness, which will allow for a quick entry and exit, with the stolen property.
Financial companies must secure every room, file cabinet, and drawer containing sensitive information or cash. For instance, an insurance company which allows agents to accept cash premium payments could store the money in the desk drawer of each agent. At the end of the day, the office manager places the accumulated cash in a locked file cabinet for the next day’s bank deposit. In this case, each agent’s desk, and the file cabinet housing the premium payments, represent a vulnerability within the office.
A mortgage lender who accepts an applicant’s tax returns for underwriting but does not immediately scan and shred the sensitive information must store the hard copy in a secured file cabinet or drawer until they can digitalize the material. In offices where an employee meets with back to back clients and takes care of administrative duties such as scanning or faxing at the end of the day, could create a security vulnerability, leaving the employer open to regulatory liability.
Solution: Invisible and Automated Locking Technology
Offices are prime targets for a physical security breach because employees often fail to follow company established protocols. For example, staff may often ignore company policies requiring locked drawers at all times, no customer data in sight of another customer, and the immediate shredding of sensitive data because they find the rules cumbersome and impractical.
Automated keyless technology like Senseon Secure Access, creates an invisible locking system that ensures employee compliance. Device installation is inside the cabinet or drawer, rather than outside, preventing a potential thief casing the office from easily identifying the cabinets or drawers containing cash, and customer or company information. Employees enjoy RFID technology, which automatically unlocks the cabinet or drawer without a key or card swipe, and then re-locks the secured area automatically. Installing new technologies can reduce weaknesses in security and protect the company from losses of data while remaining compliant with financial regulatory standards.
Government regulations require financial service companies to address both threats and vulnerabilities in all offices and buildings, along with any third-party vendors which house sensitive customer data on behalf of the company. These high standards, along with the high-profile nature of financial companies among thieves, require vigilance on the part of the security team. Utilizing new technologies can reduce vulnerabilities and losses among companies in the financial services industry.
To learn more about how automated keyless technology can reduce the risk of loss within financial institutions visit our Finance Market Page to download our whitepaper.