This makes it more difficult to secure your financial services business and certainly makes it more complex than perhaps other industries. An additional factor is that financial services businesses must meet the requirements of the Irish Financial Services Regulatory Authority (Ireland) and the Financial Services Authority (UK).
The clients of financial services organisations expect their finances to be looked after by a company that is 100% secure. But there isn’t really such a thing. The majority of data breaches start completely innocently. Remember The Good Wife and the ransomware attack that Diane started by clicking on an email? It was so easily done.
It is critical to ensure that your financial services organisation’s data and applications are protected in order to minimise reputation damage, customer confidence and financial loss.
So how do you secure your financial services business?
Simply put, it’s a combination of people and technology that will help secure your financial services business.
People play a vital role in the prevention of a cyber-attack. Here are some things you can do to encourage your people to be security aware:
- Provide data security training and ensure they know not to click on anything dodgy
- Send regular reminders about the importance of data security using channels such as podcasts, video (see Sophos video) or via your intranet or internal newsletter
- Share security awareness articles and podcasts (download Sophos podcasts here)
- The first thing to look at is a security audit. The average data breach takes 210 days to be detected. An awful lot of damage can be caused in 7 months. Securing your business goes beyond implementing some firewall rules, anti-virus software and data backup solutions. It requires a comprehensive, programmatic approach.
An Infrastructure Security Audit evaluates the security of a company’s information system by measuring how well it conforms to a set of established criteria.
- The second thing to examine is your endpoint security. Financial Services companies need a number of different pieces of security software. These range from network auditing and firewalls to two factor authentication and endpoint protection. You may wish to choose a Managed Endpoint Protection service that offers a full managed endpoint security protection for all devices and can be deployed either on-premises or via the cloud.
- Don’t forget about creating regular, scheduled backups and having a disaster recovery process in place. Disaster Recovery as a Service uses the cloud or a second physical location as a target site for replication of your financial services organisation’s critical data as well as your critical applications in order to be back up and running as quickly as possible.
Make sure to keep an eye out for companies using phishing techniques and running online ads that look like your business. In November 2017, the Microsoft search engine, Bing, had to remove an ad that looked very much like an ad for TSB, but in fact was a phishing operation.
The Irish Central Bank has produced a brochure “Cross Industry Guidance in respect of Information Technology and Cybersecurity Risks”
The Bank of England provides a cybersecurity framework to help financial institutions in the UK identify areas of vulnerability that could be exploited by a cyber-attack.