7 ways financial services firms can protect themselves
Here are seven cyber security tips for financial services firms to improve data security, lock down their assets, and protect their customers and clients.
In 2014, remote attackers hit JPMorgan Chase and the associated website of the JPMorgan Corporate Challenge, affecting 76 million households and 7 million small businesses. Financial services firms are high-value targets. Even just the name and address of a high-asset account holder can be valuable on the black market.
There isn’t a single fix-all solution available to guarantee the cyber security of a financial services firm’s software and systems. However, there are cyber security strategies that financial services firms can implement to lock down assets and data as securely as possible.
7 cyber security tips for financial services firms
1. Conduct employee training
It’s pretty simple to trick someone into sharing their credentials when they believe that they’re corresponding with someone from their firm’s IT department (via phone call or email). Why would someone question it in the first place? Thus, you should train employees how to avoid becoming a future victim. Train them not to share credentials via phone or email. Make sure that they understand that your firm’s IT department will never request that information.
To make sure that information isn’t leaked from within, employees should know how to identify fraudulent or malicious artifacts such as email attachments. They should be aware of common methods used to manipulate businesses such as spear phishing. And they should learn how to identify evidence once a breach has taken place.
2. Secure mobile devices
Today, most people consume digital information on a mobile device. With that in mind, here are three important elements to consider:
- Protect your phone with strong passwords and biometrics.
- Consider creating a “bring your own device” (BYOD) plan for employees using personal devices in a work setting.
- Outlook is one of the most vulnerable mobile applications.
3. Define cyber security policies
To be effective, a cyber security policy must be reflected in every process, every decision, and throughout the organization. Use employee training to make employees aware of cyber security best practices. For example, using complex passwords and maintaining a clean desk environment (i.e., properly storing confidential information).
Regularly refine existing cyber security policies to include the most up-to-date information.
4. Establish a multilayered defense system
Threats come from a variety of sources, from software vulnerabilities to web-based attacks. To block these, establish a multilayered defense system wherein multiple tools and processes protect sensitive information. These tools and processes must also work hand in hand to provide a seamless experience to the user.
5. Learn from mistakes
Hackers are always learning new and improved methods to collect internal information from your infrastructure–always assume that this is the case. Learn not only from your mistakes but also from the mistakes of others. Continuously look for security loopholes that have or could one day lead to a breach. Close these loopholes as soon as possible. With this thought always in the back of your mind, remain proactive when it comes to cyber security. This is the only way to keep up with attackers.
6. Have an cyber security incident response plan
In an environment where hackers are usually one step ahead, collective accountability is a solid first line of defense. In a worst-case scenario (i.e., if a breach does occur within your firm), establish an incident response plan that minimizes the damage. What may be even more important is that your employees know about it and how it works. Conduct drills to practice the plan so that all relevant parties know exactly what to do in the event of a breach.
7. Harden your systems
Last, but certainly not least, harden your firm’s systems. This includes conducting a penetration test and creating a threat model of all business-critical applications. Also, conduct architecture reviews before the application build begins and implement active code checking during the build.
