Security is a never-ending game, and for banks, the game requires more strategic thinking than ever before. Emerging technologies and social media are changing the way banks must structure their security processes. As technology and hackers grow more sophisticated with every moment, so too must your bank’s security strategy.
In today’s world, your financial institution should address the following five concerns:
1. Enhance Perimeter Security
Stop hackers before they get in. That seems obvious, but it’s important to go beyond traditional measures. Firewall security is no longer enough. The new standard is an Intrusion Prevention System (IPS), which allows you to identify, log, and block malicious activity at the outset. Use a diversified line of defense that includes border routers, firewalls, an Intrusion Detection System (IDS), IPS and establish a DMZ to isolate the internal network from the hackers trying to breach the perimeter.
2. Patch Your Systems
The easiest security tactic? Routinely patching your systems. Make sure you are patching routers, switches, firewalls, internal desktops and servers so that your network and internal systems are both covered. However, there is a trade off with patches and their effects on other systems. The safest approach is to schedule patches to occur regularly, review them ahead of schedule and notify all departments in advance. Patching on a regular basis maintains not only system integrity, but also a safe environment.
3. Understand Social Media
Social media changes everything, especially when it comes to social engineering. Individuals place an inherent level of trust in “friends” on social media sites, leading to social engineering risks. What’s more, easy-to-install apps often provide a heightened level of access on end-user systems. While most of these applications are safe, some have been written specifically with malicious intent to compromise user data. The best defense against these threats is user education and patching.
4. Promote User Education
Perhaps the most critical component to your system’s security comes from educating users, both employees and customers. Banks should develop a user education plan that includes periodic training sessions for employees on such topics as social engineering, secure passwords and other security-related matters. For customers, newsletters and regular updates provide a viable way to share information that can protect both their security and that of the bank.
Mobile Bring Your Own Device, or BYOD, carries significant compliance and risk management pitfalls. Most devices store company data of some sort. If lost or stolen, a cybercriminal can compromise your confidential information in a variety of ways. Similarly, many of these devices have direct access into your corporate network, allowing the hacker to easily penetrate your networks and intranets.
Paying attention to these five areas can mitigate risk for your institution as well as increase its overall security. These areas should be evaluated periodically and updated as needed.
Sean Martin is an operations center manager and risk expert with Computer Services Inc. (CSI)’s Managed Services Division, a leading provider of cloud-based managed performance, security and IT-related services.