Posts

Financial Services IT Security For Business Growth

Too often we hear from new clients in the financial services sector they’ve suffered panic and disorganization in their security protection. In this post we’re going to outline outdated approaches as well our recommendations to thwart invasion.

Cyber threats are proliferating faster than most lending institutions can fully understand. It’s often best to approach delving into your security measures with a proven tactical plan. One that not only manages your risk but also pinpoints the best protocol to detect and recover.

Don’t forget your biggest security risk can also emerge as your competitive market advantage in regard to growing new business. But only if you develop a unified security proposition instilling trust and protection to consumers. Something many financial services companies struggle with is how to evolve their protection toward new trends in advanced security. One in particular we strongly suggest is developed by changing how your organization manages your threats in stages.

We refer to them as anticipate, protect, pinpoint, respond and recover. These stages are vital to developing a systematic plan to safeguard your customer data. Remember, cyber attacks are your responsibility and therefore can cause liability risk for your institution.

Anticipate

Although it’s a sizable dose of reality to anticipate all threats, one thing is for certain. The chances of your company being attacked are high no matter what level of security you currently have in place. Ideally, we recommend developing a full-scale anticipation plan whereby you monitor irregularities in user access to your networks.

The problem we see all too often with financial services institutions is they embrace a generalized security plan. Usually ones that are developed by unqualified IT security consultants who do not have the necessary background in financial security.

We recommend investing in cyber ‘fusion centers’ which provide a more robust security protocol based on the team concept. Instead of handing the keys to your security to a few IT technicians, the fusion center approach delivers real-time intelligence monitoring of your networks.

Active cyber threats exist from third-party vendors and in some cases, consultants with credentials to your network exposing your customer data to unsuspecting threats. We’ve seen some cases where third-party access was not monitored at all by systems managers. This type of risk is exponential and often goes undetected for years exposing your networks to invasion.

Protect

For decades financial security was based on building generalized gateways to protect your entire network. However, this style of protection is too limited in the new age of wireless banking. But why?

Defending your raw data as well as sensitive customer information now is best approached by integrating a ‘defense in depth’ risk approach. Specifically targeting high-risk/value data and developing a security plan which provides layers of both encryption and detection.

Pinpoint

With the development of smartphone easy-pay apps, your security is tested on a daily basis. Although electronic wireless payment products are ideal for marketing purposes, they come with additional threats.

A smart approach is to pinpoint both your wireless and wired gateways and create a risk plan which pinpoints sensitive data exposure. Often financial institutions employing full-time security analysts. However, what we’ve found is that they rely on outdated encryption protocols exposing your networks to threat.

Respond and Recover

Traditionally, financial companies have relied on local resources and employees to manage their IT security. Bad idea. At least in terms of analyzing threats to your networks which are exposing you to risk.

New trends in cyber-security are moving toward big data management. We advise our clients to invest in dynamic real-time monitoring, analytics and threat response for ideal detection, response and recovery.

Remember, your network and data is your largest asset waiting for intrusion.

7 Reasons why Financial Services Companies Need to Archive Email with A Hosted Service

Do you know the one word that will cause your financial services company a catastrophic disaster? “Just.” Often it’s used by IT managers suggesting, “Why don’t we just host our email on our own servers?”

It’s cost effective and makes sense right? Wrong.

Every CFO knows email communication is vital to their organization. Last month Home Depot suffered one of the largest email data breeches ever when 53 million email addresses were stolen from their systems.

Read the Wall Street Journal story. Hackers posing as HD vendors were able to bypass their onsite email servers accessing the database.

Security

Ask any financial services company about checks and balances. They’ll tell you it’s accounting 101 to separate your accounts receivables from your payables departments.

The same protection is a must for your archived email. Too many companies make the mistake of ignoring security safeguards protecting their email on a third party hosting provider.

The first benefit is obvious. Security. Imagine your in-house servers are hacked. While your IT team troubleshoots the gateway breech, your email is protected offsite. Hosting your email with an expert host provider ensures your data is safeguarded 24/7.

Litigation Protection

Financial services companies need to protect themselves from liability. Therefore, archiving all email offsite safeguards their communications for search and indexing. Don’t forget you’ll also be able to easily pull reports of user messages, attachments and timelines.

Regulatory Compliance

Financial compliance regulations require that all email communications must be safely stored in original form. Hosting your email locally puts your organization at risk if your servers suffer threat.

Disaster Recovery

We’ve all seen news reports of natural disasters. It’s no longer whether your community will suffer a tropical storm or power outage, it’s when.

Archived email hosting by an offsite third party provider gives you the ability to safeguard your email and maintain banking operations.

You’ll provide services to your customers virtually while your local branches await emergency services to deem your hometown safe and ready to open your doors for business again.

Auditability

Accessing your archived email communications for audits is a breeze when you use an email host. Due to litigation and compliance regulations, your organization must safeguard all email communications for up to seven years.

Storage Management

As your company grows, your email quotas will require more storage. We often see an increase of our client email data storage increase by as much as 25% per year. Plan on allocating at least 150-200 MB per user.

By archiving your email with an outsourced provider, you no longer need to invest capital in onsite servers.

Cost

Your onsite servers are best used for your users, core business products and services. The concept allocates your capital on profit generating revenues rather than expenses.

It’s far less expensive to archive your email communications with an offsite host taking advantage of their server space. It’s economical and as your storage quota grows, you’ll save thousands of dollars letting your provider invest in resources to service your needs.