Going back to basics will solve a security headache for financial firms

Going back to basics will solve a security headache for financial firms

Paul Hampton

Senior Product Manager at Thales

Views 821

Going back to basics will solve a security headache for financial firms

08.07.2019 11:00 am

With reports of new data breaches hitting the news every day, you might be surprised to hear that spending on cyber-security is at an all-time high. However, as these attacks become more sophisticated, much of this spend has been focused on protecting the wrong areas. In particular, businesses have increasingly prioritised securing the perimeter surrounding IT systems instead of the data itself. In fact, network security hardware, such as firewalls and unified threat management, are seeing continued investment from businesses.

This is a major problem. Perimeter security is just what it says it is; the first line of defence for any organisation. It’s not a solution that is going to protect an organisation’s most important asset, it’s simply there to help deter or slow the hackers down. But once that line of defence is breached – and it will be breached – organisations must have more security up their sleeves or risk their data being exposed to the world.

While a pressing issue for any business, this problem has become more complex for financial firms. New regulations such as PSD2, which forces banks to open their APIs and data to the wider world, has meant that the potential for data to be exposed is increasing for both legacy and new players. Consequently, it’s more important than ever for financial companies to go back to basics and take five simple steps in order to safeguard their and their customers’ data:

1. A data review

People will often bank with the same organisation they have for decades, meaning that there is a treasure trove of valuable information, from spending habits to personal information, for a hacker to want access to. In order to adequately defend against a potential attack, the first step is for banks to figure out where all its data lies by conducting a data sweep. Only by taking this first step is it possible for an organisation to know which data it stores and how to best to protect it.

2. Prioritise secure authentication

The next step for financial organisations is to employ a robust two-factor authentication strategy. Essentially, two-factor authentication means a person must have a code or message on their smartphone, as well as something only they know, such as a password, to access a network or app. This provides an extra layer of security, in the event a user’s ID or password is compromised.

3. Encrypt all important information

Data encryption is a vital third step in properly safeguarding data. This means that if hackers do gain access to the data, it won’t make meaningful sense to them, as the system will scramble the information. Any party who doesn’t have access to the encryption key required to unlock the data will see it rendered useless. Being able to ring-fence sensitive data with encryption makes conducting a data sweep in the first instance a top priority. By employing encryption data, regardless of whether it is stored in the cloud or local a data centre is secure.

4. Store encryption keys correctly

The next step is to safely store the encryption keys. Whenever data is encrypted, an encryption key is created, and can unlock and access the encrypted data. Encryption only works if the right key management strategy is implemented. Companies must ensure the keys are kept safe by storing them in secure locations, such as in external hardware away from the data itself, to prevent them being hacked.

5. Make cyber-security a business priority

Financial organisations have an obligation to educate both their employees and their clients about the steps the business has taken to secure its data. While employees must be aware of the steps taken to ensure best practice, businesses should also ensure clients understand how their data is being protected in order to build confidence in data security.

Looking Ahead

PSD2 is changing the nature of the financial landscape, and traditional banks are now competing with other financial organisations for access to data and this only further emphasises the need for data security. Whilst banks have a built a reputation for trustworthiness, newer organisations, such as fintechs, must put the correct steps in place to garner the same level of trust from consumers. Getting the basics right is a great place to start. Investing large amounts in security is pointless if businesses aren’t doing the right things. In the first half of 2018, of the 944 security breaches reported, just 2% of the stolen, lost or compromised data was protected by encryption. Whilst mastering the basics won’t prevent breaches entirely, it will make the business a less enticing target for hackers and minimise the impact of breaches in the future.

Latest blogs

Martijn Groot Asset Control

How Machine Learning is Changing Data Management and Investment Processes for Active Managers

AI and Machine Learning techniques are finding their way into financial services. Ranging from operational efficiencies to more effective detection of fraud and money-laundering, firms are embracing techniques that find patterns, learn from them and Read more »

Faniel Thomas Moneyfarm

What You Need to Know About Stocks and Shares ISAs

Many of us are familiar with the tax-free benefits associated with a standard Individual Savings Account (ISA). However, a variant known as a stocks and shares ISA is becoming an increasingly popular alternative. What is the basic principle behind a Read more »

Anthony Walton Iliad Solutions

Immediate Payments – Readiness

The payments industry is seeing a massive global surge in the implementation or modernisation of Immediate Payment systems. These systems challenge the status quo, and when used effectively create real opportunities for financial institutions to Read more »

Dr Bimal Roy Bhanu AiXPRT

AI-washing: is it machine learning … or worse?

There are widespread misconceptions about Artificial Intelligence (AI), including its powers and what it can and can’t do. Which means that potential users may have unrealistic expectations of what they will see when they’re presented with AI. For Read more »

Todd Clyde Token

Making Open Banking Pay with a Superior API

The success of open banking will ultimately depend on the difference it makes to customers. It’s one thing for people to be able to see all of their various account balances in one place. But if the process for moving money or managing payments Read more »

Magazine
ALL
Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel