Going back to basics will solve a security headache for financial firms

Going back to basics will solve a security headache for financial firms

Paul Hampton

Senior Product Manager at Thales

Views 1669

Going back to basics will solve a security headache for financial firms

08.07.2019 11:00 am

With reports of new data breaches hitting the news every day, you might be surprised to hear that spending on cyber-security is at an all-time high. However, as these attacks become more sophisticated, much of this spend has been focused on protecting the wrong areas. In particular, businesses have increasingly prioritised securing the perimeter surrounding IT systems instead of the data itself. In fact, network security hardware, such as firewalls and unified threat management, are seeing continued investment from businesses.

This is a major problem. Perimeter security is just what it says it is; the first line of defence for any organisation. It’s not a solution that is going to protect an organisation’s most important asset, it’s simply there to help deter or slow the hackers down. But once that line of defence is breached – and it will be breached – organisations must have more security up their sleeves or risk their data being exposed to the world.

While a pressing issue for any business, this problem has become more complex for financial firms. New regulations such as PSD2, which forces banks to open their APIs and data to the wider world, has meant that the potential for data to be exposed is increasing for both legacy and new players. Consequently, it’s more important than ever for financial companies to go back to basics and take five simple steps in order to safeguard their and their customers’ data:

1. A data review

People will often bank with the same organisation they have for decades, meaning that there is a treasure trove of valuable information, from spending habits to personal information, for a hacker to want access to. In order to adequately defend against a potential attack, the first step is for banks to figure out where all its data lies by conducting a data sweep. Only by taking this first step is it possible for an organisation to know which data it stores and how to best to protect it.

2. Prioritise secure authentication

The next step for financial organisations is to employ a robust two-factor authentication strategy. Essentially, two-factor authentication means a person must have a code or message on their smartphone, as well as something only they know, such as a password, to access a network or app. This provides an extra layer of security, in the event a user’s ID or password is compromised.

3. Encrypt all important information

Data encryption is a vital third step in properly safeguarding data. This means that if hackers do gain access to the data, it won’t make meaningful sense to them, as the system will scramble the information. Any party who doesn’t have access to the encryption key required to unlock the data will see it rendered useless. Being able to ring-fence sensitive data with encryption makes conducting a data sweep in the first instance a top priority. By employing encryption data, regardless of whether it is stored in the cloud or local a data centre is secure.

4. Store encryption keys correctly

The next step is to safely store the encryption keys. Whenever data is encrypted, an encryption key is created, and can unlock and access the encrypted data. Encryption only works if the right key management strategy is implemented. Companies must ensure the keys are kept safe by storing them in secure locations, such as in external hardware away from the data itself, to prevent them being hacked.

5. Make cyber-security a business priority

Financial organisations have an obligation to educate both their employees and their clients about the steps the business has taken to secure its data. While employees must be aware of the steps taken to ensure best practice, businesses should also ensure clients understand how their data is being protected in order to build confidence in data security.

Looking Ahead

PSD2 is changing the nature of the financial landscape, and traditional banks are now competing with other financial organisations for access to data and this only further emphasises the need for data security. Whilst banks have a built a reputation for trustworthiness, newer organisations, such as fintechs, must put the correct steps in place to garner the same level of trust from consumers. Getting the basics right is a great place to start. Investing large amounts in security is pointless if businesses aren’t doing the right things. In the first half of 2018, of the 944 security breaches reported, just 2% of the stolen, lost or compromised data was protected by encryption. Whilst mastering the basics won’t prevent breaches entirely, it will make the business a less enticing target for hackers and minimise the impact of breaches in the future.

Latest blogs

Thomas Pintelon Capilever

Credit origination - A lot of innovation on the horizon

While consumer credits are becoming more automated and user-friendly to request, all other credits are often still very manual and labor intensive to originate. In this (relatively long) blog I will try to give a description of the (potentially Read more »

Kelly Kearsley Hourly.io

Time Card Theft is a Big Problem. Here's How to Stop It.

Trust is at the core of every employer-employee relationship. You trust your people to do their jobs, and they trust you to compensate them for their work. Most of the time, it works. However, there's always the person looking to bend the rules or Read more »

Daria Afanasyeva UTP Merchant Services Ltd

Cybersecurity – Online payments are getting more secure

Ever since we've been able to buy anything we need with just a click of a button on our laptops or phones, online sales have been consistently increasing each year. Just last year, the total value of UK retail sales was £394 billion, with an average Read more »

James McGivern Cashfac

Keeping Honest Payment Service Institutions Honest

Following the collapse of Wirecard, James McGivern, Head of NBFI at Cashfac, reinforces the need for operational accounting and reconciliation in eMoney and Payment Service Providers The other day an ex-colleague reminded me that we had tried to Read more »

Orion Hindawi Tanium

New Salesforce Partnership and Investment in Tanium Reimagines Employee Service Management in an Increasingly Remote-Working World

We are excited to announce a strategic partnership with Salesforce, supported by a new round of funding led by a strategic investment from Salesforce Ventures to reimagine employee service management, bringing the company’s post-money valuation to $ Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel