Advancements in technology excite us because they make our lives easier and more convenient. As technology advances and evolves, it gives criminals increasing opportunities to access sensitive information, engage in identity theft, and it poses financial and other risks. For example, Norton Security states that cybercriminals hit the financial services industry harder than any other industry in 2018 and the few years preceding it. According to consumer reports, there is an increase in identity theft by 400% from 2017-2018. Banks and other financial institutions need to take special care to ensure that they can protect the security and privacy of their customers.
Bank boards need to act now to bolster their security policies and practices and continue monitoring their security protocols as the sophistication of cybercrime continues to increase.
Types of Cyberattacks and Motives of Cybercriminals
According to Verizon’s 2016 Data Breach Investigation Report, the motivation for criminals who pursue data breaches is financial. In 2015, 89% of the data breaches were driven by espionage or greed rather than retaliation against a former employer or insider fraud.
Something that makes addressing cyberattacks challenging is that they can take many forms. Some criminals are intent on stealing funds directly from a bank or one of its account holders. Criminals that pursue data breaches are looking for information about account holders that they can use to commit fraud. Ransomware attacks are increasingly popular. In this type of attack, the criminals encrypt data that effectively locks up a bank’s computer system until the bank agrees to pay a ransom to the hackers in the form of cryptocurrency.
Components of Secure Technology in the Financial Services Industry
As the problems of infiltrating sensitive company data continue to rise, banks need to work diligently with their IT departments and create company-wide awareness of the risks of cyberattacks.
Implementing the Elements of Secure Technology
The ABA Banking Journal offers five elements of secure technology for community banks and other financial institutions.
Make data security a company-wide focus.
Along with every other type of industry, community banks are relying on cloud-based and remote employee access programs. These programs create new opportunities for cybercrime. The IBM Cyber Security Intelligence Index states that 95% of cyberattacks occur as a result of human error. It’s fair to say that cybercriminals are looking for the low-hanging fruit which equates to finding the weakest point in a bank’s security, which is very often their own unwitting employees. The lack of attention to proper education and communication about the bank’s corporate data privacy policies can create situations where employees unintentionally click on a malware link or respond to a phishing email, thereby opening up the entire bank’s system to cyber risk. In addition to building electronic firewalls to protect data, community banks must build human firewalls by training and educating their employees.
Assess the security protocols of the parties in your data chain.
By failing to bolster cybersecurity issues, community banking institutions risk exposing their account holders’ bank account information, personal information, and details of their debit cards. The risk highlights the importance of addressing the security of your partners, vendors, and your vendors’ vendors. Your bank should be assessing the security of any party that has access to confidential information past your firewall.
The industry best practice for reducing third-party security risks is to request and review each third-party’s SOC Type 2 Report, which will list their credentials for providing financial services. The SOC Type 2 Report shows that the vendor’s internal controls meet security best practices.
Review your file-transfer protocols for proper security.
Your accountholders surely appreciate the convenience of using a debit card rather than having to have cash on hand. Debit cards are also useful for auto-pay, paying monthly bills, and making standard purchases. The massive use of debit cards can be catastrophic if account information gets into the wrong hands. A leading cause of cybercrime often occurs as a result of careless file transfers.
According to the Verizon report, the best defense against file-transfer problems is multi-factor authentication. The report reveals that 63% of confirmed data breaches in 2015 were due to cases of weak, default or stolen passwords.
Having to reissue debit cards on a large scale to further protect security poses a huge financial burden to the bank.
Institute a company-wide rules and responsibilities for handling client data.
While there are plenty of cybercriminals in hiding waiting for opportunities for banks to slip up and create security vulnerabilities, the reality is that most data breaches are unintentional and are caused by human error. Even when employees are diligent about following the company’s rules for handling client data, it takes only a simple mistake of unintentionally sharing a customer’s data with a vendor who takes it into his or her own hands and uses it for criminal purposes. Training and education can help to prevent such situations, but community banks can bolster that protocol by limiting employee access to sensitive data in the first place. Put safeguards in place so that employees cannot download, email or save sensitive customer data on an external device.
Prioritize firmware updates and system patching over new releases.
It’s essential in the community banking industry to maintain the company’s infrastructure by giving first priority to firmware updates and system patching and keeping these activities on a disciplined schedule. Community banks should be proactive about applying system patches. Be mindful that systems change and evolve quickly, causing the risk of increasing vulnerabilities which need prompt, immediate attention. It’s essential for community banks to provide adequate resources to ensure that their tech people are able to properly maintain the company’s system and keep vulnerabilities at bay.
It can be tempting to shift time and attention to the newest technological innovations, but to do so may lead to financial and reputational loss.
In conclusion, community banking is as vulnerable to cybercrime as any other financial institution. It’s important for community banks to be aware of the various kinds of cybercrime that they may be subject to and to use best practices for cybersecurity continually to protect their account holders.