When it comes to battling data breaches, banks would be well served doing such things as curbing employee web surfing to prevent unauthorized access to information. That’s just one of the suggestions bankers, technology providers and analysts made in a recent survey PaymentsSource sister publication, Bank Technology News, conducted.
Survey responses revealed some of the most effective strategic moves a bank can make to protect itself. The technology for protections such as dual authentication, access controls and document tracking, may require an investment but options are widely available. In other cases, key strategic moves are cultural in nature and pose minimal cost to a financial institution.
One cultural change, limiting employees surfing the Web, could help prevent breaches by limiting hacker access, the survey respondents suggest. The theme of how easy it is for the seemingly normal business activities of internal staff to accidentally expose an entire institution to a data breach came up repeatedly among security experts surveyed. Email attachments, using personal mobile phones for work, and using home PCs for work can all indirectly place sensitive data in compromising venues.
That includes Web-surfing at work stations. Julie Conroy McNelley, a senior analyst at Aite, says banks should place restrictions on Web-Surfing for staff that come into contact with sensitive data, either for customers or internal data. The employee activity doesn't necessarily have to be intended for fraud-simply visiting social networks can expose data or reduce the effectiveness of network protections.
Recent research from Verizon and the U.S. Secret Service says the number of enterprise data breaches is at its higher point ever - more than 760 breaches were recorded by the Secret Service in the past year.
What is changing is the focus of cyber criminals, who are changing tactics from the sweeping Heartland-style breach of years past, choosing instead to focus on smaller, more tactical attacks that are harder to spot and counteract.
Citigroup was a recent victim, in August reporting a pair of data breaches. A second incident followed later that month in which Citigroup was tied to a breach at a retail chain, an incident in which Bank of America was also victimized (
Citigroup is just one of a number of major financial institutions and general-business firms to suffer data breaches in the past year, with targets ranging from other large banks such as Capital One to retailers such as Michaels Stores (
Each breach is a new black eye, giving assailants access to internal systems, where they can attach malware, find additional weaknesses to exploit, obtain information for whistle-blowing campaigns, or launch phishing attacks that dupe consumers and staff into revealing even more sensitive information. And leaks are particularly vexing since they're very easy to cause - a simple emailed attachment to an employee's home PC or mobile device, and a subsequent return email, can mistakenly compromise the PC, the attachment and the bank itself, the survey suggested.
What do you think about this? Send us your feedback. Click
