Five Tips to Protect Against Data Theft
By Mark Stevens, Vice President of Global Services, Digital Guardian
It seems like every day brings news of another high-profile data breach, targeting a range of industries, including banks, health insurers, popular retail chains and other organisations. While the likes of Ashley Madison, Sony and Ebay are taking the lion’s share of news headlines, the increasing threat to cloud data should be a concern for even the smallest local bank or credit union. After all, financial institutions safeguard some of the most sensitive data that must be protected, including bank account information, home and email addresses and more. A breach exposing that kind of information could quickly lead to disastrous consequences for customers, as well as the financial institutions themselves.
Whether a small local credit union or a large national bank, no financial organisation is safe from being the next victim of a cyber-attack. In October 2014, one of the biggest data breaches in history targeted a national bank chain that offers credit cards, mortgages, commercial and consumer banking and loan services. The breach affected millions of households and small businesses.
Protecting sensitive information is key to a bank’s long-term survival and its ability to maintain a positive relationship and reputation with its customers, so it is critical to ensure appropriate steps are taken. Below are five tips that will help banks and credit unions keep their most valuable asset – the data – safe while it is stored in the cloud:
- Prioritise Data Protection – Don’t Ignore It
Despite all of the concerns from the C-Suite about cybersecurity, few banks have meaningful data protection programs in place. All too often, financial institutions implement an outdated, traditional network-centric approach to IT security. However, with so many devices being brought into the financial space, such as the proliferation of mobile banking, it’s critical that a data-aware strategy be taken. This way, organisations aren’t just protecting the system or the device, but instead, locking the valuable sensitive data stored within. Regardless of the security methodology, data protection needs to be an executive priority or it won’t get done.
- Identify Your Most Important Data Assets
Before identifying details of where and by whom valuable data is stored, banks must first know what their sensitive data is if they want to prevent it from being stolen. Identifying which IT assets within your business are the most valuable and what type of sensitive data they hold will provide the visibility and control capabilities needed to prevent attackers from accessing and stealing your sensitive data.
Simply identifying the crown jewels can feel like a daunting task, but it doesn’t have to be. Start with your most critical data — the data you know a cybercriminal is after. For a bank or credit union, this is often PCI information, bank account and routing numbers and other customer data needed to finance a loan, start a bank account and/or access an ATM. Get that identified first and then move to the next organisational function.
- Safeguard Those Data Assets; Consider Labeling
Once sensitive data is identified, label it. It may seem obvious but classifying sensitive data with digital labels such as “internal only” or “confidential” will help with tracking sensitive information that will be targeted by attackers. In addition, have complete visibility over who is accessing data and how it’s being used and shared, both internally and externally. Regardless of whether the document is stored digitally in the cloud or locally, this is an efficient method for classifying data based on its security level. It provides employees with a visual cue to treat the document with care, as employees are often the ones targeted most by cybercriminals.
There are also additional technologies that you can employ to ensure your sensitive financial data stays safe. From encryption to digital rights management, from persistent document tagging to policy-driven data protection, there are numerous approaches to ensure data flows freely, for example from a bank teller to a loan officer, but only on a need-to-know basis.
To help protect your organisation’s data, think like a cybercriminal. Take a look at all of your business processes to determine where data theft might occur. Assess your data from an outsider’s standpoint — what would you want to steal and how would you do it? Then, set to work plugging those holes. The security pros call it “threat modeling” and it’s one of the most effective ways to ensure security within any financial institution.
- Improve Employee Awareness
As mentioned earlier, the weakest link in data defence is the employee — from the C-level executive to the bank teller processing simple bank transactions. Add data protection to manuals and employment agreements, and train workers on your policies regarding the use of confidential customer data. Think about employing effective software data protection solutions that will automate much of this training for you, and can be extended to cover your partners as well.
- Be Prepared if Your Data is Stolen
Have an incident response plan at the ready. The reality is that even the banks that have their data protected can still become victims of breaches. Today, cybercriminals are more nimble and financially motivated than ever before, so it pays to be prepared.
There is no list of tips that can prevent a breach from occurring – system breaches are simply inevitable. However, sensitive data loss is not. Banking leaders must take the proper steps to ensure that employees know what the most important data is, where it is held, and whom it is going to – this alone is a major move in the right direction.
About the Author
Mark is an accomplished, results-driven senior information technology leader with extensive experience managing diverse technology organisations. At Digital Guardian, he is responsible for driving customer success across professional services, managed services, and support and training.