Phenquestions
Pandemic fear of cyber-attacks has led banking and financial organizations to work more towards providing their customers with better solutions, that use latest technologies. This, in turn has led to increased spending on regulatory compliance, plus development of firm IT capabilities along with a fair understanding of financial regulations. One platform that has been used immensely in this regard and continues to assume much importance is the Social Media.
Security Trends in Financial Services
Microsoft Trustworthy Computing has released a new report that highlights some security trends in financial services. The report by Microsoft briefly outlines few key findings and makes certain recommendations for responding effectively to security breaches since we know enacting policies and procedures simply won't suffice.
Here are the trends identified in the report in the form of anonymous data collected from 12,000 respondents during the survey. The trends are representative of a worldwide sample.
Defining Roles
It has been observed that a few financial organizations do not use or define employee roles (such as administrator, user, and guest) for managing access to resources. This leaves resources vulnerable to attacks/unlawful access. Most Industries surveyed worldwide by the report team had no measures in place for role-based access control. When a final comparison was made between industries and financial organizations, it was found the latter was more mature in the regard as they logged and audited user access based on proper policy and practice.
Human Actions
Although human factor is one of the significant contributors to success of any security plan, it also emerges as one of the potential risks. Personnel with unknown or malicious intentions having an access to important information assets can pose a threat to the safety and security of those assets.
Ineffective Data Disposal Techniques
It is extremely important to safely and securely dispose data so that it does not fall into the hands of any miscreant. For this, it is essential for every organization to have formulated an effective data disposal policy with necessary tools providing guidance on how and where to dispose data safely.
No Support for Formal Risk Management Program
A fairly good percentage of surveyed financial organizations have not established a formal risk management program yet. Such organizations and others conduct risk assessment only when an incident occurs and damage has been done. Again, in comparison to Industries surveyed, financial organizations fare better in this regard. It got me thinking, why Formal Risk Management Program is so essential from security point? Well, establishing a formal risk management program and conducting regular risk assessments can help an organization in keeping track of how sensitive data is stored and transmitted across applications, databases, servers, and networks. Moreover, risk assessment helps protect data from unauthorized use, access, loss, destruction, and falsification.
Recommendations made in the report
Restrict access by role. Limit the access permission to a relatively small set of trusted staff members only. Organizations should also have an information security plan. Such plans are most effective when they are integrated with a larger information risk management framework.
For complete information, download the report from Microsoft.
