By Adi Ruppin, Confidela

Keeping electronic documents secure is a challenge in any industry, but banks have extra considerations. Checks, loan applications and monthly statements need to be accessible online. The same applies to sensitive internal bank documents that need to be shared among employees, branches, auditors and others. And industry regulations such as Sarbanes-Oxley require banks to maintain an audit trail of all these documents. There are three conditions in many banks that make document security particularly hard: phishing attacks, remote workers and customer communications.

1. Phishing and privacy. Probably the toughest data security problem for banks to address is the issue of phishing. Phishing employs ‘social engineering’ and ‘technical subterfuge’ to steal consumers’ identities and account credentials. Social engineering uses spoofed e-mails that appear to be sent from legitimate businesses to lead consumers to counterfeit Web sites designed to trick them into divulging personal data such as their user names and passwords. Technical-subterfuge schemes plant Trojan horses or other types of malware on consumers’ PCs to steal their data or credentials. Phishing incidents are on the rise and are plaguing customers of major companies, such as Citi (which is currently used in 54 percent of Phishing messages according to Anti-Phishing Working Group), AOL, Amazon.com, Ebay, and PayPal.

What makes phishing so hard to deal with is the human factor. It requires a lot of consumer education to raise awareness of phishing techniques and to offer ways of preventing or detecting them. As long as it’s up to the end user, phishing is here to stay.

So what can be done about it? New technologies make it possible for banks to deal with the issue without imposing unreasonable burdens on the consumer. Deploying two-factor authentication or using new virtualization products aimed at providing the consumer with a truly protected transaction environment can curb the effects of malware and most forms of social engineering.

2. Dealing with remote workers. Bank staff work from many different places: a remote branch, on the road or from home. Take, for example, members of a bank’s management team. These members need to access highly sensitive information from multiple locations. This means this information can easily leak in different ways. Common examples include the person’s laptop being lost or stolen, a Trojan horse software eavesdropping, accidentally sending sensitive information to the wrong party and more.

There is no single solution for all these problems. Obviously, there’s a great need for full hard drive encryption or an ‘anti-theft’ service. Additionally, the data needs to be encrypted when it travels and protected at all times from being copied, printed or forwarded to an unauthorized party. This can be accomplished via digital rights management software, a document control system, and/or possibly a data loss prevention system.

3. Customer communications. Whether you're corresponding with private wealth management customers or just sending statements to retail customers, protecting these transactions is vital and also required by different regulations.

Some key elements need to be addressed. First, messages must be encrypted while en route to the customer. Second, the bank must verify the identity of the customer. Third, it is sometimes crucial to be able to track and prove delivery. Last but not least, all this needs to be accomplished without imposing impossible burdens on the typically non tech-savvy customers.

Encryption is a partial solution, as it only addresses one or two of the issues raised above. It is also typically a pretty significant hassle for the end user. Banks need to put in place more seamless document control and solutions that ideally do not involve much (or any) software installation, do not rely on passwords, and secure the data at all times.

The risky Internet eco-system and recent regulation, combined with consumers who are under-informed and typically not tech-savvy, call for new technologies to solve issues that are not addressed today, or not addressed well. These technologies also must be simple enough to be deployed and used by the consumer. The good news is that vendors are coming up with such solutions that will change the way electronic banking is conducting, for the better.

Adi Ruppin is vice president of marketing for Confidela.