Security

10:00 AM
Bill Carey
Bill Carey
Commentary
50%
50%

Top 3 Security Threats for Banks And How to Address Them

How can banks mitigate their biggest security risks in a rapidly changing fraud landscape?

Financial institutions have many options when it comes to protecting customer transactions, including advanced software products able to pass stringent security standards to prevent data loss. But like any other business, banks’ chief vulnerability point from an operational standpoint is their people, particularly in the bring-your-own-device (BYOD) era.

Banks are hard-pressed to control the business use of personal devices and monitor security practices for an increasingly mobile workforce, but there are steps managers can take to rein in the risks. Here are the top three security threats banks and other businesses face and ideas on how managers can mitigate them with better cyber security practices:

1. Weak passwords. Despite many advances in security technology, the password is still the first line of defense for most bank PCs, laptops, and personal mobile devices that are used for business. Unfortunately, many employees still use easy-to-guess passwords, such as their job titles, children or pet’s names, birth years, and other personal information that anyone can find on sites like Facebook.

Bank managers should educate employees on proper password protection methods, such as creating memorable yet difficult-to-crack passwords. One proven technique is to use a combination of upper and lowercase letters, symbols, and numbers. Strong passwords incorporating those elements can also be easy to remember if the employee uses symbols and numbers that resemble letters in a simple password, such as “Fri$b33” for “Frisbee.”

2. Lack of training. Bank employees who use weak passwords and fail to take basic security precautions generally don’t mean any harm; typically, they just don’t fully understand the risks. And while bank managers are primarily concerned with the possibility of company data falling into the wrong hands, employees who use personal devices for company business are also putting their own information at risk, including bank account numbers and e-commerce accounts.

To address these risks, bank managers can hold training sessions, providing employees with the basic knowledge they need to safeguard data and secure their devices. The training curriculum could cover fundamentals such as techniques for creating secure passwords, including automated password management systems. It can also include ways to avoid keylogger scams and phishing cons and information on how to protect devices against viruses and malware.  

3. Lack of accountability. The BYOD trend only started in earnest fairly recently, so many financial institutions are still catching up. Most have formulated policies to govern employees’ use of personal devices for business purposes as well as routine use of company-owned technology assets, but many don’t have a system in place to hold employees accountable.

To remedy this situation, bank managers can ask employees to read and sign a written statement acknowledging that they understand the company’s policy on cyber security and agree to comply with best-practices, preferably after receiving training from the company or reviewing detailed policy guidelines that include tips on keeping data and devices safe. The policy should also include directions on how to ask for support.

Financial institutions tend to focus on transactional security compliance, which is unquestionably important. But bank employees are just as vulnerable to hackers and data breaches in their day-to-day business operations as staff at other types of companies.

For that reason, it’s important to encourage better security practices, particularly since the BYOD trend has expanded the risks. By identifying the most pressing vulnerabilities -- and taking steps to mitigate them -- banks can operate more safely and protect data and devices.

Bill Carey is the Vice President of Marketing and Business Development at Siber Systems(RoboForm). Siber Systems is a leading enterprise in making software products planned to give a better and secure experience to users. Bill is an advocate for the importance of ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Author
7/22/2014 | 9:19:44 AM
Re: Users are security's worst enemy
Oh, and #3? Having an employee sign a BYOD agreement does little to protect the bank. Users never read the usage agreements they sign and if data is compromised it is still the banks responsibility to clean up the mess, not the employee.
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Author
7/22/2014 | 9:18:03 AM
Users are security's worst enemy
Users (both internal and external) are a bank's worst enemy when it comes to cyber-defenses. Users hate passwords, despise complex passwords and are always losing their BYO devices. Finding a way to make it all work is a challenge and it will be a battle between "ease of use" and "security" that will go on for years.
Byurcan
50%
50%
Byurcan,
User Rank: Author
7/21/2014 | 12:37:47 PM
Re: Security
True, this is becomign increasingly important as BYOD becomes more common.
Kelly22
50%
50%
Kelly22,
User Rank: Author
7/21/2014 | 12:36:51 PM
Re: Security
I agree, these are all good ideas that banks should keep in mind. Enforcing basic security measures doesn't have to be complicated - as shown in point #1, even something as simple as changing password letters to symbols can make a difference. 
Byurcan
50%
50%
Byurcan,
User Rank: Author
7/18/2014 | 10:57:25 AM
Security
Good points. Point #2 seems especially improtant, a good BYOD policy should include extensive training.
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology Oct. 14, 2014
Bank Systems & Technology's new Must Reads is a compendium of our best recent coverage of customer analytics. Learn what big data means for banks, meet Wells Fargo CDO Charles Thomas, find out how to connect with your Gen Y customers, and more.
Slideshows
Video
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.