Daily headlines carry numerous stories about significant cybersecurity breaches. Financial institutions are a prime target for the bad guys, so how can they protect themselves and their customers’ information? Security best practices provide helpful tips, and a cornerstone is a multi-layered approach to security.The Equifax intrusion illustrates why hackers attack financial institutions. The break-in reaped a treasure trove of financial information: thieves accessed terabytes of personal data from more than 148 million people, nearly half the American population. They stole Social Security numbers, birth dates, home addresses, credit card account information, state driver licenses, email addresses, and tax IDs.
Yet, the federal government deemed the breach: “entirely preventable”. How so? The consumer credit reporting company needed to follow industry security best practices.
For instance, the Federal Financial Institutions Examination Council (FFIEC) recommends that the banking industry implement sophisticated security checks, such as multi-layered authentication, to assist in the prevention of electronic fraud. So, what is multi-layered authentication and how does it protect information?
Who is Behind the Screen?
With transactions moving online, a big challenge for financial institutions is ensuring that the person behind a browser is the same individual whose name is on the account and not an imposter. Authentication is the process to make that connection.
Authentication is a multi-step process, one that starts by identifying and ensuring that whoever has entered your network should be there. Best practices recommend that financial companies set up a series of checkpoints to verify a user’s credentials.
The network is a good starting point. Through the years, financial enterprises developed a series of tools (Virtual Private Network, firewalls, LAN segmentation, and Intrusion Detection Systems/Intrusion Prevention Systems) to make sure that only authentic traffic flows over their networks.
Banks need to check the information coming into the network. In many cases, hackers use email to carry and inject malware into the enterprise network systems. Various solutions (Email Threat Protection, Spam Filtering, Sandboxing, and Encryption) work in conjunction with one another to make sure that the information arriving is legitimate.
Taking a Few More Steps
Next, the financial institution needs to identify the user. In online transactions, users authenticate invisibly. Typically, the process begins by requiring that the person enter information, like a user ID and password, to prove that they are who they claim to be.
Years ago, a simple ID and password were sufficient but nowadays, financial institutions need to take multiple steps to validate a person’s identity. For instance, after inputting the simple information, they answer a security question.
Businesses also must put checks in place to prevent fraud. That step means that transactions need to be confirmed, tracked, and analyzed. The data related to authentication, transactions, and the devices used needs to be closely scrutinized to search for patterns, which may indicate attempts at foul play.
Information has to be protected whether it is traveling through the network or sitting at rest. Financial companies do not want an outsider to enter the payment system and see all of the customer records. Encryption protocols that protect data and communications, whether at rest or in transit, are vital to financial institutions’ data integrity.
Drawing a Complete Picture
To create a strong security posture, financial organizations need to perform a risk assessment. They have to categorize their information and identify appropriate solutions for different risk levels.
Financial institutions then need to apply consistent checks across multiple channels. The reality is that the criminal look for the easiest way into the company. Organizations need to ensure that access to all sensitive information is authenticated, no matter where it resides or how it was created.
When making design decisions, enterprises need to balance security with convenience. If a checkpoint becomes troublesome for the user to implement, they may ignore it or work around it.
Finally, increased education is needed. In a financial setting, security is everyone’s (employee, customer, and partner) job. The threat landscape constantly changes, and those involved with the systems need to be aware of that evolution and work with the organization to take steps to protect sensitive information.
Taking on this work is a significant undertaking, one where a financial institution may feel overwhelmed. DataComm helps financial services companies create layered security protocols. The company has an impressive track record of keeping such networks secure.
DataComm’s broad suite of security services includes 24/7 network monitoring, windows event log monitoring, firewall management, intrusion detection and prevention, data loss prevention, spam filtering, and encryption services. These services protect many financial institutions' networks from today’s sophisticated attacks.
Contact DataComm to learn more about how we can protect your information.