The Human Element of Effective Cyber Security in the Financial Industry
While hardware and software-based security measures are critical to protecting financial services data, there is also a human element that must be addressed to ensure your organization is prepared for all types of cyber threats.
At Champion Solutions Group, we recommend a number technological security tools such as Palo Alto Networks’ Next Generation Firewall, as well as Varonis’ DatAdvantage, which protect financial data from both external as well as insider attacks. But these are only components of an effective strategy – companies looking to beef up security also need to institute protocols that safeguard themselves from human error.
The Need To Look Inward At Cyber Security
Major data breaches have dominated news headlines for years. Each incident is often followed by a corporate pledge to do everything possible to prevent the issue from happening again. These efforts generally focus on securing the business from attacks from outside, but while most high-profile attacks on large organizations and corporate data centers have originated from outside, the openings that allow the cyber attackers in often originate from within the company structure.
In some cases, insiders are driven by malicious intent, but the majority of these breaches occurred through inadvertent behavior. The U.S. Department of Health and Human Services Office for Civil Rights reports that loss, theft, unauthorized email access and improper disposal were behind the largest data breaches so far in 2016, not malicious insiders looking to leak critical data to outside sources. Verizon also released its own Data Breaches Incident report, which found that around 30% of data breaches were attributed to accidents in 2015, while IBM and the Ponemon Institute’s 2016 Cost of Data Breach Study estimates that 23% of incidents stemmed from negligent employees.
How To Better Equip Employees To Protect Critical Data
While outward-facing security measures are an important part of corporate integrity, there are a number of things that firms looking to prevent insider breaches can do, cutting down the likelihood of an attack:
- Beware of BYOD: Bring Your Own Device (BYOD) policies allow employees to use their own mobile devices to perform various work functions. This trend has grown immensely because of the huge cost savings and convenience, but it can also create massive security issues. BYOD policies should ensure that critical company data is not left vulnerable on employee-owned hardware.
- Routine training on the latest cyber security tactics: Hackers are constantly changing their approach. While phishing may be popular today, tomorrow something else will take its place. It’s critical that your employees are constantly trained on the latest threats and how to avoid them. For example, educating employees about the risks of opening suspect emails or accessing company data on unsecured networks can have a major impact on safeguarding internal data.
- Utilize a least privilege model: By using tools like Varonis’ DatAdvantage, you can monitor every file and email touch to know when sensitive files have been opened, deleted or sent. In addition, it’s important to utilize a least privilege model where you can easily identify accounts with unnecessary privileges – and DatAdvantage can quickly prioritize which files are exposed to too many people.
Interested In A Risk Assessment?
If you feel that your organization needs to improve its data security posture, the team at Champion Solutions Group offers a free risk assessment to pinpoint where you are most exposed. To learn more about what we can do to enhance your firm’s security today, reach out to our team at 800-771-7000 or via email through our contact form.