Let’s say you’ve taken your financial services employees out on a work retreat. Looking for activity ideas that might increase your team’s chemistry, your eye falls to bungee jumping. When the nine of you arrive at the place, you’re presented with a waiver stating that you understand the risks and the fact that there’s a four out of nine chance that the line snaps. Of course, you don’t sign it. All of you high-tail it out of there and find the nearest mini-golf place. I, for one, wouldn’t be comfortable with 100 to one odds of an equipment failure, let alone five to four.
Did you know, though, that those are the same odds your office faces every day when it comes to a significant data security failure? It’s true: 41% of financial service organizations experience a data breach or fail a compliance audit. With such a high likelihood of your group confronting data security issues, you need to do everything you can to ensure all your ducks are in a row.
So how do you get from A to B? What are the companies in the 59% that haven’t been breached or failed compliance tests doing that the 41% aren’t? Well, some are just plain lucky. Others, though, laid down the groundwork and invested in strong security technology and personnel. They may have implemented routing security audits, established secure firewall protections, practiced proper encryption for their laptop and cloud data, or all three.
Always Have a Router Security Policy in Place
We’ve always found that standardization helps a whole lot when trying to secure an IT system efficiently. For exchanging data through a router in a safe way, there are specific protocols that we follow to perform a security audit. These comprehensive steps ensure network connections stay up and keep your data safe. We also recommend that you establish a router security policy (don’t worry, we have templates). We reference these highly effective router audit protocols to lock down your data transfers. This comprehensive process flow involves:
- Disabling unneeded services
- Password encryption
- Authentication settings/admin authentication
- Management access
- Ingress/egress filtering
- Maintaining and updating equipment change documentation and settings
Adding a Firewall: Not Just a Moat for the Castle
Establishing secure firewall protections is also crucial. Firewalls monitor and control all incoming and outgoing network traffic, but not all firewalls are created or configured equally. They often use predetermined security rules. We let our clients know the importance of having customized firewall settings and allowances that fit their business’ needs like a glove (or gauntlet, in this case). Some businesses, like financial service firms and healthcare clinics, need stronger firewalls than others.
Originally, IT in the financial service sector tried to build a strong perimeter border, protecting all access points, from endpoints to the data center. However, the movement to the cloud and mobile devices adds complexity, and systems that rely on this border defense aren’t as well protected once a virus is inside. Financial service companies are moving to internal network firewalls, which are arranged in the internal network at strategic points.1 We ensure that your firewall is patched frequently and configured properly. You should be able to open or close a port and document them properly. Any vulnerabilities that are discovered thereafter, are noted and addressed. Like router security, there needs to be some process on paper for regular maintenance.
If All Else Fails, Encryption Has Your Back
Last but not least, all financial sector businesses need to practice proper encryption for their data. We recommend having a single access point to your data, an encrypted cloud server that we manage. This reduces the security threat that comes from having a plurality of access nodes–desktops and mobile devices included. Some compliance standards require encryption due to their effectiveness in adding a layer of security to financial data.
So, are there companies out there that do all of these things, do everything right, and still get hacked? Probably. Are there companies that do nothing right and end up spared? More than likely. But, like everything else in the financial sector, this is a numbers game. There are fail safes that can be put in place which significantly reduce the probability that a breach will happen and which all but guarantee that you’ll meet compliance standards. With features like properly updated and maintained internal network firewalls in place, those breaches can do less damage than they might otherwise. All of these potential enhancements may seem overwhelming for a stretched-thin IT department, though. That’s where we come in. Reach out to us, and we’ll do a baseline security audit and then develop a plan to make sure you’re proceeding forward with the odds in your favor.
- Protecting Financial Services Networks From the Inside-Out,” Fortinet, http://www.fortinet.com/sites/default/files/whitepapers/Financial-Services-Internal-Network-Firewall.pdf. ↩