Financial Industry Faces Mounting Cyber Security Threats

Digital finance is quickly becoming standard practice. Yet for finance firms and financial planners, the ease of anywhere, anytime access also comes with increased risk. As noted by Scott Borg of the US Cyber Consequences Unit, financial information is “regularly stolen” by cybercriminals; consider the recent Equifax breach. According to the Financial Times, Equifax is still dealing with the fallout of stolen financial data, now scrapping employee bonuses and buybacks to deal with increasing remediation costs and poor public perception.

Bottom line? Financial firms can’t take a slapdash approach to network cybersecurity. All networks are exposed to numerous types of threats, and the financial industry has to defend and manage them as well or better than others — or risk major breaches.

The Threat of Hackers Gaining Access to Your Network

Despite the increasing risk of attacks from outside your network, employees remain the No. 1 threat to corporate IT security. While most have no ill intent, poor choices or lack of training can create ideal hacker opportunities; at-risk financial data can impact both day-to-day operations and industry compliance.

As a result, it’s critical to secure staff accounts using multiple techniques. First? Take a pass on passwords. Instead, ask users to create pass phrases — three or four-word strings that only make sense to individual users. This avoids the problem of commonly used passwords (such as password and 123456) and helps employees more easily remember their login details while also confounding hackers. Multifactor authentication, or MFA, is another important practice to implement as it calls for more than one layer of credentials to be submitted before allowing access to an account. In addition, it’s a good idea to reduce admin privileges to their bare minimum, since the more users with high-level access, the greater risk to personal and corporate finance data.

Attacks Via Email

It’s also important to educate users about the risk of clicking on embedded email links, opening unsolicited email attachments, and clicking suspicious links online. While financial pros are typically security and risk-minded when handling money, the ubiquitous nature of mobile devices and social networks often creates security gaps. Effective employee education is key to protecting data.

Viruses, DDos Attacks and Data Theft

What’s happening on your network? As noted by Forbes, many companies using antivirus tools assume that these same tools will help identify suspicious outgoing traffic — malicious or otherwise. However, this can create a false sense of security, especially if employees use existing permissions to create links with home networks to facilitate remote work and then place critical data in harm’s way.

Here, network performance monitoring tools are critical. Companies need real-time analysis of network traffic and performance to recognize the unauthorized movement of data across both internal and third-party networks. This helps limit the risk of unintentional risks such as open ports and targeted threats such as DDoS attacks.

Taking a Common Sense Approach

Defending your network takes a combination of high-tech skills and common sense. Here are a few actionable strategies to consider:

• Draft policy. Write everything down. Draft clear, concise policy that specifies what type of user actions are permitted on your network, along with specific consequences if policy isn’t followed. Lay out your antivirus, email, pass phrase and encryption policies in black and white. This both solidifies network security efforts and helps ensure compliance with applicable government and regulatory body standards.
• Know your limits. Financial networks are growing. Complexity is increasing, and total risk is on the rise — finance planners mastering new digital platforms and evolving consumer expectations must recognize their IT limits. It’s worth partnering with a security outsourcing provider that understands industry expectations and has the depth of experience to safeguard critical data.

Need help securing the network for your financial business? Talk to MNS Group and improve your InfoSec outlook.