a A A+

Banks and data leak prevention

The financial services industry deals with a commodity that is primarily electronic-money. Consequently it spends more per employee on IT than any other industry. Despite this, there is a worrying tendency for information that should be confidential to end up in the public domain. Why is this and what can be done?
Author/s: Bob Tarzey , Clive Longbottom
Created: 30/01/2008
Filename: Quocirca_-_Banks_and_DLP_-_Jan_2008.pdf
Report Commissioned by:
Tags: security  
Tag this:
 
Use spaces to separate tags. Use double quotes (") for phrases.

 

    • The financial consequences of data theft for banks are direct and indirect
      When a customer's money is stolen electronically, the onus is on the bank to compensate. The bank can also face fines if the loss is caused by careless data management on its part and publicity can lead to brand damage.
    • Banks have to share data and it is often not a bank itself that is responsible for data leaks
      Consumers get caught unawares by email scams, businesses are careless with customer information and public sector bodies, with which banks are obliged to share information, have proved to be reckless in the way they handle data.
    • Banks need to review their IT infrastructure
      Ultimately, for thieves to achieve their goals they need access to financial services and products that the banks have ultimate control over. Strict management and auditing of all IT assets is essential.
    • The software development process needs rigorous quality control
      Examples are on record of backdoors being built into banking systems by rogue developers. Testing and auditing must be exhaustive and carried out using dummy, not real, customer data.
    • Processes need to be well defined and audited
      The way in which data and transactions are handled internally needs to be governed by strong processes. Those responsible for weak processes or those who ignore strong ones must face the consequences.
    • Education and awareness needs to be driven by banks
      Banks need to keep up awareness campaigns for consumers and encourage best practice amongst their business customers to prevent data leakage.
    • The level of potential risk is not going to decrease
      New financial products, such as e-wallets and the continuing growth of internet shopping and other online services, will mean more and more opportunity for would-be thieves. In order for this growth to continue, people need to have more confidence in the way their financial data is being managed.