From hedge funds and private wealth management to CPAs and investment advisory firms, the IT profile of financial service providers is unique. It’s difficult to maintain a comprehensive IT process and procedure for finance organizations because, as Deloitte points out in its State of Cybersecurity at Financial Institutions report, there’s no “one size fits all” solution to finance and cybersecurity.
Symantec’s 2019 Internet Security Threat Report shows sophisticated cyberattacks like formjacking, ransomware, and internet of things (IoT) vulnerability exploits are on the rise moving into 2020. Financial institutions are prime targets because that’s where the money is.
In fact, cybercrime is responsible for one of the biggest bank robberies of all time: the 2013–2015 Bangladesh Bank heist of nearly $1 billion. Even the U.S. Securities and Exchange Commission was hacked in 2019. It’s important to stay safe with a comprehensive financial cybersecurity plan.
This guide will walk you through the key highlights of finance and cybersecurity to implement them into your existing IT security plan.
IT Best Practices for Finance and Cybersecurity
Finance and technology are viewed as separate industries, but thanks to Fintech disruptors like PayPal, Acorn, Square, and Bitcoin, they’re now fully integrated. Modern financial services companies must secure internal and cloud-based networks, provide online and mobile options, and encrypt all data in accordance with a mountain of regulations.
Implementing these four best practices in IT security will keep your company proactively protected in an environment filled with evolving threats.
1. Create a Cybersecurity Framework
Managing cybersecurity in any enterprise is difficult—you must account for every device, access point, and person in the organization. It’s even challenging in a small business, but globally enforcing these policies scales the associated headaches accordingly.
Start by mapping out an organizational framework to account for all your resources—physical, digital, and human. This allows you to create roles and build an IT infrastructure that’s both secure and scalable across the organization.
2. Employ End-to-End Encryption
The value of end-to-end encryption cannot be overstated. The 2019 Cybersecurity Legislation from the National Conference of State Legislatures shows nearly 300 state laws specifically related to cybersecurity were introduced this past year—some focused directly on the financial industry. To protect your financial institution, encryption is the strongest defense against cyberattacks.
Not only does military-grade encryption prevent most cybercrime, it also reduces the amount of damage done. As Semantec points out, 70 million records stolen last year were from poorly configured S3 buckets. When implemented correctly, less data is exposed to each breach.
3. Involve All Business Units
The matter of cybersecurity is not restricted to IT professionals. It’s an issue that everyone in the organization needs to be aware of and vigilant about enforcing. According to Webroot, social engineering is the most common cyberattack perpetrated against enterprises. This is because it’s easier to exploit a human than a computer.
IT needs to work with executive management and all business units to provide enterprise-wide financial cybersecurity. Training and communications regarding updates and threats should be provided regularly to ensure breaches aren’t caused by internal threats.
4. Regularly Update and Monitor
There’s no “set it and forget it” approach to finance and cybersecurity. Even with an AI-backed firewall, antivirus, and antimalware suite, it’s necessary for IT to continuously monitor network resources, software updates, and more. Regular reporting is a proactive approach that helps identify threats in real time, saving the company potentially billions in losses.
For example, the infamous 2017 Equifax breach of 143 million personal records could have been prevented if the company wasn’t 60 days behind in updating its security patches. Cybersecurity updates need to be the highest business priority to ensure your financial institution is protecting itself from potential vulnerabilities.
With these IT best practices in place, you can customize your enterprise cybersecurity plan to provide full protection for your specific needs. First, you need to understand what you’re protecting the business against.
The Top 3 IT Threats to Financial Companies
Pitney Bowes points out that cybercrime is becoming the new norm, and with more sophisticated technology comes attacks with increased power. Ransomware alone can shut down business operations completely and AI-powered malware running on IoT botnets are becoming more commonplace. Threats to finance and cybersecurity can be grouped into three major concerns.
1. Unsecure Third Parties
No matter how secure your network is, you’re dealing with third-party vendors in one form or another. It’s vital that you can trust the data being delivered to you from a partner. Larger organizations likely already have IT policies in place to verify and control outside access for these vendors. It’s important that smaller financial institutions are aware of an attack called spear phishing that hit credit unions around the country in 2019.
In the spear phishing attack, appointed Bank Secrecy Act (BSA) officers from these credit unions were sent money laundering alert emails. If an employee clicked the file, it began a chain reaction that would email links to the victim’s contact list. According to Krebs on Security, the U.S. Secret Service sent an alert to all financial institutions at the beginning of 2019 warning of an increase in successful phishing attacks. For many, having a cybersecurity company in their corner could have greatly decreased vulnerabilities related to working with third parties.
2. BYOD and IoT Threats
We live in an increasingly connected world and every employee in your organization likely has a smartphone, fitness tracker, and remote-entry key fob for a vehicle. Each digital device is a security concern because it brings the employee’s personal digital life into the workplace. In 2018, for example, security researchers pointed out how a fitness tracking app called Strava gave away the exact location of secret military installations.
IT security policies need to account for these devices, along with internal IoT devices that are more vulnerable than workstations. As Forbes points out, forgetting network connectivity in IoT devices is a costly mistake, as these devices don’t typically use the same software.
3. Employees Are the Weakest Link
As mentioned above, employees are ultimately the weak link in any cybersecurity policy, especially when it comes to finance. Thus, it’s important to keep them updated and trained. Cybersecurity needs to be a part of your company culture in order to succeed.
If employees aren’t trained on how to recognize threats, they are a liability. Everyone in the company—whether entry-level or executive, customer-facing or not—should always be aware of security procedures and why it’s important to follow them.
Implementing these processes to prevent cyberattacks comes with challenges that you will need to overcome in order to sustain protection moving forward.
IT Challenges Facing Your Finance Company
Finance companies are facing escalating costs across the board, including ever-rising operational budgets related to supporting existing IT infrastructure. Cybersecurity costs can increase faster than revenue growth, which puts pressure on operating margins. In addition, financial firms constantly need more cloud-based and internal storage, and IT is typically stretched in multiple directions at any given time.
Keeping security patches updated is harder than it sounds because any software update can potentially crash any of the dozens of proprietary business systems being used. This adds layers of sandbox testing that need to be performed outside of business hours that can create delays.
On top of this, any failure will upset customers and maintaining customer satisfaction is the primary concern for any company in the finance sector. You can’t afford to lose the confidence of your customers with a data breach of any kind.
Finance and Cybersecurity in the 2020s
It’s not all grim news. We’re entering a new decade with better technology than ever before. Digitizing the financial supply chain and changing customer behaviors has opened new lanes of revenue for companies willing and able to compete. However, with these opportunities come possible security concerns.
We’re facing more advanced threats than ever before and criminals have a lot more education on business operations in the financial industry. They target SWIFT, compliance officers, the stock market, and even financial regulators.
Contact Live Consulting today to have one of our professional cybersecurity consultants walk you through how we can improve the IT security at your financial services company.