Because of their massive number of transactions and accounts containing personally identifiable information, including financial data, financial services organizations are prime candidates for cyberattacks. Financial fraud will continue to be an issue; firms that neglect to appropriately invest in information security to address these concerns put not only their clients at risk, but their own organizational sustainability as well.
While some firms employ a reactive approach to cyberattacks, the firms that will ultimately succeed at keeping their information safe are getting out in front of potential problems before they occur.
Point B's Perspective
As financial services organizations continue to invest in digital strategies, Point B is helping to put a greater focus on making sure client information is protected from online threats and attacks. We're in good company; the industry’s own governing bodies have made cybersecurity a key area of focus for their constituent institutions.
In October 2016, the Federal Reserve, the Office of the Comptroller of the Currency and the Federal Deposit Insurance Organization jointly issued an advance notice of proposed rulemaking on cyber risk management standards. The group intends to create industry norms that focus on operational resilience of their member firms. The goal: to eliminate or greatly reduce the impact to the financial system should a catastrophic cyber event occur.
The proposal will focus on cyber risk governance, cyber risk management, external dependency management, cyber resilience and situational awareness. Once approved, the standards will most likely be implemented in a tiered approach, with deadline dates yet to be determined.
Working together to lower risk.
The financial services industry is also trying to get in front of potential problems created by cyber threats by creating the Sheltered Harbor initiative. The goal of Sheltered Harbor is to continue to enhance the industry’s capabilities to restore client data and account information should a major cyberattack occur.
Multiple industry associations, including the American Bankers Association, have come together to develop the initiative. It’s designed for brokerage and banking institutions with U.S. domiciled accounts and is expected to be operational and widely adopted in 2017. By working together, firms aim to decrease the risk of cybersecurity attacks.
Are you taking the right steps?
Financial services organizations can prevent and mitigate the risks of cyberattacks by taking the following steps:
- Create a clear framework. Develop and implement cybersecurity policies and standards, with a formal program that identifies, assesses, and appropriately mitigates cyber risks. Such a framework is critical to preparing your organization for potential problems.
- Test your safeguards—and then test them again. Develop and implement processes to continually monitor your systems for vulnerabilities. This will confirm the effectiveness of your cybersecurity program and help ensure that your clients' sensitive financial information is safe.
- Find the right people. Investing in the right expertise will provide a high return on investment. Hire a senior leader to oversee your cybersecurity program and regularly train all members of your cybersecurity team.
- Have a security incident response plan (SIRP). Though a cybersecurity breach is unpleasant to think about, you should assume that your organization will need to deal with such an event in the future. A well-documented SIRP that is specifically designed for your organization will make it easier to launch a rapid, well-coordinated response.
- Implement strong access controls. Grant access to your organization’s sensitive data and information systems on a least-privilege basis. Whenever possible, require multi-factor authentication for access to information systems that process, transmit or store sensitive data.
- Educate your employees. Properly trained employees can be your organization’s frontline against cyber threats. Cybersecurity is not just an IT issue. Implement a training and awareness program that teaches all employees how to recognize cyber threats—and who to notify when they see such threats.
The Bottom Line
Customers and regulators expect financial services companies to take effective, appropriate steps to protect sensitive data. Taking these proactive steps will minimize the risks of cybersecurity incidents—and even save you from preventable incidents altogether.