Keeping Data Secure in Financial Services
10 August 2019
How can the Utilities Sector be protected from a cyber-attack?
Author: Simon Hill, Legal & Compliance, Certes Networks.
As published in The FinTech News, August 10, 2019 and BCW Publisher News, August 10, 2019.
The protection of sensitive data in line with regulations, both for banks and other financial services organizations, is currently a big challenge. The way these organizations operate has changed dramatically in recent years, due mostly to the fact that financial institutions are not only heavily regulated by data privacy requirements, but they are also under mounting pressure to be open to consumers and businesses about how they are protecting their data from potential breaches.
The increasing expectations of consumers means that banks and financial institutions are trying to achieve a balancing act: how can they protect data privacy, while at the same time remaining transparent about how data is being protected? However, it doesn’t have to be a trade-off between meeting these customer expectations and meeting cyber security and compliance requirements: banks and financial services organizations can utilize technology to the fullest extent while still protecting data.
The Balancing Act
To achieve this balance, banks and financial services organizations need to take control of their security posture and assume the entire network is vulnerable to the possibility of a cyber-attack. Robust encryption and controlled security policies should be a central part of an organization’s cyber security strategy. Through generating and defining policies, network policy enforcement allows organizations to ensure that only authorised applications and users are communicating with one another, while enabling them to meet their own governance, security and compliance requirements.
Rather than waiting for a cyber-attack to happen, new technology tools are now available to gain a deeper understanding of policy deployment and analyze every application that tries to communicate across the network. And, all the while monitoring all traffic and limiting the pathways potential threats can travel.
Conclusion
Banks and financial services organizations should not have to worry about keeping data secure and protected. Adopting new ways of thinking about how these organizations can strengthen the protection of data requires well-defined policies, based on who needs to see the data, and strict key assignments with automated key rotation. But, most importantly, the ability to enforce policies through the observation of applications and suspicious activity on the network will require sophisticated technology and tools that are currently available today.