A Security Checklist for Financial Institutions

In the eyes of the cyberattacker, just about anything and everything out there is a target. But whether for the theft of personal and confidential information (such as passwords and PIN numbers) or having enough data about somebody to launch a covert identity theft attack down the road, their ultimate goal is one thing: to get money, and lots of it.

In this regard, one of the most vulnerable industries here in the United States is the financial industry. Despite being mandated by various federal legislations forcing financial institutions to improve their system of controls and audits, many of them are still are victims of cyberattacks.

In this article, we look at some of the major security topics that should be included in any checklist as a CIO or CISO make sure their financial institution is complying with federal legislation and mandates.

Note that for the purposes of this article, the term “financial institution” can mean any organization that handles money and related transactions for a customer. This includes banks, lending centers, brokerage institutions, stock and commodities trading firms and so forth.

1. Using Approved File-Sharing Programs

It’s obvious that many financial institutions, at least here in the United States, create and possess many documents. These can range from simple bank statements to confidential financial modeling data that the banks have to send over to the federal government for review and approval.

In order to electronically transmit these sensitive documents from one place to another, employees have to use file-sharing programs. Most financial institutions already provide this tool, which is supposed to have built-in security features. But employees, being creatures of habit, often like to use the software tools that they are accustomed to. Many of these tools send information as clear text across a network, which would make it (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Ravi Das (writer/revisions editor). Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/rl-azeWu58A/