4 Ways Banks Prevent Security Disasters

by Brad Garland

In September, Yahoo became the latest company to admit it had a serious data breach. A suspected state-sponsored hacker had compromised the user data, which included security question answers, passwords, phone numbers and birth dates, of 500 million accounts. Many Yahoo users also trusted the company with their bank account and credit card numbers, but the company maintained that this information was not stolen.

The hack came at a particularly sensitive time for the tech company, because it had recently finalized a deal with Verizon to buy its core properties for $4.83 billion in 2017. Any data breach erodes user trust and creates negative press, but Yahoo's data breach was particularly bad due to the scale of the hack. The announcement of the cybersecurity breach was also particularly troubling for Yahoo users, because data was stolen in late 2014 but they were just now hearing of the breach in 2016. Some experts speculate that Yahoo might have hidden knowledge of the data breach because it would have undoubtedly reduced the value of the company by millions of dollars.

Tech companies are expected to have good cybersecurity programs, but for financial institutions, having exceptional cybersecurity programs is critical. A data breach isn't just embarrassing; it could leave your clients exposed to identity and financial theft. To preserve trust in your bank, formulating a plan to prevent a large-scale security breach can reduce the risk of a reported hack landing your institution on the front page of a newspaper.

Cybersecurity Audit: Test Your Preparedness

Before making any changes to your existing system, it helps to evaluate your existing security approach. Garland Heart offers regulatory cyber security audits that can serve as an independent review of your current security before an external audit. The audit examines your bank's policies and procedures to ensure it's meeting security standards. It also evaluates the physical security of the server and other hardware and the logical security of the overall system, accounts and disaster recovery.

Penetration Testing: How Easy Are You to Hack?

Penetration testing is one of the best methods to uncover possible security weaknesses within your website and overall computer network. The pen test works by employing an expert who tries to hack your system to gain financial information and other data. After the testing is complete, you can review if any data could have been stolen and address any possible areas of vulnerability.

A pen test provides essential information for preventing a real hacker from stealing financial information, but its effectiveness as a diagnostic tool is limited by the talent of the person doing the testing. Our penetration testing doesn't rely on just firewall scanning to determine your security. Instead, we use our team of highly trained consultants and its three decades of experience to test beyond your Internet interface. After our pen test, you'll know if your email, Internet, online banking, wireless network, and applications could potentially withstand an attack.

For an overview of the information security essentials that helps to protect client data, you can also download this free cheat sheet. "The Complete Guide to Info Security" will provide you the information you need to understand particular cyber security vulnerabilities.

Social Engineering: Identify Your Team's Vulnerabilities

Sometimes a data breach doesn't occur due to a vulnerability in a network or application. Clever hackers can manipulate your employees into giving them the data they want by preying on your employees' natural desire to help. These human breaches may be smaller in scale, but often they're easier to successfully accomplish. Therefore, any vulnerability assessment should also investigate your workforce.

Social engineering prevention works like penetrative testing on your bank's employees. Garland Heart uses carefully trained employees who know how to possibly trick your bank's employees into divulging personal information. Social engineering is particularly valuable because most of your employees won't even realize that they've violated banking procedures by disclosing certain types of information. Garland Heart can also help your employees spot these human hackers so they don't fall for their tricks.

Breach Assessment: How Prepared Are You for An Attack?

Is it possible that your bank has already had a security breach? Yahoo's hack demonstrated how a hack can be made worse by not quickly identifying and disclosing the problem. While it's possible that security flaws have remained uncovered by hackers, it's also possible that a breach has already occurred. It's also possible that no matter how carefully your bank protects its customers, a security breach could occur in the future.

Breach assessment works to protect your bank against past and future breaches by creating tests that simulate a breach. Garland Heart also uses social engineering techniques to further identify any possible environment weaknesses at your bank.

Right now, bank cybersecurity programs are a best business practice to protect your clients and preserve your institution's insurance. And although there hasn't been a major hack of a U.S. bank yet, data breaches that have affected millions of consumers have drawn interest from government regulatory bodies. Just days before Yahoo announced its data breach, New York State announced its intent to pass regulations to require that bank cybersecurity meets certain benchmarks. While nothing has been finalized, this move is a clear indication that your financial institution should expect more scrutiny aimed at its cybersecurity methods.

Hackers can destroy the hard-won trust of your clients. Contact us for a free quote, and learn how to protect your bank from cyber attacks.