Data Security in the Financial Services Industry
Hackers and identity thieves deliberately target financial services in an attempt to access the abundance of monetary information they hold. Because of this, financial organisations have historically encountered information security challenges.
To stay protected, financial services must ensure they are taking steps to handle their confidential data in line with GDPR. This goes for all kinds of financial service organisations including insurance companies, accountants, mortgage advisors, loan companies, banks, brokers, investment services and many more.
The introduction of GDPR is arguably very beneficial to financial service businesses. By adhering to the regulations, companies can establish informed and exact processes for collecting, holding, and disposing of financial material. As well as financial information, organisations must also responsibly handle any additional personal information they collect. This may include customers’ spending habits, credit history, assets, liabilities, and any unrepaid loans they may have.
If financial or personal customer information falls into the wrong hands, customers’ money and even identities could be at risk. Not only this, but a breach of this information could affect a brand’s image irreparably. In fact, a third of financial service customers reported that they would stop doing business with an organisation that had encountered a breach¹. In an industry so reliant on consumer trust, it’s no surprise that data breaches cost financial service businesses millions each year.
For these reasons, attention to information security is paramount. Thankfully, operating under strict controls is no new challenge to financial services. With an uncertain economy facing the UK post-Brexit, plus an increase in financial crimes, businesses should take additional steps to minimise the risk of data breaches. Regardless of past data protection measures, no financial services are invulnerable to an attack.
What additional steps should financial services take to minimise the risks of data breaches?
In a single case, at least £6.9 million in funds fraudulently obtained through administering malware was laundered through UK bank accounts. Over the course of three years, a UK bank manager was instrumental in setting up over 400 ‘mule’ accounts. These accounts were used to dispense, transfer and redistribute the funds to the group of cybercriminals who organised the laundering. The group were arrested in November of 2017 and jailed for a total of 28 years.
Following on from this, The UK’s National Cyber Security Centre issued the below recommendations against financial sector compromise²:
- Use up-to-date and supported operating systems and software
- Deploy critical security patches as soon as possible
- Deploy an always-on antivirus solution that scans new files
- Conduct regular vulnerability scans and action critical results
- Implement application whitelisting technologies to prevent malware from running on hosts
- Implement a policy of least privilege for all devices and services
- Establish configuration control and management.
Financial businesses should also:
- Beware of any insider trading or dealing
- Conduct regular internal audits
- If customers log in to the service, ensure policies are in place to prevent risks when opening up networks, such as enforcing password security and implementing two-factor authentication
- Destroy confidential information in a timely and safe manner.
Of course, it isn’t just the financial information of customers that need protection. Financial information belonging to the business should also be kept and disposed of under strict security conditions.
Here at Shred Station, we specialise in the destruction of confidential data and do so on behalf of many financial institutions across the UK. We are highly accredited and cover all types of paper records and digital media. This includes customer records, account details, application forms, cheques, documents provided as proof of ID, CCTV tapes, data storage devices, and even computers. We can destroy your materials on-site at your premises, or we can take the materials away for prompt destruction at one of our state-of-the-art shredding depots.
To find out how we can help your business stay GDPR compliant, get in touch today or send a quick quote request.
For more information on the areas highlighted in this article, please visit the below sites:
² https://www.ncsc.gov.uk/report/cyber-threat-uk-business
Sign up to our newsletter here to be alerted about brand new blog articles, data protection advice, and news about Shred Station.