Developing an Effective Financial IT Strategy for Your Organization
Your institution is unique in many ways, and the way you approach your financial IT strategy is just as unique as your business itself. It’s important to evaluate your current IT strategy and make sure it is checking all the right boxes.
There is no real cookie-cutter IT solution for the financial sector, as a 2018 report from Deloitte Insights points out. Every niche in the financial services vertical has its own set of cybersecurity threats. Overall, cautions Symantec in its 2019 Security Threat Report, financial institutions are increasingly becoming prime targets for cybercrime. After all, your organization is “where the money is.”
Cybercrime is ever evolving, becoming even more sophisticated over time. IoT (Internet of Things) vulnerability exploits, ransomware and form jacking are just a few examples of commonly used attacks against financial institutions. The 2020 cybercrime outlook is even more bleak, with ever-increasing attacks against businesses just like yours.
Between 2013 and 2015, cybercriminals targeted multiple banks across Russia, Japan and Eastern Europe. The online bank robbery cost banks well over a billion dollars. This was no top-secret attack, clandestinely created in an underground cave and covertly executed under cover of darkness. While the malware itself was highly sophisticated, the initial mode of attack was one of the oldest cybercrimes in the book: phishing. Hundreds of bank employees world-wide were tricked into revealing sensitive information via email, allowing the gang of online criminals to install all the malware they needed into bank networks to execute the crime.
In the United States, a hacker bypassed the Electronic Data Gathering, Analysis and Retrieval system of the US Securities and Exchange commission and used stolen data to trade illegally. The 2016 incident netted the hacker and his gang over $4 million in trading profits.
So how can a comprehensive financial IT strategy keep your company protected? Read on to find the top cybersecurity threats your financial organization faces, and four ways your financial IT plan will keep you safe.
The Top Threats Your Financial IT Strategy Must Address
It’s no secret that technology is becoming more sophisticated every day. Unfortunately, cybercrime is constantly evolving, too.
Businesses can be crippled by malware powered by AI botnets on IoT, ransomware, and other aggressive cyberattacks. For your financial IT plan, three concerns must be addressed as part of your comprehensive strategy.
As proven by the 2013-2015 bank attack example, your employees will always be your “weakest link.” To be effective, any financial IT solution must include an emphasis on cybersecurity awareness training for all employees who access your network. New employees should have this training when onboarding, too. Your IT solution should include cybersecurity awareness training and a set of guidelines, policies and procedures regarding online behavior for all employees.
Some disgruntled employees may leave your organization and deliberately sabotage the network through hacking and malware installation. Special attention should be given to ensuring employees who are no longer part of your organization have all permissions revoked immediately.
Cybersecurity awareness training makes your employees knowledgeable gatekeepers of your network security, instead of unwittingly remaining liabilities to it.
IoT and BYOD Threats
In 2018, digital threats were brought to the forefront of the tech world when it was revealed that a fitness tracker called Straya revealed exact locations of many secret military bases and installations.
Your financial IT solution will need to include all personal devices that are routinely used for organizational or personal needs. This can become complex when you consider that every employee in your workforce has tablets, smartphones, and even connected devices like fitness trackers. Each device your employees brings into the workplace is a potential cybersecurity vulnerability.
Every device that relies on IoT is a threat, too. Examples of these devices can include Alexa, smart systems (lighting, thermostats, cameras and security devices, for instance), laptops and more. If it connects to the global internet, it can be considered an IoT device. These may slip through the cracks because they do not use the same software and operating systems that your network does. Forgetting to protect them, according to Forbes, can be a dangerously costly mistake.
Unsecured Third Parties
As a financial organization, you are firmly tied to many third-party vendors. Your financial IT solution needs to include policies and procedures to limit access to data from your vendors, no matter the size of your business.
In 2019, a targeted cyberattack hit many credit unions across the United States. Using information gathered from the National Credit Union Association, these cyberattacks were directed at credit union Bank Security Act agents who were responsible for monitoring activities that may be associated with money-laundering. These bank officials were emailed money-laundering alert emails which, once opened, spread malware to all contacts on the employee’s lists. This spear-phishing attack failed because educated bank officers noticed the red flags in the emails: grammatical errors and irrelevant email addresses.
In 2019, financial institutions received a warning from the US Secret Service regarding an increase in phishing attacks.
Your financial IT strategy should cover your interactions with your vendors to limit your organization’s vulnerability to third-party cyberattacks.
Financial IT Strategy Best Practices
Technology and finance used to be considered separate entities, but today finds integration between the industries with the increase of Fintech applications like Bitcoin, Acorn, PayPal, and Square. Today’s financial industry must be protected from cyber attack across all platforms while still offering services such as mobile or online access to accounts.
In addition to the initial financial loss your business faces after a breach, you may also be facing hefty fines and penalties if you haven’t met certain government regulations regarding your electronic storage and communications.
- Payment Card Industry Data Security Standard: Stipulates requirements for institutions that work with credit and payment cards
- Sarbanes-Oxley Act: Governs requirements relating to the storage and management of electronic financial records.
- Gramm-Leach-Bliley Act: Sets requirements for the safekeeping and collection of financial information
It’s an important part of any successful financial IT solution to make sure all your internal and cloud-based networks are protected to stay compliant with industry standards and regulations.
The following four IT security best practices are important keys to implementing a successful cybersecurity strategy for your financial organization.
End to End Encryption
The National Conference of State Legislatures outlines almost 300 state laws relating to cybersecurity in 2019. Some of these were directly related to financial institutions and industries, just like yours.
Your best defense is using military-grade end-to-end encryption on all your data. This is a security step that can prevent cybercrime and reduce the amount of damages caused by a breach by limiting how much data is exposed to hackers.
Routine Monitoring as Part of Your Overall Financial IT Strategy
Your successful financial IT solution will involve continuous monitoring of your network. This is a proactive step that can identify cyber threats as they happen, rather than waiting until a breach occurs and trying to mitigate the damage. This monitoring will occur on top of your security features, such as your antivirus, antimalware suite, and firewall.
In 2017, Equifax reported a breach that involved over 143 million personal records. Had Equifax been current on updating security patches, the breach would most likely never have occurred. The company, it was found, was nearly two months behind on these updates. Proactively monitoring and patching is a vital part of your overall cybersecurity strategy.
Organizational Cybersecurity Framework
As time consuming as it seems, your IT solution must cover all devices within the company. This includes devices issued by your organization as well as any BYOD equipment your employees use. Every device, every employee, and every access point must be accounted for in your cybersecurity framework. In other words, all resources (digital, physical and human) need to be noted in this framework.
You can use this framework to build an IT infrastructure that is scalable and secure. Make sure to update this regularly, accounting for upgrades, new hires, and discontinued equipment.
The Future of IT Strategy in the Financial Industry
2020 is shaping up to be a decade full of amazing technical advances in devices and services. Some of the most exciting changes are taking place in the way financial institutions digitize the supply chain and customer access to services. All of this equates to new ways to generate revenue for any financial organization willing to make a solid IT investment.
The flip side of this, however, is that cybercriminals have continued to evolve their attacks to meet each new technology. Today’s cyber crime is targeting financial institutions, with hackers bringing financial industry education into their game. Compliance officers, the stock market, financial regulators, and SWIFT communications can all fall prey to a dedicated cyber criminal with time, resources, and know-how on his side.
Iconic IT can bring you a comprehensive financial IT strategy that will align with state and federal regulations, protect you from lawsuits, keep your money where it belongs, and bring you peace of mind. Contact Iconic IT for a free, no-obligation consultation and let us show you how you can improve your current IT strategy today.