High profile security breaches and the resilience of advanced persistent threats have clearly demonstrated why security concerns have influenced the regulatory legislation governing all industries, and why regulations are here to stay. The fact that the majority of data gathered and compiled by organizations, including banks and other financial institutions, is now in electronic format and the failure to secure your network against emerging threats can open you to threats and greater risks, make securing this information as important for small banks and credit unions as it is for national chain institutions. While storing information electronically has certainly made storage and transmission of this information less costly and more efficient, it has also provided more opportunities for data to be lost, stolen or corrupted. According to one banking professional, “We see a growing dominance of hacking and malware used to grab credentials or create back doors.” These back doors can let in criminal malware from the outside as well as create opportunities for data loss from inside your organization.
VESL’s security policies are based in industry proven framework for best practices. Below is the snapshot of the framework.
The Risk of Data Loss
Losing customer or client data due to lax security or insider misconduct has plagued banks and other businesses for generations. Since the dawn of cyber communications, these risks have increased, because breaches can involve thousands of victims, and fines or judgments against the offending institution can soar into millions of dollars. In a case against Bank of America in 2011, a breach coordinated by insiders resulted in $10 million being stolen from banking customers. An insider had leaked sensitive data on at least 300 B of A customers including, bank account numbers, Social Security numbers and more.
VESL’s Security Services Best Practices
Enterprise systems are exposed to substantial risk from data loss, theft, and manipulation. Efforts to manage this risk are expensive and complicated because threats change quickly. As part of a preemptive IPC strategy, many enterprises are consolidating their electronic assets into database management systems. Databases allow better protection and control of access to these assets. Securing these databases is critical to protect sensitive information and comply with policy regulations.