Managing the movement of data for financial firms
By Stuart Janicki • 08 Jul 2013
Establishing data security policies and effective staff training are critical first steps in preventing data breaches. However, it must be supported with appropriate day-to-day action. Ask yourself, how do you really stop a data breach?
Data in physical transit is a huge vulnerability for any financial services firm. Whether your staff work from home, or visit clients, data needs to be transferred somehow. Your secure customer data then begins to reside on countless USB memory drives or laptops, often in a way which would make the ICO cry.
The increase of customer’s personal data that is collected and the ability to easily transfer this data has created the problem. Consider the number of memory sticks you’ve had over the past few years – can you locate them all or even describe what data resides on them.
Firms should embrace the productivity benefits that come from the ability to work in multiple locations, but only when the transit of data is controlled, access is refined and the method is secure.
Consider who needs access to download and transfer data.
Not everybody in the firm needs to download data and take it off-premises to do their jobs. Decide who needs to just access data and who else needs to download it. Ask yourself if you know who currently takes data offsite or uses their personal USB memory sticks to transfer it internally computer to computer? Or more bluntly, do you really want a junior accountant to take the entire customer database offsite?
Protect the data which is being transferred.
If staff are currently downloading data to USB sticks, or taking their laptops home, is this data encrypted? Encryption is important because it ensures that if the data is intercepted, it can’t be read. Therefore you may need to consider software which encrypts everything on the laptop, or will only allow data to be transferred to protected devices.
Keep an active list of users and devices.
Restricting staff and providing secure devices is only as good as your auditing. A list of devices and their current owner will help to ensure that data breaches do not occur. If one is lost or stolen, would you be able to identify who had it last, and therefore what data was on it? Performing random checks ensures that the correct owners are in possession of the correct devices.
Stop unauthorised access.
You could stop the transfer of any data to any USB device which has not been encrypted or you may even want to lock down USB ports and CD writers for any staff who do not need to download and transfer personal data. These methods whilst very restrictive can prevent accidental transfers which violate the data security policy, or even stop malicious attempts to steal or sell customer data.
Preventing data breaches in financial services is critical in protecting the reputation, customers and financial health of any firm. Given the highly sensitive nature of data that firms handle, these front-line measures are a vital stage in stopping the breach of customer data.
Share this post