14 Jul Banking IT Security Lapse Enough to Make One Cry
The bank manager called me crying because it was obvious something was terribly, terribly wrong with her laptop.
Sure enough, the device had two viruses on it that would allow full administrative access to the bank. We ran a scan on all devices connected to the bank network and locked all outside ports.
What did the report show? In addition to more than 250 viruses on every machine, a dark web search for bank employee email addresses found that 65 had been hacked, including details on the CFO. If my company had accounts there, I would have closed my accounts and run in the opposite direction.
Yes, it seems that cybercrime is everywhere and that dealing with issues is just part of the price for being in the business world. But certain industries have a much greater responsibility to keep data protected, and financial services ranks among the most regulated.
Here’s a sampling of the regulations that banks, credit unions and other institutions that handle money must adhere to:
- Bank Secrecy Act. This has been the primary anti-money laundering tool since its inception in 1970. The act got more teeth in the form of the USA Patriot Act, enacted following the Sept. 11 bombings that requires banks to verify the identities of those opening accounts.
- Fair and Accurate Credit Transactions Act (FACTA). Although its primary purpose is to improve the accuracy of credit reports and allow consumers one free report each year, the act has identity theft measures and requires security regarding the disposal of consumer information.
- Financial Crimes Enforcement Network (FinCEN). A bureau within the U.S. Treasury Department, the agency analyzes financial transactions to combat financial crimes.
- Gramm-Leach-Bliley Act. Passed in 1999, the act enforces rules regarding the security of personal financial information related to how financial institutions collect and protect such information.
- Office of Foreign Assets Control (OFAC). This organization maintains the Specially Designated Nationals List (SDN List), entities that U.S. businesses are forbidden to engage with financially.
Oh yeah, and there’s some global pandemic out there, which has roiled financial markets and left financial institutions struggling to make a profit amid record low-interest rates. At times like these, it’s no wonder that the bank manager lost sight into the well-being of her work laptop, but that’s not a risk that banks and credit unions should be taking.
Overwatch Technology can help banks and credit unions carry the burden of regulatory compliance without the high overhead associated with in-house IT staff. We find that banks often aren’t on top of compliance management, with written documentation in place regarding how an institution safeguards information and business associate agreements in place with vendors.
Technology and compliance management are required to truly keep data safe and customers protected. Fortunately, you can find both services at one place: Overwatch.