How the Banking Sector Can Combat Cyber Attacks: A Checklist
It is no secret that Cyber Crime is only escalating in this day and age. In fact, in 2016, it was reported that 54% of organizations have been hit with cyber crime in the last two years. As one can imagine, the banking sector is considered as one of the most vulnerable as far as cyber crime is concerned.
Deutsche Bank’s former director of global technology production in Australia, John Baird, noted that “You can’t put cyber security on the back burner any longer. The number of attacks is increasing, and we have to start lifting the education of the users to compensate”.
In this article, we’ll list out several ways to minimize the risk of a cyber attack.
Formulate Policies that Address Cybersecurity
It is essential to implement internal corporate policies that help prevent any fraud or cyber crime.
- Customer data must be regularly secured and backed up.
- Every employee should have a separate user account and with a policy that stipulates the changing of passwords every three months.
- Administrators must prohibit employees from downloading and installing unauthorized software.
- Bank policies must also set appropriate approval protocols. Any transaction that involves a wire transfer or an Automated Clearing House transfer must involve two approvers.
- All employees must be made aware of the dangers of opening or downloading email attachments from unknown sources. Employee awareness is particularly important because there have been many cases where a bank’s computer was infected by a malicious program after an employee clicked an attachment from an unknown source.
- Employees must also be prohibited to share confidential information about the institution.
- Employees working in a bank’s call center must always verify the details of a vendor or a customer who has requested any changes to be made to the billing account.
Harden the Machines Regularly
- A bank’s IT department must make sure that every workstation and Internet-enabled device used in the company has a firewall that is enabled. A firewall blocks all communication from unauthorized sources.
- The Department must ensure that the operating system on all PC’s receives security updates on a regular basis.
- All PC’s must be installed with anti-virus and anti-spyware software to detect any malware or malicious programs in the network.
- All wireless networks must be secured and their passwords must be well-protected.
Adopt Advanced Authentication Techniques
- Ensure that an advanced level of authentication is required to secure financial transactions. Merely setting complex usernames and passwords is not enough as hackers are constantly innovating means to crack confidential credentials.
- Banks should deploy advanced techniques that detect cyber crime on the basis of the patterns detected in website navigation or transactions. These could include smart cards, a pin, facial recognition, fingerprint sensors.
- As more and more customers are using mobile devices, banks must also deploy verification techniques like mobile-based transaction verification and dynamic device authentication.
Use a combined approach
No single security technology is sufficient to foolproof a bank’s IT system. Hence, banks need to implement a combination of several techniques to fortify their IT infrastructure. Every technology has its own strength – selecting an appropriate combination of the right technologies will provide benefits like strong authentication, behavioral fraud detection, and out-of-band transaction verification. This combined approach is regarded as one of the best technique for combating cyber crimes.
Increase Customer Awareness
- Cyber threats must be fought at all levels and it is crucial that customers be made aware of any unscrupulous activity related to their bank accounts.
- Every bank must send out alerts and automatic messages to customers confirming the validity of a transaction.
- Customers must be provided with guidelines for checking the authenticity of any sources that are asking for account details. Customers must also be provided with guidelines for taking precautions while using the bank’s websites.
Building up a bank’s cyber security is not a one-time exercise but a continuous process. Systems need to be continuously monitored through surveillance technologies to identify any loophole that has been generated. Risk management plans need to be continuously updated by conducting risk assessments and identifying new risks. Software and hardware need to be updated and upgraded as new and improved versions often address the vulnerabilities present in previous ones. Patch management must be given prime importance and security patches must be installed frequently.
Substantial gaps will continue to exist between the promises made and the services delivered due to the vulnerability in a bank’s IT security. It is recommended to have a risk committee that reviews the cybersecurity measures on a frequent basis. Finally, every bank must have a crisis management plan in place to recover from a cyber attack and mitigate its harmful effects.