Security breaches are becoming more common. They occur most often in the United States (followed by the UK), exposing businesses and their customers to significant risks. Most recently, in December 2017, Kromtech uncovered a breach at Ai.Type with 577GB of data stolen. It's possible the incident exposed the information of 31 million customers. And in 2016, Uber suffered a hack that affected nearly 60 million customers and drivers across the world. These are just two examples that highlight the fact that breaches take place on a huge scale, and that it’s critical to protect all forms of data, including the financial data that hackers are attracted to. So, how do businesses build trust among consumers and prove that they’re looking after both their customer’s data and the business’s financial data? Well, it all relies upon asking yourself the following questions and taking action where necessary:
Have you secured your data?
Financial data takes multiple forms, from the accounting records that show your profits, debts, cash flow and expenses to the federal tax forms for your employees. It all needs protecting in different ways. Financial data stored online requires that you have strong virus protection, passwords, and secure firewalls and networks. You’ll also need to ensure you know exactly who has access to certain pieces of financial information and ensure it’s restricted to them. Financial data that is stored offline (in paper form, for example) must be kept under lock and key, and if you decide to make an electronic version of it, it’s essential that you put all the security measures above in place.
Have you taken out insurance?
Breaches involving financial data are extremely serious. Not only will they damage your reputation, but you may also find that some customers, suppliers, or other third-parties working with your business will take legal action against you. As a result, it’s important that you have cyber security and data breach insurance for your business; it will cover the cost of forensic investigators, notifying regulators, the expense of legal proceedings and consultation, credit monitoring for your business and affected customers, as well as as compensation for any loss of income.
Do you have a plan?
Nearly three-quarters of retail organizations lack a breach response plan, and if you’re one of them, it suggests that you haven’t done enough to protect your financial data. Your plan must include details of an empowered response team and their responsibilities, an escalation process, and a communication strategy, among other things.
Have you educated your team?
Your security systems are only as robust as the people operating in your business, so it’s essential that your team is trained to work in ways that protect your business’s financial data. Implement regular, relevant training sessions and encourage a culture of openness; having a ‘no punishment’ policy in the case of attacks will encourage employees to report behavior that might compromise your business’s security. If employees fear reprimand, ridicule, or another negative outcome as a result of an error in judgment, they’ll be less likely to report it and your business’s financial data will be more exposed than it needs to be. These are just a few questions to ask yourself when determining whether or not your business’s financial data is protected. Read the Federal Trade’s Commission guidance on data security if you need more information.
Use Tripwire to reduce your cyber risks while automating compliance with regulatory standards.
About the Author: Ben Campbell is an accomplished, experienced freelance writer and web security expert who has featured in a number of high profile publications and websites. If he’s not writing about protecting your website you’ll find him listening to live music or at the coast surfing. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
Financial Services Cybersecurity Regulations
Learn how Tripwire's strategies bolster cybersecurity in the financial sector. Facing heightened risks, financial organizations can benefit from Tripwire's expertise in security configuration management and file integrity monitoring, ensuring compliance with critical regulations and safeguarding sensitive data.
