With security and compliance such an important issue, today’s financial services firms need to be extremely cautious when working with third-party vendors. That includes their IT people. Any data leak can bring about a massive investigation for Banks, Credit Unions, Money Managers, Private Lenders, and Accounting Firms. And if vulnerabilities are found, this can result in many problems including fines.
A recent report on the Equifax data breach shows that the breach was 100% preventable. The new report reveals that Equifax was using outdated IT equipment and software. One of the main issues was the use of Apache Struts web-application software. Though it is a widely used enterprise platform, Equifax’s IT department had not been applying regular patches and updates. This made it an easy target for cybercriminals.
In the end, it was the consumers who were most hurt by the breach. Over 143 million Americans lost at least part of their financial information to cybercriminals who later sold it on the Dark Web.
René Gielen, the vice president of Apache Struts, defended his company in this statement: “Most breaches we become aware of are caused by failure to update software components that are known to be vulnerable for months or even years. In this case, Equifax had ample opportunity to update.”
Bas van Schaik, a product manager and researcher at analytics security firm, Semmle, adds this:
“This vulnerability was disclosed back in March. There were clear and simple instructions of how to remedy the situation. The responsibility is then on companies to have procedures in place to follow such advice promptly. The fact that Equifax was subsequently attacked in May means that Equifax did not follow that advice. Had they done so, this breach would not have occurred.”
The results of the investigation into the Equifax breach make it very clear that the credit reporting giant did not follow security protocols for updating and patching software. Furthermore, they were using older IT equipment that had long since stopped getting regular support. This leaves the door wide open for cyber crooks to come in and steal everything.
In the financial services industry, there’s very little room for error. The public now believes that when a company as big as Experian, Uber or Marriott has a data breach, they were doing something wrong. In most cases, the public is right.
If financial firms would follow a few simple rules, they could avoid the embarrassment and hefty fines from data breaches.
Security Awareness Training
The hard truth is that your IT security is only as good as your people are. If your employees have been well-trained in this area—if they know how to spot a phishing email, then your chances of avoiding a data breach go down. In spite of all the latest security technology, your employees can be your weakest link or your greatest asset. It just depends on whether you’ve taken the time to train them properly.
Security awareness training is essential for all employees today. Even smaller financial services firms are now at risk. That’s because hackers have learned that smaller companies sometimes cannot afford the intense security measures that larger firms have. Smaller firms often have a small in-house IT staff that may not stay up-to-date on the latest cyber threats. If this sounds like you, then it may be time to look at some different options.
In the Data-Driven World, your Financial Services Firm Must Be Able to Meet Today’s Security Challenges
At Network Essentials, when we manage your IT infrastructure, your company can get back to the business of lending, raising capital, and investing without having to worry about data breaches. Our team will ensure that your technology is serving your needs the way it should be. We will keep things running at peak efficiency. And we’ll maintain your records with top-level security protocols.
Worried About Compliance?
Compliance doesn’t have to be an uphill struggle. The team at Network Essentials will help you comply with regulations like PCI, FISMA, and Sarbanes-Oxley, and GLBA. We will provide solutions to help your organization meet regulatory IT requirements.
In the financial services industry, your IT systems are your most critical tools, and downtime or cybersecurity breaches can cost you millions of dollars, and severely damage your reputation. At Network Essentials, we specialize in making sure your network and IT resources are protected from cyber thieves.
We’ll get to know you and your financial services firm in Charlotte, North Carolina and learn about your operational objectives. If you’d like to learn more, then let’s get started!
In the meantime, stay up-to-date on what’s happening in the world of information technology. Visit our Blog. Here are a few examples of what you’ll find.