Get Reliable & Responsive Computer Support. Call Network Essentials (704) 206-8880

With security and compliance such an important issue, today’s financial services firms need to be extremely cautious when working with third-party vendors. That includes their IT people. Any data leak can bring about a massive investigation for Banks, Credit Unions, Money Managers, Private Lenders, and Accounting Firms. And if vulnerabilities are found, this can result in many problems including fines.

A recent report on the Equifax data breach shows that the breach was 100% preventable. The new report reveals that Equifax was using outdated IT equipment and software. One of the main issues was the use of Apache Struts web-application software. Though it is a widely used enterprise platform, Equifax’s IT department had not been applying regular patches and updates. This made it an easy target for cybercriminals.

In the end, it was the consumers who were most hurt by the breach. Over 143 million Americans lost at least part of their financial information to cybercriminals who later sold it on the Dark Web.

René Gielen, the vice president of Apache Struts, defended his company in this statement: “Most breaches we become aware of are caused by failure to update software components that are known to be vulnerable for months or even years. In this case, Equifax had ample opportunity to update.”

Bas van Schaik, a product manager and researcher at analytics security firm, Semmle, adds this:

“This vulnerability was disclosed back in March. There were clear and simple instructions of how to remedy the situation. The responsibility is then on companies to have procedures in place to follow such advice promptly. The fact that Equifax was subsequently attacked in May means that Equifax did not follow that advice. Had they done so, this breach would not have occurred.”

The results of the investigation into the Equifax breach make it very clear that the credit reporting giant did not follow security protocols for updating and patching software. Furthermore, they were using older IT equipment that had long since stopped getting regular support. This leaves the door wide open for cyber crooks to come in and steal everything.

In the financial services industry, there’s very little room for error. The public now believes that when a company as big as Experian, Uber or Marriott has a data breach, they were doing something wrong. In most cases, the public is right.

If financial firms would follow a few simple rules, they could avoid the embarrassment and hefty fines from data breaches.

  • Keep all software up to date. Apply patches and fixes to software when they become available.
  • Purchase new equipment if your computers, servers and other IT equipment become obsolete. Servers 2008 and 2008R2 are now reaching their End of Life. Support will no longer be available. Now’s the time to replace them with newer products.
  • Educate and train your employees so they can spot phishing scams.
  • Destroy old documents you no longer need. Don’t leave them laying around.
  • Thoroughly destroy digital information that’s no longer essential. Don’t leave it on a server somewhere.
  • Limit access to your most confidential records and documents. A receptionist or mail room employee should never have access to essential client files or tax info.

Security Awareness Training

The hard truth is that your IT security is only as good as your people are. If your employees have been well-trained in this area—if they know how to spot a phishing email, then your chances of avoiding a data breach go down. In spite of all the latest security technology, your employees can be your weakest link or your greatest asset. It just depends on whether you’ve taken the time to train them properly.

Security awareness training is essential for all employees today. Even smaller financial services firms are now at risk. That’s because hackers have learned that smaller companies sometimes cannot afford the intense security measures that larger firms have. Smaller firms often have a small in-house IT staff that may not stay up-to-date on the latest cyber threats. If this sounds like you, then it may be time to look at some different options.

In the Data-Driven World, your Financial Services Firm Must Be Able to Meet Today’s Security Challenges

At Network Essentials, when we manage your IT infrastructure, your company can get back to the business of lending, raising capital, and investing without having to worry about data breaches. Our team will ensure that your technology is serving your needs the way it should be. We will keep things running at peak efficiency. And we’ll maintain your records with top-level security protocols.

Worried About Compliance?

Compliance doesn’t have to be an uphill struggle. The team at Network Essentials will help you comply with regulations like PCI, FISMA, and Sarbanes-Oxley, and GLBA. We will provide solutions to help your organization meet regulatory IT requirements.

Contact Us

In the financial services industry, your IT systems are your most critical tools, and downtime or cybersecurity breaches can cost you millions of dollars, and severely damage your reputation. At Network Essentials, we specialize in making sure your network and IT resources are protected from cyber thieves.

We’ll get to know you and your financial services firm in Charlotte, North Carolina and learn about your operational objectives. If you’d like to learn more, then let’s get started!

Contact us at (704) 206-8880 or email us at info@tneus.com.

In the meantime, stay up-to-date on what’s happening in the world of information technology. Visit our Blog. Here are a few examples of what you’ll find.

What Are the Top eCommerce Platforms Going Into 2019?

Threat Advisory: SamSam Ransomware

What Are The Top 5 New Features In MacOS Mojave?