Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
Blog article
See all stories »

Channels

Security Regulation & Compliance
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Financial institutions must plug insider leaks

The European Commission last week announced plans to widen the scope of current EU legislation for the protection of personal data to make it mandatory for all companies that store data on consumers to report data security breaches. If these proposals go through, banks that do not already have a thorough data protection policy in place could be hitting the headlines more often than they would like and for the wrong reasons. What could cause even more incalculable damage to a bank's reputation is if a data security breach that becomes public knowledge was the work of an "insider".

While most banks have secured their networks from "external " threats, in the absence of thorough user auditing and control systems, there remains an immediate risk from the bank's own staff, contractors and outsourcing partners. Part of the problem is that some staff have inappropriate access to systems and sensitive data, thereby creating serious security threats.

Even if all users can be limited to the systems that they need access, there remains no guarantee that these users will act responsibly when using their access rights. This is especially true where there are inadequate levels of accountability. At the same time as trying to prevent the loss of data, banks need to keep their business fluid and responsive as well as maintaining effective controls within a set of cost constraints.

Add to that the need to respect employees' privacy rights, and financial institutions are left with a myriad of issues that they need to address. They are not the Ministry of Defence so locking all systems and data sources down, and frisking employees as they leave the building, is not the way to go!

The plans to extend European legislation on data protection to the financial services sector should serve as an incentive for banks to review current data security policies and conduct serious risk assessments to identify where there is potential for data loss. Once these gaps have been identified, financial institutions can then take the appropriate measures to address data leakage points and avoid becoming front page news.

4944

Channels

Security Regulation & Compliance
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Report abuse

Comments: (0)

Join the discussion

Member since

0

Location

0

More from member

Community
See all blogs »
Fintech 

How innovation in encryption is helping secure the credit card approval process

Ghazi Ben Amor

Ghazi Ben Amor

Operational Risk Management 

DORA – Navigating the EU’s Operational Resilience Landscape

Antony Fung

Antony Fung

Fintech 

The importance of risk management in trading

Kate Leaman

Kate Leaman

Digital Identity Management 

Navigating the digital identity landscape: A blueprint for financial services competitiveness

Adam Preis

Adam Preis

Now hiring

See more