There are few things more important to people than the security of their banking and financial data. And, whether banks want to admit it or not, when it comes to managing the security of data within a banking environment, information processing continues to become increasingly complex and difficult to manage. With new threats and security regulations rolling out regularly, if proper and flexible controls are not implemented at your community bank, IT incident response and detection will continue to be a challenge.
In general, there are certain data security processes that community banks do extremely well, and areas in which those same banks have room for significant improvement. Here is a snapshot of how the community banking industry does overall with its data security.
The Good – External Threats, Disaster Recovery Programs
Community banks typically are competent when it comes to external threats, (e.g. identifying hackers trying to bypass firewall controls, implementing virus management on their networks, and, for some, implementing controls to detect internal scanning). These banks also excel at security program development, including disaster recovery plans. None of these tasks are easy, but after years of experience, the trend is moving toward continuous improvement.
The Bad – Data Loss Prevention Solutions
Community banks still struggle with understanding where their data on their network resides, and where is it going. In general, one can argue that these banks understand what their data is and who has access to it, but rarely do they have a sense of how it moves on and off of their networks by authorized users.
A new class of data loss prevention controls exists in the marketplace to help community banks manage these issues. We are beginning to see these controls implemented, and they are forcing banks to reclassify their data, which is a healthy exercise.
The Ugly – Identifying Unauthorized Devices on Networks
Most community banks can tell you if their firewall is being scanned by a rogue attacker, but not if someone has placed an unauthorized device on their network. The problem with this is that if a device joins the network, it can broadcast traffic off of the network, potentially compromising the entire operation’s data security. This silent attack, coupled with an ARP spoofing attack, could bring down an entire operation.
Steps for a Successful Data Loss Prevention Solution Implementation
In order for a community bank to successfully manage its information technology assets, management needs to:
- Know its data and classify it
- Understand its controls and what they do
- Do the gap analysis to understand what isn’t protected.
We can help you take a look at the security of your network, and determine what data your bank has, where it resides and where it’s moving. Click here for a free security assessment.
Or, if you’d like to speak with one of our IT security experts about data loss prevention solutions for community banks, please call Joe Compton at 440-449-6800.