Questions about cybercrime every finance company needs to ask

Financial service companies are a massive target for cybercriminals. This is—and will continue to be—inherently true due to the nature of the business. Financial service companies manage sensitive data, which is a draw for criminals who sell sensitive data on the black market for profit. And every company is only one mistake away from a cyberattack.

The financial service industry is highly targeted for cyber crimes. (Photo/Creative Commons)

In 2015, online magazine QZ, discovered a listing on the dark web selling an individual’s identity for $248.22, for this price, the buyer would also have access to an American Express with a $10,000 limit. Now imagine your customer’s data getting hacked. And hundreds, if not thousands, of identities and financial data are stolen.

That’s a decent payday for the criminal, and extraordinarily detrimental to your client list.

If you work in the financial services vertical, regardless of the size and scope of your organization, defending against cyber vulnerabilities will be the most important component of your reputation.

So, ask yourself some questions:

How closely do you monitor each vendor you work with?

Companies have recently found themselves falling victim to costly and damaging data breaches as a result of a third-party service provider’s security failures. In fact, the infamous Target data breach was a result of a third-party service failure. In this case, one of Target’s vendors fell for a phishing scheme which installed malware onto their computer. From there, hackers were able to gain access to target’s internal data by stealing the vendor’s login credentials.

As a security precaution, experts recommend companies demand that vendors accessing their systems use legitimate anti-malware software, a two-factor authentication for anyone accessing sensitive information, and strong password protection for files containing sensitive information.

How about your vendors’ third parties?

Much like monitoring your third-party, your vendor’s third parties can also be a risk.  If a third-party vendor is affected by a ransomware attack that takes them offline, how quickly would you find out about it? Do you know how that outage would affect your vendors? Additionally, would you have protections in place if the attack spread to your vendor, who is the direct tie to your critical information?

How widely does your organization operate?

If your business operates in more than one location, have you taken the time to understand how security risks change per region?

According to Information Systems Audit and Control Association (ISACA) companies with multinational locations often have variances in their security model. This variance can create holes in security. Additionally, data are transferred and modified across multiple systems, which may result in discrepancies and possible errors.

You could also apply this thought process to your vendors as well. What regions do your vendors operate in? What regions do their vendors operate in? Does their multinational business model make your data less secure?

Keeping up with cybercrime patterns and learning how other thought leaders in the space are defending themselves is imperative to your protection. Cybercriminals are becoming more sophisticated than ever which means your defenses need to continue to evolve as well.

Take action today

The first line of defense for any organization is always password management.  When communicating sensitive information with your vendors and staff, consider using a password management system that makes login credentials for internet accounts or data files invisible.

EZPD is a password generation and regeneration software that allows users to create complex passwords using node-locking technology, which means all traces of the password can be hidden.

Additionally, EZPD is different than most password managers because it does not require a master password (because we know a master password can still be compromised). And, EZPD does not use a cloud or a server to remember what passwords have been generated.

EZPD is a stealthy password generation software, learn more about our capabilities.