Financial services firms have a target on their back. Given the massive quantity of names, addresses, Social Security numbers, bank account numbers, credit card numbers and other sensitive information kept on file, cyber criminals are going to continue to take aim at your businesses.
We've seen it countless times before in the financial services arena. A data breach in 2011 at Global Payments led to 1.5 million credit and debit card numbers ending up in the hands of cyber criminals, costing the company $90 million.
In 2014, J.P. Morgan spent more than $1 billion to mitigate the damage resulting from compromised personal information of more than 76 million households.
Last but not least, credit-reporting agency Equifax on Sept. 7, 2017, revealed that cyber criminals had compromised the personal information of more than 143 million U.S. consumers, marking the largest data breach in history.
(More: Data breaches ratchet up risks for financial advisory firms.)
Experts say we've only seen the tip of the cyberattack iceberg, and the treasure trove of sensitive information kept at your business will continue to attract cyber crooks to your company. The average cost of a data breach is approximately $4 million per incident, not to mention the priceless reputational damage. Can your business afford it?
What started out as a relatively minor issue has ballooned into perhaps the greatest threat facing our industry. At Ascensus, we have over 30 years of experience in safeguarding our clients' personal information. Here's my advice for like-minded firms looking to avoid potentially disastrous data breaches.
SYSTEM PATCHES
Perhaps the single most significant security flaw that led to the Equifax breach was the company's failure to patch a vulnerability in its system, providing cybercriminals with an entryway into the personal information. Had Equifax patched this vulnerability within 48 hours of discovering it, the breach could have been prevented, according to Equifax CEO Richard Smith.
Patching vulnerabilities within your businesses security system as soon as they are identified may sound like a no-brainer, but you'd be surprised how many companies fail to do so. The capital and manpower required to implement these patches sometimes deters executives from the job. But these decision makers must understand that potential financial and reputational damages resulting from a breach far outweigh the time and money spent maintaining your system today.
EMPLOYEE TRAINING
One of the top causes of data breaches is human error. Cybercriminals have gotten very creative in how they enter your systems, and frequently use methods that involve deceiving an internal employee into letting them right in the front door.
Hackers are known to create phishing emails disguised as Amazon coupons or other retail giveaways. A quick click on a link within these phishing emails can provide the criminal with everything they need to break into your systems.
Sometimes hackers pose as an existing client or representative from a third-party vendor on the telephone to get the information they need to break in. Considering your employees' natural willingness to help, you might be surprised how easily an unsuspecting associate will unintentionally give up sensitive information to the wrong person.
Strong employee cybersecurity training designed to help your associates recognize these malicious attempts is imperative for a company-wide cybersecurity system and can go a long way in thwarting attempted attacks.
PREPARATIONS
If a data breach does occur at your organization, an effective response plan will make or break your ability to mitigate the damage to your clients and key stakeholders. This might have been Equifax's largest downfall.
Ask yourself the following: How will we eliminate the bad actor to mitigate the damage? Which third-party cybersecurity firm will we call for help? What is our internal communication plan, and how will we address the issue with our clients and the outside media? These questions just scratch the surface, but getting the answers is a great place to start when building a response plan.
(More: Someone tried to hack my Social Security account.)
Given the sheer amount of sensitive data you have at your company, financial services firms of all shapes and sizes will continue to be targeted by cyber criminals. Constantly monitor and update your security measures and response plans. If a data breach hits your organization, you'll be glad you did.
John Schroeder is the chief information officer at Ascensus.
