Maintaining Compliance in the Financial Industry

Financial firms are victimized by cyber-attacks significantly more than any other industry. The financial sector is attacked 300 times more than any other business, with statistics as staggering as 1 Billion attacks in a year, 2,000 per minute or over 30 attacks per second. And this is just the beginning.

Below are Some Recent Cyber-Attacks Stats

• It is estimated that 16.7 million U.S. consumers were victims of identity fraud in 2018
• The amount stolen as a result of identity fraud hit $16.8 billion
• According to the Wall Street Journal, a record $355 million in outstanding credit card debt is now owned by people who didn’t even exist as recently as 2017.

It can be theorized that the attraction to these firms is simply the nature of the information they hold. Kaspersky reported that the financial industry was the second most targeted industry of cyber attacks and malware behind healthcare. With the explosion of cloud solutions and digital transformation efforts, and the significant increase in cyber-attacks targeted directly at the financial industry, institutions find themselves needing to make a huge decision. Carry on as had been done in years past or pivot and embrace the looming change? One thing is for sure, cybercriminals are continually innovating and finding new ways to gain access to financial institutions data, and if firms don’t keep up, they will face obsolescence.

Core Cybersecurity Practices for Financial Institutions

Financial regulatory authority and non-profit agency, FINRA, is authorized by Congress to regulate brokers and dealers in the financial industry to ensure they operate fairly and honestly and protect America’s investors. A part of this includes helping firms develop effective security protocols to protect their clients’ data from malicious sources. In their paper titled “Core Cybersecurity Controls for Small Firms,” they list 13 controls, summarized below, that financial institutions should consider when securing their systems:

List of 13 Core Cybersecurity Controls for Small Firms

1. Patch Maintenance – Enable automatic updates and patching of critical systems, or consider outsourcing to a certified partner who can host the solution and manage the updates virtually.
2. Secure System Configuration – Utilize vendor and industry standards such as the Center for Internet Security (CIS) recommendations.
3. Identity and Access Management – Tightly restrict and limit admin access rights based on business need of the user and regularly review, update, or delete accounts no longer in use.
4. Vulnerability Scanning – Utilize 3rd party vendors or commercial “off-the-shelf” software to continuously scan vulnerabilities and malicious sources.
5. Endpoint Malware Protection – Install additional software to further manage, detect, and block malicious sources such as virus and malware.
6. Email and Browser Protection – Add software that blocks web-based email browsers and unsafe content to reduce the risk of phishing attacks on your network.
7. Perimeter Protection – Firewalls are an essential part of perimeter protection for business infrastructure. Provide efficient protection with internal firewalls and built-in firewalls as is found in cloud solutions like Desktop-as-a-Service.
8. Security Awareness Training – End Users are the biggest threat to the security of corporate data, and training can go a long way in preventing the firm’s systems and data.
9. Risk Assessments – 3rd Party risk assessments should be performed annually to test the efficacy of the firm’s security controls.
10. Data Protection – Data encryption, both in transit and at rest, is essential as well as regular backups.
11. Third-Party Risk Management – Evaluate the SOC (System and Organization Control) and SSAE18 protocols of any vendors and outside partners who have access to critical firm data to ensure they have adequate measures in place.
12. Branch Controls – In the event that the institution has multiple branches or locations, ensure compliance of the firm’s security protocols.
13. Policies and Procedures – Create and share all appropriate protocols and procedures with every user of the firm’s data.

Of course, these should be considered in totality with the type of financial institution and their current (and future) technology systems and needs in order to truly be effective means of securing the firm’s data infrastructure.

dinCloud Helps the Financial Industry Transform Digitally while Maintaining Compliance

Born in the cloud, dinCloud knows how important it is to maintain compliance when securing sensitive personal information, such as the type of data the financial industry regularly works with. We understand the special needs financial institutions have when looking to digitally transform their business and further serve the needs of their clients.

How dinCloud is Helping the Financial Industry to Digitally Transform

dinCloud’s hosted virtual desktops (dinDaaS and dinHVD), hosted virtual servers (dinServer), database solutions (dinSQL), and cloud storage solutions (dinStorage) provide users with the flexibility to operate from anywhere, at any time, and on any device and enhance their customer experience and employee productivity. Bring your firm into the future with dinCloud’s hosted virtual desktops and storage solutions. Find out now.