British Airways Just Learned A Lesson That Financial Institutions Figured Out A Long Time Ago

This is a question that increasingly occupies a lot of minds across industries. For financial service providers, it depends on not just how their customer data is stored and protected, but how it is processed and used on a day to day basis. 

Emerging technologies may have prompted a lot of positive changes, but have also created new vulnerabilities and new aspects of security that need to be evaluated.

British Airways released a statement less than 24 hours ago, about hackers stealing the credit card and contact data of 380,000 customers. The company added that its website and mobile app were back to normal and that it was contacting affected customers, but encouraged customers to contact their bank and credit card issuers.

Financial institutions have long recognized that the desire of consumers to access valuable data on mobile devices and the increase in popularity of cloud technologies leads to all kinds of challenges. The threat landscape now includes increasingly sophisticated cyber-attacks. Financial institutions must also ensure compliance and security from the perspective of government regulators. There is no one-size-fits-all approach to security, but Customer Relationship Management software that is flexible enough to work with individual security systems does make the task a lot simpler.

Security risks need to be evaluated because cyber-criminals constantly evolve to exploit emerging technologies. NexJ Systems recommends taking a holistic approach towards managing security because systems, processes and a workforce are increasingly compelled to work together if vulnerabilities are to be limited.

NexJ offers a dynamic, flexible, extensible, and centralized security model that allows information to be shared across the enterprise according to specified visibility rules. Security rules are enforced by the NexJ Server and consistently applied regardless of access methods — using mobile devices to book airline tickets, for instance — being used to retrieve or manipulate data elements. To find out more, download our infosheet.
 
Employee Management and Training Matters

Focus on employee training will become increasingly important because technology will always be easy to sidestep in the face of human error or carelessness. People using technology can be the weak link in a security chain, which is why more training on everything from the generation and protection of effective passwords to the opening of attachments and adherence to security policies becomes increasingly important.
 
Effective Policies and Procedures Need To Be In Place

Financial organizations should establish a cybersecurity program that is effectively implemented and enforced, with an incident response plan in the event of a cybersecurity lapse.

Other controls that need to be examined and implemented include data access limitations and auditing, multi-factor authentication procedures, encryption standards, and data destruction. Credential and access management is a critical component of cybersecurity when it comes to managing any centralized storage mechanism containing valuable data.

We’re always interested in how financial institutions secure and process data. If you have questions about our products, why not get in touch with us today?