By Al Alper
Not that long ago, the risks a bank or other financial institution faced were much simpler than they face today. The biggest threat might have been the stereotypical bank robber, who would either quietly pass a note with demands to an unsuspecting teller, or who might come in wearing a ski mask, carrying a weapon and working with partners. While neither scenario was desirable, and certainly unsafe for bank employees and customers, the worst a bank would typically lose was cash – general cash that was not necessarily assigned to any specific accounts.
Now, the banking industry faces a myriad of new risks on top of this now old-fashioned approach. Data theft can not only allow hackers to get into the bank’s holdings, but could also connect them to the other holdings of each client, as well as other affiliated institutions. This type of theft, unlike the scenarios described in the first paragraph, could have profound negative impact on individual bank clients in addition to the bank as a whole.
Bankers, and others working within the banking industry, must understand certain facets of information technology in order to keep their institutions, and their clients, safeguarded. Specifically, IT compliance issues (both transactional and information) and potential security threats are two areas critical to be met and recognized.
“Transactional compliance” refers to the internal and external financial transactions of an institution. In order to be sure that transactional compliance needs are met, all discourse must be transparent to the chief compliance officer (CCO) and/or their delegates.
“Information compliance” refers to any kind of internal or external communication by the bank. Like transactional compliance, all discourse must be transparent to the CCO and/or their delegates.
With both transactional compliance and information compliance, those in the banking industry must remember that all of these transactions or communications must be fully documented, archived and accessible to fulfill both audit and compliance requirements.
Security threats are a constant concern in the IT arena, and although almost any business is at risk, some – especially those that collect valuable personal information, like Social Security numbers, bank account and credit card numbers – are at a much higher risk than others. Financial institutions face security threats directed at both systems and services.
Systems that capture and retain transactional compliance and information compliance must be checked and audited regularly for performance and adherence to standards and protocols. Information systems that banking institutions put in place typically include intrusion detection and prevention, as well as endpoint protection from malware and viruses that steal data and/or log keystrokes, which gives unauthorized individuals access, leaving the system vulnerable and information exposed as malicious thieves use that system as a launching pad for widespread internal access. In addition, third-party vendors that intersect with protected data and third-party applications that intersect with protected data offer potentially subtle access to would-be hackers. Ensuring secure, encrypted access systems for remote and extranet connectivity and encrypted systems that keep data encrypted both at rest and in transit are critical to keeping security threats in check.
Finding A True Partner
Given the high stakes involved in compliance issues and security threats within the banking industry, it makes sense that banks work with an information technology managed services provider (MSP). Selecting the best MSP for a bank is crucial; looking out for certain characteristics of the right MSP can help narrow the selection.
First and foremost, a bank or other financial institution must find an MSP that will work to be a true partner with the organization. This type of philosophy ensures that the MSP is always working in the best interest of the financial institution, understanding that the success of the bank is closely tied to the success of the MSP. In this vein, a bank should expect that its MSP will help keep the bank up-to-date on compliance changes, and also help the financial institution understand how these changes might affect the technology in place.
In addition, a good MSP should offer its financial client full transparency. This includes easy access to inventories of the bank’s assets, daily tickets and warranties, as well as knowing what information is at risk and what is exposed. Information about how employees are using the technology (including what content is being trafficked on the network or on Wi-Fi), should also be readily available.
Finally, a partnership with an MSP should also encompass business continuity commitments. To achieve this, an MSP should offer an onboarding audit, going over all of the technology components of the financial institution (regardless of whether those components are being provided by the MSP). This audit should result in a disaster readiness profile, along with recommendations of what might be needed to strengthen the institution in the face of disaster, however the disaster manifests itself.
Technology has inarguably made banking easier, more efficient, and more user-friendly. To make the most out of what technological advances offer to banks, those in the banking industry must have a firm handle on both the compliance issues involved as well as the possible security threats lurking. Understanding this, and knowing how an information technology managed services provider can help meet these challenges, offers the best outcomes for everyone – except the robbers.■
Al Alper is the CEO and founder of Absolute Logic, a technical support and technology consulting provider to businesses of up to 250 employees. He can be contacted at firstname.lastname@example.org or (203) 936-6680.