Data Security

Data Security in Online Banking

0 Comments

In today’s world of banking it seems as if everything is done online. Having digital records of all your financial assets is a great idea, if done correctly. 

However, one risk that online banking faces and isn’t talked about very much about –is the possibility that bad players can do great harm to the financial data.

We’ve all heard about the risks of ransomware attacks, but what would happen if a bad apple within the organization were to “delete” all the institutions data? Not only would mass panic and chaos ensue, but the consequences would be overwhelming.

Thanks to this amazing thing we call the internet, there are more ways than ever to hack a bank. According to report by Positive Technologies, banks are just as prone as any other institution to cyberattacks. In fact, hackers often get credentials through phishing scams.

The report shows that “employees at 75% of banks reviewed had clicked on links in phishing messages, and those at 25% of banks entered their credentials in a fake authentication form.”

While banks have suitable solutions for recovering from normal events such as natural disasters, blackouts, and human error; they have a lot of learning to do in being able to survive and quickly recover from a cyberattack.

Online Banks Protecting Data

How can a bank’s data be protected? The answer is far more complex than investing in the best cybersecurity systems. Banks already spend vast amounts on IT security, in some cases more than three times the amount of nonfinancial institutions.

In addition, banks are mindful to protect data by backing it up. Data backups are created using multiple copies of critical data such as customer transactions.

Some of those copies are recorded at the time the transaction occurs and others are recorded every hour, day, or week. Several of the backups use databases or application technologies, whereas others use traditional or cloud storage.

If somehow hackers gained authorizations to the storage system itself, they could possibly corrupt or erase the critical data or all the copies of that data. 

Banks should have off-site recovery plans in place like tape backups. However, those take time to get online, and might not include the most recent customer transactions since they’re kept in an offline state. So, if hackers can just as easily destroy backup data as they can original data, what can banks do to protect their customer’s data?

In order to ensure data security and survive a cyberattack that intends to erase critical data, banks should observe to the following protocols:

  1. Identify the critical data that is required for operating the business. Obviously no business critical data should be labeled as unimportant, but you should be able to identify which data is deemed absolutely necessary to keep the business afloat. That data should have multiple backups in multiple locations.
  2. What is the resiliency for each data type Ask yourself, how long will it take the business to recover if any data is destroyed? Depending on the data that is lost, it could take hours, days, or even weeks to fully recover. How much revenue would be lost in that time?
  3. Create an infrastructure that provides the level of protection your business needs.A smart data protection strategy is to regularly backup data to WORM or write-once, read-many storage devices. This guarantees that data cannot be overwritten or corrupted. Such data storage devices should be secured with credentials that are only available during non-business hours.
  4. Always confirm that the cyber-recoverability requirements are correctly executed in your infrastructure.It is imperative to confirm after each change, upgrade, update, or modification, which takes place in your IT infrastructure that the recovery requirements are still intact and understood by all stakeholders.

Is ITAD a Weak Link in Data Security?

0 Comments

Is ITAD a Weak Link in Data Security?

Let’s face it, the amount of data currently being created on a day to day basis isn’t slowing down anytime in the near future.

With the increase in data comes newer, faster equipment with even more vast amounts of storage capacity.

Not only does that create a problem of what to do with the old assets, but more importantly how to keep them secure in the process.

A recent report from Experian revealed that nearly thirty percent of organizations don’t have plans in place to deal with data security threats.

You heard that right. According to their research that’s almost one third of businesses!

With cyber security threats from ransomware attacks to hard drives being sold online that still contain left behind data, how can any business not comprehend the risk that poorly managed data creates?

In more recent times, we’ve seen cyber security being prioritized as an area of great investment; especially with a majority of new businesses and startups in the data hosting sector.  

But ponder for a moment the amount of retired IT assets that end up in piles of scrap as new products are released on a continuous basis.

Whether it be an entire machine, such as laptops, desktops, and networking switches or individual components like SSDs, HDDs, memory, or tape cartridges, any small to mid-sized business produces a significant amount of physical data assets that need to be securely destroyed on a regular basis.

Unfortunately, end of life asset management and the secure destruction of data assets is often unnoticed.

An insufficient amount of businesses can guarantee or show proof that every measure possible was taken to prevent a data breach. 

Too few organizations can confidently state that all sensitive data was destroyed in a secure, accountable and socially responsible way.

When the General Data Protection Regulations (GDPR) came into legislature in May 2018, businesses began facing potential financial penalties if they didn’t comply with the data destruction guidelines.

 

data center energy efficiency

An organization that deal with or governs sensitive data should have an obligation to teach their staff about GDPR requirements and responsibilities. 

In order to stay ahead of the curve, businesses should also be making an effort to transform employee habbits when it comes to data asset destruction.

However, this can be a costly and timely process. Processes and policies in regards to asset and data disposition need to be communicated clearly to staff, resulting in the gradual education and behavioral change.

The decisions any organization has to make when choosing on an ITAD vendor are going depend on the size of the company and its equipment inventory.

Nevertheless, a business can adopt its own plan and strategy to fit its individual ITAD requirements, but the most important thing that must remain is taking an active part in the security of critical data.

Trusting the help of a reputable ITAD vendor makes a huge difference. There are countless security measures that a business may not think to take into account. 

A professional ITAD company will to ensure your data is properly secure from start to finish.

Since 1965, we’ve been in the business of helping organizations with all of their IT asset needs. 

With over 130 years combined industry experience, our equipment experts can assist in offloading old or retired hardware fast, easy, and even more importantly SECURELY.

When considering selling surplus IT equipment, visit one of our pages; We Buy Used IT EquipmentWe Buy Used MemoryWe Buy Used Hard Drives, We Buy Used Cisco, or We Buy Used Tape to get the highest market value and the greatest return on investment. 

Contact us today for a free quote and see why we’ve been trusted by businesses both large and small for over half a century.