Data Security in Online Banking

In today’s world of banking it seems as if everything is done online. Having digital records of all your financial assets is a great idea, if done correctly. However, one risk that online banking faces and isn’t talked about very much about –is the possibility that bad players can do great harm to the financial […]

0 Comments

In today’s world of banking it seems as if everything is done online. Having digital records of all your financial assets is a great idea, if done correctly. 

However, one risk that online banking faces and isn’t talked about very much about –is the possibility that bad players can do great harm to the financial data.

We’ve all heard about the risks of ransomware attacks, but what would happen if a bad apple within the organization were to “delete” all the institutions data? Not only would mass panic and chaos ensue, but the consequences would be overwhelming.

Thanks to this amazing thing we call the internet, there are more ways than ever to hack a bank. According to report by Positive Technologies, banks are just as prone as any other institution to cyberattacks. In fact, hackers often get credentials through phishing scams.

The report shows that “employees at 75% of banks reviewed had clicked on links in phishing messages, and those at 25% of banks entered their credentials in a fake authentication form.”

While banks have suitable solutions for recovering from normal events such as natural disasters, blackouts, and human error; they have a lot of learning to do in being able to survive and quickly recover from a cyberattack.

Online Banks Protecting Data

How can a bank’s data be protected? The answer is far more complex than investing in the best cybersecurity systems. Banks already spend vast amounts on IT security, in some cases more than three times the amount of nonfinancial institutions.

In addition, banks are mindful to protect data by backing it up. Data backups are created using multiple copies of critical data such as customer transactions.

Some of those copies are recorded at the time the transaction occurs and others are recorded every hour, day, or week. Several of the backups use databases or application technologies, whereas others use traditional or cloud storage.

If somehow hackers gained authorizations to the storage system itself, they could possibly corrupt or erase the critical data or all the copies of that data. 

Banks should have off-site recovery plans in place like tape backups. However, those take time to get online, and might not include the most recent customer transactions since they’re kept in an offline state. So, if hackers can just as easily destroy backup data as they can original data, what can banks do to protect their customer’s data?

In order to ensure data security and survive a cyberattack that intends to erase critical data, banks should observe to the following protocols:

  1. Identify the critical data that is required for operating the business. Obviously no business critical data should be labeled as unimportant, but you should be able to identify which data is deemed absolutely necessary to keep the business afloat. That data should have multiple backups in multiple locations.
  2. What is the resiliency for each data type Ask yourself, how long will it take the business to recover if any data is destroyed? Depending on the data that is lost, it could take hours, days, or even weeks to fully recover. How much revenue would be lost in that time?
  3. Create an infrastructure that provides the level of protection your business needs.A smart data protection strategy is to regularly backup data to WORM or write-once, read-many storage devices. This guarantees that data cannot be overwritten or corrupted. Such data storage devices should be secured with credentials that are only available during non-business hours.
  4. Always confirm that the cyber-recoverability requirements are correctly executed in your infrastructure.It is imperative to confirm after each change, upgrade, update, or modification, which takes place in your IT infrastructure that the recovery requirements are still intact and understood by all stakeholders.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.