Google+
  • Ocwen3.19+0.00 +0.00%
  • Zillow39.13+0.03 +0.08%
  • Trulia47+0 +0%
  • NationStar17.76-0.07 -0.39%
  • CoreLogic45.80-0.04 -0.09%
  • RE/MAX62.10+0.15 +0.24%
  • Fannie Mae2.83+0.03 +1.07%
  • Freddie Mac2.13+0.00 +0.00%
  • Wells Fargo54.015-0.235 -0.433%
  • CitiMortgage70.84-0.56 -0.78%
  • Bank of America24.76-0.26 -1.04%
  • Fidelity National Financial47.1901-0.4699 -0.9859%
  • First American49.27+0.08 +0.16%
  • Black Knight Financial Services44.00+0.30 +0.69%
  • AUDUSD=X0.7936-0.0025 -0.3165%
  • USDJPY=X111.6600-0.2980 -0.2662%
Home | Daily Dose | Staying Ahead of the Threat: Why Security Awareness is Vital to Your Organization
Print This Post Print This Post

Staying Ahead of the Threat: Why Security Awareness is Vital to Your Organization

4-14 DSN-story14

(Editor's note: This select print feature originally appeared in the April 2016 issue of DS News magazine.)

By Michael O'Connor

Data is the lifeblood of banking and financial services organizations. Lenders, appraisers, real estate brokers, and property preservation companies each have the responsibility of protecting and securing financial data. Almost all data generated or used by financial services firms is regulated. The responsibility of managing account information, cardholder data and transactions, and non-public personal information makes this industry, arguably, one of the largest collectors of sensitive and privacy protected data.

The financial services industry continues to invest in new technologies that allow for efficient management of client information with increasing oversight capabilities. However, a concurrent effort to protect information from attack is critical, as evidenced by recent data breaches at high profile organizations including hospital facilities, large retailers, and health care insurers.

In today’s world, most organizations, regardless of size, will experience a security incident in the form of social engineering, a data breach, or malware. Social engineering attacks will continue to be the easiest way for cyber criminals to compromise corporate networks. The advanced technology and systems used to protect networks makes the front door approach less appetizing to would be attackers. With social engineering, the attacker can mass engineer an attack with the knowledge that one user can compromise an entire network. Here are a few examples of the types of external security incidents of which organizations should be aware.

  • Spear Phishing: email spoofing fraud attempt, targeting an organization, seeking unauthorized access to data;
  • Whale Phishing/Whaling: targets C-level users, or users with elevated access to sensitive data;
  • Malware/Anti-virus: malware is software that disables or damages a computer system;
  • Distributed Denial of Service (DDoS): multiple infected systems are targeted at a corporate network or website causing a denial of service;
  • Hacktivism: the act of compromising a system for socially or politically motivated purposes;
  • Extortion Hacks: cybercriminals threaten to release sensitive data if an organization does not meet some demand;
  • Ransomware: prevents access to data on a PC by encrypting it and requesting a ransom to unencrypt it.

Identifying internal vulnerabilities

A data breach occurs when sensitive, confidential, or protected information is obtained by an unauthorized individual or organization. Organizations can improve the security of sensitive data by focusing on controlling how employees access, transmit, and manage documentation. Here are three common areas where, when controlled, organizations can strengthen the protection of sensitive data.

  • Spreadsheets: ensure files are password protected, saved on network drives instead of local hard drives, and access is restricted to authorized users
  • Email and File Attachments:effective email policies, spam filters, scanning email attachments, and encryption improve email security
  • Identity Lifecycle: as users join the organization, move within the organization, and leave the organization their access is always appropriate to their job role and function

Identity is a major attack vector for advanced threats, with compromised credentials being a significant enabler in successful attacks. Organizations need a reliable way to continuously determine that users are who they say they are before allowing access to sensitive data. Attempts to lock down systems and resources with strong authentication too often detract from the user experience, encouraging users to find workarounds that further increase risk. Today’s authentication solutions need to be easy to implement wherever authentication is required and allow organizations to optimize the right level of security and convenience for the risks that are present. Organizations with successful authentication strategies will greatly strengthen their security posture while making users’ lives easier in the process.

Determining where an organization is vulnerable to the occurrence of a data breach or attack is the first step in protecting sensitive data. However, organizations need to invest in a proactive and flexible strategy that can evolve at the same pace of potential, and inevitable, threats to security.

The financial services industry interacts with a myriad of third-party vendors to perform a variety of business services. Collaborative development, extended supply chains, and outsourced services are just a few ways in which third parties help deliver a competitive advantage. But these third-party interactions create new sources of risk that can significantly impact the organization if not managed proactively. Organizations who work with third parties must develop a systemic process for assessing, tracking, and managing third-party risk. In addition, they must incorporate information regarding risk into their organization’s overall risk assessment and management strategy. Organizations that harness this risk are positioned to take advantage of the opportunities afforded by working with third parties to safely drive their business forward.

Proactive Security

The goal of any security program includes proactive protection against attack, a reduction in time to detect a breach, maintaining systems to protect sensitive data, and to have the appropriate procedures and systems in place for business continuity.

The majority of security incidents are caused by human error related to lack of employee awareness and training. Organizations should take a holistic approach to security, however, the first line of defense begins with continual training. Establishing a ‘Culture of Security’ with your executive management and employees is critical. While investing in IT security is necessary, the best security teams in the world cannot protect against employee failure to recognize targeted attacks. The nature of social engineering means that the cybercriminal has to succeed only once, while your organization has to be successful in protecting against such attacks every time.

Some suggestions to educate your workforce include:

  • Communicate regularly using relevant news articles to highlight security as a real threat to business
  • Use a variety of mediums to reach your entire audience
  • Spread the importance of safe online practices
  • Enforce adherence to security policies and procedures at all times

Having security policies and procedures in place will provide your organization with a solid framework when it comes to managing security incidents. The ISO 27001 Information Security Management System (ISMS) provides such a framework for Information Security Management best practices helping organizations to:

  • Protect client and employee information
  • Manage risk to information security
  • Achieve compliance requirements
  • Protect the organization’s brand image

While ISO27001 will not necessarily prevent a security incident from occurring, it will help ensure that all risks related to security are considered and appropriately managed.

4-14 sidebarMinimizing the impact of advanced attacks requires a robust capability to detect and respond. Having a formal incident response plan, and carrying out regular Business Continuity Plan (BCP) exercises, help ensure that organizations are prepared for such events. In an environment of persistent attack, and near-constant compromise, incident response must be a priority for any organization responsible for financial information, personally identifiable information, or intellectual property. Organizational strategies must be based on proven best practices, and they must leverage expertise where required. Security programs must incorporate opportunities to automate and to constantly improve. Organizations with a robust incident response and business continuity capability will have the best chance of minimizing damage or loss from attack.

While social engineering attacks are currently prevalent, threats continue to evolve and take many other forms. Today’s workforce is more flexible, cross-functional, and mobile than ever. IT-driven organizations require rapid on-boarding of employees to apps, systems, and resources so that they can be productive right away. Traditional firewall approaches to network security are not enough anymore and organizations must secure data whether it resides inside or outside of the network.

A holistic approach must be taken to consider all points of entry into proprietary systems and all software integrations. The traditional closed network is no longer a reality for today’s businesses. The need to connect to clients, vendors, and third-party systems creates a complex network which spans outside of the organization. Protecting these expansive networks requires a multi-disciplined approach to manage organizational risk and meet compliance requirements.

Networks can be compromised without an organization’s knowledge. These attacks can be silently mining data without raising any alerts or alarms. It is through regular audits across the network environment that this can be avoided.

Auditing organizational processes and procedures is a not a new requirement for loan servicers, asset managers, appraisers, and property preservation providers, all of whom are all subject to the audit provisions established by the Dodd-Frank Act. Ensuring that regular audits are performed on internal and external systems is as important as the audits required for compliance within the industry. These audits will highlight anomalies on the network, your property platform, and in relation to user access and activity within systems. Audit trails for sensitive data are vital in any system. Knowing how, when, and who last updated a particular sensitive data point can give a degree of comfort when it comes to understanding potential security flaws and preventing them in the future.

Loan servicers, asset managers, appraisers, and property preservation providers require anytime, anywhere access to borrower and asset information. Technology solutions must enforce secure access consistently across internal IT systems, third-party applications, mobile-based apps, and infrastructure. These solutions must balance security and convenience, while ensuring users have access to any information appropriate to their role. Secure access will empower employees and ensure that valuable information remains protected.

Taking measures for physical security

Organizations can minimize their exposure to data breach by taking an inventory of physical opportunities to reduce vulnerabilities. Physical procedures include:

  • Locking laptops in cabinets and/or car trunks
  • Locking screens when employees leave their workstations
  • Providing privacy screens on computer monitors
  • Disabling ability to download data onto external drives
  • Monitoring data sent to unauthorized and/or personal email addresses

In today’s security landscape, a security breach is not a matter of “if” but “when.” While risk tolerance is up to each individual organization, the way risk is managed is important, and there are definitely best practices to follow.

With increased regulatory pressure, and the cost involved, the financial services industry must carefully consider each investment decision and the impact it will have on the end consumer, regulatory requirements, and their bottom-line. The good news is that there are many opportunities for organizations to create win-win situations that improve customer interactions, preparedness, and resilience against security threats, while also helping to achieve long-term cost savings.

About Author: Michael O'Connor

Michael O'Connor
Michael O’Connor is SVP Service Delivery at Aspen Grove Solutions. Michael has over 18 years’ experience delivering technology solutions. Over the last six years Michael has worked at Aspen Grove Solutions on the Aspen iFamily® suite of applications, providing a robust property management platform that is easy to use and quick to implement. For more information [email protected] to setup a meeting with the team or visitwww.aspengrovesolutions.com.

193 comments

  1. Pingback: Staying Ahead of the Threat - Appraisal Buzz

  2. Pingback: Staying Ahead of the Threat - Brokers TitleBrokers Title

  3. Pingback: Education Notebook: School news and events for April 14-20, 2016 | MMS Cyber

  4. Pingback: What Is Property Preservation Companies | discountask.top

  5. Pingback: Ruksis780

  6. Pingback: xmt85c4wx5ctwxw3tcerthve56

  7. Pingback: binge drinking facts

  8. Pingback: دانلود قسمت هشتم شهرزاد دوم

  9. Pingback: دانلود شهرزاد قسمت هشتم فصل دوم

  10. Pingback: دانلود شهرزاد قسمت نهم فصل دوم

  11. Pingback: دانلود قسمت چهارده عاشقانه

  12. Pingback: دانلود قسمت 17 عاشقانه

  13. Pingback: دانلود قسمت دوازدهم عاشقانه

  14. Pingback: Jasmine Summers

  15. Pingback: Nikki Stills

  16. Pingback: Peta Jensen

  17. Pingback: Christy Mack

  18. Pingback: Jessie Volt

  19. Pingback: دانلود فصل دوم شهرزاد

  20. Pingback: Paleo Diet

  21. Pingback: real money casinos

  22. Pingback: movie

  23. Pingback: Medical

  24. Pingback: سریال عاشقانه

  25. Pingback: Loyola College for Sale

  26. Pingback: دانلود قسمت دوازدهم عاشقانه

  27. Pingback: دانلود قسمت سوم شهرزاد دوم

  28. Pingback: دانلود قسمت یازدهم شهرزاد دوم

  29. Pingback: دانلود قسمت پنجم شهرزاد دوم

  30. Pingback: دانلود قسمت اول فصل دوم شهرزاد

  31. Pingback: under armour store

  32. Pingback: Admission via Good Donation in any medical college

  33. Pingback: videos porno

  34. Pingback: porno

  35. Pingback: porno gratis

  36. Pingback: porno

  37. Pingback: videos porno

  38. Pingback: videos porno

  39. Pingback: videos porno

  40. Pingback: دانلود سریال عاشقانه

  41. Pingback: mysql consulting

  42. Pingback: ساخت پنجره دو سه جداره

  43. Pingback: پنجره ضد سرقت ایرانی

  44. Pingback: شرکت تولیدی پنجره

  45. Pingback: how to make an pisces man feel guilty

  46. Pingback: Acne Facial Treatments Cooper City

  47. Pingback: Facial Spa Services Lighthouse Point

  48. Pingback: Acne Facial Treatments Sea Ranch Lakes

  49. Pingback: Facial Spa Services Davie

  50. Pingback: Facial Spa Services Lazy Lake

  51. Pingback: online casino games

  52. Pingback: دانلود قسمت پنجم شهرزاد

  53. Pingback: booty

  54. Pingback: buy zynga poker chips

  55. Pingback: visitez le site

  56. Pingback: working clash royale hack

  57. Pingback: پنجره دو سه جداره

  58. Pingback: i88Cash

  59. Pingback: led lights

  60. Pingback: پنجره

  61. Pingback: coin-banks bitcoin

  62. Pingback: coin-banks

  63. Pingback: coin-banks.com

  64. Pingback: coin-banks trading

  65. Pingback: bitcoin hft

  66. Pingback: bitcoin trading

  67. Pingback: Natural Shine Protectant

  68. Pingback: دانلود قسمت هشتم شهرزاد

  69. Pingback: valuable vintage topps baseball cards

  70. Pingback: aller + loin

  71. Pingback: ping g30 australia

  72. Pingback: دانلود فیلم

  73. Pingback: anime series

  74. Pingback: vpm

  75. Pingback: دانلود شهرزاد قسمت 15

  76. Pingback: دانلود شهرزاد قسمت سیزده 13

  77. Pingback: پنجره دو سه جداره

  78. Pingback: cr coins hack

  79. Pingback: vpn

  80. Pingback: social.empireiam.com/index.php?a=profile&u=jonathonfif,

  81. Pingback: TRUSSARDI

  82. Pingback: http://www.mfpc.tv/ch/userinfo.php?uid=4613509

  83. Pingback: STOX

  84. Pingback: 16 دانلود شهرزاد

  85. Pingback: دانلود سریال عالیجناب قسمت اول 1

  86. Pingback: دانلود قسمت دوم سریال عالیجناب

  87. Pingback: دانلود

  88. Pingback: دانلود فیلم

  89. Pingback: 食品

  90. Pingback: دانلود عالیجناب قسمت اول

  91. Pingback: دانلود عالیجناب دوم

  92. Pingback: cv axle replacement

  93. Pingback: political polls twitter

  94. Pingback: consulta cpf online gratis

  95. Pingback: Best Baby Crib Mattress

  96. Pingback: فروش توری پنجره دوجداره

  97. Pingback: آموزش ساخت پنجره دوجداره

  98. Pingback: پنجره ضد سرقت ترک

  99. Pingback: دانلود فیلم

  100. Pingback: پنجره دوجداره وین تک

  101. Pingback: golf clubs online

  102. Pingback: Tile and Grout Cleaning fort hood TX

  103. Pingback: aws online course

  104. Pingback: دانلود فیلم

  105. Pingback: how to buy bitcoins

  106. Pingback: درب

  107. Pingback: دانلود فیلم

  108. Pingback: قیمت پنجره دوجداره

  109. Pingback: پنجره

  110. Pingback: پنجره

  111. Pingback: اموزش ساخت پنجره دوجداره

  112. Pingback: https://www.symantec.com/connect/user/jorgedavidson

  113. Pingback: فروش توری پنجره دوجداره

  114. Pingback: drugs

  115. Pingback: watch porn on instagram

  116. Pingback: buy weed online no medical card

  117. Pingback: مشاوره بازاریابی آنلاین

  118. Pingback: SEO Services London

  119. Pingback: walmartone login

  120. Pingback: description

  121. Pingback: grafisch.CoolePagina.nl

  122. Pingback: Vancouver BC Airport Shuttle

  123. Pingback: https://genius.com/jamessmith2390

  124. Pingback: https://www.youtube.com/watch?v=Bld2NoB1hBI

  125. Pingback: rain showerhead

  126. Pingback: walmart1

  127. Pingback: دانلود فیلم

  128. Pingback: event in Cyprus, conventions in Cyprus

  129. Pingback: window

  130. Pingback: physicians mutual dental insurance

  131. Pingback: Web Designer in Yakima

  132. Pingback: Learn Colors

  133. Pingback: instagramda sex izle

  134. Pingback: پنجره

  135. Pingback: قیمت پنجره دوجداره

  136. Pingback: پنجره

  137. Pingback: dicas para concursos

  138. Pingback: Bad Doctor

  139. Pingback: پنجره

  140. Pingback: drop shipping business for sale

  141. Pingback: پنجره

  142. Pingback: فیلم

  143. Pingback: Yakima Seo Services

  144. Pingback: http://dictaf.net/story/471027/

  145. Pingback: garden bridge

  146. Pingback: mens haircuts

  147. Pingback: Learn colors

  148. Pingback: gay porn

  149. Pingback: Fontana CA Low cost Home Remodeling contractor

  150. Pingback: صيانه

  151. Pingback: restauração auditiva

  152. Pingback: live sex cams

  153. Pingback: Web Design

  154. Pingback: real money casinos

  155. Pingback: 12 month loans direct lenders

  156. Pingback: دانلود

  157. Pingback: chip

  158. Pingback: bowl with dip

  159. Pingback: دانلود سریال

  160. Pingback: download

  161. Pingback: window

  162. Pingback: دانلود

  163. Pingback: پنجره دوجداره

  164. Pingback: garden bridges east coast

  165. Pingback: دانلود

  166. Pingback: garden bridges Los Angeles

  167. Pingback: Bad Credit Remortgages

  168. Pingback: More here

  169. Pingback: cleaning

  170. Pingback: fernandez

  171. Pingback: Krankenversicherung Vergleich

  172. Pingback: German Casino

  173. Pingback: watch movies online

  174. Pingback: Agen Bola

  175. Pingback: commercial air conditioning repair Claremont

  176. Pingback: Easiest Way To Make Money Without a Website

  177. Pingback: My Homepage

  178. Pingback: blackhead popping

  179. Pingback: watch porn google

  180. Pingback: Ελληνικο ποκερ

  181. Pingback: Παιχνιδια

  182. Pingback: coolest vape mods

  183. Pingback: vape pen starter kit

  184. Pingback: cheap jordans china

  185. Pingback: car shipping

  186. Pingback: Spokane Elvis

  187. Pingback: نهنگ عنبر

  188. Pingback: google leaks

  189. Pingback: learn colors with balls

  190. Pingback: Judi Online

  191. Pingback: testbank and solutions manual

  192. Pingback: Yarra Valley

  193. Pingback: payday loans

Leave a Reply

Scroll To Top