Over the past decade, data breaches at corporations and other institutions have resulted in the theft of more than 100 million pieces of sensitive records. In 2019 alone, the U.S. saw nearly 1,500 data breaches with over 150 million records stolen. Many of these breaches happened at household-name brands such as Equifax, Verizon, Yahoo, Target, and more. This is why cyberattacks are among the top five risks to global stability, according to the World Economic Forum. Good security is now the cost of doing business and no institution—from large corporations to small businesses, local and federal government offices, and international and local financial institutions—is immune.

Data Breaches in the Financial Industry

In 2014, hackers successfully breached the largest bank in the U.S., JPMorgan Chase & Co. Next was Capital One in 2019, with the data breach exposing credit card applications from consumer and business applicants. And most recently, in May 2020, Bank of America reported a data breach exposing information from Paycheck Protection loan applicants.

Unfortunately, it’s not just the biggest banks that have cybersecurity targets on their backs. Community banks and credit unions should also be concerned with data breaches and prepared for when, not if, it happens. Smaller financial institutions may be seen by cybercriminals as easier to breach while still offering the same desirable information such as social security and bank account numbers, birth dates, and more.

 

Laptop with a screen that says Malware

What is the cost of a data breach?

The average cost of a data breach is $3.9 million, according to IBM Security’s “Cost of a Data Breach Report.” IBM also reports the cost per record lost at $150 and notes that the U.S. is the most expensive country for data breaches.

So, how does a data breach add up to millions of dollars in recovery costs?

  • Direct Costs: Forensic experts, hotline support, free credit monitoring services for customers, and potential settlements.
  • Indirect Costs: Internal investigations, customer attrition, and drop in share price.

How to Prevent a Data Breach at Your Bank

The first step in prevention is to take stock of your current security culture. Ask yourself if any of these common obstacles are holding your bank back from better security practices:

  • Slow budget cycles
  • Inefficient IT organization
  • Lack of focus on root causes
  • Internal politics
  • Too many “high priorities” so nothing is a priority
  • Poor threat intelligence when it comes to detection and metrics
  • Poor communication across your organization

Better yet, consult with your IT department so they can weigh in on which issues they think are most pressing. Good alignment between bank executives and IT is one of the best ways to set yourself up for success. Ultimately, there are no magic bullets for managing cyber security threats. In today’s evolving threatscape, where data breaches continue to grow in number and complexity, a paradigm shift is required to meet the challenges of a new decade. This is the shift towards data-driven decision making.

Data-driven decision making doesn’t just mean empirically looking at metrics and statistics. It means recognizing that your business, employees, and customers don’t exist in a vacuum. Outside pressures affect outcomes and consequences. The broader context must be taken into account.

Sign that says Free Wifi

Don’t be afraid to think about other possibilities that are not traditional to the world of IT security. For example, today we live in a politically polarized society. It’s an election year, there is a pandemic which has many people worried about the economy, and we’re in the middle of a national civil rights movement. Consider how these events might impact the threatscape you face:

  • Employees may be more disgruntled or react more severely to new company policies that come with negative consequences.
  • Hackers with anti-establishment motives might feel more emboldened and launch new waves of attacks against the financial industry.
  • Understanding the threatscape and staying in front of it is all part of good threat intelligence.

So, what powers data-driven decision making?

Call it good threat intelligence or business intelligence. Either way, if you want to approach cybersecurity scientifically, you need good data you can trust. Investing in your threat detection and analysis capabilities is the starting point of building your cybersecurity apparatus.

While there may not be a magic bullet for data breach prevention, here are the best methods for staying ahead of the curve and keeping yourself from becoming misaligned on your biggest threats:

Take inventory of your devices and properly dispose of unused or unneeded devices. The more devices you have to protect and manage, the more at risk your bank will be for a data breach. Cutting down on unnecessary software is also a great way to decrease your vulnerability to cyberattacks.

 

Person looking at a laptop with a warning screen

  • Restrict access to sensitive data to administrators and only the employees who need access.
  • Backup your data to make your institution less vulnerable to a ransomware attack.
  • Keep your software up to date.
  • Monitor your network for suspicious activity.
  • Maintain updated firewalls and security software.

34% of data breaches in 2018 involved “internal actors,” aka employees. This is more often the result of error and poor training than malicious intent. That’s why mandatory employee security training is another crucial aspect of preventing data breaches. Here are some common cybersecurity topics your staff should be well-versed in:

  • Leaving sensitive data out in the open
  • Locking down laptops in the office
  • Clicking on suspicious links or using unsecure sites
  • Connecting via unsecure wifi networks
  • Letting people into the office building without a badge or id
  • Providing sensitive information over the phone

notebook that says My Passwords with a list of passwords

How to Prepare For a Cyber Attack

Prevention is only half the battle; your bank should also be prepared to handle the aftermath of a cyber attack and data breach. Here’s what that looks like:

Create a detailed response plan.

  • Assess the threat
  • Contain the threat
  • Communicate with all stakeholders
  • Implement solutions

Tailor your breach response plan to your geography, customer base, and risk tolerance.

  • Basic security framework of firewalls, intrusion detection, etc.
  • Collaboration matrix so key departments know how to work together after a breach
  • Tools for testing the effectiveness of your plan
  • Tools for evaluating your bank’s response to a breach

Test your plan regularly for the following elements:

  • How will a breach be escalated to senior management and the board?
  • Which internal employee/departments will assume overall responsibility for any investigations?
  • Who else will be involved?
  • What firm(s) will you use for external technical and legal advisors?

Partner with PrintMail for Advanced Security!

For more than 20 years, banks and credit unions have trusted us with their customer/member data. Today, PrintMail Solutions has the most comprehensive and stringent security in the financial statement outsourcing business for both print communications and ePresentment. We are up-to-date on banking cybersecurity regulations and will meet or exceed all your requirements for critical vendors. Contact us today to learn how we can help improve the safety and security of your bank’s customer communications.