No organization, regardless of size or Information Security (InfoSec) resources, can consider itself data-breach-proof. However, by implementing best practices and investing in cyber defenses, companies can significantly reduce their risk.
This is especially critical within financial services, where organizations are primary targets for hackers and cybercriminals. Across the board, financial institutions fall victim to cyberattacks 300 times more often than those in other industries due to the sensitivity of the personal information they store.
From financial account numbers to Personally Identifiable Information (PII), successful cybercriminals have a wide array of strategies they can use to commit identity crimes and fraud — including opening new financial accounts or lines of credit, stealing funds, or selling someone’s PII to cybercriminals on the Dark Web.
The Peak of Cyber Threat Complexity
Emerging technologies driven by the consumerization of IT continue to shape consumer expectations across all services. The power of the smartphone is now applied to nearly all banking functions, and consumer adoption is accelerating. Juniper Research forecasted that 3 billion users will access their financial accounts via mobile devices by 2021. Even though we all enjoy embracing the latest technology innovations, at times, these conveniences can also create a flurry of increased digital risks.
It’s time to step back and ask ourselves: is the rush toward mobile-first and adoption outpacing best practices for cybersecurity?
All it takes is one wrong click of the mouse or tap on the smartphone to download a virus that allows hackers to infiltrate systems and steal sensitive information, or hold data for ransom. Financial malware attacks jumped 16 percent last year, according to a Kaspersky Labs 2018 report, and Android users encountered Trojan or “spoof” banking apps three times more frequently than in 2017.
Every device, app, email account, and server — essentially anything connected to the Web — has the potential to be compromised by fraudsters. Multiply those devices by the number of employees connected to your network, and the number of customers or partners you have also accessing your apps, emails, or log-in pages, and it’s clear to see the magnitude and complexity of today’s cybersecurity challenges internal teams must face.
Then, there’s the data breaches. Last year saw a massive uptick in compromised consumer records, more than doubling that of 2017, according to Identity Theft Research Center. Additionally, 1.68 billion email-related credentials were leaked due to security incidents. Once exposed, this data can be used for criminal gain indefinitely. We all know our personal information, like our Social Security numbers, Driver’s license numbers, passport numbers, or birth dates, for example, have no expiration date for fraudsters.
Breach Aftermath: The Collateral Damage
In the U.S., financial institutions spent an average of $18 million to recover from data breaches in 2018, according to the Ponemon Cost of a Data Breach Study. And, if we look at the record level, those exposed by financial services firms cost $206 each in reparations, trailing only behind healthcare records that have been compromised. Clearly a data breach has distressing monetary consequences, but there is an unseen ripple effect that leads to additional collateral damage.
Here’s the bottom line. We all know that since banks and credit unions are so highly regulated, a data breach also means additional penalties from state, regional, international, and perhaps even industry agencies. These penalties can exponentially increase and attract media interest, which will further magnify general negativity around an organization’s reputation. When an organization’s good name comes into question the damage it can inflict upon the brand, which includes eroding trust and loyalty, can certainly lead to customer backlash and attrition, even if an individual’s information wasn’t directly compromised in the breach.
Our financial institutions are often who we, as consumers, rely on as our first line of defense against fraud. That is why a breach of bank or credit union can be so devastating. Javelin Strategy & Research reports three out of five customers put their trust in their bank to secure their confidential information, prevent fraud, and be there to make things right in the event of fraud or an identity crime.
With one in three victims of a data breach then becoming a victim of identity fraud it’s easy to see how consumer sentiment can turn sour quickly. When it’s your organization to blame, those victims are your account holders, your employees, and even your partners — and they’re not afraid to take their business elsewhere. For those who do switch banks after a fraud occurrence, 20 percent never alert their financial institution to the incident beforehand.
It’s Time to Fight Back
They say that the best defense is a good offense, and safeguarding customers from cybercrime is a proactive step that banks and credit unions can take to protect their business relationships. It doesn’t have to be a complex solution, either — some actions are simpler than one might think.
Since employee negligence is the top cause of data breaches, you can create a great foundation in smart data practices with employee training focused on password security, suspicious email detection, appropriate web usage, responsible data storage, and how to handle confidential information. Safe mobile usage — especially when employees are using personal devices for work — is another opportunity to educate employees. To further underscore the importance of such data-handling safety, it’s also helpful to make sure employees understand the consequences of a data breach — from the impact on an organizations reputation, to lost customers and therefore lost revenue, to an employee losing their job as a result of careless data or device security behaviors.
Look for occasions to keep breach prevention training top of mind, with regularly scheduled sessions to refresh employees on the latest scams and fraud. Everyone, at every level of the organization, needs to recognize that their actions and their devices can serve as a gateway for a security incident. This well help infuse your culture with awareness and vigilance, which together, create a powerful defense.
Additionally, financial institutions are building increased adoption around mobile cybersecurity and they are implementing tools that actively monitor and recognize weaknesses across both company and employee devices. Nearly 75 percent of IT leaders from global enterprises say they have experienced a data breach due to a mobile device security issue, reports an IDG Research Services survey. Mobile Threat Detection software enables internal teams to react to a vulnerability before it turns into a full-blown breach.
Preparedness Equals Protection
I think we can all easily agree that no business is immune to cybercrime, and it’s really only a matter of time before a vulnerability gets exploited. Being prepared for a data breach or data leak is critical for any organization that handles consumer PII, especially for banks and credit unions.
Get started with building and enforcing a security-first approach to business by creating an Incident Response Plan. Identify and develop a pre-breach tiger team who are tasked to build and gain internal support for a comprehensive breach response plan. Why plan now? Ponemon research found that organizations with an incident response plan in place can reduce the cost of a breach by $14 per compromised record.
Remember that one-third of people who have their information exposed in a data breach go on to experience identity crimes, and those victims will be looking to the organization responsible to make it right. Even more so, they will look to their financial institution to resolve the situation. Whether as an employee benefit or an added-value service for your account holders and your partners, providing identity and mobile cybersecurity protection across the entire digital footprint can help infuse both proactive visibility and also the tools needed to rapidly mitigate a security incident. Consider which actions your institution should embrace to be best positioned to improve customer retention and drive revenue throughout all the audiences you target.
Donna Parent is Chief Marketing Officer of EZShield + IdentityForce, award-winning providers of secure, digital identity protection and cybersecurity solutions that help consumers, partners, and organizations of all sizes protect what matters most.