I found an interesting article on the Microsoft Web site on six basic steps a financial services company can take to secure their information. As we're all aware, identity theft is a major problem affecting all sectors and countries and the financial services sector is the primary one targeted by identify thieves.
The six steps mentioned in the article are:
- Deploy Access Management Systems. These systems allow the financial services company know who has accessed what and when they did so.Without this, there is no audit trail to use to find out what happened and how to fix what went wrong.
- Educate Your Customers About Identity Theft. There are things that IT related controls can't fix. One of those things is how people handle their private information. Only policies and procedures can help in this case. Educating customers about identity theft, phishing, scam emails and more will help protect the financial services sector company against identity theft
- Secure All Mobile Devices. Mobile devices are the fastest growing type of device connecting to networks today. Security has been an afterthought for many of these devices. You need to make sure that security is a first thought before allowing mobile devices to connect to your financial services sector network
- Implement Safe Hardware Disposal Procedures. There's data on them thar trashed hard disks! Make sure that you decommission your old machines carefully. Fully wipe hard disks and data cards before disposing them.
- Prevent Insider Attacks. This is the hardest thing to do, since in many cases the data leakage isn't intentional and it done by authorized users. Encryption using IPsec and EFS helps, and document Rights Management can also be a big help.
- Closely Monitor Outsourced Providers. Without a doubt. the biggest risk to your financial services company comes from outsources. In most cases, financial services institutions have not thoroughly vetted the security infrastructure of the outsourced provider, often with an embarrassing and costly result.
For more information, check out the article at http://www.microsoft.com/uk/business/security/financialservices.mspx
Thomas W Shinder, M.D.
GET THE NEW BOOK! Go to http://tinyurl.com/2gpoo8
Email: [email protected]
MVP - Microsoft Firewalls (ISA)