Several months ago, a weekly newspaper reported that a Connecticut bank did something unbelievably careless. The staff allegedly threw unshredded statements into a dumpster. A contractor reportedly saw it and commented that if he were a thief, he would have stolen millions of dollars. A subsequent story shed unflattering light on the contractor and the story' credibility is in question. But the fact remains that some financial institutions admitted to having clients' data compromised and are offering free credit monitoring for a specific amount of time.
Other than shredding such documents, what can a bank do to protect its customers? Banks should implement up-to-date IDS (Intrusion Detection Systems) and have qualified IT people check for vulnerabilities. It is much less costly in terms of money and reputation to do this as preventative maintenance than to do it forensically. It's a sad commentary that these proven methods are not used intensely enough throughout the banking system.
Part of my job has been to design and implement firewalls such as Fortinet, Checkpoint, CISCO PIX, Raptor and Gallant and utilizing intrusion detection systems such as Nessus Security Scan. Sadly, many decision makers at corporations do not understand the importance of keeping up to date with such security. Yes, it's costly, but security leaks costs companies more both financially and in terms of reputation. How often have you heard that ABC Bank will offer customers free credit monitoring for a year? It's not to lure new customers. Their data was compromised and their customers are at risk for identity theft. Free credit monitoring is not free for the institution that has to offer it after a security breach.
No comments:
Post a Comment