Reducing cybercrime threat in financial institutions -Lesson 2-3

Financial institutions are uniquely challenged as they are often a target for hackers. My customers rightly worry about exposing their business and the broader financial system to a security breach. Some are reticent to adopt new technology that will help them stay competitive because of these fears. Existing financial processes can be applied to cybersecurity risk management, and cloud technology can help them stay ahead of banking innovation and improve their security. I have five recommendations, outlined below, designed to help financial institutions more effectively manage their risk from cybersecurity incidents.

1. Expand your view of cyber risk to include real-world implications.
2. Calculate your economic capital.
3. Look at fraud and cyber risk in aggregate.
4. Go deeper and wider on the cloud.
5. Educate Employees: All employees must be made aware of the dangers of opening or downloading email attachments from unknown sources. Employee awareness is particularly important because there have been many cases where a bank’s computer was infected by a malicious program after an employee clicked an attachment from an unknown source. Employees must also be prohibited to share confidential information about the institution.
6.    Employees working in a bank’s call center must always verify the details of a vendor or a customer who has requested any changes to be made to the billing account.
7. Formulate Policies that Address Cybersecurity: It is essential to implement internal corporate policies that help prevent any fraud or cyber crime.
8. Customer data must be regularly secured and backed up.
9. Every employee should have a separate user account and with a policy that stipulates the changing of passwords every three months.
10. Administrators must prohibit employees from downloading and installing unauthorized software.
11. Bank policies must also set appropriate approval protocols. Any transaction that involves a wire transfer or an Automated Clearing House transfer must involve two approvers.
12. Harden the Machines Regularly: A bank’s IT department must make sure that every workstation and Internet-enabled device used in the company has a firewall that is enabled. A firewall blocks all communication from unauthorized sources.The Department must ensure that the operating system on all PC’s receives security updates on a regular basis.
13. All PC’s must be installed with anti-virus and anti-spyware software to detect any malware or malicious programs in the network.
14. All wireless networks must be secured and their passwords must be well-protected.
15. Adopt Advanced Authentication Techniques: Ensure that an advanced level of authentication is required to secure financial transactions. Merely setting complex usernames and passwords is not enough as hackers are constantly innovating means to crack confidential credentials. Banks should deploy advanced techniques that detect cyber crime on the basis of the patterns detected in website navigation or transactions. These could include smart cards, a pin, facial recognition, fingerprint sensors. As more and more customers are using mobile devices, banks must also deploy verification techniques like mobile-based transaction verification and dynamic device authentication.
16. Use a combined approach: No single security technology is sufficient to foolproof a bank’s IT system. Hence, banks need to implement a combination of several techniques to fortify their IT infrastructure. Every technology has its own strength - selecting an appropriate combination of the right technologies will provide benefits like strong authentication, behavioral fraud detection, and out-of-band transaction verification. This combined approach is regarded as one of the best technique for combating cyber crimes.
17. Increase Customer Awareness: Cyber threats must be fought at all levels and it is crucial that customers be made aware of any unscrupulous activity related to their bank accounts. Every bank must send out alerts and automatic messages to customers confirming the validity of a transaction.
18. Customers must be provided with guidelines for checking the authenticity of any sources that are asking for account details. Customers must also be provided with guidelines for taking precautions while using the bank’s websites.
19. Building up a bank’s cyber security is not a one-time exercise but a continuous process. Systems need to be continuously monitored through surveillance technologies to identify any loophole that has been generated. Risk management plans need to be continuously updated by conducting risk assessments and identifying new risks. 
20. Software and hardware need to be updated and upgraded as new and improved versions often address the vulnerabilities present in previous ones. Patch management must be given prime importance and security patches must be installed frequently.
21. Substantial gaps will continue to exist between the promises made and the services delivered due to the vulnerability in a bank’s IT security. It is recommended to have a risk committee that reviews the cybersecurity measures on a frequent basis.
22. Finally, every bank must have a crisis management plan in place to recover from a cyber attack and mitigate its harmful effects.
23. Establishment of Programs and ICT Forums for Youths
24. Use address Verification System
25. Use of bio-metric devices like Interactive Voice Response (IVR) Terminals:
26. IP Address tracking Systems
27. Use of Video Surveillance
28. Non use of pirated software at all levels
29. Use of Firewalls
30. Use of Cryptography: