Many consumers and indeed organisations with staff using mobile devices for work consider the default system security on the device to be sufficient for their needs. However, with the financial sector holding personal data which can give access to clients’ financial assets as well as identity, financial industry data records are incredibly valuable to cybercriminals and therefore more thought needs to go in fighting them.
Mobile malware specifically targets the operating system on a mobile phone rather than a desktop or laptop. And as users are moving away from PCs and laptops to more regular use of mobile devices for banking and financial transactions it’s essential to protect mobile devices to the same extent as more traditional hardware.
The most common forms of mobile malware are:
- Spyware and Madware (mobile adware)
- Virus and Trojans
- Phishing campaigns
- Browser exploits
Keeping your staff mobile phones safe from cybercriminals doesn’t have to be any more of a problem than keeping their laptop and office-based PCs safe.
A mobile phone should really be treated as you would any other computer as this is the way in which it is being used. To increase your mobile cyber security, it is important to:
- Ensure all the latest versions of the operating system and other applications are loaded and updated.
- Install a firewall.
- Install mobile security software to protect against malware and viruses.
- Make sure there is a password protected lock screen.
- Only download apps from official sites like Apple App store and Google Play for example, as they have already been scanned.
As with desktop cyber security nothing is 100% foolproof and it is still possible for viruses and malware to slip through the processes in place. If you would like guidance on the best tools for securing your organisation’s mobile devices please click here.
Application/OS Trust Management
Trust management is an abstract term to describe the processes in place to ensure that clients have trust in your services and that their financial and personal data will be safe with your organisation.
The most common form of website trust management is the little padlock next to the URL which indicates a financial organisation’s SSL certificate is up to date and the data transferred (credit card details, data and logins) through that website will be encrypted and therefore safe to use.
Since 2018 when GDPR laws came into effect in the UK, data protection has played a greater role in cyber security in general, but it is particularly relevant for the financial services industry.
Although a complex piece of legislation, in essence, GDPR protects consumers from having their data passed on to third parties, as well as having the right to know what data is held on them and whether there are any data security breaches where their data may have been compromised.
Therefore, there are various security measures which financial services need to take into consideration in order to remain GDPR compliant.
- Lock screens on mobiles, laptops, and PCs should password protected.
- End to End Encryption (E2EE) should be enabled to prevent third-party infiltration.
- Data not required to be stored for compliance should be deleted. It is thought that every lost record can cost $150 so limit what data is stored.
- Have a Response Plan in place in case a staff mobile phone is lost which may contain access to sensitive data.
- Have a rigorous risk management plan in place to assess the risks as well as how to minimise these.
Identity and Access Management
Identity and Access Management (IAM) is an umbrella term which covers processes, products and policies that organisations have in place to manage users’ accounts which can range from the members of staff within your organisation or hundreds of thousands of users who access your financial app every week.
Identity and Access Management solutions have a number of functions including:
- Granting access rights
- Providing single sign-on from any device
- Multi-factor Authentication
- User lifecycle management
- Protecting privileged accounts
- Aiding with compliancy
Essentially these solutions ensure the right people are accessing the right data at the right time. With AI capabilities this also ensures that ‘odd’ behaviour is identified straight away, without affecting the user experience.
IAM is an effective and efficient use of resources as your organisation can automatically manage user accounts including set up and deactivation of accounts without investing a lot of time and money and without problems associated with human error which can therefore make your process more secure.
The key benefits of IAM are that it reduces the number of password-related calls to your IT department, as well as ex-members of staff still having access to your secure systems. If you would like to discuss the further benefits of IAM for your business contact CIS today.
Multi-layered Security Techniques
Even organisations with very minimal security measures in place have multi-layered security measures. The beauty of multi-layered security techniques is that if one of the systems fails then there is a back-up which can prevent infiltration by cyber criminals. These include:
- Privacy controls
- Anti-spam and filters
- Patch management
- Web protection
- Email security and archiving
- Anti-virus software
- Data encryption
It is not possible to have too many layers, or too much security protection so the more layers of protection you can put in place the better it will be for the safety of your and your clients’ data. In fact, the safer your systems are the better your reputation in the marketplace will be and the more your business can grow.
Multi-layered security techniques should offer three-fold protection:
- Proactive – stop the threat before it causes problems.
- Detective – catch the threats as they materialise.
- Reactive – recover data and clean the devices once a threat has entered the system.
If you are unsure of how robust your cyber security systems are or you feel you need to implement more multi-layered security techniques then speak to a member of the CIS team today and we can guide you through the process.