Protecting your Financial Institution from Security Breaches – July 2022

Protecting your Financial Institution from Security Breaches

To assist Financial Institutions from breaches in security you must tighten your data security controls and also plan for a significant breach should these controls be insufficient.

The Gramm-Leah-Bliley Act (GLBA) requires financial institutions to ensure security and confidentiality of sensitive information. Your institution must also be prepared to respond by preventing and responding to cyber-attacks through a very well-planned security program. These are some of the steps that you can take to assist in the development, implementation, and monitoring of your security program.

• Employee Training – this is your first line of defense against security breaches. Include; background checks upon hiring, understanding and signing of your confidentiality and security policies, understanding the use of sensitive materials and destruction of these materials, when and how to encrypt information, and the legal and regulatory requirements around the security of client’s information.
• Network and Information Security – Design your systems to protect from possible breaches. Include in your system precautionary measures when selecting a service provider, use consistent auditing procedures to detect improper usage or issues, dispose of customer information in a timely and secure manner, and always maintain inventory of your financial institutions inventory assets such as computers, hard drives, and mobile devices.
• Breach Event – Always have a plan in place for swift and an appropriate response. These are some steps that can be taken to minimize damage: preserve and review all files to help reveal the extent of the breach, secure and isolate all information that may have been compromised, and immediately notify appropriate regulatory, business, and legal agencies, provide your team with the plan to complete the full restoration of information. You may also need to inform your clients based on the nature of the breach.

The most important steps that you can take will be to develop, implement, audit and follow your security access and breach plans.

Reference: The Tennessee Banker Volume 110; Number 4; Protecting Against the Breaches