What Banks Need to Do to Protect Themselves from a Security Breach
Regulations require that banks establish a security breach response program as part of their broader information security strategy. According to the American Bankers Association, the response program must have four key elements: the development of a response team, a customer notification and assistance process, assessment of third-party service provider implications and a relationship with law enforcement. The response team should draw its members from all lines of business that might be affected across the organization.
The team needs to ensure that the proper protocols are in place to handle a breach. What this entails can vary from organization to organization, so getting a risk assessment is a good first step. Banking regulations require risk assessments; not only do they reduce cyber-risk, but also they provide evidence to auditors, should a breach occur, that the bank made a good faith effort to protect its customers.
Emerging technology, regulations and evolving cyberthreats — it’s a lot for bank IT departments to keep track of. This is where deploying a compliance and risk mitigation solution can come into play, particularly for smaller organizations that may not have the IT resources to dedicate to different aspects of cybersecurity.
Steps Banks Should Take Immediately Following a Breach
If a breach does occur, there are steps that financial institutions can take immediately to control the damage. Notifying customers that their information may have been stolen must be part of the required response. The notification must be prompt, unless law enforcement believes that disclosing the breach would interfere with a criminal investigation.
Notifications must include a description of what happened, a phone number where those affected can find more information, a reminder to stay vigilant and encourage customers to come forward if there has been theft, and a description of the steps the organization took after the breach. This is where compliance departments can be an asset, assessing what happened and what needs to change in the future.
While data breaches might make customers wary, how a financial institution handles itself can help keep them from leaving. A recent global survey by Verizon and Longitude found that 63 percent of customers would avoid using an organization that had experienced a breach for a period of time, but only 29 percent would avoid them for good. The survey also found that transparency is crucial, with nearly 70 percent saying that openness about how their data is being used is important for an organization to earn their trust.
Customers are more concerned than ever about the security of their personal information, and banks hold possibly the most consequential data of all. By complying with regulations, preparing for the worst and being open with their customers, financial institutions can stand strong against data breaches.