by Tony Pepper, CEO. Egress
Financial services organisations are trusted with far more than just money; they are also responsible for keeping customers’ highly sensitive personal and financial data under lock and key. We’re hyper-aware that the growing value of this data means financial organisations are prime targets for malicious cyberattacks – but this isn’t the only threat they face. In fact, not a day passes without these firms’ own employees putting data at risk from within.
You might think that, when it comes to reducing overall breach risk, employees represent low-hanging fruit – surely it is easier to control the actions of a company’s own team members than it is to defend against external attackers? However, this not the reality experienced by financial firms worldwide. While external attackers are always motivated by malicious intent, the employee population is far more heterogenous and, in a sense, much more human. This makes understanding and mitigating insider risk a more nuanced exercise. Just because it is difficult, however, doesn’t mean it is impossible. It’s crucial that financial services companies shift the dial on insider risk and reduce breach frequency, because the penalties for failing to do so are becoming increasingly draconian and the repercussions from customers much more severe.
The recent Egress Insider Breach Survey aimed to understand the different attitudes towards data sharing and ownership among employees in financial services companies and the approaches that IT leaders in the sector are taking to managing insider breach risk.
We found a whole range of diverse profiles of people who put sensitive financial data at risk for very different, but very human, reasons. Some need monitoring to keep their less-than-honest traits from getting the better of them, while others need a helping hand to save them from making genuine, well-meaning mistakes. And across all respondents, we also found confusion over who really owns data, contributing to the more cavalier attitudes displayed by some.
Deliberate “data breachers” – from well-intentioned but reckless to disaffected and destructive
Our study found that the financial services sector has more than its fair share of deliberate “data breachers”. Of the thousand employees we questioned, almost a third (32%) said they or a colleague had intentionally broken company policy when sharing or removing information in the past year. This compares with just 15% of healthcare workers and 11% of government sector employees.
The reasons given for this deliberate flouting of security policy varied. One-third said they were simply trying to get their job done but didn’t have the appropriate tools to share data safely. On the face of it we might have some sympathy with those employees, but would consumers and businesses want to bank with those firms?
It’s more difficult to be sympathetic with those motivated by self-gain, including the 41% who took data with them because they were moving to a new job. And we have even less sympathy for the 15% who compromised data because they were angry with the company and wanted to deliberately cause harm.
Operator error – mobile, tired, under pressure
Even with their firm’s best interests at heart, employees still make mistakes. 30% of financial sector workers said they or a colleague had caused an accidental data breach in the past year – again more than twice as many as their public sector counterparts. A third had sent an email to the wrong person and a further third had clicked on a link in a phishing email.
Their reasons behind these breaches varied from the pressure of working in a stressful environment, to tiredness and rushing. A significant proportion, however, said they made an error due to using a mobile device – and given the current requirement for mobile remote working during this COVID-19 pandemic, this is a definite cause for concern.
Breach detection gaps and technology limitations
Next, we examined what IT leaders in the sector have in place to mitigate insider breach risk. Concerningly, 60% said the most likely way they would discover an insider data breach was via internal hand-raiser reporting by either the employee themselves or a colleague. Only one third felt that their breach detection systems would pick up the issue.
In a similar vein, traditional data protection technology use was surprisingly inconsistent across financial firms. Email encryption, anti-malware and secure collaboration software were in use by fewer than half of financial sector companies. Again, raising the question whether consumers and businesses would be willing to trust their data to financial firms if they knew they didn’t have systems in place to protect it.
So, why is this the case? From the data we uncovered, it seems as though organisations are resigned to a proportion of insider breach incidents occurring, accepting them as an inevitable result of doing business and employing people. But this doesn’t need to be the case. It is possible to apply human layer security solutions to mitigate these risk factors and make a positive impact on breach frequency figures.
Human layer security – a helping hand and a watchful eye
Take the issue of rushing or tiredness. This can lead to users adding the wrong recipients to emails or failing to spot the subtle changes in familiar email addresses that denote targeted phishing attempts. This risk can be overcome with tools that use contextual machine learning to analyse what the good security behaviour looks like for each user and support them with alerts that tell them they’ve added an unusual recipient to an email, or that they are about to answer a phishing email. A small prompt is all these users need to stop them from making an error and causing a data breach.
Similarly, when using mobile devices with smaller screens, it is very easy to choose the wrong attachment and send sensitive data outside the organisation to the wrong recipient or to the right person unprotected. If an employee is less than honest, our always-on, constantly connected culture also enables them to deliberately do so too. However, it is possible to stop these incidents with an intelligent solution that scans email and attachment content and identifies data such as personally identifiable information (PII) or bank account details to alert users that they are about to send information to an unauthorised recipient, or without the correct level of encryption applied. If the user persists, the risky email can be blocked from being sent and administrators alerted to a potentially intentional attempt to breach data, so they can respond accordingly.
Ultimately, the most effective way to address human-activated threats to security is by implementing tools that support and manage users when they are at their most humanly vulnerable; tired, rushing, under pressure, angry or self-interested. As our research and wider evidence shows, the financial services sector is more than averagely vulnerable to insider data breaches, meaning human layer security must be a priority for IT leaders in the field if they hope to reduce breach frequency and keep sensitive data firmly in the vault.
SIMPLIFYING THE RETIREMENT FUND DEATH CLAIMS PROCESS
By Dolana Conco, Regional Executive at Alexander Forbes
Losing a loved one is one of the most difficult experiences a person can go through, and during this difficult time, you don’t want your loved ones to have to worry about finances.
Your family will receive a share of your retirement savings and a life insurance pay-out if you die while being a member of a retirement fund. The trustees of the fund have a legal responsibility to make sure that death benefits from the fund are paid to those who are financially dependent on you.
If your death benefit is through a policy that is separate to the fund, then the trustees will not be involved and this benefit will be paid out according to the nomination of beneficiaries’ form that you’ve completed with that specific insurer, or else your employer will decide.
What retirement fund members need to do
- Keep your ‘Who needs financial support when I die?’ form up to date
This form is so much more important than anyone thinks – even though it is not a last will and testament. The trustees must, by law, find all the people who are financially dependent on you, as well as those whom you love and would want to leave a portion of your death benefit to when you die. Those who depend on you for financial survival are called your dependants. Examples are your spouse or life partner, children (of any age), parents, people you need to pay maintenance to or anyone else in your life who depends on you financially.
If no one is financially dependent on you in any way, you can choose someone else as a beneficiary (family, friend, or even a charity). If you choose to give your death benefit to a charity when you die, the money will first be paid to your estate and then paid over to the charity of your choice. If this form is not up to date, it could take the trustees much longer to identify who should receive a share of your death benefit from the fund.
- Submit the correct documents
The most common reason for delays in paying an insured death claim is that there are missing, incomplete or incorrect documents submitted with the claim. Your employer can assist with what is needed and can check that the form has been completed fully and correctly before submission. In general, the following information is needed:
- a certified copy of the death certificate
- the identity document or passport of the deceased member
- a copy of a pension-backed housing loan (if applicable)
- proof of the extent of any financial dependency of the beneficiaries
What your retirement fund needs to do
The trustees of your fund have a legal duty when you die to distribute your death benefit from and through the fund. The trustees must find all dependants and nominees to decide how to share the retirement savings and life insurance pay-out fairly. To make a fair decision, the trustees will consider the following factors, among others:
- Age of the beneficiaries
- Relationship to the deceased
- How financially dependent they were on the deceased
- Their financial affairs
- Their future earning potential and prospects
- The total amount of the retirement saving to be distributed
The trustees can choose to give a beneficiary no pay-out, as the law doesn’t say that every beneficiary must get some money. However, they must consider the needs of each beneficiary and the amount available for distribution.
If there’s information that the trustees may not have considered when they made their decision and the draft resolution has already been prepared, your family needs to contact the trustees urgently. The fund’s administrators will pay the death claim once they get a response from all beneficiaries, or if no response has been received within 30 days of sending the draft resolution document.
There are various reasons for delays in paying a death claim from or through the fund, including the employer not completing the claim form in full, missing or incorrect documents, investigations for the trustee resolution taking longer than expected, outstanding tax issues and beneficiaries not providing their bank account details.
Make sure your family knows what can go wrong and what to do to make the process run smoothly – it all plays a part in leaving a legacy that you can be proud of.
THE COMPLETE GUIDE TO TRANSFERRING SHARES FROM ONE DEMAT ACCOUNT TO ANOTHER
A Demat Account functions like a savings bank account with the obvious difference in the fact it stores stocks instead of money. To be similar to a savings account also implies that a Demat Account can be used to transfer shares from one Demat Account to another Demat or trading account.
Shares are generally transferred from one Demat Account to another for the purpose of changing depositories. However, there can also be other reasons for transferring shares such as merging the investments in different Demat Accounts in a single Demat Account.
Whatever the reason, in order to understand how to transfer shares from Demat Account, it is important to first understand what is Demat Account.
What Is Demat Account?
The most simplified way of answering what is Demat Account is to understand it as a digital platform where investors can store all their shares and other forms of investment in an electronic form. Demat is a short form for dematerialization which refers to the process of converting physical share certificates into the electronic form. A Demat Account can only be opened with the help of a Depository Participant or DP and a depository. A DP is an agent or broker who acts as an intermediary between the depository and investor. A depository is a financial institution in which investors open their Demat Account. Read more about what is Demat Account to understand it in more thorough details.
It is necessary to know about Demat Accounts before attempting other things like transferring shares, etc.
How To Transfer Shares From Demat Account
After the meaning of what is Demat Account is cleared, it is time to understand how to transfer shares from Demat Account to another Demat Account. There are two types of transfer:
- Intra-depository transfer: In this type of transfer, shares are transferred from one Demat Account to another in the same depository.
- Inter-depository transfer: In inter-depository transfer, shares are conveyed from one Demat Account to another account which is in a different depository.
The two ways in which shares can be transferred are the manual procedure or online procedure.
Manual Transfer Of Shares
For the manual transfer of shares, investors are required to ask for delivery instruction slip or DIS from their brokers or DPs. DIS is not just an important but also an integral part of the manual transfer of shares. It contains some mandatory fields which have to be filled to process the transfer of shares.
1. Beneficiary Owner ID (BO ID)
Beneficiary owner ID (BO ID) refers to a 16-digit ID number of a broker. An investor has to mention in DIS the IDs of both the current broker and the broker to which the shares will be transferred.
2. International Securities Identification Number (ISIN)
International Securities Identification Number or as it is commonly known ISIN is a unique ID number appropriated to each share of an investor which he holds in a Demat Account. In order for the transfer to take place, ISIN has to be provided to designate which particular shares are to be transferred.
3. Inter or Intra
This is the distinctive part of DIS where an investor has to choose whether to make an intra-depository or inter-depository transfer. In the case of intra-depository transfer, the column denoted as ‘off-market transfer’ has to be selected. Whereas, in the case of inter-depository transfer, the column designated ‘inter-depository’ has to be selected. An investor should be extra careful while filling this part of DIS.
Little needs to be said about this part of DIS. Just like any other important document, DIS too needs to be signed. Once an investor has signed DIS, it should be submitted to the broker.
A broker may charge a small fee for the transfer of shares. It usually takes 3-5 business days for the shares to be transferred.
Online Transfer of Shares
Central Depository Services Limited (CDSL) has made the online transfer of shares a very easy process. All that an investor has to do is to follow these simple steps.
- The ‘Register Online’ option at the CDSL website has to be selected.
- There would appear an option called EASIEST which then has to be selected.
- A form would generate which accordingly has to be filled.
- Once the form fill-up is complete, a print out of the same has to be taken out. This print out is to be submitted to the account holder’s Depository Participant.
- The DP will verify the document and once the verification process is completed, a password will be generated.
Using this password, an investor can log in and transfer shares on his own.
Thus, the two ways in which shares can be transferred from one Demat Account to another is not at all complex and can be easily achieved through both manual and online procedure. With a proper understanding of what is Demat Account and how the transfer of shares takes place, an investor can effectively send the shares to another account either on his own or through the help of a DP.
THE OUTPERFORMER’S APPROACH TO FINANCIAL PROCESS AUTOMATION
By Michelle Trapani, Director of Product Marketing at Kofax Achieving more with less is the mantra of our times....
WHY BANKS NEED TO EMBRACE WELLBEING IN THE DIGITAL EXPERIENCE
Howard Pull, Head of Digital Transformation Strategy at MullenLowe Profero The impact of the COVID-19 crisis on the economy...
SAFEGUARD YOURSELF FROM FINANCIAL STRUGGLE AND UNCERTAINTY IN THE CASE OF DEMENTIA
Despite the rising incidence of dementia globally – The World Health Organization (WHO) estimates one new case every three seconds...
WHY TECHNOLOGY IS KEY TO THE FUTURE OF AUDITING
By Piers Wilson, Head of Product Management at Huntsman Security The Financial Reporting Council (FRC), which is responsible for corporate...
BOOM OR BUST: HOW THE FINANCIAL SERVICES SECTOR IS COPING
by Simon Black, CEO, Awaken Intelligence Covid-19 has had an impact across all industries and businesses are feeling the...
BACK TO SCHOOL – CEOS NEED TO LEARN A NEW LANGUAGE, FAST!
By Simon Axon, Financial Services Industry Consulting practice lead in EMEA, Teradata Chief Executive Officers of banks know all...
REVITALISING THE TOKEN MARKET
By Gavin Smith, CEO at Panxora With interest rates near zero and fears that whipsawing stock markets are set for...
A SLEEPING DIGITAL GIANT WAKES? 4 KEY TRENDS ACCELERATING PAYMENTS TRANSFORMATION IN THE US
Lauren Jones, International Payments Ambassador, Icon Solutions The US payments industry is undoubtedly ripe for change. Before the unprecedented...
CAN ACCOUNTING DEPARTMENTS WIN THE FIGHT AGAINST FRAUD?
Magali Michel, Director, Yooz Despite the implementation of increasingly sophisticated security systems, corporate fraud continues to gain ground: half...
REMOTE INVOICE CAPTURE: ADAPTING TO THE NEW WAY OF WORKING
Author: James Adie, Vice President EMEA Sales at Ephesoft When the government announced a country-wide lockdown on March 23,...
GALA TECHNOLOGY SELECTS NUAPAY TO ENABLE OPEN BANKING PAYMENTS
Nuapay, powered by Sentenial, today announces it has been chosen by Gala Technology, a payment security solution specialist, to provide Open...
THE ROLE OF OPEN SOURCE IN UNCERTAIN TIMES
Kris Sharma, Finance Sector Lead, Canonical Financial services are an important part of the economy and play a wider...
SIMPLIFYING THE RETIREMENT FUND DEATH CLAIMS PROCESS
By Dolana Conco, Regional Executive at Alexander Forbes Losing a loved one is one of the most difficult experiences...
THE EMBEDDED BENEFITS IN ESEF DIGITAL FINANCIAL REPORTING
The inclusion of a simple link delivers serious gains in transparency, trust and real time verifiability for the whole financial...
YAPILY AND OZONE API PARTNERSHIP MARKS TURNING POINT IN OPEN BANKING ADOPTION FOR BANKS
Open banking leader Yapily has today announced a strategic partnership with Ozone API, the leading API standards-based platform, to enable banks and...
PROGRESSIVE SCENARIO PLANNING FOR THE LIBOR TRANSITION
James Gannaway, Head of Financial Services, Board International The Financial Stability Board have announced that disruption to markets caused...
AS DIGITAL TRANSFORMATION ACCELERATES, ENTRUST DATACARD BECOMES “ENTRUST”
Entrust name and identity reflect the critical need for trust at the heart of the digital transformation – and the...
HOW TO TAME YOUR FINANCES TO REGAIN CONTROL OF YOUR MONEY
Credit, combined with bad spending habits, means many South Africans find themselves living from payday to payday, but you can...
HOW DATA VIRTUALISATION CAN HELP THE FS INDUSTRY REGAIN COMPLIANCE CONTROL
Charles Southwood, Regional VP – Northern Europe and MEA at Denodo In recent years, the financial services (FS) sector has witnessed a...
HOW TECHNOLOGY IS CHANGING ACCOUNTING
Mike Whitmire is Co-founder and CEO of FloQast, The fundamentals of accounting have been around for hundreds of years....