Connect with us

Business

WHY INSIDER THREAT PRESENTS A BIG RISK TO FINANCIAL SERVICES ORGANISATIONS

Written by Adam Strange, HelpSystems

 

In today’s highly regulated environment, financial services organisations are trusted with far more than just money; they are also responsible for keeping customers’ highly sensitive personal and financial data secure. And privacy legislation, such as GDPR and CCPA, has come into force to ensure that they are doing this diligently. Likewise, with the all the publicity we’ve seen around data breaches, as individuals, we are far more aware of the growing value of our data and the need to protect it. So, unfortunately, are cybercriminals, which means financial organisations are prime targets for malicious cyberattack. However, this isn’t the only threat they face. In fact, not a day passes without these firms’ own employees putting data at risk.

 

Insider threat cited as having the potential to cause a lot of damage

When it comes to reducing overall breach risk, it is easy to assume that employees represent low-hanging fruit – based on the premise that it is easier to control the actions of a company’s own employees than it is to defend against external attackers. However, here at HelpSystems we have recently undertaken some research, interviewing 250 CISOs and CIOs in financial institutions about the cybersecurity challenges they face. And the reality is that insider threat – whether intentional or accidental – was cited by more than a third (35%) of survey respondents as one of the threats with the potential to cause the most damage in the next 12 months. Likewise, phishing emails were cited by 20% of survey respondents. Add these two together and you can start to get a picture of the challenge these internal employee-centric risks present for financial services firms – perhaps a far bigger one than the external threat. While external attackers are always motivated by malicious intent, the employee population is far more mixed, and motivations are a grey area where the reasons behind breaches, whether through simple human error or deliberate actions, are harder to determine. This makes understanding, and mitigating, insider risk a far more problematic exercise.

 

Misdirected emails are also a big risk

At the same time, the latest Information Commissioner Office (ICO) report has just been published and the data confirms that misdirected email remains one of the UK’s most prominent causes of security incidents. This report further demonstrates the need for all organisations to control the dissemination of their classified data as it states that misdirected email is, alarmingly, a 44% bigger risk to organisations than phishing attacks.

This is yet another area where organisations must ensure their data protection policies are robust enough to not only protect themselves but also their employees from the seemingly simplest of mistakes. Again our research showed that increased remote working practices was a cause for concern, with 36% stating that they saw it as a cybersecurity threat with the potential to cause significant damage. Therefore, what remains paramount is that organisations provide their employees with the technology tools necessary to prevent the simple human errors that have the potential to result in data loss, and as a consequence, severe financial and reputational damage.

 

Understanding what protection your data requires

Clearly, it is crucial that financial services organisations shift the dial on insider risk and reduce breach frequency, because the penalties for failing to do so are becoming increasingly draconian, and the repercussions from customers much more severe. But put simply, before you can defend, you need to know what protection your data requires and you need to know what you’ve got, where it’s stored, why you have it and who has access to it. Once you’ve got to grips with that, you can identify what is of true value to the organisation – what’s business-critical and what’s sensitive – and then how best to treat it. In order to do that you need to think about what the impact would be if a piece of information was leaked or lost. If it was made public, would it harm the business, your customers, partners or suppliers? Would it put an individual’s security or privacy at risk? Would you lose advantage if a competitor got hold of it? Is it subject to any privacy or data laws, or regulatory compliance?

While this all sounds relatively straightforward, data visibility was another problematic area and subsequent threat emphasized in our research. Data visibility and knowing what data is where and who has access to it was highlighted as having the potential to cause the most damage by 14% of our survey respondents. Combine this with internal cybersecurity fatigue, which more than a quarter (28%) cited as potentially damaging, and you can start to appreciate the importance of providing tools and awareness training to help prevent those easily avoided mistakes from happening in the first place.

 

Employees need tools, training, education and the right culture

As I mentioned, it is a complex problem without a simple answer and this is where employee education is key.  Employees play a vital role in ensuring the organisation maintains a strong data privacy posture. For this to be effective, organisations need to ensure that they provide regular security awareness training to protect sensitive information. In terms of how they go about doing this, they must invest in user training and education programmes. Users are your most important security resource, so train them to be an asset rather than a liability. Users should be a critical part of an organisation’s security posture, not excluded due to the associated risks.

Likewise, the security culture of the firm must be inclusive towards employees, making sure they are continually trained so that their approach to security becomes part of their everyday working practice and security is embedded into all their actions and the ethos of the business.

 

How data classification can help

One way to do this is through the implementation of data classification tools, which not only help organisations to protect their data by putting the appropriate security labels on it, but also help educate users to understand how to treat different types of data with different levels of classification and sensitivity. Here at HelpSystems our data classification solution enables users to classify both their emails and documents according to their sensitivity, using both visual and metadata labels. Once labelled, data can be controlled to ensure that emails, documents and files are only sent to those you want to receive them, protecting your sensitive information from accidental loss.

It is technology like this that leaders within financial services organisations should have in place to protect their employees, prevent misdirected emails, the inadvertent sharing of documents and files and ensure that the organisation is complying with data protection legislation. Remote working is likely to remain, regardless of any future regional or national lockdowns, therefore, making sure that employees have the tools to prevent mistakes and the accidental sharing of data is going to be more important now than it has ever been. The place to start is making sure that any data is appropriately labelled, so that the employee knows how it should be handled.

 

Business

GOING GLOBAL: 7 TIPS TO GET STARTED

The idea of selling your products or services to new markets across the globe is an attractive prospect for any business, large or small. But while reaching new customers and unlocking the potential for further growth can seem exciting initially, adapting your business to foreign markets is no small feat. Factors such as cost, communication and cultural differences can all affect your business’ success when going global. This guide will explore some of the key considerations to make when you’re thinking of expanding your business overseas.

 

Evaluate Your Finances

One of the main questions to ask when looking to go global is whether or not your business can afford to do so. Crossing borders can be a complicated and expensive process which can take away time and resources from other opportunities at home. Growth for businesses abroad is often a slow process; establishing products and services in other countries takes time, so you will need to factor this into your planning. Thorough analysis of domestic and international markets should always be undertaken before making the decision to expand your business overseas.

 

Location, Location, Location

Choosing the right location is crucial to the success of your business expansion. International business network Going Global Live says that taking your business to the right countries initially can save you money on excessive marketing and advertising, putting you face-to-face with your target market from the outset. You should weigh up the pros and cons of potential locations, such as the likelihood of being able to fill your new HQ with prime, homegrown talent, as well as access to desired markets aided by foreign investment bodies. It is also important to consider the relevant laws and regulations laid out by national and regional governments.

 

Ensure You Have the Right Infrastructure

Making sure your business has the right infrastructure to handle expansion abroad will put you in a good place going forward. Implementing a clear management strategy, both locally and centrally, will set your business up for a smooth and successful launch overseas. Having up-to-date IT and communications systems at the centre of your business will allow you to share information and data securely. When it comes to shipping, choosing the best – and most efficient – transport and storage providers will give you the peace of mind that your products are safe in transit. Companies such as S Jones are ideal for businesses looking for more information on storage solutions for shipping overseas.

 

Build a Strong Team

Appointing a strong team to oversee your expansion is crucial to your company’s success in new markets. Hiring people with a good knowledge of your target market, as well as a focus on your business’ interests, is key when establishing your overseas HQ. Working with local partners can help you to communicate your business’ unique selling point in a meaningful way. Having an experienced partner or mentor that you can trust to oversee the expansion will allow you to stay focused on the bigger picture and ensure that your attention isn’t taken away from your core customer base.

 

Have Faith

Once you’ve made the move to globalise your business, be sure to have faith in your ideas and don’t be deterred by slow progress. Dr Shai Vyakarnam of the Cranfield School of Management says that while there is a fine balance between faith and stubbornness, you’ll need “incredible levels of self-belief and faith in your idea” to succeed, and that you “only need to be able to turn a few key people in your favour and the others will follow”. Making well-informed decisions quickly will allow you to stay on track and will nullify the threat of any lingering self-doubt. While progress may be slow at first, be sure to remain patient and be prepared to build personal relationships to gain the trust of your new partners and customer base.

 

Consider the Impact of New Ideas

When implementing new ideas for your business as whole, consider how they will be received by your new international customers, as well as by your existing customer base at home. What might be seen as a positive idea in your home country could be perceived as offensive or alienating by your customers abroad. Factors such as differing time zones, languages and cultural appropriateness should always be taken into consideration when making key decisions to eliminate the risk of alienating foreign customers and damaging your reputation overseas.

 

Be Adaptable

While it is important to have faith in your business and be patient initially, you should also be willing to make changes as things develop. Acting on the advice of experts is key to navigating new markets successfully. It may be that your products and services require innovation to meet demand, or that cultural differences lead you to make changes to your marketing strategy. Being adaptable will give you the best chance of meeting consumer demand on a global scale.

When trying to expand your business to an entirely new customer base, try to bear in mind some of the above points. As long as you remain patient and open-minded, then you should have little difficulty in marketing your business globally.

 

Sources

Continue Reading

Banking

REDUCING FRICTION ONLINE HAS BECOME BUSINESS CRITICAL

Andrew Shikiar, Executive Director at the FIDO Alliance

 

The global pandemic has pushed the importance of remote access and authentication right up the agenda for many businesses. All those occasions where people would normally show up in person to open a bank account or pick-up some high street essentials were simply not possible for large parts of the year. Even as restrictions have eased across the country, these kinds of face-to-face transactions remain an unappealing prospect or a last-resort to many.

Not surprisingly, this has led to unprecedented demand for online and remote services. This brings with it a host of challenges and opportunities, and we have seen many examples of companies brilliantly adapting and reacting to this new way of life. But one issue that businesses and individuals have been grappling with for years – that of frictionless transactions and authentication – has now been put under a brighter spotlight as it is increasingly critical to get right.

 

Friction impacts the bottom line

The core challenge facing businesses is how to strike the right balance between giving customers the best possible experience of online service, and the necessary regulatory and security implications that directly affect – and often contradict – that ideal user experience.

We’ve all likely experienced the very real kinds of friction I’m talking about – it’s the account you gave up on registering for, or the purchase you abandoned because the process was just too frustrating.

Friction like this has direct bottom line impacts through the loss of sales and/or disaffected customers –  and it is substantially more pronounced in the current climate. People have less money to spend, they are spending a greater proportion of this reduced pot online, and businesses are competing for their livelihoods to claim their share. Providing a frictionless experience can be the difference between success and failure.

 

Banking and retail lose out

Nowhere is this problem more keenly felt than in the retail and banking industries. Countless transactions simply don’t happen each year due to issues with passwords or mobile One Time Passwords (OTPs) at the point of signing-up or checking-out.

Data from Statista shows that 69.57% of digital shopping carts and baskets are abandoned and the purchase not completed. And Mastercard’s analysis estimates that up to 20% of mobile e-commerce transactions are abandoned or otherwise fail (e.g., from undelivered SMS OTPs) mid-way.

In addition, independent web usability research institute Baynard found that one out of five consumers abandoned their online shopping carts citing the checkout process as “too long and complicated”. That means 20% of customers taking their custom elsewhere, likely to a competitor, because the process presented too much friction.

 

Passwords are a major part of the problem

Organisations have struggled to strike that balance between frictionless yet secure online log-ins in large part because of historical dependence on passwords – which simply aren’t fit for purpose in today’s online economy. Passwords were designed to be simple but, as we can all likely attest, they have become incredibly cumbersome and difficult to manage.

The demands placed on consumers to remember and keep track of the array of different passwords they need, and the different requirements of password complexity which varies from provider to provider, is proving to be untenable.

Not only are passwords a major cause of consumers giving up on purchases or preventing them from signing up for new services, but they also fail in delivering on their primary objective: to protect accounts and sensitive data. All too often the password has proven to be a single point of failure, and one that is all too easy for hackers and fraudsters to get hold of – a trend accelerated by the coronavirus pandemic.

 

Reducing friction

There has been a move toward developing and adopting open standards that enable any online service provider to authenticate users in a way that is both highly secure and almost completely frictionless – with all major platform and cloud service providers coalescing around a common approach.

It’s clear from the way consumers have embraced using their fingerprints and FaceID to unlock their devices that simple, natural gestures work – and that they are often preferred over using a password. By adopting the latest authentication standards, organisations can enable their customers to use these same easy gestures on their every-day devices to prove their identity and approve even the most sensitive of transactions.

The standards also improve security by moving away from the traditional model where your password or similar piece of ‘secret’ information is stored on a server, to one where credentials are stored on an individual’s device. This means they cannot be phished or divulged through other means of social engineering, while also inherently stopping the large-scale breaches that impact millions or billions of users in one go.

Due to these developments, the kind of poor user experience that leads to abandoned shopping carts and lost customers during the sign-up process is completely avoidable. There is now nothing stopping banks, retailers, and a range of other businesses from offering a superior, and low-friction user experience while also maintaining the safety and integrity of the networked economy.

 

Continue Reading

Magazine

Trending

Finance1 day ago

MASTER YOUR DATA: TACKLING CUSTOMER RETENTION CHALLENGES IN FINANCIAL SERVICES

Helena Schwenk, Market Intelligence Manager at Exasol   Customer retention has always been crucial to financial institutions (FSIs), with the majority...

Wealth Management1 day ago

HOW ALGORITHMS CAN BOOST YOUR TRADING PROFITS

Gabriele Musella is CEO and co-founder of Coinrule   Trading, whether for cryptocurrencies or stocks, is about buying and selling...

News2 days ago

BLACK FRIDAY WEEKEND SET TO SMASH ONLINE SALES RECORDS, ACCORDING TO ECOMMERCE EXPERT

The Black Friday weekend is anticipated to be the largest for online sales on record as the UK remains in lockdown, according...

News3 days ago

ONE IN FIVE INSURANCE CUSTOMERS SAW AN IMPROVEMENT IN CUSTOMER SERVICE OVER LOCKDOWN, RESEARCH SHOWS

SAS research reveals that insurers improved their customer experience during lockdown   One in five insurance customers noted an improvement...

Technology3 days ago

PASSWORDS, BIOMETRICS AND BEYOND

By: Hicham Bouali, Pre-Sales Director EMEA of One Identity, a specialist in identity and access management   At any given...

News3 days ago

AVATRADE NOW SUPPORTING DEPOSITS VIA PAYPAL AND RAPID TRANSFER

AvaTrade continues to grow its customer offering by adding PayPal and Rapid Transfer to its supported payment methods. AvaTrade’s customers...

Business4 days ago

GOING GLOBAL: 7 TIPS TO GET STARTED

The idea of selling your products or services to new markets across the globe is an attractive prospect for any...

News4 days ago

KASHFLOW AND YAPILY PARTNER TO SUPPORT SMES WITH DIGITAL BOOKKEEPING AND CASH FLOW MANAGEMENT

KashFlow continues its mission to provide SMEs and accountancy firms with software that keeps bookkeeping easy to understand and even...

Top 104 days ago

WHY HIGH NET WORTHS SHOULD BE LOOKING AT ANGEL INVESTING IN A NEGATIVE INTEREST RATE ENVIRONMENT

By Oliver Woolley, Envestors   As England gets through its second lockdown, Bank of England policymakers report the UK we...

News4 days ago

VIVA WALLET SUPPORTS E-COMMERCE GROWTH THROUGH ITS MARKETPLACE SOLUTION

Viva Wallet’s PSD2-compliant payment solution for online marketplaces removes the requirement for them to become licensed providers of regulated payment services. Viva Wallet is able to handle the streamlined processing of customer transactions through a PSD2-compliant escrow account...

Banking4 days ago

REDUCING FRICTION ONLINE HAS BECOME BUSINESS CRITICAL

Andrew Shikiar, Executive Director at the FIDO Alliance   The global pandemic has pushed the importance of remote access and authentication...

Wealth Management5 days ago

QUICK FIXES TO LOWER YOUR CAR INSURANCE

Car insurance is something we all have to pay for, no matter how much we despise it. However, it’s not...

Uncategorized5 days ago

ALL-SEASON TYRES AND HOW TECHNOLOGY IS CHANGING THE FUTURE OF TRANSPORT

Avid vehicle enthusiasts will likely know that summer and winter tyres are developed from different rubber compounds which work at...

Business5 days ago

EQUIPPING YOUR TEAM WITH THE SKILLS TO MANAGE THE CHANGING LANDSCAPE

By David Wharram, CEO of Coast Digital   For businesses to emerge from the COVID-19 pandemic stronger than ever, companies...

Banking5 days ago

BANKING ON THE FUTURE: WHY PAYMENTS TRANSFORMATION IS THE KEY TO SUCCESS

Simon Wilson, Co-Head, Payments at Icon Solutions   Standardisation, regulation and technological innovation means payments are well on the way...

Finance5 days ago

DIGITAL FINANCE: UNLOCKING NEW CAPITAL IN DISRUPTED MARKETS

Krishnan Raghunathan, Head of Finance & Accounting Services at WNS, explores how a digitally transformed finance department can give enterprises...

Technology6 days ago

DATA DILEMMAS IMPACTING ESGS

Mario Mantrisi, Chief Strategy and Knowledge Officer, Kneip   It’s been well documented over the past few months that the...

Technology1 week ago

SIX PILLARS FOR A SUCCESSFUL CLOUD

by Giuseppe Paternò, IT Infrastructure Architect, Security Expert, and Cloud Solution Guru   COVID-19 pandemic is pushing many companies to...

News1 week ago

MARQETA CONTINUES EUROPEAN GROWTH, SIGNING THREE NEW DIGITAL BANKING CUSTOMERS

Marqeta is supporting the development and launch of three new digital banks across the UK and Europe   Marqeta, the...

Technology1 week ago

TECHNOLOGY IS OUR FIRST DEFENCE AGAINST MONEY LAUNDERING

Jesse Chenard, CEO of MonetaGo Fraud is an age-old problem that has plagued every industry since businesses began trading. It...

Trending