Connect with us

Finance

CISOs IN FINANCE: HOW TO LEAD THE PRIVACY STRATEGY

Sophie Chase-Borthwick, Director of Data Ethics and Privacy, Calligo

 

Privacy is essentially just a data security problem, right? Surely, the requirement to act more responsibly with personal and sensitive data equates to protecting it better, encrypting it and preventing hacks and leaks?

 

Many financial businesses assume exactly this, and that data privacy, whether GDPR or California’s new CCPA, is merely an IT security problem. However, it goes far wider than that.

 

For the chief information security officers (CISOs) that have been assigned responsibility for privacy within their organisation, it can often be seen as an unenviable task. Few boards and and executive teams understand the detail of what is required for GDPR adherence or Privacy by Design to assign enough or the right resource to the task.

 

In fact, we regularly hear stories from financial services organisations of all sizes about shoddy approaches to data privacy, especially GDPR, with some assuming that just because they have a data security function, adherence is a given.


However, as an experienced CISO, you will understand that privacy is not as simple as ring-fencing your data. You will appreciate that because GDPR in particular requires the responsible management and use of data, just as much as its responsible protection, that a privacy strategy needs involvement from every part of a financial organisation, including marketing, HR, sales etc.

 

But many businesses did not think like this. Or more accurately, many CISOs were fully aware of the extent of the task, but were not given the time or resource to address it appropriately. Many were forced to focus on the parts they could fix the fastest and the easiest, predominantly technology and data protection, leaving major gaps in processes and people – the two other equally-important pills of adherence.  

 

Others were bending over backwards to cover the basics of the new requirements, but saw their wider security strategies either derailed or delayed in the process, leaving many financial businesses more susceptible to security breaches than they were before. These are real scenarios that we have seen time and again amongst our clients.

 

So, how is it possible to balance data privacy with wider security strategy? Many argued when GDPR came into force that it represented a huge opportunity for those in CISO roles to change the perception of their input and value to a business; from simple data protection to instead safeguarding data across its entire lifecycle.

 

But how can you put this into practice? How can a CISO build the strategy that achieves the immediate data privacy goal, while enhancing – not weakening – wider data security initiatives, and their own standing?

 

Assess your business holistically

There are eight domains that require addressing for a successful privacy strategy: governance and accountability; risk management; security management; third party management; incident management; personal information management; rights of data subjects; and finally, understanding the scope of your organisation as it pertains to the relevant legislation.

The most obvious observation for many CISOs will be that many of these areas are outside their traditional scope. However, they all need equal attention and they are all unavoidably part of the project they are leading. The trick is to not let yourself focus on only the more easily-addressed “home turf” security areas, nor be drawn by the business too far into the non-security areas.

Ask for help

For some, this will be one of the hardest steps – either personally or politically – but it is essential. As mentioned above, there are eight areas that need addressing equally. This means that assistance from experts across the wider business is vital. No one expects a CISO to be well-versed in the legal rights of data subjects, or in how to build a perfect Privacy Policy, but you will need to recruit support from the internal subject matter experts who are, then act as the intermediary between them all, and lead from the front.

Perform a GAP analysis

Before you can even think about aligning your organisation to a privacy strategy, you must identify your baseline and areas of improvement. What are the minimum requirements within each of the eight areas for your business to be in line with the legislation facing you? And, what constitutes particularly robust observance? Finally, where on this spectrum are you aiming for and how does that compare to your current state?  

Present your action plan

The GAP analysis will have provided you with a starting point and a series of non-conformances to address. The next step is to prioritise the remedial tasks required and plan how they will be executed. It is however imperative to demonstrate that the plan is tied to, but not wholly based on, the security strategy. Sales, marketing, HR, IT etc. must all understand that they have equal parts to play, and be equal in their accountability.


Secure wider resource

The final part of the process is to identify the most suitable individuals to assist. This controlled delegation maintains the CISO’s position as the lead on the project, ensures good project management and execution, while also safeguarding the security team’s resources.

 

It’s clear that a privacy strategy is an organisation-wide initiative and encompasses all areas of technology, people and processes. It requires far more than building higher walls around your data, or simply gaining renewed consent from customers. However, it’s important to remember that this will not be widely understood, and given it is commonplace post-GDPR for CISOs to be handed responsibility for privacy, you will need to take the initiative on a whole host of procedures and processes that span your entire enterprise – and may not be within your comfort zone.

However, get it right and you will engender more trust from within your customer base – an important commercial outcome that you can take no small amount of credit for.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Finance

TIPS TO PROTECT YOUR CASHFLOW DURING THE COVID-19 PANDEMIC

By Rita Cool, Certified Financial Planner at Alexander Forbes Financial Planning Consultants

 

The full impact of the COVID-19 pandemic is as yet unknown, but individuals have already begun to have their lives disrupted by the country’s economic shutdown, with retrenchments, salary cuts and forced unpaid leave making them take stock of their financial position.

The basic principles of financial planning are especially relevant at this time, but in the short term, cash flow is more important to many people.

To help safeguard you and your family’s financial security, here are some tips to follow to make sure you’re making your money work hard for you:

  • Draw up a budget – this is especially relevant if you’re worried about possible retrenchment of yourself or your partner. This will help you know how much you need to cover your basic living expenses and where you can save money. Don’t only look at what you need to spend money on, but also when you think you will need that money. Perhaps you paid school fees upfront at the beginning of the year, or your car registration is only due again next year.

    Rita Cool

  • Check your bank fees. Are you in the best structure for your needs? Are you paying for services that you never use? Consider moving banks to get a better deal.
  • Banks have waived the Saswitch fee payable for withdrawing cash at another ATM other than your own bank, but if you’re doing this, be aware of when this switches back as you can end up paying almost double the bank fees.
  • Did you know that you start paying interest immediately if you draw cash from a credit card and that you do not get three or six months’ interest free?
  • Go through your house while you have extra time and identify potential items which you could sell, as this will free up cash.
  • Where possible, pay cash for items as the interest rate on hire purchase items is very high and you pay around 20% more for those items than the sticker price. If you cannot afford the item and you don’t need it right now, wait.
  • Look around for bargains online rather than driving around. There are some good sales on, and you can support businesses that need your help.
  • At the same time, be aware of spending extra cash you could be saving towards your financial safety net. There are lots of deals available, so balance the need for the 70% off bikini or new laptop with being cautious about the future.
  • Use store coupons and discount vouchers. The main food retailers have loyalty programme structures that can be tailored to your specific spending patterns. Make sure you claim point or vouchers but look out for monthly costs to belong to a rewards program. Ask yourself if your monthly savings validate the cost. Optimally a reward scheme shouldn’t cost you money.
  • Check with your insurance company if your premium can be reduced because you’re driving less during lockdown.
  • Check your current insurances. Do an insurance rebroke. Make sure you are covered for what you need and take things off the list that you do not have any more and add what you have bought since the last update. Make sure you are not under or over insured and that your premium is market related. The cheapest premium isn’t always the best so be aware of exclusions and excesses and make sure you can afford the excess if you need to claim.
  • In most cases you can reduce your monthly insurance premiums by not having a cash pay-out in the future. If you want a pay-out, save the extra premium in an investment product, not a risk product.
  • Be wary of consolidating debt. You might pay a lower interest rate but it might well be over a longer period so the total interest paid will be higher. If you have debt issues, set up a debt plan with dates and goals to reduce the debt little by little. Do not give up.
  • Be aware that payment holidays are not a free loan, you still owe the money and you’re paying interest on it. Check with your service provider.

 

Remember that the pandemic will pass. Try not to panic as this may lead to rash financial decisions, which could have an impact on your finances later down the line.

 

Continue Reading

Finance

FIXING THE FLAWS IN FINANCIAL SERVICES’ DATA MANAGEMENT

Simon Cole, CEO at Automated Intelligence, a cloud-based data compliance and governance solutions provider to the financial services sector, warns FS firms must address the data issues flagged and created by the Covid-19 pandemic

When the pandemic started, organisations within the financial services sector were faced with three key questions. How do we do homeworking?  How do we go remote?  How do we manage this?

In trying to answer these questions, the business continuity measures taken by FS firms were not up to scratch. Mistakes that could have been avoided were made. To start off with, users had to be given the necessary equipment to make remote working happen and they had to have access to the infrastructure needed, such as broadband. Users also had to have access to the information and data needed to do their job. And this is where they started to run into trouble. While software applications like Zoom and Microsoft Teams made it possible to stay connected, the systems in place were not adequate to facilitate secure data management practices en masse.

These are the downsides that need to be addressed.

 

Where’s the governance?

Historically, firms operating in the financial sector have been slow to adopt cloud technology, preferring to store sensitive data on premise, in order to mitigate perceived risk. As such, through the lockdown, much of the data people need access to is not in the cloud, but is stored in applications or file servers.

Adding to the issue, the VPNs of many organisations don’t have the capacity to allow large numbers of users online. This lack of VPN availability has forced FS firms to allow users access to GDPR sensitive data multiple times, with little or no method of tracking in place.

In order to acquire the information they need to do their jobs while out of the office, employees have been copying, downloading and sharing files that now exist outside of the corporate firewall, without any governance or security considerations. Such data is now, for all intents and purposes, in the wild, making it harder to bring back under control. Teams working remotely don’t have the corporate governance and security protocols that they would have when working in the office.

So, being forced to work remotely, at short notice, has impacted compliance and governance in a very negative manner. The way data is being handled greatly increases the chance of a data breach occurring. It also flies in the face of FCA regulation, and in particular GDPR where personal data is being used. While the FCA might be a little more lax in light of the current challenges right now, this will change when data breaches start to occur and customers start asking questions. Poor choices now will not be a reasonable excuse to avoid future fines.

If this crisis has shown us one important thing, it’s that the slowness of financial services firms in adopting cloud technology, which made it significantly harder for them to access and use data, has hurt business continuity, security and privacy.

 

Better Data Practices

So, how can organisations take control of their data? For many this means deploying it to the cloud in a rapid manner, whilst retaining security and governance practices. It is possible for organisations to make data accessible if the technology is deployed correctly, allowing all the necessary controls to remain in place. Having the short-term decisions correctly in place and making them under an umbrella of good governance and accountability, ensures that you don’t suffer knee jerk reactions and risk losing control of data.

By keeping on top of your data as much as possible, you significantly reduce the opportunity for chaos to happen. That starts with making it available on a safe and secure platform. At a time like this, it is imperative that organisations have a good understanding of their data. Information asset registers should be kept up to date to track where their information is, where it’s being used and the purpose for which it’s being used.

For our clients, we are now using AI to help them assess and understand their data, flag any risks their data is posing to their organisation, and help them mitigate that risk. By implementing the right systems this can all be automated, and there is nothing stopping organisations from doing this with next to zero impact on their userbase.

Remote working is becoming the norm: It has been proven to work and organisations will start reflecting on how much office space and connectivity they really need. As such, organisations are being forced to act now and adapt their data governance and compliance practices to suit the ‘new normal’. Waiting until the pandemic passes is not an option.

Continue Reading

Magazine

Partner Events

Trending

News16 hours ago

TRIO OF NEW REGIONAL DIRECTORS HEAD UP TIGERWIT’S GLOBAL EXPANSION

Following the release of their record revenue for the last financial year, award-winning online trading platform, TigerWit, has strengthened their...

Wealth Management16 hours ago

SECURING THE EVIDENCE FOR VAT AND TAX

Filippa Jörnstedt, Senior Regulatory Counsel at Sovos   Businesses are almost entirely digital in their nature. With sophisticated technology now...

Finance17 hours ago

TIPS TO PROTECT YOUR CASHFLOW DURING THE COVID-19 PANDEMIC

By Rita Cool, Certified Financial Planner at Alexander Forbes Financial Planning Consultants   The full impact of the COVID-19 pandemic is...

News17 hours ago

RETAILERS WHO OPEN THEIR DOORS WILL NEED EXTRA HELP

With thousands of retail stores given the green light to open in the next few weeks the government needs to...

News17 hours ago

LEADING BANK IN TURKEY USES ONESPAN’S MOBILE APP SECURITY SOLUTION TO HANDLE DOUBLING OF DEMAND FROM COVID-19

OneSpan’s scalability helps DenizBank protect millions of mobile banking users as the coronavirus pandemic drives massive increase in hacking attacks...

News17 hours ago

KASKO PARTNERS WITH VIVIUM TO LAUNCH FULLY DIGITAL BIKE INSURANCE IN BELGIUM

Vivium, a member of the P&V Group, turned to the InsurTech provider to build an omni-channel and bilingual insurance product,...

News17 hours ago

THE STRATEGIC ALLIANCE BETWEEN MINSAIT AND AURIGA WILL PROVIDE AN INNOVATIVE OMNICHANNEL PLATFORM FOR A SUPERIOR BANKING EXPERIENCE

Minsait, an Indra company, and Auriga have reached a strategic agreement that will strengthen their position in the digital transformation...

News17 hours ago

INFORMAL PUBLIC TRANSPORT: FRONT-LINE MOBILITY HEROES

By Devin de Vries, CEO, Where Is My Transport    Every week, 5 billion commuters in emerging markets have no...

Finance4 days ago

FIXING THE FLAWS IN FINANCIAL SERVICES’ DATA MANAGEMENT

Simon Cole, CEO at Automated Intelligence, a cloud-based data compliance and governance solutions provider to the financial services sector, warns FS...

Business6 days ago

FROM MANUAL TO MACHINE LEARNING: HOW TO APPROACH THE RECONCILIATION ‘PROBLEM’

By Christian Nentwich, CEO at Duco   At the start of 2020, before the global coronavirus pandemic changed the world,...

Finance6 days ago

5 WAYS TO MAXIMISE THE VALUE OF INSTANT PAYMENTS

Lauren Jones, International Payments Ambassador, Icon Solutions   Instant payments are the ‘new normal’. The last decade saw a ramp-up...

Business6 days ago

THE BEST PATHS TO SECURE AUTO FINANCING IN 2020

The previously flourishing economy has taken some dramatic turns in the last few months due to the health and economic...

Top Stories1 week ago

TIPS FOR BUSINESS EXPANSION

Alan Sutherland, CEO of Kind Consumer   Every successful business had a beginning.  Its founders usually looked for ways to...

Finance1 week ago

THREE QUESTIONS FINANCE LEADERS SHOULD BE ASKING THEMSELVES DURING THE PANDEMIC

Chris Pope, Global VP of Innovation at ServiceNow   We’re living through unprecedented times, dealing with a situation completely out...

Wealth Management1 week ago

HOW WILL COVID-19 IMPACT ESG INVESTING LONG-TERM?

By Kerstin Engler, Senior Wealth Manager, Geneva Management Group.    Sustainability is a trend on the rise in every sector...

News1 week ago

EIS LAUNCHES IN THE UK AS INSURANCE COMPANIES LOOK BEYOND PROTECTION TO DELIVER MORE VALUE TO CONSUMERS

Leading digital insurance platform expands global footprint to meet UK insurance market demands EIS, a core and digital platform provider...

News1 week ago

TINK TECHNOLOGY ENABLES MULTI-BANKING FOR NORDEA’S NORDIC APP CUSTOMERS

Tink’s account aggregation, data enrichment and personal financial management technologies have been integrated into Nordea’s mobile banking app to deliver...

Top Stories1 week ago

BITCOIN COMES OF AGE

Katharine Wooller, Managing Director, UK and Eire, Dacxi   The Bitcoin halving event, which occurred on the 11th May, has...

Finance1 week ago

KEEPING PAYROLL SAFE AND SECURE IN LOCKDOWN” – HOW FINANCE FIRMS’ PAYROLL TEAMS CAN MAKE IT HAPPEN

by Richard Dutton, account director, Symatrix   With companies across the UK switching to remote working since the pandemic took...

News1 week ago

EMERGENCE PARTNERS LAUNCHES TO HELP BUSINESSES NAVIGATE A NEW WORLD OF EMERGING TECHNOLOGY

Consulting firm will partner with clients to transform their businesses using disruptive technologies   Emergence Partners, has today launched to provide strategic counsel...

Trending