It can be hard to believe that despite all the warnings about the importance of security, the most common password to this day is in fact “password.” Most people don’t ignore security protocols because they want something bad to happen. They mainly do it as a matter of convenience—and that convenience often puts customers’ sensitive information at risk. Probably one of the most vulnerable industries is the banking industry, where it’s estimated that 75% of the top banks in the U.S. are infected with malware. The biggest cause of these infections and other data breaches isn’t organized cyber-attacks or complicated viruses. It’s simple human error. When employees in the banking industry sacrifice security for convenience, it puts customer data at risk.
But there is a way that you can monitor for this and pinpoint higher risk locations. You can then give additional training at these locations to ensure security protocols are being followed. By first using Remote Risk Assessment (RRA), you can ensure your employees follow procedure to limit the risk of data breaches and keep customer data safe.
How a Culture of Poor Security is Created
Just this week in the UK, Tesco Bank—a wholly owned subsidiary of the retail chain giant—reported a data breach that compromised the records of 20,000 customers and cost more than $3 million in financial losses. While authorities are still searching for the cause, the biggest standing theory now is that the entire event stemmed from an internal security breach.
Cyber criminals count on human error when seeking vulnerable parts of a network. This is getting easier now due to document sharing sites, third party applications and the wide range of devices that can be connected to a company network. Some employees might not think twice about putting a confidential document on Google Drive or downloading an unapproved application onto a company device. They don’t think that these small actions could be enough to cause a major security breach. But they’re wrong, because those actions create a culture of poor security.
If one employee sees that another has downloaded a third-party application onto a company computer, they may do it too. If the boss has their password set to “password,” employees may also think that’s acceptable. A culture of poor security starts when one person stops following the rules and it grows until everyone’s forgotten what the rules were entirely.
Training and awareness are key to maintaining your customer’s data in today’s digitized world, but at the same time, training takes money and time. That’s why you need to be able to prioritize these trainings to ensure that the locations with the weakest security protocols are the ones that get training first.
A significant problem that you as a bank leader may face is that it can seem impossible to identify which branches are at higher risk until after a data breach has occurred. By then, it’s already too late. Customers may lose faith in your bank to secure their information and it will require millions to repair the compromised network. On top of that, your bank could face fines and penalties if it’s found that the cause of the breach was an egregious negligent attitude towards reasonable security measures.
The key to helping your institution prevent all this is to have a targeted, proactive security training program. RRA can be used to help pinpoint the highest risk branches before that high risk turns into a massive security breach.
Using RRA to Pinpoint Security Weak Points
Remote risk assessment can be a cost-effective way to create a risk heatmap for an organization with many locations, like major banks and financial institutions. That heatmap can have an organization-wide macro view, or a micro view within a particular office only. RRA is an automated process which allows you to evaluate employees’ knowledge of and adherence to security procedures, and correct behaviors which could result in a breach.
This can be accomplished by creating a simple question set of yes or no answers, which employees will respond to over the phone. Questions about basic security procedures can be used to monitor for risks from employees. Employees might be asked:
- Have you ever downloaded a personal application onto a company computer?
- Do you use unapproved personal devices on the company network?
- Have you ever shared a company password with an unauthorized person?
- Have you ever used personal emails or a document sharing site to share a confidential document?
Now, it’s very likely that someone answering those questions might not give an honest answer. Instead, they’re going to give the correct answer. What is unique about RRA is that it doesn’t just record answers but also uses proprietary signal analysis to analyze specific characteristics of the human voice that relate to risk. An employee who has breached security protocols will be classified as potential or high risk, and the appropriate action can be taken (education for the first instances, but more appropriate disciplinary action for repeat offenders).
RRA can also be implemented on a massive scale, so that hundreds of employees can be assessed at once. Results can be given not just on an individual basis, but as a means of creating a risk heat map, where you can get an at-a-glance look at where your highest security risks lie. Then, those high-risk branches can be prioritized for remedial security training.
AC Global Risk offers this risk mapping service to those in the financial industry, or to any company where customer data security is a major concern. This is a cost-effective solution for assessing the risk of hundreds of employees in a short period. For more information on using this unique technology, contact us today.