What’s the most important factor in a bank’s success? It’s not a large customer base. It’s not high-frequency trading algorithms. It’s something much more simple and human: trust.
After all, banks don’t sell a product. You can’t touch a deposit account or a loan. Everything is based upon your banker and the quality of the systems in use. That’s always been true in banking. What’s changed recently is that outside attacks on bank security keep increasing. There are facts about cyberattacks against banks that you should know about.
Attacks Are Constant and Difficult to Detect
Detecting a breach is difficult when you run a complex bank. First off, discovering breaches takes longer than you might think. An Accenture survey found that banks took 59 days on average to detect a breach. During that time, hackers may steal information and discover additional ways to compromise a bank’s security. Second, major banks suffer over 80 serious attack efforts per year as of 2017. As hacking tools and resources continue to become cheaper, that figure will only increase.
How Can Banks Limit the Risk of Cyberattacks?
Here’s the unpleasant truth: financial services companies are a major target for cyberattacks. It’s also a reality that some attacks will succeed. What can you do about that? The solution is to find ways to reduce the impact of attacks. There are a few ways to achieve that goal, depending on your resources. Let’s start fighting fire with fire. The best way to address cyberattacks is through better technology.
Software Solutions for Financial Services to Improve Cybersecurity
In combination, these two software solutions play a role in reducing your bank’s cybersecurity exposure. Start with looking for ways to make security easier to manage for your employees. After all, if employees are frustrated with complicated cybersecurity processes, they’re less likely to remember and follow bank policies to the letter.
Make Life Easier for Bank Employees with Single Sign-On (SSO)
What happens when employees have a large number of logins to manage at work? They take shortcuts. Some of these shortcuts are better than others are, such as password-protected Excel files filled with passwords versus sticky notes. Even worse, some employees will simply use low-quality passwords such as their name or variations on “password” if they have too many passwords to manage.
The better way is to simplify life for your employees by offering a single sign-on (SSO) solution. With SSO in place, your employees only need to remember one password. That means fewer shortcuts and fewer opportunities to exploit problems.
Catch Up with Multi-factor Authentication (MFA)
Did you know that many of the world’s largest banks already have multi-factor authentication in place? It’s one of the best ways to secure your bank from hacking. If you omit these solutions, you’re putting your customers at unnecessary risk. With MFA, your SSO implementation becomes even stronger. The most common way to implement MFA is to combine MFA with a smartphone. When a user attempts to log in, he or she receives a text message or notification in an app to authenticate again.
Tip: Are you looking for additional cybersecurity protections for highly sensitive roles? In those situations, consider using biometric authentication. The hassle is worth it when it comes to protecting sensitive user accounts held by executives, traders, and senior managers. What are companies currently using? CNN reports that fingerprints and facial scans are the most popular biometric authentication choices.
People and Process Solutions to Support SSO
What if an outside contractor pretends to be a maintenance person and gains access to your bank? That’s just one example where people and process vulnerabilities remain even after you have a robust system in place. Let’s start with a closer look at password training for employees.
Augment SSO with Password Training
When you put a SSO solution in a financial company, two things will happen. First, your employees will have fewer passwords to manage. Second, there will be increased expectations on the remaining passwords. To help your employees stay secure, offer a password management training session.
Start with Why
Before you get into technical guidance, start with your rationale for providing password management training in the first place.
- Review password problems in the news: Cybersecurity may feel like old news for some people in your company. That’s why you need to present recent security stories. In 2018, Cosmos bank in India lost over $10 million due to a hack. It’s a reminder that good password security and supporting systems are required.
- Clarify your password management expectations: Ask your executives to personally present at the password training. Even a short introduction from the CEO or chief operating officer will send a strong message about the importance of the session.
Password Management Techniques
There are two specific areas to cover in your password training.
- Review password requirements: Take the time to circulate and go through your password rules. If you suspect that current passwords are weak, you may want to ask everyone in the session to come up with new passwords during the session.
- Highlight multi-factor authentication options: If your company offers MFA, provide training on how to use it. Using facial recognition takes a bit of practice, so give staff the opportunity to learn it in a low-pressure setting.
Resource: After you fix passwords and get single sign-on in place, what’s next? You need to implement access governance.
Integrate SSO into Your Bank Cybersecurity Program
Will using SSO improve your security? Yes. Will it prevent all attacks from succeeding? No. There’s no single silver bullet in security. Instead, you need to implement SSO. Next, you integrate that software into your broader security strategy. That means using metrics to track SSO adoption. It means checking to make sure new systems are plugged into the SSO. That’s the work of keeping your bank safe for the long term.
