Financial institutions are facing a new reality in today's current economic situation, with pressure for more transparency and improved risk management. At the centre is information. Institutions that effectively secure, manage and control their data are best positioned to retain and acquire customers, comply with regulations, and protect their reputation from both internal and external threats.
The need for today's banking institutions is to prevent valuable digital information from leaving their organisation, whether intentionally or inadvertently. This requirement makes data loss prevention (DLP) a key technology for banks.
Banks are aware that their customers are protective of their personal data and are prone to change providers if they don't feel confident about the security of their information. Other factors driving the need for DLP are negative media exposure in the wake of data breaches and the need to demonstrate rigorous data protection standards.
With a mobile workforce and consequent proliferation of sensitive data resting on thumb drives, laptops, PDAs, iPods and other personal devices, understanding where confidential data lives, where it's going, and who is accessing it becomes complex and difficult to control.
As banks look to provide customers with a seamless experience across a growing number of channels, including online and mobile banking, it's a challenge to keep customer data safe.
Financial firms also know that protecting against data loss can be a good investment. Data breaches tend to scare customers away from online banking, which is a bank's most profitable channel and currently outpaces the number of transactions in all other channels, with no sign of slowing down. DLP enables:
Banks, credit card companies and credit-reporting institutions to protect customer identity and account information, intellectual property and financial results.
Allow only authorised laptops, desktops and other devices to connect to the bank's network.
Prevent employees from sending unauthorised documents and data through corporate or Web e-mail.
Encrypt disks and back-up tapes to prevent data usage in case of loss or fraudulent access.
Prevent confidential data from being stored on file servers with unauthorised user's access.
Report risk of confidential information exposure across bank departments.
Wise firms aren't using DLP simply to improve their defensive posture; they're using it as a tool to correct employee behaviour as well. One example of how this works: DLP blocks an outgoing e-mail containing confidential data and alerts the sender about the action.
Research shows that most data loss is inadvertent, not malicious.
On the one hand, individuals are increasingly protective of personal information; on the other hand, employees who handle data make fewer distinctions between their personal and professional lives. The way people work the line between company versus personal information is blurring. Today, banks and financial institutions generally understand the term ‘2.0' and its impact when interacting and transacting with clients online. However, the consequences of internal adoption of Banking 2.0 practices — such as social media, instant messaging and web-based collaboration tools — are far reaching.
What is required to adopt Banking 2.0? Here are some considerations:
Protection of customer data and intellectual property: Defining what is confidential;
Increase search capabilities on internal engines: Sharing knowledge.
Secure employee communications: Allowing instant messaging but recording chat for legal purposes;
Manage digital identity: Are you who you say you are?
24x7 application and data availability. Critical for ‘follow-the-sun' operations and dispersed global teams.
The dilemma of banking 2.0 is a justifiable concern facing this industry but with the right processes, tools and planning, taking this step needn't be as daunting and may offer the chance to create an internal ecosystem that reflects the organisation's modern approach.
(The author is Managing Director, Symantec India)