The world economy is in a state of flux. Securities and bond markets have become increasingly unstable. Fortunately, U.S. consumers can depend on stable banking institutions backed by government programs. However, with the increasing number of new mortgages, re-financed mortgages, home-equity lines, savings accounts and CDs, banks must also be sure that they have safeguards in place to protect the immense amount of consumer data they are taking on and saving to laptop and desktop computers as well as the full gamut of removable storage devices. If comprehensive systems are not in place, then it can be the bank itself that assumes the most risk.
According to a recent survey, one in every 10 laptops will be stolen during its lifetime. Not only has laptop theft continued to become more prevalent, but recent reports from USA Today note that personal identity theft more than tripled in the U.S. in 2007.
For data thieves, a pilfered laptop is as good as gold. The laptop, software included, could fetch $1,000 on the black market, chump change for an ambitious crook. The real value of the machine lies in the data stored within.
Electronic data doesn’t die — it lives on in removable storage devices, lost or discarded hard drives, company issued smartphones, on CDs and in e-mail. When you take into consideration the intellectual property, customer lists and financial details that bank executives or branch managers have access to, it comes as no surprise that a typical laptop contains data worth between $1 million and $5 million on the black market.
Most of the public attention on the repercussions of data theft has focused on the potential damage to consumers.
But of equal concern should be the injury suffered to banks themselves in the wake of these breaches. What if the data stored on a stolen laptop was to find its way into the hands of a competitive organization? If the data was sold on the black market how would your bank’s brand fare in the public eye? What would this do to the trust that you have built your business on if your organization could not adequately protect consumer’s personal details? Once lost, brand reputation is exceedingly difficult to rebuild.
In addition to this reputational loss, the financial loss is equally daunting. The Ponemon Institute estimates that data breaches cost companies an average of $197 per record lost. Other reports state that the average cost of a data breach is $6.3 million if you take the cost of consumer notification, legal fees and other expenses into consideration.
With the penalties so severe, and the variety of ways that data can leave your organization, such as laptops, USB thumb drives, CDs, iPods and smartphones, there are many steps that banks of every size should consider to protect their proprietary and consumer data.
When attempting to select data security solutions for your organization, it is crucial to take a two-pronged approach. Considerations must be made and best practices must be followed not only when selecting the types of security solutions that you will deploy to protect your company, but also when selecting the vendors that you will use to supply those solutions.
Proper identification of vendors of enterprise security solutions is extremely important. Vendors should have a track record within the industry as it is important that they understand the needs of your organization and design their solutions with those needs in mind. Furthermore, vendors should be able to provide reference customers within your industry or related industries. These references will allow you to ask questions about the performance of the solution, experience deploying the solution and key drivers for selection, all in a non-sales environment.
In tandem, your organization should follow industry-developed best practices for security, need identification and product selection. The first step is to identify your “must haves” in relation to your institutional needs.
Some of the questions that you need to ask yourself are:
Furthermore, implementation and operation of the solution are key considerations:
Finally, is it necessary to consider best practices for management and deployment of the solutions that meet your “must haves?” The solution’s ability to provide unified centralized management of all of your endpoint data protection solutions from one console is highly beneficial as it streamlines the policy deployment, reporting and integration with existing identity management and directory service infrastructures.
Once these questions have been thoroughly considered and answered, follow-up with an evaluation and trial period to ensure that the selected solution correctly matches the needs defined earlier. These steps will lead to your institution selecting the most complete solution for its needs.
Encryption and data leakage prevention solutions are two forms of endpoint data protection that are inexpensive and readily available to protect mobile devices against thieves or inadvertent data loss. With these solutions in place, organizations can maintain control of electronic records no matter their location. They can be secure in the knowledge that this sensitive information is protected from thieves and available only to company-sanctioned employees.
Leaving your company’s data vulnerable to data thieves is unnecessary and potentially illegal. However, protecting this data up front and on the devices where it is stored safeguards your organization from ending up in the headlines as the next data breach victim and protects the reputation you have worked so hard to develop. As consumers run from the instability of the stock and bond markets to the stable banking sector, make sure your bank has every competitive advantage in place. This will not only make the customers feel the financial security they are searching for, but also make them proud to do business with you.
Ram Krishnan is the senior vice president of products and marketing at San Francisco-based GuardianEdge Technologies. He can be reached at rkrishnan(at)guardianedge.com.
Copyright © March 2008 BankNews Publications