Cyber Best Practices for Financial Institutions

The finance sector is often seen as a high-value target for cyber criminals. This might seem frightening, but by following cyber security best practices, you can protect your employer.

Why is cyber security so important for financial institutions?

As an employee at a financial institution, you likely have numerous duties related to maintaining the confidentiality of sensitive data. This includes handling financial accounts, credit cards, and personally identifiable information. This information is highly sensitive and valuable to cyber criminals.

View Options Again

Financial institutions store valuable customer data. A breach will usually have significant impact and can cause massive financial loss. Financial institutions do not need to have good cyber security. They only require excellent physical security on site. It's not important. Laws protect financial institutions from hackers, and strict penalties are applied if a hacker is caught. This reduces the importance of cyber security.

The importance of data security

Data security is the practice of protecting information from unauthorised access, corruption, or theft throughout its entire lifecycle. When handling sensitive information, data security is of particular importance.

To understand the importance of data, we first need to classify it. This process involves tagging data according to its type, sensitivity, and impact to the organisation if altered, stolen, or destroyed. It helps an organization understand the value of its data, determine whether the data is at risk, and implement controls to mitigate risks.

Controls dictating how to handle data are essential to ensuring its security. For example, confidential information should have strong controls in place, which could include multi-factor authentication to access the data, restricting view permissions based on a need-to-know basis, and only allowing access if certain devices are in use.

When data is no longer needed, its important to destroy it in a secure manner to prevent it from falling into the wrong hands. Depending on the data sensitivity this may include shredding paper documents, wiping electronic media, or using other secure destruction methods.

What is NOT a way to secure a financial institution against cyber attacks?

Passwords should never be stored in plaintext, but if they are, they should be secured in a safe. All other listed options are valid ways to secure financial institutions against cyber attacks.

View Options Again

When accessing your emails or browsing the internet, you should always be cautious. Implement data security protocols to ensure your digital information is protected throughout its lifecycle. Ensure all your devices are up-to-date and have the latest security patches applied. Keep a copy of your passwords in your bedside diary as a backup.

Staying cyber safe

Staying safe on the internet requires us to maintain good cyber hygiene practices

Ensure you use strong and unique passwords for all your applications. In the event one application is compromised, all your other accounts will remain secure. A practical method of implementing this is to use a password manager or a single-sign-on solution. Strong passwords should contain a mixture of numbers, letters, and special characters.

When you're online, be aware of your digital surroundings. If a website seems suspicious or if something feels wrong, trust your gut and leave the site. When using email, always be on the lookout for phishing attempts, and never click on links in unsolicited emails.

You should always ensure your devices are up-to-date and have the latest security patches applied. Cyber criminals are constantly finding new vulnerabilities in software and keeping your software up-to-date helps to prevent abuse of these vulnerabilities. This will help ensure your devices are safe and protected from new threats.

What is an example of a strong password?

Strong passwords are long passwords and ones that a human or computer would not easily guess. It is best to use special characters, upper and lower case, plus numbers and letters. Avoid using obvious passwords like sequential numbers or lazy passwords such as "password" or "qwerty". These are common passwords that are easily cracked or guessed.

View Options Again

qwerty 1234567890 password123 TheFr0gJump3dHigh)1

What is an example of using caution online?

Being wary of suspicious emails is a textbook example of using caution online. You should always be on the lookout for potential phishing scams designed to masquerade as a company or someone you know. They could have the intent to steal your personal information or infect your device with malware.

View Options Again

Sharing your credit card information via email. Only browsing websites you haven't been to before. Being wary of suspicious emails, especially those that contain links or attachments. Only opening emails if they claim to come from known companies.

From a security standpoint, why should you always keep your devices up to date?

Whilst keeping your devices and software up-to-date will give you the added bonus of new features, from a security standpoint, the key reason to update is to ensure you have the latest security patches applied. By staying up-to-date, known vulnerabilities will be fixed, and your devices will be safer to use.

View Options Again

New features could be useful for your organization and improve productivity. To avoid compatibility issues with my colleagues. Keeping your devices up to date is only for those people who like to keep up-to-date with the latest tech trends. It will help to ensure your devices don't have known vulnerabilities an attacker can exploit.

Learn how to spot the phish

Look out for urgency in email subjects, fraudulent sender addresses or requests to perform an action.

Compose

Folders

Inbox 6
Starred
Draft 3
Sent Mail
Spam
Trash

[URGENT] Claim Your Work From Home Set-Up Payment

Human Resources ( human-resources@webnotifications.net )to john.doe@mybusiness.com

Dear John,

Claim Your Work From Home Set-Up Payment

Our company acknowledges that we are all working from home for a longer period and is offering a one-time payment to all employees of $1500.00 USD to ensure that you have a suitable home working set-up.

To receive the payment via payroll, you will need to complete this acknowledgement form .

For more information on how to set up your home office space safely, please look at the:
https://www.workingfromhome.hr/arragements/concur/apps/track

Thank you,
The Human Resources Team

***This is an automatically generated email, please do not reply***

Goals of cyber security

The goal of cyber security is all about enabling businesses to adopt digital technologies in a safe and secure way. Depending on your priorities, the following principles may apply.

Confidentiality refers to protecting the secrecy of information and systems. It is common for data to be categorized according to the amount and type of damage that could be done if it fell into the wrong hands. More or less stringent measures can then be implemented according to those categories.

Integrity refers to the measures taken to protect information from unauthorized alteration. These measures provide assurance in the accuracy and completeness of data. The need to protect information includes both data that is stored on systems and data that is transmitted between systems, such as email.

Availability refers to ensuring that authorized users have access to information and systems when they need them. This means protecting against attacks that can disrupt access or cause them to become unavailable. This involves properly maintaining hardware and technical infrastructure and systems that hold and display the information.

Why is Multi-Factor Authentication important?

MFA is an authentication method that requires more than one verification factor to validate a user's identity by using something they have, know, or are.

This type of authentication factor requires the user to provide something that only they know, such as a password or a PIN. This is the most common type of authentication factor and is often used as the first layer of protection.

This type of authentication factor requires the user to have possession of something, such as a security token or a smartphone. This type of authentication factor can be used to provide an additional layer of security and can be especially useful for protecting against unauthorised access when the user is not physically present.

This type of authentication factor is based on the user's physical characteristics, such as their fingerprint, face, or voice. This type of authentication factor can be used to provide an additional layer of security and can be especially useful for protecting against unauthorised access when the user is not physically present.

What is an example of Multi-Factor Authentication?

One-time passwords can be generated and sent to the user's cellular device via SMS. The correct user must be in possession of the device that receives/ generates the one-time password to access the system.

View Options Again

Entering a password and receiving an SMS to verify your identity. Letting only one other person know your password. Changing your passwords on a regular basis. Using multiple virus detection methods.

Wrapping up

Protecting financial institutions is a team effort. We each need to do our bit to ensure we're following cyber security best practices and reduce the risk of a successful cyber attack!