Guide To Protect From Information Security Trends For The Financial Industry


Hamilton, NJ (PRWEB) October 31, 2011

“Financial Industry Threats Evolve.” said John Verry, Security Sherpa for Pivot Point Security. This has been made clear with the growth of ZueS malware. In fact, perhaps no industry is subject to more regulations or holds more sensitive Personally Identifiable Information (PII).

 

Pivot Point Security recently informed its customers about information security trends for the financial industry. As banks undergo their annual FDIC audits, they should be aware that an auditor is likely going to ask about wireless (WLAN) security.

 

Do you have any wireless access points? If so, specify the number of Wireless Access Points, security controls in effect and your procedures for detecting rogue access points

 

To address this change, financial services should consider WLAN security testing. One option is a WLAN Configuration Audit, which validates that the WLAN is designed and configured in accordance with good practices. Another option is a WLAN Survey, which confirms that the WLAN is restricted to authorized individuals, does not extend beyond intended boundaries, that no Rogue Access Points have been deployed, and that other organizations WLANS are not extending into the workspace and putting the business at risk.

 

Banks working with third-party vendors should also be looking closely at their information security. In an interview, Donald Saxinger, Senior Examination Specialist for the FDIC, said that auditors are closely monitoring service level agreements and contracts with third-party vendors in areas such as cloud computing, mobile banking and mobile payments. “The same technology that can be used to improve security is also a security risk,” said Saxinger.

 

Many Pivot Point Security customers using third-party vendors have been asked to prove compliance (attestation). With that in mind, Pivot Point Security has created a Third-Party Vendor Risk Management Presentation and Information Security Guide – both available as a free download.

 

Another trend discovered is the volume of phishing attacks reaching financial industry emails. Phishing emails come in all shapes, sizes and forms. The key is to be aware of suspicious emails that arrive in your email boxes. Attachments and linked files are common in these emails, and they often contain an embedded version of the ZeuS malware.

 

Pivot Point Security recommends for financial institutions are undergoing their annual security testing, to consider the following:

FDIC / FFIEC / OTS / SEC Controls Audits
Network / Online Banking Systems Penetration Testing
Zeus Malware Detection / Protection
Social Engineering (e.g., Phishing)
Security Log Monitoring & Retention

To learn more about these services, download your free copy of the Third-Party Vendor Risk Management Presentation and Information Security Guide.

 

About Pivot Point Security:

Continually evolving technology, business requirements, regulations, and threats make “being secure” and “proving you’re compliant” increasingly complex. The only logical response: Simplify. Pivot Point Security makes it easier to prove that you are secure and compliant. Pivot Point Security knows how important compliance is and understands financial industry security. For more information visit http://www.pivotpointsecurity.com

 

###



About The Author

Ibrar Ayyub

I am an experienced technical writer holding a Master's degree in computer science from BZU Multan, Pakistan University. With a background spanning various industries, particularly in home automation and engineering, I have honed my skills in crafting clear and concise content. Proficient in leveraging infographics and diagrams, I strive to simplify complex concepts for readers. My strength lies in thorough research and presenting information in a structured and logical format.

Follow Us:
LinkedinTwitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top