Information Security as it Relates to Financial Services
The Knox Corps Founder and Advisory Chief Security Officer Scott Patterson spoke to members of the Financial community about all the contents and makeup of Information Security.
“A business that doesn’t have any ongoing security measures in place is putting their data and customers’ trust in jeopardy,” said Patterson. “As large enterprises have increased their security defenses, hackers have started to target their attacks downstream to small –to-medium sized businesses, especially those in the financial sector.”
On the heels of several banks and financial institutions being breached and data being removed from entities without their knowledge, Information Security should be on the Board’s strategic planning for 2015.
According to Patterson, a business might hold personal identifiable information along with credit card information or other financial information. Patterson also stated that organizations are only focused on data that impacts the business model, but are not focused on the data that supports operational objectives.
“Every business has a business model and every business has an operational objective, which is how they go about achieving the business model. An Example of operational objective is data that is not related to the core business data, it is the data of your employees. Employees contribute to how the operational objective is achieved and once an employee is hired, we obtain massive amounts of information from them. So not only can an organization be in litigation for not protecting regulated core data, they also can be in litigation by not protecting employee personal identifiable information.
In addition to exorbitant fines, every breach is published, creating lasting damage to a business’ reputation and hindering its ability to recover public trust.
With services such as those offered by The Knox Corps, a series of administrative, physical, and technical safeguards will be implemented for a business or third party to assure the confidentiality, integrity, and availability of sensitive data.