Bank employees have recently usurped their customers as the preferred target of cybercriminals in the financial industry according to the FBI and other finance member organizations who last month issued fraud alert warnings to banking institutions. The latest data breach trend by cyberthieves is to use hacking methods such as spam, phishing, keyloggers and remote-access Trojans to intercept bank employees’ login credentials in order to access a bank’s internal network and schedule illegal wire transfers and payments.
There is an ongoing debate in cyber security circles whether the best way to fight this trend is to raise employee awareness through data breach education or to implement data breach protection and security technology services. Experts agree that both are necessary but lean toward business data breach services and technology as the most effective solution to combat hacking. No matter how strong employee security education is, the ultimate responsibility lies with the organizations to mitigate bank data breach threats since it is the organization who suffers from the consequences and potential massive costs of a data breach.
Since technology can’t work without human compliance, the FBI has issued a list of recommendations for banking institutions when instituting policy protocols for their employees. Some of their recommendations include:
1) Advise employees not to click on links or open attachments from unsolicited or unknown emails.
2) Do not allow employees to use work computers for personal use.
3) Implement a strict BYOD (bring your own device) policy that limits employees from using their personal devices (personal computers, tablets, smartphones) to access work accounts.
4) Remind employees to be diligent when keeping track of USB devices that contain work information.
5) Monitor employee log-ins for suspicious activity such as unusual log-in times and file access.
As cybercriminals become more sophisticated in their hacking techniques, financial institutions need to be just as sophisticated in their fraud protection policies.