- Hack Attack: US Financial Institutions in the Cross-Hairs
- September 28, 2012 | Authors: Cynthia J. Larose; Amy Malone
- Law Firm: Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. - Boston Office
Last week the FBI released a fraud alert warning financial institutions that cyber criminals have been using tactics such as spam and phishing emails to obtain employee log-in credentials. After obtaining the credentials the hackers initiated wire transfers oversees. A few days after the alert, Bank of America, JPMorgan Chase and Wells Fargo suffered service outages that prevented access to their websites. According to security experts, such outages were likely caused by denial of service attacks that disrupt the service to websites by overloading the servers with traffic so that they cannot respond to legitimate requests.
These attacks have been aimed at financial institutions, but are a good reminder to all organizations that cyber security remains an important aspect of your company’s overall security. Technology is constantly changing and hackers are always finding new ways to penetrate systems so it’s important for organizations to analyze their systems and make updates as necessary.
Where do you start? Below are a few tips for combating cyber security threats:
1) Remain vigilant. No security system is 100% secure so it’s important to review the safety measures you have in place and identify gaps. A good way to identify such gaps is by hiring a third party to perform penetration tests on your systems. Malicious attacks are simulated in penetration tests which will enable your organization to identify how your protections fail. It’s also important to run regular scans of your network for vulnerabilities and make sure your firewalls are as strong as possible. Investing in security technology before you have a breach will save your organization time and money in the long run.
2) Train your employees. According to a recent article published by Computerworld, most data breaches are inadvertently caused by employees. An organization can have the most robust cyber security system available, but if employees are not trained and re-trained about the importance of protecting sensitive information then there are going to be data breaches. It’s important to educate employees on how to protect information, including the threats posed by spam and phishing emails.
3) Encrypt, encrypt, encrypt. Encryption of information at all stages will information useless if it is obtained during a hack.
4) Vet your vendors. Is your company providing sensitive information to third parties (storing documents offsite? That counts!)? If so, it’s essential that your company conduct reviews of vendors to ensure their security measures meet your standards. What about your vendor’s vendors?
Protecting your company’s personal information is an on-going challenge.