Employees are Weak Links
These days, it’s tough to be a bank. Regulatory demands can be onerous and expensive. Pressure from consumers often means doing more for less. Political rhetoric from both parties over the future of regulation makes it difficult to conduct long term planning. If these factors weren’t contributing enough to managerial stress, hackers are now more creative than ever in targeting financial institutions.
We believe a talented employee base can be a competitive differentiator. Organizations spend countless time and money seeking the best and brightest staff, fostering collaborative cultures, training, and developing employees. However, one area often overlooked in training programs is IT security. We often say that employees are the weakest link in the security profile of companies. One employee can compromise the entire organization by plugging in an infected USB stick or clicking a malicious link in an email. Millions of dollars spent on security infrastructure can possibly be undone by one simple action.
In Monday’s Wall Street Journal, the plight of IT security in banking was profiled. In one particularly striking part, it was reported that J.P. Morgan conducted a test by sending fake phishing emails to its 250,000 employees. More than 20% clicked on the links contained in the emails. Had these emails been real, 50,000 employees would have placed the organization at risk and potentially compromised their machines.
Another avenue of attack by hackers is social media. Hackers are scanning Twitter, Facebook, and LinkedIn, among others, for clues about targeted banks. Are your employees giving away harmful clues about themselves and the organization?
Every employee with a computer or a connected mobile phone represents a potential avenue through which your systems can be compromised. If that doesn’t generate concern, consider this – the Association of Corporate Counsel reports that roughly 30% of data breaches in 2015 were the result of employee error.
Do you have an IT training program? Does it include security? Are your policies and procedures providing sufficient guidance to staff and protecting the organization from a liability perspective? If a computer were to become compromised, what tools do you have in place to identify and isolate it before it affects other systems? The experts at O’Connor & Drew’s IT Audit & Security practice have decades of experience helping companies in the financial services sector protect their systems and staff against these types of threats. Call or email today to see how we can help secure your organization.