As technology paves the way for greater convenience and new service features, banks and credit unions must not lose sight of the security pitfalls that accompany these advancements. Financial institution leaders should always take into consideration the functionality and propriety of their entire technology infrastructure, but here are three IT areas that stand out as emerging hot topics for the industry.
- Cloud computing: Onsite hosting and maintenance of IT resources, like the core processing application that underpins the majority of customer transactions and records, is a significant responsibility from a staffing and cost perspective. To offload some of this responsibility as well as the security risk, financial institutions may consider moving IT applications to the cloud or allowing a vendor to host them. This decision provides tangible benefits beyond risk management, including lower costs related to in-house IT staff and greater IT expertise. Financial organizations of all sizes are moving to a cloud environment as they recognize sacrificing some direct control and onsite availability is worth the savings and greater IT knowledge.
- Mobile security: As more internal business and self-service tasks are conducted remotely, financial institutions must be aware of and prepared to embrace the benefits but also understand the risks of mobile technology. If your bank or credit union allows employees to access its email system or other applications via their personal mobile devices, make sure your usage policies adequately address risk management and security responsibilities and that you have procedures in place to manage security issues that arise (i.e. applications to remotely wipe an employee’s mobile device that has been lost or hacked). When it comes to mobile banking, users rely on their financial institutions to defend their security, so consider offering and encouraging two-factor authentication and other protective measures on mobile applications.
- ATM security: While the convenience and security of mobile apps and payment options reduce the amount of transactions conducted at ATMs, these machines remain an important service component. Just like any other element of a financial institution’s IT infrastructure, ATMs are vulnerable to remote system hacking (commonly referred to as “jackpotting”) or physical tampering via skimming devices.
A bank or credit union’s ATM fleet may be supported by a separate network. It is important that these machines be added to the same maintenance schedule as other systems so they receive the necessary patches and security upgrades that protect against hacking. Physical inspections are also important to detect any signs of tampering or any skimming devices that may be added to a machine to steal member information when a card is swiped. Inspections of all ATM machines should be part of a standard security routine. Typically ATM inspections are conducted by branch personnel that require training to perform adequate inspections. The inspections need to be thorough – a drive-by won’t suffice to detect most modifications made to machines.
RKL’s team of IT and security experts have decades of experience helping banks and credit unions assess and improve their technology infrastructure. Contact me today to determine your financial institution’s IT security status.