Resources

Blogs

How to Deal With Security Breaches for Banks

In an ideal world, every security breach could be prevented, but unfortunately, that’s not the case. In the real world, security breaches happen pretty much every single day.

It happens with much more frequency than I think any of us would be comfortable with

— James Boffetti of the Attorney General’s Consumer Protection Bureau in regards to bank data breaches

If your bank hasn’t had a data security break in, you’re one of the lucky ones.

But once a breach has occurred, you’ll be in a much better position if you have a response plan in place. It’ll help the bank primarily with these 3 things:

  1. Detect the breach ASAP.
  2. Minimize losses and damages.
  3. Restore banking operations swiftly.

The Consequences

Without a good process in place, a security breach will do serious damage to your bank’s business. In addition to the financial penalties imposed on by the state1, there is also the loss of consumer trust, bad publicity, and customers who will leave for another banking institution.

The Process

When your bank has detected a security breach, all activities should be focused on containment, eradication, and recovery.

 

Containment

A few key decisions are part of the containment stage. The decisions depend on the severity of the breach.

For example, if it involves account information and passwords theft, should all accounts be on lock down? Were all accounts affected? Or just certain ones from a specific database? Who needs to be notified?

Naturally, the decision scenarios should all be predefined during the preparation stage. It should be mapped out in flowcharts or decision trees.

If possible, get a memory dump of the servers and cut the log file and back that up. Also, increase the current level of logging. Logs will come in handy for investigating later.

Keep in mind, everything done should be documented for forensic, investigative, and regulation purposes.

Eradication

Eradication is necessary for breaches that involve viruses, worms or any other malicious code like malware, root kits, key loggers, etc.

Eradication may not be needed in all cases and can be combined with recovery.

Again, proper documentation of everything completed will be needed.

Recovery

Recovery may include:

  • Password changes
  • System, computer, laptop, tablet backups and restorations
  • File replacements
  • Server and computer patches
  • System rebuilds

Post-Incident Activity

Systems that are known to hackers as vulnerable will be attacked again. If possible, increase the firewall and network security. Sometimes the breach is the first of many, or could have just been a test or diversion by the hacker.

After the incident is when you’ll do a “lessons learned” session — what went wrong, what things were done right, how did the security breach occur, what can we do to mitigate this risk.

The purpose of the meeting is to update your bank’s policy, procedures, and strategies in the event future security breaches happen again.

Next Steps

Hopefully you’ve found this post useful for your bank.

Having policies, procedures, and strategies is all great in theory, but the one thing that will really help is to practice and have scheduled incident simulation/rehearsal sessions.

You can find more resources below.

And if you would like to have a preliminary discussion with someones about security breaches and your financial institution, please call Intelinet Systems at:

(855) 303-0477 ext.1004

References

1. State Data Breach Statute Form: Requirements for Specific State

2. NIST Information Security Handbook: A Guide for Managers

Additional Resources

1. How To Prepare for, Respond to and Manage Breaches

2. Security & Privacy Made Simpler: Manageable Guidelines to Help Protect Your Customers’ Security and Privacy From Identity Theft & Fraud

3. FTC Bureau of Consumer Protection Business Center’s webpage on “Data Security”

4. IT Security Breaches in Financial Institutions