The cybersecurity vulnerability of banks is high worldwide, as the business environment is continuously changing and new threats emerge every day. Data Loss Prevention (DLP) solutions can help protect sensitive data and meet compliance requirements.
Cybersecurity Trends of Banks
Banks worldwide face various web security risks, being among the most heavily targeted institutions. Due to the large amount of customer data they handle and their financial assets, banks become natural targets for cybercriminals and malicious internal actors. In today’s constantly changing cyber environment, when exploitation activities are getting more sophisticated, more targeted, and more serious, in the absence of an in-depth defense strategy, being breached is no longer a question of “if” but “when.”
In the case of banks, the situation is even more complex as they have to comply with an increasing number of global, regional, and local regulations. Failing to comply or having been breached can result not only in serious financial losses and fines, but it can damage the institution’s reputation and erode its customers’ confidence as well. As a result, banks should regard the protection of their sensitive data not as a compliance mandate but as a responsibility vital for their success.
The State of Things in India
In India, cybersecurity measures for the banking sector have also seen improvements during the past years. In the wake of a rising number of cyber-attacks, the Reserve Bank of India (RBI) has published a set of guidelines and started to conduct cyber audits. The Cyber Security Framework in Banks circular issued by the regulator in 2016 underlines the need to put in place a robust cybersecurity framework, including, among others, a board-approved cybersecurity policy, a cyber crisis management plan, the protection of customer information, and performing compliance assessments continuously. A data leak prevention strategy is also prescribed, which should include data in motion and data at rest, as well as data processed in endpoint devices, in order to help safeguard sensitive business and customer information.
The RBI states the following in their annual report, published in July 2018: “With the emerging threat landscape, where organized cybercrime and cyber warfare are gaining prominence, the Department is working towards ensuring continuous protection against the changing contours of cyber security threat.” As security breaches related to banks keep making headlines, an enhanced security mechanism is part of their agenda. This aims to provide high-level protection against cybersecurity threats, including efficient steps to create a cybersecurity culture, endeavor to make cybersecurity a responsibility, and ensure the CIA (confidentiality, integrity, availability) triad.
The first draft of the Personal Data Protection Bill was also submitted in July 2018 by Justice Srikrishna Committee, and it intends to change the way privacy is perceived and practiced within Indian businesses. The Bill follows the framework of the GDPR and integrates legal frameworks from other countries as well. It prescribes how organizations should collect, process, and store citizens’ data; it essentially makes individual consent central to data sharing. In case of a data breach, institutions would face penalties similar to those under the GDPR.
How DLP Solutions Safeguard Banks’ Sensitive Data?
A Data Loss Prevention (DLP) solution, such as Endpoint Protector, can help banks monitor and prevent sensitive data from leaving the company environment. Apart from providing solutions to prevent internal and external threats, it also helps comply with international regulations, like PCI DSS, NIST 800-171, GDPR, and national ones like the RBI Circular – for which penalties can be pretty severe.
Control Removable Devices
In the Baseline Control section of the Cyber Security Framework in Banks, the following requirements are stated for Removable Media:
“12.1 Define and implement a policy for restriction and secure use of removable media/BYOD on various types/categories of devices including but not limited to workstations/PCs/Laptops/Mobile devices/servers, etc. and secure erasure of data on such media after use.
12.2 Limit media types and information that could be transferred/copied to/from such devices.
12.3 Get the removable media scanned for malware/anti-virus prior to providing read/write access.
12.4 Consider implementing centralised policies through Active Directory or End-point management systems to whitelist/blacklist/restrict removable media use.
12.5 As a default rule, use of removable devices and media should not be permitted in the banking environment unless specifically authorised for defined use and duration of use”
Device Control is an essential feature of Data Loss Prevention solutions that help prevent data leaks and data losses due to employee negligence or malicious intentions. This feature allows full control of peripheral ports and connected storage devices, including managing the rights of each device and restricting unauthorized media connections thus protecting sensitive data from leaving the company; it also allows monitoring, controlling, and generating reports about data transfers. With Device Control, banks can reduce the risks of malware attacks and minimize risks related to BYOD (Bring Your Own Device).
Protect Sensitive Data in Motion
Content-Aware security is another vital feature of DLP solutions, and it is an efficient solution to control what data is allowed to be transferred. Organizations can better protect their sensitive data if they know its content. The Content Aware Protection module increases the visibility of sensitive data by inspecting its content. Based on the company’s policies, transfers of important documents can be logged and reported, and blocked. It can be applied for removable devices, applications like Outlook, Skype, Google Drive, and Dropbox, webmail, and others.
Encrypt Confidential Data
A third important feature of DLP software is enforced encryption, ensuring that confidential data will not get into the wrong hands due to unauthorized access, lost or stolen devices. The best DLP solutions safeguard data stored on computers, cloud storage, and USB devices and provide safe transfers.
Scan Sensitive Data at Rest
The eDiscovery module scans sensitive data-at-rest residing on computers, shared file servers, and cloud storage. It can help in protecting confidential information and minimizing data loss risk.
Taking into account the rising number of both internal and external threats, it is clear why significant growth in the demand for data loss prevention (DLP) measures and solutions can be observed. Banks handle huge volumes of Personally Identifiable Information (PII) and Personal Credit Card Information (PCI), as well as intellectual property, and there is a need for increased security awareness and proactive security.
Endpoint Protector is an award-winning Data Loss Prevention Solution for Windows, macOS, and Linux. Its main features include Content Aware Protection, Device Control, Enforced Encryption, and e-Discovery. Endpoint Protector was recognized in the 2017 Gartner Magic Quadrant for Enterprise Data Loss Prevention and the Radicati Group’s Enterprise Data Loss Prevention Market Quadrant 2017 and 2018. It is certified with Common Criteria EAL2 and won the 2018 and 2017 Cybersecurity Excellence Awards in the DLP category.
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.