Data security is paramount when you’re dealing with customers’ sensitive financial information. A recent Verizon research study showed that nearly 90% of all data breaches are financially motivated. And this timeline of 200+ serious cyber incidents involving financial institutions since 2007 barely scratches the surface of the actual number of incidents.
Simply put, if you’re in the Financial Services space, data security is at the top of your list of concerns.
Data security has always been a significant focus area, and it became a pressing issue for one of our customers late last year when a vulnerability in the commonly-used Apache Log4j software library was identified. This client wanted to do everything in their power to ensure that their customer data and employee data was secure.
In a matter of weeks, we worked with them to ensure that all of their 1,000+ employees’ devices — whether laptop, desktop, or mobile phone — were fortified against security vulnerabilities, including unpatched software and phishing attacks.
What’s at Stake? Only the Fate of Your Company
The consequences can be earth-shattering for companies that don’t comply with regulations to protect consumer data quickly enough.
Equifax, to take one prominent example, was forced to pay $700 million in 2019 to settle lawsuits after they failed to take steps to protect consumer data by patching a known vulnerability in their database. The resulting breach exposed the personal information of 147 million Equifax customers. In addition to the hefty fines, the incident caused untold, ongoing amounts of damage to Equifax’s reputation. Equifax was still being publicly flogged for the incident five years after the breach in a press release from the FTC on the Log4j vulnerability.
As Equifax can attest, there is such a thing as bad publicity when it comes to data security. Here are a few ways we advise customers on how to ensure their data stays secure so they can stay out of the headlines.
Protect Data Anywhere & Everywhere, No Matter the Device
As the working world has increasingly gone remote, the need to protect data no matter where it lives and how it’s accessed has also become a top priority for many companies. It doesn’t matter where the data is stored — public cloud, private cloud, or on-prem — and it doesn’t matter where it’s accessed or what device it’s accessed on; the needs remain the same. Threat protection, threat detection, and rapid incident response are not just nice-to-haves, they are must-haves.
Fortunately, technology providers like Microsoft have robust security products already in-market that can help companies handle these areas and remediate any incidents quickly. If your organization has Microsoft 365, you have a full set of data security tools at your fingertips.
In the Log4j example referenced above, we had already installed and configured Microsoft Defender for Endpoint, so we leveraged them to run vulnerability assessments for all employee devices, and we used Microsoft Endpoint Manager for remediation.
Defender for Endpoint identified vulnerable devices and software shortly after the Log4j vulnerability became public. Within a matter of weeks, the company’s remediation efforts had reduced the number of vulnerable devices from 200 to 50. In under 8 weeks, there were 0 devices that had security vulnerabilities.
We accomplished a lot using Endpoint Manager. Endpoint Manager allows IT/security teams to easily manage settings and deploy patches for devices across most platforms. This enabled the security team to rapidly whittle down the devices with vulnerabilities all the way to none. The device landscape that Endpoint Manager can be used on includes iOS and Android phones and tablets, Windows desktops and laptops, and Apple macOS machines.
Reign in Application Sprawl to Limit Attacks that Slip Through the Cracks
There’s great value in having one tool to rule them all, or at least as few tools as possible, when it comes to your company’s data security. The splintered market of cybersecurity tools and technologies can actually have the opposite effect of what’s intended.
Fragmented best of breed approaches can make companies less secure, while also costing them significantly more in ongoing licensing costs.
A recent study cited by CIO Dive found that security departments use, on average, 78 apps. At the same time, 75% of IT leaders said that security was their top concern regarding app sprawl. If you’re using anywhere close to 78 security apps, it’s not hard to envision a scenario where a cyberattack could slip through your defenses undetected because, well, doesn’t one of the other security apps have that angle covered?
How Can We Help Secure Your Data?
If you take an integrated approach to data security, limiting the tools you use to the most discrete set possible, you’ll be well on your way to ensuring your customer data remains out of sight of prying eyes.
Taking this approach had the following benefits for our client:
- Provided a clearer picture of the overall health of their systems and data security efforts
- Eliminated vulnerabilities that could have had major negative financial and reputational impact
- Helped simplify and streamline their data security suite of tools, while also training them on underutilized capabilities of MS 365
- Allowed them to reduce ongoing costs by removing dependencies on extraneous third-party apps
If you feel like your data security efforts could use a boost in one or all of these areas, please don’t hesitate to schedule a free consultation with our team.