Another problem is that companies often fail to meet the compliance requirements (such as GDPR) for
            using this kind of customer data and get into legal issues or simply spend a lot of resources on meeting
            these requirements.

            Gathering sensitive customer information is a double-edged sword. On the one hand, it can fuel analytics,
            improve customer experience, and help provide personalized service. On the other, it can become your
            most significant security liability.

            With that in mind, here are some ways in which the finance industry can protect customer data more
            effectively:

               •  Make sure all customer data access is monitored and logged
               •  Ensure you have clear and deterministic data access and security policies
               •  Enforce the access policies across all data access
               •  Make sure that access that is not required permanently is given only for the required time
               •  Make sure you know where your sensitive data is, and prioritize its security over non-sensitive
                   data.



               2.  Ransomware threats

            Ransomware  attacks  lock  banking  clients  out  of  their  computers  and  encrypt  them  with  malicious
            software. Victims are then extorted for cash or information by attackers. In most cases, they don’t get
            back access to their devices or accounts.

            Because  of  this,  financial  institutions  must  train  their  employees  continuously  and  adopt  machine-
            intelligent security systems for emails and social media.



            Invest in security training

            Continuous training keeps everyone on their toes and updated on the latest types of attacks. People with
            proper training can spot malicious emails, social media messages, and links to prevent getting caught in
            a trap.



            Adopt intelligent security solutions

            Machine-intelligent systems can block and flag suspicious messages, emails, and organizations. They
            understand context, organizational behaviors, communication relationships and use this understanding
            to detect messages falling outside the norm.

            These systems profile communications. For example, machine learning systems can learn about genuine
            inquiries customers send, complaints, issues, or questions. They can build a pattern of how customers
            communicate, what words they use, and what they include in their messages.





            Cyber Defense eMagazine – January 2023 Edition                                                                                                                                                                                                       129
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.