Your First and Last Line of Defense

 Imagine the scene – it is the final battle of a prolonged war. No, we’re not talking about the Iraq war, this war is against your financial institution, and the last waves of enemy soldiers (hackers or other evildoers) are crashing in to take over customer data or computer networks.

There are many different ways to find vulnerabilities in your institution’s computer systems and you and the other information security professionals in your institution strive to find and block them all. The evildoer only needs to locate a single vulnerable piece of hardware, software, (or person).

See Also: Evaluating and Reducing Supply Chain Risk

Look at the normal set up at a financial institution. Those evildoing hackers could exploit web applications, a variety of operating systems or the banking processes, both electronic and paper-based. In the bag of tricks they pull out the “tried-and-true” hacks to slip through or to fool applications (and people) into revealing information, and operating systems into granting privileged access. They try to subvert banking practices to exploit weaknesses, or they attempt to “social engineer” the institution’s staff. They are glib and fearless, talking their way into a loan officer’s area. If no cameras are around, they’ll try to copy information off a computer hard drive when left alone. The less invasive of them will dumpster dive. Some may even hire on as janitors or peripheral workers that come and go unseen by an institution’s staff.  

But the employees you have brought through your institution’s information security awareness and training program are like soldiers in the field. Smart information security professionals will take the opportunity to train these important “soldiers.” The best of these “soldiers” start with the simplest: training, documentation and user awareness.

Train your employees, ensure that they know what the risks are, and provide them with clear instructions on what to do, and those people will form the most important line of defense. They will take notice and react to usual activity or intruders; they will consider what can and cannot be discarded as waste; they will turn away the wily social engineer.

As the first line of defense, employees can also be the most important security firewalls in any organization. And their support is perhaps the best armament for the institution and the best guarantee that the security manager will not be found wanting.

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.