Banks Target Employee Behavior to Reduce Cyber Crime

As reported in the Wall Street Journal on December 21, banks are spending enormous sums on cybersecurity (Wells Fargo’s CEO John Stumpf says ‘It is the only expense where I ask if it’s enough’), and much of that is directed towards reducing risks from employees who unwittingly make it easier for hackers to breach a bank’s defenses. Employee error results in approximately 30% of data breaches, according to a survey released last month by the Association of Corporate Counsel. Banks in particular face substantial risk because they possess so much customer information, as well as huge sums of money.

Among the ways that cybercriminals gain access to protected data are out of office messages on work computers and phones , and vacation photos posted on social media ( which signal unmonitored computers ). A significant risk is posed by employees opening phishing emails, especially the increasingly sophisticated “spear phishing” emails, that appear to be requests from high-ranking bank officials. Many banks send employees simulated phishing attacks . The opening of one of these fake phishing emails may, for example, start a video to educate the employee on how they should have handled the situation.

These efforts are another indication that fighting cyber crime involves virtually all parts of an organization, not just the IT department.

CFPB Considers Regulating Retirement Investment Industry

Bloomberg has reported that the U.S. Consumer Financial Protection Bureau, which was established by the 2010 Dodd-Frank Act, is considering whether to assert itself into the regulation of the consumer retirement investment business. Its chairman, Richard Cordray, is quoted as saying “That’s one of the things we’ve been exploring and are interested in in terms of whether and what authority we have”. Institutions, including Fidelity Investments, the Vanguard Group, JPMorgan Chase & Co. and Charles Schwab Corp., hold more than $19 trillion in retirement assets, such as IRA and 401K accounts. The retirement investment industry is already heavily regulated by the S.E.C. and the Department of Labor. Since its establishment in 2011, the Bureau has focused its regulatory purview on consumer financial products like mortgages and credit cards.

© 2009- Duane Morris LLP. Duane Morris is a registered service mark of Duane Morris LLP.

The opinions expressed on this blog are those of the author and are not to be construed as legal advice.

Proudly powered by WordPress