| Change your attitude to data security...
The UK Financial Services Authority (FSA) is urging firms to change their attitude to data security and do more to help prevent their customers falling victim to identity fraud and other types of financial crime. The warning follows an FSA review of systems and controls for data security at 39 firms including banks, building societies, insurance companies and financial advisers. There were examples of good practice across the industry however many firms still underestimate the risk of data loss and fraud to their businesses, and especially to their customers. This includes senior management at firms not recognising the value of their customers' data to fraudsters or that staff could pose a similar threat to data security as that posed by computer hackers and burglars. Also on occasions of significant data loss, firms seem more concerned about adverse media coverage than on being open and transparent with their customers. Following the review, one firm has been referred to enforcement. The review’s findings are contained in the report ‘Data Security in Financial Services: firms' controls to prevent data loss by their employees and third-party suppliers’ and include: * Many large and medium sized firms devote adequate resources to data security risk but placed too much emphasis on IT controls and not enough on staff awareness and training or regular risk assessments; * Many small firms were wholly reliant on compliance consultants, who did not understand the importance of data security within the firm. Examples of good practice found at the firms visited included: * Encrypting laptops and transferring data via secure internet links to third parties; * Masking financial details where they are not necessary for staff to do their jobs; * Appointing a senior manager with overall responsibility for data security.
•Date: 25th April 2008• Region: UK •Type: Article •Topic: Financial sector
|
