Effectiveness of the cyber-security technologies/policies
In the financial sector, the security of its payment and customer information is fundamental to the operation of the company. Financial institutions must review security risks of its customers, its information resources and policies applicable to them. The review provides a platform to put in place control measures to combat failures and security breaches. This information is essential for periodical updating, reporting and review to both internal boards and external regulators. Reducing regulatory and security complexities in an industry under continuous threat remains an ongoing and costly challenge. Some of the cyber-security technologies or policies employed by Mistral Bank include;
Business continuity planning
This refers basically to acts/practices engineered by the bank to ensure the efficient, continuous delivery of services and resume normal operations after an incident. The bank has come up with plans to detail the necessary resources, vital documents and critical conducts and applications necessary to revive any disrupted activities to its normalcy. The bank has come up with a business continuity plan which involves a business impact analysis that spells out the impacts of operations and processes interruption within the business which also uses information to make decisions about recovery priorities and strategies.
The operational and financial impacts worksheet is used to capture this information and it helps process managers with sufficient knowledge of the business. There is also the business continuity resource requirements worksheet completed by business function and process managers which spell out the resources which will be needed to carry out recovery strategies and to restore normal business operations. The resources include employees, office space, and furniture, technology like computers, production facilities and equipment just to mention. These worksheets are distributed to disaster recovery team and other members of the management team with instructions of how information will be used in case of a disaster. The priorities for restoration of business processes are then identified. This technology is therefore highly competitive as disasters always happen and for the bank to maximally compete, it requires a well layout business planning in case of any setback.
Back up
This refers to the mechanisms employed by the bank to safeguard vital information or files which are of great importance to the bank in case of an ordeal/disaster such as computer crashing, power black-out, terrorist attack etc. so that they can be retrieved back easily after the disaster and help the bank come back to its feet and continue with the services it offers. When backing up data, there are two popular methods-image-based backups and file-based backups, with each carrying its own pros and cons. Image-based backups are a complete snapshot of your entire hard drive which includes all of your installed software and documents.
Firewalls
The challenge of providing a secure computing environment lies in the interconnection of computers that provide economies of scale. Interconnecting computers to achieve shared resources services and knowledge gives illegitimate users easy access to vital information and resources no matter how far they are from the physical site. To secure the computing environment, firewalls are a vital component. A firewall is responsible for controlling access among devices such as computers, networks and servers. Firewalls are deployed between the safe zone and the unsafe zones such as the internet. Firewalls acts as filters for network traffic. Network connections traverse the firewall and unauthorized packets are stopped. The filtering mechanism is based on IP addresses and ports. Firewalls are competitive in the business environment because they are used industry-wide. They are required in the computing environment for interconnection of multiple computers and networks.
Advanced firewalls have been designed to address Network Address Translation which allows multiple computers to share resources in form of network addresses. It also provides service differentiation where certain traffic is accorded priority in a timely manner while others are not. VoiP is an example of an activity that needs differentiation to ensure proper operation.
Insurance policy
This refers to ways the Bank as a whole has developed to protect its most important assets which is an essential step in developing a sound financial plan. The insurance policies have gone a long way towards helping safeguard earning power and protecting possessions. The bank has been fully insured for instance as it has the bank commercial insurance which covers the banks own insurance needs. This therefore assures the bank that the partners will truly act in the banks’ interest. There is also the homeowner insurance policies to all new mortgages which assures the customers obtain the coverage needed at a competitive price. Along with deposit and loan products, the bank offers a various insurance plans such as life, general insurance, car insurance, home insurance etc. This gives the customers promise of protection, and secure their future in their absence. It also offers the card protection plan which is used in case of events of card loss, theft and any other related fraud and emergencies. Different vendors in the industry offer insurance policies making them highly competitive as it is highly recommended to alleviate and minimize costs of disasters, and as more customers prefer banks that offer wide variety of insurances.
Anti-virus policy
This policy is designed to help prevent infection of Mistral bank computers, networks, and technology systems by computer viruses and other malicious code. All staff, contractors, partners collaborators and anyone having access to banks’ computers and networks are subject to the provision of this policy. All computers must have anti-virus applications functioning well such that the virus definition files are up to date, routinely and automatically updated. All computers owned by the bank must have the recent version of anti-virus provided. All files on computer devices should be scanned to detect viruses. When infected computers are discovered through routine scanning processes, managers will be given until 5p.m. to clean the computer or remove the computer from the network. Any person found person found to have violated this policy face appropriate disciplinary measures as outlined by the policy. This policy at large helps prevent damage to user applications, data, files, and hardware vital to the bank. It helps provide a universal environment that is virus-free hence safeguarding the banks information safely. Anti-virus policies are cooperative in nature because they are used in addition to other policies to provide enhanced security.
Data encryption
This refers to the process of encoding data and messages in a manner that eavesdroppers, hackers or unauthorized parties cannot read it, but only authorized parties can. The banks’ encryption scheme encrypts the banks’ information using an encryption algorithm that transforms the data into unreadable cipher text. Encryption keys are used to determine how the message is to be encoded. Information from one branch of Mistral to the others are conveyed mostly by internet and therefore are encrypted so that hackers won’t be able to read and access the real gist of the data hence are highly secure. Data encryption exhibits oligarchy form of competition as its security rests on two parties or a few people, precisely only those who have the security keyword to decrypt the message.
The bank employs several public key systems, such as Pretty Good Privacy (PGP), which uses the symmetric type of encryption and the same key to encrypt and decrypt the message becoming popular for relaying the information over the internet. They are highly secure and relatively easy to use. The only difficulty of the PGP is that you need to have the recipients’ public key to unlock the message to readable form. It is used to secure information at rest, such as files on computers and storage devices such as flash disks in case of failure of physical security measures. Data encryption also qualifies as collaborative technologies because they are used to secure data in transit apart from other controls.
The biggest case of identity theft and banking industry in the United States happened in 2008 when a credit card company employee called Phillip Cummings of Georgia stole thousands of credit reports and stored them. Cummings was working for TeleData Communications Inc. a Long Island software company that serves banks with computerized access to the credit information database. He obtained credit card information using passwords of the company and sold them to other people approximating 20 in numbers at a cost of $30 for each stolen report. The other thieves either resold the information used the personal bank information or cashed in. Cummings worked for TeleData Inc. for some few months and left the company after which he continued with the theft of credit reports for several months.
The scam victimized more than 300,000 people and is estimated to be worth more than $ 100 million. The first signals of the theft surfaced when Ford Motor Credit realized that they have been billed by TCI for thousands of credit reports they never ordered. Many other companies came up to claim unauthorized bills ranging in thousands.
The victims of the theft suffered significant losses in terms of financial terms and reputation. One of the victims reported a $ 35000 line of direct credit opened in her name while $34,000 was stolen. The victims lost their entire life savings. The victims were, however, reimbursed but the emotional effects were far-reaching and devastating.
Cummings and other engaged in conspiracy and fraud charges and were subsequently arrested, charged in court and finally sentenced to serve time in jail. According to the report by Federal Trade Commission ID fraud is a major concern in the United States and is causing consumers and businesses millions of dollars yearly. In 2010 alone 635, 000 cases of fraud was reported and 39% of this cases involved identity theft.
Reference
Bejtlich, R. (2004). The Tao of Network Security Monitoring: Beyond Intrusion Detection. Pearson Education.
Kramer, F. S. (2009). Cyberpower and national security. Springer.
Nye, J. S. (2008, Decenber). Cyber insecurity. Project Sindicate .
Rudolph, K. (2009). Implementing a security awareness program:Computer Security Handbook. John Wiley & Sons, Inc.