Everybody's digital footprint grows seemingly by the hour, thanks to the online services we subscribe to, the photos we take and the documents and data we leave strewn across websites and devices. Not all of our digital clutter is at the same risk of loss or theft, but this is still a huge threat surface to have to worry about.
Online banking is just one of the online services most of us rely on. But it's a huge part of why robust cybersecurity is utterly essential for consumers and banks alike. So let's talk about cybersecurity and staying safe when it comes to digital banking, for both corporations and the average user.
How Banks Stay Safe
Roughly one-quarter of all cybersecurity attacks target banks. Moreover, a reported 50 separate banks in the UK reported cyberattacks in 2017. Four years before that, there were only five such incidents. So what are banks doing to keep themselves, and their customers, safe?
For a start, they're treating their cybersecurity plan as a separate department and "mission" unto itself, rather than bundling it with the rest of their IT services and staff and calling it a day. It's one of the reasons why cybersecurity experts are in such high demand right now.
What else are they doing? Here's a look:
- Restricting data access appropriately: Some of the most damaging cybersecurity incidents involve "inside jobs" like disgruntled employees and even honest mistakes. Keeping banking systems secure means creating appropriate access rules for different types of employees, placing restrictions on which personal devices may be used for work purposes, and ensuring employee credentials expire immediately on termination or their taking another job elsewhere.
- Proper vetting of third parties: Third-party technologies and partners are some of the weakest links when it comes to cybersecurity. Even something like the internet-connected heating and air conditioning system in a bank branch might provide a way into critical systems if it wasn't designed with security as a primary objective. Technologies like these make doing business and performing maintenance a cinch, but they need as much protection as the rest of your systems.
- Stay ahead of emerging regulations: Governments across the globe are waking to the fact that the private sector alone isn't enough to tackle the cybersecurity problem. It takes regulation, too. In the EU, the GDPR has strengthened data protection regulations on behalf of customers, with the threat of a 4% fine on the company's global earnings as a strong incentive. The language in GDPR concerns U.S. citizens who do business with European companies. But banks and other entities here in the States are scrambling to get ahead of similar federal rules, or else their state government equivalents. The goal is to create safety for consumers through culpability for companies that fail to safeguard their information appropriately.
If there is one mistake companies make here, however, it's the decision to focus on prevention instead of strong detection and response tools.
Some who've studied the problem say there are only two kinds of banks: those that know they've been breached, and those who've been breached but don't know it. Focusing on prevention won't stop every attempted DDoS attack or phishing attempt. Making sure you can detect incursions immediately and mount a response is the far safer priority when you consider that, on average, organizations take around 205 days to detect data breaches, and leave their customers vulnerable that whole time.
How Consumers Can Protect Their Financial Lives
Even banking customers who aren't that savvy with technology can begin taking steps today to protect their financial lives and their futures. Here's how:
- Use a VPN: VPN stands for "virtual private network." These are services which reroute all of your internet traffic to alternative servers, in order to keep you more anonymous and prevent criminals and others from identifying or tracking you. VPNs are useful at home, but they're especially important if you plan to conduct banking or other sensitive activities on a public network. Just beware of VPNs advertised as free. If they're free, the VPN isn't the product — you are.
- Don't trust that email (or call): Phishing attacks can be devastating. Next time you receive an email with a suspicious link inside, throw it in the trash immediately even if the sender appears legitimate. Find out which addresses your favorite companies and brands use and put them in your address book. If you receive something from a different address, you'll know it's fake. Distributing links this way frequently tricks banking customers into visiting fraudulent websites or installing malware, which is the fastest way to lose your savings or checking account information to hackers. It's also wise to remember that no serious financial institution will ever ask you to provide your credentials over the phone.
- Use a password manager: Strong passwords are great to have, and changing them regularly is even better. But remembering all those credentials can be a hassle. To avoid reusing passwords and turning your digital life into a house of cards, use a password manager app like LastPass, 1Password, Dashlane, Keeper, or others. These apps create an encrypted database of your passwords across your devices, meaning you can log in with strong passwords each time without committing them to memory, writing them down or reusing them.
- Limit third parties and APIs: Like banking institutions, customers can shrink their threat surface by limiting or foregoing third-party service integrations and APIs (application programming interfaces). When Panera Bread left one of their APIs unsecured, it ended up leaking the names and credit card records of millions of customers. APIs are what allow one product (like a checking account) to work with another (like a budgeting app). An app that interfaces with your personal finances might offer useful functionality, but inputting that data manually keeps you much safer.
There are several other steps banking customers can take, today, to keep their money and their financial lives safe. Find a bank that provides customizable account and card notifications for transactions, and then take the time to set them up. If you use your card regularly at ATMs, gas stations or other public portals, you want to be sure you find out right away if somebody skims your card and makes an unauthorized purchase.
We may never live in a world that feels 100% safe 100% of the time, but it's good to know companies and individuals alike can take measures to keep our most important accounts and assets safe.