In a recent Global Economic Crime Survey, PwC revealed cybercrime, ethics, compliance issues, and money laundering are key areas of economic theft, making financial institutions high-risk targets. Within these institutions, project managers and their teams must work with IT and other business units to implement a layered security approach throughout the project management process.
Best practices for implementing a layered security model include tightening financial systems and internal controls to segregate duties around data input and approvals. Identifying where sensitive client and financial data is stored and controlling how and where it is transmitted. Ensuring sufficient banking encryption and login authentication is in place and client privacy regulations are adhered to.
Ensure secure storage, transmission, and access to client data during project planning
Every organization should store sensitive data securely, but financial institutions in particular, must be able to identify where their data is stored, created, or accessed, and how it is transferred, said Marc Hickman, COO at WinMagic.
Project managers and leaders of financial institutions need to work closely to complete a comprehensive risk assessment and determine strategies to mitigate the risk of client or financial data theft or loss. This should identify all potential risk points including employees, management, vendors, data center staff, third parties, and banking clients themselves.
Hickman also emphasized the need to continually evaluate the institution's overall security posture and ensure any necessary tools are available and are being used properly to counter potential threats. Using strong encryption and having the right authentication system to deal with intrusions, internal threats, and lost, or stolen mobile devices is important, he said.
Mobile device usage can often go unchecked, risking client information - even unintentionally by clients themselves. Pay particular attention to ensure there are stringent privacy policies around mobile device usage.
Selecting the right security tools to address financial institution needs is vital considering banks are attractive targets for thieves. Carefully solicit and vet vendors that specialize in security for financial institutions.
Here are some steps project managers and teams should take to ensure that security tools are in place:
- Document all areas that pose a risk for loss or theft of client and financial data. Identify requirements and factor in internal financial controls, regulatory compliance, access to funds, and fund transfers.
- Research and short-list vendors and solutions that can specifically address security weaknesses in financial institutions.
- Ask for referrals from other financial institutions to ensure a vendor's solution can live up to its promises.
- Ensure agreements are in place to avoid surprises.
- During implementation, test frequently on multiple levels and security breach scenarios.
Security policies should be enforced at every stage of the project
Project managers should ensure the right security policies are in place and that everyone involved in the project follows them. French Caldwell, chief evangelist at MetricStream, said, right from the start policies for information governance should be put in place, as well as the identification of the controls that support those policies.
Caldwell also stressed the importance of periodic training, privacy policies, and ensuring effective third-party management of customer information. This is particularly important as client data is often passed through many hands in a single day. Project managers should work with financial institutions and their legal departments to create the necessary documents, such as confidentiality agreements, and provide security training for both employees and external parties.
Project managers can work with financial institution leaders to:
- Ensure all individuals with access to sensitive client information undergoes some level of security check to ensure they do not pose a risk to client or bank information.
- Ensure employees and third-parties, especially those with access to sensitive data sign a confidentiality agreement.
- Establish stricter internal controls around access to and transfer of funds, data input, and approval of financial information and transactions.
- After determining phishing, fraud and laundering risks. Ensure they are identified, documented, and measures are implemented to address them.
- Conduct ongoing financial and risk audits, and keep up to date on banking regulations.
Don't let your next project create a security nightmare
In recent news, Equifax's enormous security breach compromised the identity and financial information of approximately 143 million Americans. This is an alarming example of why project management needs to ensure sufficient security measures are in place. Understanding past security breaches at financial institutions can help to improve security strategies.
- Hiring kit: IT finance manager/budget director (Tech Pro Research)
- Project manager resume template: A framework for highlighting your skills and achievements (Tech Pro Research)
- Guidelines for building security policies (Tech Pro Research)
- How one marketing company used a cloud solution to address project-related security risks (TechRepublic)
- America is not prepared for a massive escalation of cyberattacks (TechRepublic)
- Data breaches highlight how Social Security number has to be phased out for blockchain, biometrics (ZDNet)
Moira Alexander is the Founder of PMWorld 360 Magazine and Lead-Her-Ship Group, and a project management and digital workplace columnist for various publications. Moira has 20+ years in business (IS&T) and project management for small to large businesses in the US and Canada. To find out more about Moira, go to www.pmworld360.com and www.leadhershipgroup.com.