LONDON--(BUSINESS WIRE)--Customers’ personal and financial data is being put at risk as many industry personnel are not assigned unique login and password details, new research has revealed. The ‘Financial Services: access security compliance’ report by IS Decisions, security software provider, showed that 29% of finance personnel do not have unique user logins – a basic security requirement for enabling user identification – which also leaves financial organizations open to the threat of insider trading. Furthermore, 23% are not required to logon to their employer’s network at all in order to access data, despite it being a specific requirement of virtually all regulations around security, from GLBA, SOX and PCI DSS.
The figures also showed that one third (33%) of financial industry personnel did not receive training as part of their induction. This is despite financial industry regulations including GLBA and Sarbanes Oxley requiring financial organizations provide security training. In fact despite clear guidance from compliance requirements in the US, only 52% of organizations provide ongoing training sessions to meet an acceptable level of security education.
The ability to login to more than one machine at anyone time can also be a security risk in terms of tracking access and individual user identification, so it was alarming to note that 57% of finance personnel are able to login to multiple machines concurrently. In the event of a breach occurring, only 56% would know how to report it and an even lower 45% were aware of the penalties their company would impose for stealing or leaking sensitive data.
The study also showed that only 32% of organizations do not immediately revoke access rights when employees leave, leaving a window of opportunity for an ex-employee to steal sensitive information.
François Amigorena, CEO of IS Decisions commented, “Data, including card and customer information, is the lifeblood of any financial organization. Security is the very reason we trust banks with our finances, whilst data access and ability to identify users is also key to combatting insider trading. As such, sensitive information should be restricted to only those who need it in order to minimise any risk of a breach or possible misuse. Identifying and implementing access control policies are requirements of the financial regulators, but it seems many US financial organizations are not compliant with these security basics.”
Download ‘Finance Services: access security compliance’ for more information on how to make your financial organization secure and compliant for GLBA, SOX and PCI DSS regulations
About IS Decisions
IS Decisions makes it easy to safeguard and secure your Microsoft Windows and Active Directory infrastructure. With solutions for user access control, file auditing, server and desktop reporting, and remote installations, IS Decisions combines the powerful security today’s business world mandates with the innovative simplicity the modern user expects. Over 3,000 customers around the world rely on IS Decisions to prevent security breaches; ensure compliance with major regulations, such as SOX, FISMA and HIPAA; quickly respond to IT emergencies; and gain time and cost-savings for IT.
IS Decisions is a Microsoft Silver Partner based in Biarritz, France. Customers include American Express, BAE Systems, BMW, Computer Sciences Corporation, FBI, Frito-Lay, GlaxoSmithKline, IBM, Lockheed Martin, Mitsubishi, Oxford University, South Wales Police, TimeWarner, United Nations Organization, US Department of Justice, US Department of Veterans Affairs and US Navy Marine Corps.