I’ve been working in the bank IT world for a long time, and if there’s one word I’ve heard every single day of my career, it’s ‘disruption.’ Every new startup was not only supposed to fundamentally change how business is done but also alter our perceptions of how the world works. It was a lofty goal that few companies actually achieved – but that didn’t stop disruption from being the key buzzword of the last decade. Now, thanks to COVID-19, everything is disrupted – including how banks handle security.
Even before the coronavirus pandemic swept into North America in early March, managing security was always a challenge for banks. After all, there is no richer target for a criminal, and the vast number of transactions executed every day makes it difficult to capture isolated acts of fraud or malfeasance. That’s why financial institutions have some of the best security protocols in the world. Unfortunately, the sudden shift to a work-at-home model for almost all North American bank employees has created massive new loopholes that hackers can exploit. After all, when tens of thousands of bank employees are working on unsecured internet connections, the likelihood of data breaches rises. Simply put, banks were never supposed to run like this, and while VPNs and zero-trust policies can help guard the front door, there are still risks in play.
One of the biggest vulnerabilities centers around data duplication. Banks used hundreds of systems, and in most cases, data needs to be copied as transactions work their way through the labyrinth. That means that something as simple as an ATM withdrawal can result in the same piece of information being copied dozens of times – followed by a reconciliation process to make sure all the numbers line up.
Not only is this inefficient (40% of all bank IT budgets are dedicated to managing the copying of data!), but it’s also a recipe for security problems. Every time a piece of information is duplicated, there is an opportunity for someone to make a mistake or to intentionally alter the data. Either way, the results can be embarrassing and expensive – and can erode consumer confidence. What if there was a better way?
In fact, the best way to prevent errors related to copying data is to not copy data! That may sound incredibly simplistic, but it’s actually an approach that works. By eliminating the need to ping-pong between dozens of tools and apps, banks can plug the holes that are inconvenient during good times but potentially catastrophic today.
For example, let’s go back to that ATM example above. Put simply, a single ATM transaction creates dozens of data copies as the user’s information bounces through various identity verification and other security applications, and the funds are digitally routed through various servers. Every step along the way represents another piece of the data integration puzzle, another data copy putting information at risk.
The alternative is secure access to a single copy of data. Think of it like setting sharing permissions on a Google document – you can give someone full editing rights, read-only permissions, or keep them locked out completely. A similar solution for banks could simplify that above ATM transaction into a no-copy situation: insert the ATM card, verify the permissions, distribute the money. Instead of dozens of copies of valuable data, there’s only a single copy to protect.
There’s no single way to protect financial institution data, but a few basic measures can go a long way to keeping information safe and secure. Limiting the need to copy files can play a major role in making that a reality.