Previously, I outlined the how and why of server and endpoint protection. This blog will discuss the benefits of data encryption and application programming.
Data Encryption
All of a firm’s data should be encrypted both at rest (stored on media) and in flight (in transit on the network). This provides the best protection from a brute-force, unauthorized data access attempt. The current gold standard for encryption is the 256-bit version of the Advanced Encryption Standard (AES256).
A customer data breach under the European Union General Data Protection Regulation (GDPR), ranges from €10 million or 2% of the worldwide annual revenue of the prior financial year to €20 million or 4% of the worldwide annual revenue of the prior financial year. With the fines so high, investing in a comprehensive encryption strategy is sound policy.
Application Programming
An often-overlooked component of information security concerns the application programs developed in house. Of special concern are the externally facing applications that have access to a firm’s data residing behind the firewalls. If the URL strings are not properly scrubbed, hackers can exploit the stateless nature of the protocol by inserting dangerous HTTP methods, modifying the request parameters or sending other malicious traffic.
All in-house programmers should receive required training in secure programming techniques to minimize the ability of cybercriminals to infiltrate a firms defenses via this attack vector.
To learn more about data encryption and application programming, and other security measures financial services firms can implement in order to mitigate the risk of cyberattacks, you can fill out the form below or click here.
