Financial Security: Redefined

In June 2007, the FINRA/NYSE released a joint request for comment regarding the supervision of electronic communications for their members. Although the release was directly targeted towards current members of the FINRA, any and all financial institutions dealing with sensitive customer/financial information should heed the warning and become compliant to protect the integrity of their data and the well-being of their clientele.

Written policies and procedures are foundation for which all information technology should take place. Clear and concise policies regarding the access of Internet-based technologies, web-mail, message boards, RSS News Feeds, and instant messaging should be formulated, disseminated, trained upon and strictly enforced. Clarity is paramount as any vague or ambiguous language may leave room for individual interpretation, a liberty that should not be allowed when dealing with financial data security. Education and adoption of regulations by internal employees and contractors is half the battle in fighting communications violations and possible breaches of data integrity.

Education and written policies are rarely enough and this is where technology can bridge the gap. Network security both externally (viruses that may enter the network from e-mail attachments or web pages) and internally (users who may use non-supervised e-mail/instant messaging accounts to communicate financial information with the public) should be the focus of any financial organizations information technology infrastructure. Often organizations feel that a renewal-based (or even free) Anti-Virus software suite on desktops and a spyware detection application is enough to protect their network. Although it’s a start, this is far from the full protection that is required for true network security.

Network Security should be multi-factor and/or layered wherever possible. Any of the aforementioned protection methods are helpful but fall short of a complete, robust, and scalable solution. Many vendors offer hardware and software-based solutions to assist in building such an infrastructure with names like Cisco, Trend Micro, Appriver and ESet leading the pack.

At the very least, any financial organization dealing with sensitive customer data should be utilizing the following:

ESet’s NOD32 Enterprise Edition was designed with large and medium-sized business networks in mind. It is a unique bundle, which includes subscriptions to NOD32 for windows workstations and file servers, as well as their powerful Remote Administrator Console. The 2006 winner of the AV-Comparatives award for Anti-Virus software, NOD32 requires fewer resources than any other comparable product, extremely simple roll-out to workstations and servers, as well as Day 0 protection that uses ThreatSense® heuristics to proactively recognize and remove viruses before a definition for them even exists.

Appriver’s product SecureTide is a fully managed email Anti-Spam/Anti-Virus protection service, eliminating up to 99% of unwanted email before it reaches a user’s network. No hardware or software is required. This illustrates the power of having multi-level protection as SecureTide and NOD32 (above) work together to eliminate any viruses that may enter the network via email or attachments (external) or users who may bring in a file on disk that has a virus active on it (internal). SecureTide™ is integral in preventing spam, phishing scams, viruses and other Internet pollution from impacting email operations. Appriver also protects your email in the event of an Internet outage as they will store your mail off-site and begin delivering it again once your connection to the Internet is restored. Full reporting and daily spam reports are included with this solution.

Lastly, the Cisco ASA 5500 Series Adaptive Security Appliances are easy-to-deploy solutions that integrate world-class firewall, Unified Communications (voice/video) security, SSL and IPsec VPN (for secure remote access), intrusion prevention (IPS), and content security services in a flexible, modular product family. This solution includes a subscription to Trend Micro’s world class Web/Mail/Virus protection for an additional layer of security and allows the organization implementing the technology to easily allow/block different types of internet traffic by content, keywords, or category and by time of day so that leisure “surfing” may still be allowed during lunch hours if requested. 24X7X365 Cisco Technical Assistance Center support is available for this product as well as same day replacement if the hardware should ever malfunction or fail (this requires an active Cisco SmartNet Maintenance Contract).

One such company who has used the FINRA’s guidelines as a catalyst to streamline their IT operations, increase productivity and exponentially enhance their network security using the above recommendations is Certified Financial Group/TransAm Securities. Central Florida’s oldest and largest independent personal financial consulting firm, CFG/TAS realizes the importance that technology plays in the private financial sector. They realized early on how to leverage i-Tech Supports’ proven network design and consulting services and some of the biggest names in technology hardware and software to improve their processes and protect the lifeblood of the organization, their clients.