Financial information security: How to survive the banking crisis

In this financial information security mini guide, you'll learn exactly what challenges are facing the financial sector today, and how to combat banking-specific threats.

The banking crisis of the last two years has seen company failures, major mergers and large numbers of employee layoffs.

IT professionals left working in the finance sector have had to deal with the aftermath of merging systems, while managing to protect the systems against a rapid rise in targeted malware.

This financial information security guide examines many of the pressures facing the financial services industry, from the rise of sophisticated banking Trojans to the economic and technical challenges that information security professionals have to deal with. Learn about the weakest link in the banks' security -- their customers -- and the different methods being used to help customers help themselves with financial information security.

Financial services sector faces continued information security challenges
(see link below)
With threats becoming more sophisticated, and budgets and security teams shrinking, all signs point to continued information security struggles for the financial sector. And with banking customers throwing caution to the wind when online banking, many financial institutions are finding themselves in quite a bind.

In this feature, U.K. Bureau Chief Ron Condon discusses the core challenges facing financial institutions. Learn the financial information security steps to take toward achieving a more secure banking environment for both customers and the banks that serve them.

New banking Trojan targets U.K. banks
(see link below)
The typical endpoint security issues faced by most banks are exacerbated by a new Trojan that has been making its way around the U.K. financial sector. The Silon Trojan is now responsible for approximately 20% of all online banking customers' infections in the U.K.

In this article, Ron Condon examines why the Silon Trojan has been so effective in wreaking havoc across the industry and outlines what can be done to stop it.

Best practices to secure wireless networks
(see link below)
Since financial services providers deal with such sensitive information, it's vital that networks are as secure as possible, even when dealing with wireless networks.

In this financial information security tip, contributor Lisa Phifer explains how to secure a wireless network while keeping compliance requirements such as the Payment Card Industry Data Security Standard (PCI DSS) in mind.

Weighing the pros and cons of end-to-end encryption and tokenization
(see link below)
Two more facets of PCI DSS for financial institutions are end-to-end encryption and tokenization. These technologies work to protect sensitive customer information, and tokenization is even being declared the way to avoid the complexity involved with encryption. However there are benefits and drawbacks to both of these technologies.

In this tip, David Shackleford explains how end-to-end encryption and tokenization work, and how they both play into financial information security strategies. Find out if it's possible to use both technologies together, and what type of tactic your organisation should take when it comes to protecting sensitive data in the name of PCI DSS.

Considerations for buying and implementing DLP solutions
(see link below)
Data loss prevention (DLP) technology is one way banks can protect their sensitive data and potentially avoid a reputation-damaging data breach. But as with anything, there are both pros and cons to DLP, and they should be weighed carefully before committing to a product.

In this tip, find out exactly what defines a DLP product, what it should protect, how much it costs, how to maintain it and other DLP implications for financial information security teams. David Shackleford provides a detailed analysis of DLP, which should make it easier to decide whether such a product would be a good choice for your financial organisation.

Read more on Hackers and cybercrime prevention