Due to the massive amounts of personally identifiable information (PII) and credit card data they collect, financial institutions such as banks and investment services are some of the most attractive targets for cybercriminals. As a consequence, they are also heavily regulated.
Laws like the Sarbanes-Oxley Act (SOX) and the Gramm-Leach-Bliley Act (GLBA) in the US and the General Data Protection Regulation (GDPR) in the European Union were adopted to protect sensitive personal information, while the Payment Card Industry Data Security Standard (PCI DSS) was enforced worldwide to protect cardholder data.
Financial information often includes PII that financial institutions obtain from customers while providing financial products or services. This includes information collected for financial transactions. However, it can also mean intellectual property such as financial models and deal management information.
Data Loss Prevention (DLP) solutions help companies protect financial information by identifying its location and monitoring and controlling its movements in and out of the corporate network. DLP tools apply policies to data defined as sensitive. Companies can add these definitions to suit their particular use case or use predefined profiles for specific data protection legislation and standards such as GDPR, GLBA, or PCI DSS. Let’s take a closer look at how DLP helps organizations protect financial information.
Increased data visibility
For companies to be able to protect financial information, they must first know where it is and how employees are using it. DLP solutions identify and monitor files containing data defined as sensitive and track their movements through powerful content inspection and contextual scanning tools. In this way, companies can discover the movements of sensitive financial data within and outside the company network.
DLP solutions can help companies identify weak spots in their data protection practices and which employees may be attempting to exfiltrate data. Companies can also save money by identifying the key issues that pose a security risk to financial information and addressing them in targeted training sessions.
Protect financial information from internal threats
DLP solutions primarily protect sensitive data from internal threats. These can take the form of data exfiltration by disgruntled or financially motivated employees hoping to sell information or take it with them when they move on to a new company or accidental data loss caused by careless employees. Negligence is one of the most common causes of data loss. Many employees accidentally send information to the wrong email addresses or reply to a thread instead of a single individual and attach sensitive data without double-checking who they are sending it to.
DLP solutions allow companies to control the transfer of sensitive financial information. They can identify financial data in over a hundred file types, blocking their transfer through insecure channels such as messaging apps, personal emails, cloud and file-sharing services, and popular collaboration tools such as Microsoft Teams, Slack, Zoom, and Skype. They can also prevent sensitive information from being copy-pasted or print-screened.
Limiting the use of removable devices
Another way data can be exfiltrated or lost is through the use of removable devices. Easy to conceal and misplace, removable devices like USBs are a frequent blind spot of data protection strategies. DLP tools come with device control features that allow companies to block or limit the use of USB and peripheral ports as well as Bluetooth connections.
Companies can also choose to limit the use of removable devices to trusted devices that meet specific security requirements, such as a high level of encryption. Even when removable devices are permitted, DLP solutions can easily track their use, flagging any user attempting to transfer sensitive data to a removable device.
Protecting data on the move
Many companies adopt cybersecurity frameworks that protect sensitive data while a work computer is in the office but lose its efficacy when the device is removed from the work environment. With the rise of remote and hybrid work in the aftermath of the COVID-19 pandemic as well as the need for employees to attend meetings and conferences off-site, organizations must ensure the protection of sensitive financial data on the move.
When applied on the endpoint, DLP policies offer continuous protection even when a device is taken outside of the company network or is not connected to the internet. Some solutions like Endpoint Protector offer the possibility to apply different monitoring and control policies when a computer is taken out of the company network or used outside of regular working hours. These policies can be applied globally, to all computers, or to specific users or groups.
Frequently Asked Questions
Personally Identifiable Information (PII) is a type of data that allows for an individual to be identified. It includes any information relating to a specific individual, such as name, gender, address, social security number (SSN), date of birth, financial information, passport number, telephone numbers, and email addresses.
The National Institute of Standards and Technology (NIST) defines PII as: “Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means.” The broad definition of PII also covers IP addresses, biometric identifiers, alien registration numbers (A-Number), geographic location data, social media posts, etc. Find out more.
Data exfiltration refers to the unauthorized copying, transferring, or retrieving of data from a company computer or server. It can be performed by a variety of actors: by outsiders through malware or phishing attacks that can lead to data breaches, by malicious insiders looking to inflict harm on an organization for their own or other entities’ gain, or by careless insiders who leak data by accident. Most often, data exfiltration is a deliberate attempt to sensitive and valuable data. Read more.
Insider threats are cybersecurity risks originating within the organization itself. They can be caused by users with legitimate access to the company’s assets, including current or former employees, contractors, business partners, third-party vendors, etc. Insider threats can vary significantly in awareness, motivation, intent, and access level and can be split into three main categories:
- Malicious insiders or turncloaks: individuals who use their access privilege to exfiltrate or steal data and use it with the goal of personal or financial gain.
- Negligent insiders or pawns: negligent or careless insiders with no malicious intent but mistakenly give away sensitive data or inadvertently put company data at risk.
- Collusive insiders: individuals who will collaborate with malicious external threat actors to compromise the organization.
The Ponemon Institute identified the most common type of insider threat as a negligent employee or contractor, while credential thefts were the least reported and the most expensive incidents. Read more.Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.