More than 100 million customer accounts and credit card applications for Capital One were hacked in one of the biggest data breaches ever reported earlier this summer. A hacker broke into a Capital One investment server and gained access to more than 140,000 Social Security numbers, one million Canadian Social Insurance numbers, and 80,000 bank account numbers, while also stealing information on credit scores, credit limits, balances, and addresses.
This breach, and other major breaches like it in recent years, represent an opportunity to learn and update security measures down the road to protect not only the customers whose information is stolen but the banks themselves. This is a unique chance to understand exactly what happened and how to improve security operations moving forward.
Here are some major lessons learned from the massive Capital One breach.
Training and Education
A lot of misconfigurations are caused by human error. Organizations can prioritize training and education for security teams and system administrators so security is boosted and job functions can be performed the way need to be in order to keep all information safe.
Administrators should know why certain security controls are in place and not just how they work. Whether training is on the job or in a classroom-type setting, having training and knowledge available will boost the overall integrity of a bank or financial institution’s cybersecurity systems.
Reviewing on a Regular Basis
Conducting regular reviews on a periodic basis can lead to discovering gaping holes in a bank’s cybersecurity system and provide the opportunity to review configurations, patch levels, and boost security measures. This is an effective way to detect potential cyber exposures and prevent them from being taken advantage of in the process. While mistakes are inevitable, taking the steps to reduce risks is an important step.
Audit Monitoring and Logging
Financial institutions and banks should encourage robust logging in order to protect logs in order to maintain a strong cybersecurity system. Active monitoring and efficient investigation of audit log events can boost a quicker discovery of any abnormalities and help to encourage dependence on taking the right cybersecurity steps to crack down on risks.
Reviewing Cybersecurity Insurance
This event has also provided banks a reminder of how important it is to be financially secured during the fallout of a threat or breach. Banks can undergo breaches that can bleed their assets dry, especially smaller institutions. And undergoing backlash that can hurt their reputation and dealing with legal claims can be combined to fracture a bank’s financial core.
By investing in cyber risk services or reviewing current policies, banks can be ready for any financial issues that they may undergo as a result of a breach of any size. Working with an insurance carrier to find the right cyber risk services plan can help to be protected and prepared.
About Highland Risk Services
At Highland Risk, we use our expertise and experience to provide insurance information and programs to those who serve long-term care and senior living facilities. Since 2007, we’ve been offering insurance and risk management plans designed to help our agents give their clients the ability to achieve continued growth while simultaneously protecting against loss, containing costs and increasing profitability. With offices to serve you in Chicago, Illinois and Phoenix, Arizona, we do everything we can to make your experience with us as professional and transparent as possible. To learn more, contact us at (877) 890-9301.