Nowhere is trust more important than in the financial services industry. People operate on trust when they invest their life savings in a bank account, build their 401K, take out a life insurance policy, transfer their stocks, or make an online payment. The transactions just work, and – we take for granted – the money is where it should be. But even that is built on a deeper web of trust.
On the backend, electronic transactions of data are taking place, social security numbers are stored, personal information is updated and then linked to large (or small) amounts of money, and cryptocurrencies, digitally signed bank loans, and innumerable securities change hands – digitally. Again, we take for granted that the data is where it should be. Until it isn’t. Secure file transfer is one way to help manage the moving back and forth of sensitive data.
Finance Sector Data Breaches
On June 10, 2021, investment banking titan Morgan Stanley reported a breach linked to zero-day attacks on their Accellion legacy File Transfer Appliance. This past August, Flagstar Bank, accountable for roughly $23.2 billion in assets and self-described as the nation’s sixth largest bank mortgage originator, filed an official notice of data breach, admitting that “certain impacted files containing [customers’] personal information were accessed and/or acquired from our network between December 3, 2021, and December 4, 2021.” They had also been impacted by the Accellion FTA breach less than a year earlier. And, this past March, Forbes reported on the recent discovery of the Apache Log4j vulnerability that could lead to the download and execution of banking trojans, allowing bad actors to steal login credentials and create fake accounts. How you secure your data matters.
The Verizon 2021 Data Breach Investigations Report noted that 2021 saw 721 incidents in the finance and insurance sector, with 467 resulting in confirmed data disclosure. Of the type of information leaked, 83% was personal, 33% was bank-related, and 32% were after credentials.
The finance sector faces a heavy burden in gathering, storing, and sending vast amounts of legally protected personal information every day, and malicious hackers know that. Even if those institutions can keep it safe at rest, part of the transactional process inevitably includes sending those files, and that’s where the trickiness starts. Bad actors know how to poke holes in the process. If the past is any indication, securing the file transfer process should be a top priority.
The Problems Inherent with Securing Financial Data
To understand the problems Secure File Transfer (SFT) solves in the finance industry, we first have to identify what those pain points are.
- Malware. Sometimes, managed file transfer contents can hold active threats like triggered executables, embedded malware, scripts, or macros used to capture sensitive information like account numbers, login credentials, and financial statements. A secure file transfer solution integrated with advanced threat protection like SFT Threat Protection lets you inspect transferred file contents, scan for risks, and automatically sanitize files in real-time.
- Compliance and Data Security. In order to stay above board with compliance regulations like PCI DSS, SOX, GDPR, or CCPA, the name of the game is to keep sensitive information with its rightful owners wherever it travels. Digital Rights Management not only controls the security of delivery, but of the asset itself. You can revoke and manage access to sensitive information by file, not transfer method, and designate access privileges by email account, so that even if files get missent, the unintended recipient won’t be able to open them. Open PGP provides free PGP resources to encrypt file transfers, and an FTP Server automatically encrypts files in targeted folders, providing further protection from prying eyes and compliance slips.
- Custom File Transfer Scripts. Banco Bolivariano is a significant Ecuadorian bank that was using custom built tools to manage file transfer between other banks, clients, partners, and internally. However, the tools were unable to scale with recent growth. After switching to GoAnywhere Managed File Transfer (MFT) service, they automated over 1,000 file transfer processes, cut down transfer time, scaled without lag, and were able to be PCI DSS compliant. And, when it comes to sharing between other institutions and partners, Proxy Gateway allows outside connections to be made while keeping file sharing services inside your network so your files don’t reach your Demilitarized Zone (DMZ).
- Visibility. A global insurance provider was spinning up dozens of scripts on Task Scheduler for file transfer, but they didn’t account for encryption or security features. In a major financial institution, that’s walking the razor’s edge. And there were no alerting or reporting capabilities, so in terms of managing the inherent risks, they were pretty much in the dark. If they wanted to know what was going on, they hunted down issues and dug into disparate data sources. Adopting an MFT solution allowed them to get visibility across their entire file transfer process, from cloud to on-premises to web applications. Also, another option is MFTaaS, so you can have the cloud hosting, setup, and management done for you.
- Scalability. Another huge issue for large financial enterprises is the fact that they’re going to grow. The finance industry (which includes banks and insurance companies) is a 20-something billion dollar enterprise, and projected to grow by over $11 billion dollars in the next four years, boasting an annual compound growth rate (CAGR) of 9.6%. That growth is manifested in increased business initiatives, increased customers, increased products and services, and increased data to account for it all. GoAnywhere MFT standardizes and automates common file transfers, saves time by streamlining data exchanges, comes with out-of-the-box workflows, integrates with AWS and other platforms, and supports clustering so you can send high volumes of files by load balancing across systems. HelpSystem’s FileCatalyst accelerated file transfer solution allows you to securely send large files fast and is built to traverse remote networks where latency or packet loss might otherwise be a problem.
People trust banks, and banks need to trust their processes, specifically those dealing with client information and data compliance. Aside from issuing actual transactions, you could say keeping those items safe is their number one job. Who else do we give our information to so freely (besides healthcare, but there are HIPAA laws for that)? As such, these institutions can’t afford to be working off breakable custom scripts lacking in basic security measures. Not when they collectively comprise billions of dollars of assets, and the inestimable value attached to databases of sensitive consumer information.