Western Independent Banker - September/October 2008 - (Page 26)

By Brad Johnson Securing Data in Transit EMAIL COMMUNICATION IS an essential tool in today’s business environment. Exchanging data via an email attachment is generally accepted as a simple, convenient way to move files and information. However, when sending data containing sensitive information, extra precautions must be taken to ensure that the information is protected. If proper procedures are not followed, the data may be transferred without being secured. Financial institutions realize that risk is present when using email to send sensitive data. This risk not only exists with customers but with other parties, such as accountants, lawyers, consultants, business partners and subsidiaries. If data is not properly secured and gets into the wrong hands, it could be used for criminal activities, such as fraud or identity theft. Legislation, such as the Gramm-LeachBliley Act, requires fi nancial institutions to ensure that customer data remains protected and is not shared with improper recipients. The same care and concern used to ensure that information is not voluntarily shared with third parties should also be taken to ensure that information is not involuntarily shared with unintended third parties. Moreover, as privacy and data security concerns continue to proliferate, regulators are giving this topic increased attention. Secure Data Transfer Options Several secure data transfer options exist in today’s marketplace. The best solution for your environment depends upon the dynamics and business practices of the organization. What are your needs? How many employees are involved with sending or receiving data containing sensitive information? Is your concern primarily with business partners, or do you need to address email attachments being sent to customers? Below are some options to consider. File Encryption: Encryption is a readily accepted method of securing an email attachment. Many companies, including banks, currently mandate all data be encrypted before being emailed to customers or business partners. Th is approach poses challenges as an enterprise-wide solution because the receiving party must have soft ware to decrypt the fi le, and both parties must understand the procedures necessary to utilize the soft ware. File Transfer Protocol (FTP): Companies have used FTP for years, and it works well for transferring data between business partners. Because FTP requires a certain level of technical expertise, it does not represent a good solution for end-users throughout the enterprise who are initiating data transfers. Maintaining an FTP site for communication with customers also requires diligence in securely maintaining the site. Secure Internet File Transfer: Th is data sharing option is an Internet-based secure fi le transfer. Using this method, the sender logs on to a secure fi le transfer server and fi les are transported via an Internet browser in an encrypted mode (using SSL) to the secure fi le transfer server. Recipients can be notified via email when a fi le is available for them. The recipient then logs on to the secure fi le transfer server and retrieves the fi le through their Internet browser over a secure, encrypted connection. The benefits of this approach are that the Internet browser is used to transfer the fi le (no special soft ware), and the fi le is automatically encrypted during transmission. Th is architecture works well for transferring data to anyone with access to the Internet, including both customers and business partners. Secure Internet Data Transfer Systems Below is a list of considerations to evaluate when selecting a secure data transfer system. Data Control: Each transfer should be automatically encrypted while in transit. Additionally, a transfer system should incorporate virus protection as well as controls for valid fi le extensions. If needed, users should have the ability to “recall” a fi le if the recipient has not yet retrieved the item. Management Control: User access should be controlled by a secure login and all activity should be audited. Audit reporting enables administrators to monitor activity. To simplify password management, integration with active directory or other user databases may be considered. The system should also include the ability to define data size limits. User Acceptance: Simplicity and ease of use are important considerations when selecting a solution. Systems that utilize tools that both employees and customers are familiar with, such as an Internet browser, will be easily adapted and widely accepted. Standard Technology: Although the technical configuration will vary, all vendors will likely utilize the standard Internet security protocol (https), which is the same technology used in Internet banking applications. In conclusion, financial institutions must take a close look at how sensitive data is currently being exchanged and identify risks and vulnerabilities. The selected system should be one that meets the needs of your institution and minimizes or eliminates these concerns. Once a solution is identified, data security policies and audit procedures should be implemented to ensure compliance. Brad Johnson is director of business development for Centrix Solutions, Inc. (www.centrixsolutions.com) in Lincoln, Neb. He can be reached at bjohnson@ centrixsolutions.com. 26 www.wib.org Western Independent Banker http://www.centrixsolutions.com http://www.wib.org

Table of Contents Feed for the Digital Edition of Western Independent Banker - September/October 2008

Western Independent Banker - September/October 2008 Contents A Message from the President & CEO What To Do When Good Employees Go Bad! Remote Deposit Capture: What’s Your Target Market? Remote Deposit Capture: Lessons Learned Debit Decoupling: Part of Larger Merchant Funding Trend Debit at the Speed of Life: A Look at Debit Technologies on the Rise ID Theft Rule: Automating the Compliance Process Lose Paper and Gain Audit Trails Data Loss Prevention: A New Package on an Old Idea Securing Data in Transit Margin Management: Get in the Driver’s Seat Shopping for Cyber Insurance WIB Service Corporation Report WIB Calendar Welcome New Members Index to Advertisers advertiser.com

Western Independent Banker - September/October 2008

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.