Key Points

• Security breaches from external threats elevate costs beyond the direct losses experienced by the financial institution
• Poor employee implementation can sabotage the best policies and procedures leading to preventable losses
• Security at the office level requires protecting multiple points of access. Financial institutions face vulnerabilities in each office, desk, and file cabinet, which contains proprietary information, customer data, or cash

Financial service companies routinely gather, maintain, and store sensitive information on the businesses and individuals they serve, increasing their risk of outside security threats. A survey of 1,100 senior security executives revealed that 86% believe their company is vulnerable to a security breach. In 2017, 42% of financial service companies experienced a breach of security, making the industry among the most targeted for both physical and cyber attacks.

The following are three key problems plaguing financial companies, increasing the risk of loss from external threats:

Problem: High Accumulated Losses

External security breaches cost financial companies much more than the direct financial loss caused by a breach. Whether the company experiences a cyber attack, robbery, or other theft, impacted companies incur costs associated with the investigation into the cause of the breach and the implementation of new protocols to prevent future losses. Solutions often involve the introduction of new technologies, requiring additional staff training.

Extensive regulatory requirements within the financial industry could increase losses, in the form of fines, penalties, and legal costs to defend the company in lawsuits directly related to the security breach. Other related expenses might include the cost of business disruption, notifying customers of the incident, and the replacement of lost information. Beyond the hard costs, companies also face public relations costs and lost customers, which can directly impact revenues.

These factors can exponentially increase losses beyond that of the initial event.

Solution: Identify Vulnerabilities and Take Proactive Measures to Prevent Security Breaches

Relying solely on company-wide security policies can leave individual offices vulnerable to a physical security breach due to the unique configuration or circumstances found in satellite offices. Beginning with a comprehensive program and then tailoring the approach to each individual building is the most effective way to protect all company and client assets and information.

“A threat and a vulnerability are not one and the same. A threat is a person or an event that has the potential for impacting a valuable resource in a negative manner. A vulnerability is that quality of a resource or its environment  that allows the threat to be realized.”

After identifying both threats and vulnerabilities, security departments can address issues at the office level before a security breach occurs.

Problem: Poor Employee Implementation of Company Policies and Procedures

Regulatory oversight demands that companies within the financial industry have policies and procedures designed to protect customer data, vendor information, proprietary company data, and cash in place. Failures can lead to corporate fines in the billions of dollars.

A company can have extensive protocols designed to secure each office and building properly. However, if employees do not effectively implement all corporate policies and procedures, the company can remain vulnerable to a cyber or physical security attack.

When the security process becomes cumbersome, employees often ignore the recommended or even required procedures. For example, a company might have the policy to keep drawers containing sensitive customer information or cash locked at all times. Employees, finding it inconvenient to lock and unlock a frequently used drawer, could fail to lock the drawer after each use, leaving the company both vulnerable and liable for any lost or stolen information.

Solution: Upgrade Technologies to Automate Procedures

New technologies allow companies to automate many processes, which reduce the breakdown and failed implementation of company-initiated protocols. For instance, financial companies can upgrade external door systems to automatically lock behind each employee, to automatically log off an employee who logs into to a second computer and automatically lock drawers left unattended.

Problem: The Need to Secure Multiple Areas

Thieves look for company vulnerabilities from every direction. They stake out an office by posing as a customer and seek to locate file cabinets, drawers, devices, or rooms, which house secure company data or cash. The potential thief wants to identify points of weakness, which will allow for a quick entry and exit, with the stolen property.

Financial companies must secure every room, file cabinet, and drawer containing sensitive information or cash. For instance, an insurance company which allows agents to accept cash premium payments could store the money in the desk drawer of each agent. At the end of the day, the office manager places the accumulated cash in a locked file cabinet for the next day’s bank deposit. In this case, each agent’s desk, and the file cabinet housing the premium payments, represent a vulnerability within the office.

A mortgage lender who accepts an applicant’s tax returns for underwriting but does not immediately scan and shred the sensitive information must store the hard copy in a secured file cabinet or drawer until they can digitalize the material. In offices where an employee meets with back to back clients and takes care of administrative duties such as scanning or faxing at the end of the day, could create a security vulnerability, leaving the employer open to regulatory liability.

Solution: Invisible and Automated Locking Technology

Offices are prime targets for a physical security breach because employees often fail to follow company established protocols. Staff may ignore company policies because they find them to be cumbersome and impractical.

Cabinet-level access control systems, such as Senseon, can help ensure employees comply with company policies by automating processes such as locking and unlocking cabinetry. These electronic locks are discretely installed within the cabinet, preventing potential thieves from easily identifying which cabinets or drawers contain valuables. With the ability to withstand 250 lbs of break force, Senseon systems can help financial service companies reduce weaknesses in security and protect themselves from data breaches.

With Senseon Plus, financial service companies can access innovative audit trail software, which enables managers to track access and monitor employee activity. This software makes it simple for financial service companies to remain compliant with regulatory standards and quickly identify the source of any security problems.

Final Thoughts

Government regulations require financial services companies to identify and address security vulnerabilities both internally and externally. These high standards, along with the rising number of security breaches among financial service companies, require a vigilant security team. New technologies, such as Senseon, can help security teams better protect themselves against breaches and losses within the financial services industry.

To learn more about how cabinet-level access control can reduce the risk of loss within financial institutions, download our whitepaper on the subject or contact us.