UK banks that are open up customer data to third parties must follow a three-phase IT security process to ensure this information is fully protected along their journey.
Firstly, banks must ensure that their partners’ and their own networks have adequate network security protection before, during and after the data transfer. Both banks and third parties should anticipate an increase in data traffic and have next-generation firewall technology in place to ensure they can ramp up network protection during particularly busy transfer periods.
Secondly, banks should guarantee that customer data are sufficiently encrypted prior to sharing with third parties. In case of a security breach, encryption shields sensitive customer information contained in transactions, so that even if it were subject to a breach, sensitive data would not be accessible.
Lastly, UK banks should ensure that both they and third parties have adequate identity and access management controls in place when receiving customer data to guarantee it is only viewed by those who have a valid business reason to do so. If this measure is not followed, data could be viewed by unauthorised parties, resulting in failed audits, or malicious or unintentional public disclosure of personal data that could impact the bank’s reputation.
If banks are to maintain the integrity of customer data, it is essential these measures are in place and that they and third party service providers continuously review and update security software to ensure ongoing protection.
Florian Malecki is international product marketing director at Dell Security
Share this story