regulatory noose and ended relationships with certain Caribbean banks to protect themselves from financial fraud, money laundering and terror financing. This de-risking or“ de-banking” movement threatens the Caribbean banking industry and fosters isolation amongst the global financial community. According to Reuters Investigates( 2016),“ the loss of banking ties to the U. S. endangers the region’ s economic stability by inhibiting trade, banking and government officials say” 5. Now more than ever, Caribbean financial institutions have a reason to protect their corporate brand and image and secure their most valuable asset – their data.
“ There are no quick fixes, no magical
solutions to prevent cyberattacks not even in the Caribbean, a region known to be‘ secure’
”
Along with pressure from their banking customers and tighter scrutiny by US federal regulators for the sake of de-risking, Caribbean financial institutions are also under great scrutiny from the United States to meet strict compliance requirements. Enacted in 2010, the Foreign Account Tax Compliance Act( FATCA)“ requires foreign financial institutions( FFIs) to report to the US Internal Revenue Service( IRS) information about financial accounts held by US taxpayers, or by foreign entities in which US taxpayers hold a substantial ownership interest” 6. As of August 30, 2016, nine Caribbean countries are under FATCA compliance: Bahamas, Cayman Islands, St. Kitts and Nevis, Barbados, Curaçao, St. Vincent and the Grenadines, British Virgin Islands, Jamaica and Turks and Caicos Islands. Caribbean governments have been under pressure to sign the relevant agreements, and failure to comply often results in stiff penalties inclusive of losing their correspondent banking relationships for the domestic banks.
Most recently, the Caribbean Association of Banks( CAB) itself encouraged all Caribbean countries to comply with FATCA by signing Intergovernmental Agreements( IGAs) before December 31, 2016 7. To avoid hefty fines and comply with regulations, Caribbean financial institutions are best advised to form a corporate compliance committee, or at minimum appoint a Compliance Officer to manage compliance before and after becoming FATCA compliant. Unfortunately, many financial institutions do not have the necessary funds or internal expertise to do so. A trustworthy security service provider can assist in implementing and maintaining an organisation-wide compliance program.
10 Effective Security Habits to Protect your Financial Institution: We’ ve gathered the most effective security best practices you can implement to better secure your critical data assets and improve your security posture.
1. Focus on the right threats The average company faces threats from malware, human adversaries, corporate hackers, hacktivists, governments and even malicious insiders. In order to be truly secure, we are asked to install hundreds of patches each year to operating systems, applications, hardware, firmware, computers, tablets, mobile devices, and phones – yet zero day exploits and other security issues leave us vulnerable. Take the time to identify your company’ s top threats, rank those threats, and concentrate the bulk of your efforts on the threats at the top of the list.
2. Know what you have Establish an extensive, accurate inventory of your organisation’ s systems, software, data, and devices. Most companies don’ t have a comprehensive understanding as to what is really running in their environments. How can you even begin to secure what you don’ t know? The best companies have strict control over where their critical assets are in the organisation.
3. Remove, then secure An unneeded program is an unneeded risk. The most secure companies pore over their IT inventory, removing what they don’ t need, then reduce the risk of what remains. This applies not only to every bit of software and hardware, but also to their data as well. Eliminate unneeded data first, then secure the rest. Intentional deletion is the strongest data security strategy. Make every new data collector define how long their data needs to be kept. Put an expiration date on it. When the time comes, check with the owner to see whether it can be deleted.
4. Run the latest versions and patch quickly! This advice is so common it has become a cliché: Patch all critical vulnerabilities within a week of the vendor’ s patch release. If your company takes longer than a week to patch, it’ s at increased risk of compromise – not only because you’ ve left the door open, but because your most secure competitors will have already locked theirs. Also, the best security shops stay up on the latest versions of hardware and software. The latest software and hardware comes with the latest security features built-in, often turned on by default. The biggest threat to the last version was most likely fixed for the current version, leaving older versions that much juicier for hackers looking to make use of known exploits.
5. Educate your users! Education is paramount. Unfortunately, most companies view user education as a great place to cut costs, or if they educate, their training is woefully out of date, filled with scenarios that no longer apply or are focused on rare attacks. Effective user education focuses on the threats the company is currently facing or is most likely to face. It should be led by professionals and must involve the employees themselves. Security staff also needs up-to-date security training each year to stay informed about the latest threats to corporate security.
22