G7 to Finance Sector: Play by These New Rules

Posted by Camden Swita on October 18 2016

G7_image.pngThe Group of Seven, a bloc of some of the largest industrial powers in the world, paid special attention to financial sector data security threats during its annual meeting earlier this month.

Citing a growing concern over massively expensive and embarrassing breaches and leaks in the industry, the Group of Seven, or G7, released a set of cybersecurity guidelines it insists governments and financial institutions follow to reduce risk.

The damages done to both financial institutions’ and governments’ reputations—not to mention the financial repercussions—by more recent incidents underscores the group’s decision to formalize a common strategy among the world’s economic powers.

Get ahead of the curve

In particular, the recent hacks of the Swift financial messaging system and an $81 million theft from the Bangladeshi central bank's account at the New York Federal Reserve have left regulators and policymakers scrambling to outline a common and comprehensive security strategy for the industry.

"Cyber risks are growing more dangerous and diverse, threatening to disrupt our interconnected global financial systems," stated writers of the three-page document containing the G7 guidelines.

Although the G7 guidelines are non-binding, they are a good indication of the direction banking and finance regulatory requirements will go over the next few years. All of the policies and activities detailed in the document are also easily accomplished today. Some are even already automated at firms and banks with the best security strategies.

Vaultize is particularly well positioned to assist banks and other enterprises in the finance sector in meeting and exceeding several key items on the G7’s list.

Governance of roles and ensure accountability

From the G7 release: “Define and facilitate performance of roles and responsibilities for personnel implementing, managing, and overseeing the effectiveness of the cybersecurity strategy and framework to ensure accountability; and provide adequate resources, appropriate authority, and access to the governing authority (e.g., board of directors or senior officials at public authorities).”

Formalizing roles in your internal data security strategy and then enforcing the rules governing those roles is no easy task, especially if you’re not using a single platform with a built-in permissions management system. Luckily, a platform like Vaultize allows you to define roles at your organization, assign users to those roles, and then pick which types of documents each role can access and edit and define how users in each role can share documents, files and data.

Accomplishing the latter part of the G7’s guideline—providing governing agencies adequate access to information on policy enforcement and data movement—can be an absolute nightmare if you don’t have a comprehensive audit system in place. Trying to manually follow the movement of your data and how users are interacting with it and sharing it, especially after it leaves your home network, is simply impossible in today’s connected business world.

Vaultize embeds DRM and audit trail information in every document your company creates, regardless of file format, which means what happens to a document will always be automatically logged. You’ll be able to monitor behavior in real time and easily produce comprehensive audit trails for regulatory agencies at the drop of a hat.

Risk assessment and mitigation

From the G7 release: “Identify functions, activities, products, and services—including interconnections, dependencies, and third parties—prioritize their relative importance, and assess their respective cyber risks. Identify and implement controls—including systems, policies, procedures, and training—to protect against and manage those risks within the tolerance set by the governing authority.”

Oftentimes one partner in a client-vendor or other business relationship has a better data security framework in place, and the weaker partner is a constant liability and source of risk. Even if your company already employs a sturdy data security strategy, it no doubt works with other enterprises that do not. Anything from office supply vendors to your internet service provider could put your sensitive data at risk if they are not doing their due diligence to protect it.

It’s essential, therefore, to employ a data security solution that allows you to maintain full control over your documents and files even after they’ve left your hands and are off with partners and vendors. With Vaultize’s DRM tools, it doesn’t matter where your data is – you will maintain control over who can access sit and be able to revoke access and delete it from specific devices for the entirety of its lifecycle. You can even prevent recipients from taking screen shots of and printing documents.

Rapidly detecting and responding to breaches

As with the above two guidelines, Vaultize is purpose-built to help financial sector enterprises tackle two more G7 best practices:

“Establish systematic monitoring processes to rapidly detect cyber incidents and periodically evaluate the effectiveness of identified controls, including through network monitoring, testing, audits, and exercises…Timely (a) assess the nature, scope, and impact of a cyber incident; (b) contain the incident and mitigate its impact; (c) notify internal and external stakeholders (such as law enforcement, regulators, and other public authorities, as well as shareholders, third-party service providers, and customers as appropriate); and (d) coordinate joint response activities as needed.”

We’ve already covered Vautlize’s audit trail generation features, which allow you to monitor in real time what’s happening to your data, who it’s going to, where they are, their IP address and so on. You’ll also be able to see what that person attempted to do to the document. For example, if they download it or try to take a screen shot, and so on. You’ll be able to easily identify likely security threats and shut things down immediately, remove compromised files from devices and adjust or revoke user permissions as needed. Over time, you’ll have real data to analyze in order to determine where your biggest security holes are and how you can patch them.

As the finance and banking sector moves to meet forthcoming regulations based on the G7’s guidelines, it pays to be ahead of the curve with a solution like Vaultize. Not only does it eliminate headaches caused by trying to conform to regulations after they’re in place, it will significantly reduce the likelihood that your company will make the news as the victim of the most recent breach.

To learn more about how Vaultize can help you and your team meet and exceed industry compliance requirements and prevent costly and embarrassing breaches, please contact our solutions team.

Also feel free to reach out to us with suggestions for blog post and webinar topics – we’re looking forward to hearing from you!

Topics: Access Control, DRM, G7, finance sector regulations, G7 summit, G7 finance, finance

Subscribe To The Blog