5 Steps for Securing Customer Financial Data

Table of Contents

First, there is the reputational damage that comes from leaked data. Then there is the cost of cleanup, which typically runs between $3.86 million and $8.64 million. Finally, there are regulatory repercussions from violation of the patchwork of rules that govern financial data, including the Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley (SOX), California Consumer Protection Act (CCPA), and others.

Sensitive data that is insecure is the stuff that keeps security and compliance professionals up at night. And the scary part is that it happens all the time. Roughly 73 percent of businesses admit that they have encountered sensitive data leaks in the past year, according to Microsoft research.

Due to the high cost and stringent regulations around customer financial data, mitigating the risk of financial data exposure is a critical task for businesses that interact with such data.

Broadly, there are five key steps for ensuring that businesses are doing all they can to protect this sensitive data in an age where shadow IT is proliferating, employees are increasingly working from home on personal devices, and new technologies are opening up additional threats for data exposure.

Step 1: Define the Scope of Data to Protect

Customer financial data encompasses many possible pieces of data that can exist on many different systems and in many different formats.

Before customer financial data can be secured, it is important that security professionals define all the types of financial data that must be secured, including account details, financial records, recorded financial histories, personally identifying information (PII), etc. The formats and locations where this data might exist also must be defined, including the universe of possible databases, spreadsheets, reports and call recordings where customer financial data might live.

Undefined data cannot be protected.

Step 2: Categorize the Data

The security systems and procedures for customer financial data will vary depending on the category of data. The way that financial transaction information is handled and secured likely will be slightly different than the way a company handles data that gives access to a financial account, for instance.

So once the scope of customer financial data is established, categories should be defined for the various ways this data might need to be handled—and each type of data should be mapped to the appropriate categories. This categorization should factor in the various regulations that apply to the organization so data that is regulated by a given law is appropriately tagged and processed according to its regulatory requirements.

Step 3: Discover Where the Data Lives

The intended location of customer financial data is not where it always lives in practice. Even if there are strict protocols for handling customer financial data, it often is the case that some data has leaked out into other systems or migrated unintentionally to employee devices in the normal course of business. There might even be data stores that have gone unnoticed and contain customer financial data, such as a backup server that unintentionally houses customer reports.

Perform a scan of all corporate resources so the true location of all corporate data is known. This scan must be comprehensive so all data can be discovered and protected.

Step 4: Tag Data by Category

Automating security and compliance processes is essential for securing data appropriately. For automation to apply the right security and processes, however, each piece of data must be classified so automation processes know when and how to act.

So once the full universe of corporate data has been uncovered by data discovery, the next step is labeling each piece of data with the appropriate classifications as defined earlier in the categorization step.

Most businesses will want to leverage data discovery and classification platforms to automate the classification process, combined with a manual review of the classification to make sure all data is labeled correctly. If a modern classification solution is used for the tagging, this manual review mostly will entail double-checking that data has been classified appropriately.

Step 5: Secure Data According to Classification

Then there is the actual securing of customer financial data, the critical step that only can come after scope and categorization have been defined, as well as discovery and data tagging.

While the methods that a business uses to secure customer financial data will vary, they likely will include strict access controls, data encryption both in transit and at rest, firewalls and real-time threat scanning, and automatic logging of all data access, among other methods.

Security methods and processes likely will vary depending on the classifications that have been established earlier.

Whatever security methods are employed, the key takeaway is that securing customer financial data—or any sensitive corporate data resource, for that matter—hinges on discovery and classification. More than 90 percent of data breaches occur because of human error, and a failure to have the right preventative measures in place enables these errors. When sensitive data is known and classified, appropriate safeguards such as access controls and monitoring can be put in place.

For more on our Qostodian products and how it can simplify data discovery and classification, schedule a demo.

A propos de l'auteur

A propos de l'auteur

Recommended for you

category visionaries
Podcasts
Our co-founder and CEO, Jean Le Bouthillier, takes the mic with host Brett Stapper, delving deep into the thrilling world of data securit...
understanding dsp and dspm. highlighting the key differences between data security platform and data security posture management.
Blog
In today’s data-driven world, organizations face a vast array of security challenges and threats. Safeguarding sensitive data is no...
product vid (5)
News
We’re excited to share the latest developments with our Qostodian data security platform for Microsoft 365. Building on our initial...
fdbr
Blog
In a world increasingly driven by technology and data, the importance of safeguarding digital privacy has become a paramount concern. On ...
V (1)
Blog
In the ever-evolving landscape of data privacy and security, the Virginia Consumer Data Privacy Act (VCDPA) stands as a significant devel...
RISK
Blog
In today’s digital landscape, where data breaches and cyberattacks have become increasingly prevalent, the concept of risk reductio...
By initiative
Regulatory compliance:
Find, classify and inventory all sensitive data, across every data source
Data breach prevention:
Monitor sensitive data 24/7, track data lineage, and enforce policies at endpoints
Microsoft 365
One easy-to-use platform to secure sensitive data on Windows workstations and M365
By regulation
GDPR
CCPA
GLBA
VCDPA
NYCRR
UCPA
PCI-DSS
CPA
Law 25
Why Qohash
Defy legacy limitations
What our customers say about us

Contact us​