(619) 335 - 1168

How to protect your financial apps from getting hacked

pic post_8-10-16There’s been no shortage of high-profile hacks over the last few years — think Target, Sony and Ashley Madison — but one sector that hasn’t made as much news for breaches is financial. According to the Identify Theft Resource Center, out of the 781 data breaches tracked in the United States in 2015, just 71 were banking-related.

While that may be welcome news to the millions of people who use financial websites and apps, that number is rising, jumping by about 50 percent from the year before. And with more people using everything from personal finance applications and robo-advisor sites to fraud-detection programs and mobile wallet software, we’ll likely see more hacks in the future.

“There’s a huge amount of benefit to leveraging technology to bring insights to your account, but there’s always a risk when you start to consolidate all of that information into one program,” said Kennet Westby, co-founder and president of Coalfire, a Westminster, Colorado-based cybersecurity advisory that has a number of financial clients.

Generally, apps and websites from banks and other well-known financial institutions are considered fairly safe from intrusion, in part because they have the money to spend on security. Reportedly, Bank of America will spend $400 million in security this year alone, while other banks are also spending copious amounts of money to keep their virtual walls secure.

However, even big security budgets can’t always prevent a major hack. In 2014, JPMorgan Chase was the target of one of the largest breaches in American history. Hackers broke into its network and stole data — names, email addresses and phone numbers — from 83 million customers. Not surprisingly, the company has increased its cybersecurity budget this year, from a reported $250 million to $500 million.

Of course, not all financial companies have such big security budgets. Many start-up companies don’t have the resources to throw at security nor the many decades of history in trying to keep client money safe, said Westby.

For instance, in 2010, Blippy, a social-media-meets-financial site that allowed people to share credit card purchases with other users, was found to have accidentally leaked some of its customers’ credit card information on Google. The company shut down a year later.

While Westby thinks that consumers should use financial apps and sites, they also need to be aware of what they’re using and what kind of information they’re sharing online.

Read the fine print

It’s unlikely you’ll find a company that says it has no security, so it’s up to the user to make sure the company is protected.

Start by reading the company’s security and privacy disclosures, which should be somewhere on their site, said Westby. You want to be able to get a sense of how they’re managing their security and privacy programs and what kind of responsibility they’re willing to take if a breach occurs.

The next step is to look at the company’s security certifications. A payments card company, for instance, should have the PCI certification, which is given out by a Qualified Security Assessor under the PCI Security Standards Council program.

Other financial institutions might be audited and certified under the Federal Financial Institutions Examination Council (FFEIC). Mint, the personal finance app, is certified through the TRUSTe Privacy Seal Program, which is another popular data privacy management company.

Finally, make sure the company’s privacy and security programs have been validated by a third party. The big four accounting firms do this, said Westby, as do businesses like Trustwave, Verizon and Coalfire.

“You don’t want the company to just say, ‘We’re secure. Trust us,'” said Westby. “You want someone to validate that they’re actually doing it.”

Read more about it here: http://cnb.cx/2b8sm7p

‪#‎JacksonAndAssociatesTrialLawyers‬ ‪#‎AgeDiscrimination‬ ‪#‎SexualOrientationDiscrimination‬ ‪#‎ReligiousDiscrimination‬ ‪#‎NationalOriginDiscrimination‬ ‪#‎DisabilityDiscrimination‬ ‪#‎Harassment‬ ‪#‎Retaliation‬ ‪#‎WrongfulTermination‬ ‪#‎RaceDiscrimination‬ ‪#‎LA‬ ‪#‎SexualHarassment‬ ‪#‎LosAngeles‬ ‪#‎California‬

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Posts In Your Email

California Sexual Harassment and Discrimination Attorneys Disclaimer:
The California employment law, trial information, mediation or other legal information presented at this site should not be construed to be legal advice, nor the formation of an attorney-client relationship. Any results set forth herein are based upon the facts of a particular case and do not represent a promise or guarantee with respect to your case.

619-335-1168 | P.O.BOX 191426 SAN DIEGO, CA 92159
© 2015 Jackson & Associates All rights reserved. | Sitemap