My 7 Banking/Security Resolutions for 2010
The good news: This is one of only two times a year (post-Labor Day being the other) when you can find almost everyone in the office and rarin' to go.
The bad news: Everyone comes back from the holidays so resolved that they seem to want to get 52 weeks worth of work accomplished in just one.
Whether you know it as phishing, vishing or smishing, a socially-engineered breach of personal or business data is still a potentially devastating crime.
Not that I lack my own resolutions. In fact, coming off a pair of long, holiday weekends, I have my own thoughts about what ought to be done differently in 2010. Here, then, is my short list of banking/security resolutions for the New Year:
- Fewer Failed Banks - We saw 171 failed banks and credit unions in 2009 - more in one year than we'd seen cumulatively in the entire decade - and I'd like to see that number reduced by a lot in 2010. With 552 "problem banks" on the FDIC's list, it's likely we will see many more failures. But at the same pace? Early in the year, probably yes. But I'm hoping the numbers dwindle by June. Be great to see us closer to the 40 failures we saw in '08.
- No More Heartlands - Brace yourself now for the flood of stories coming soon to commemorate the first anniversary of the Heartland Payment Systems data breach. With an estimated 130 million credit/debit cards compromised, this was the biggest breach on record, and it represents a new generation of hack - a leap from cracking virtual piggy banks to robbing big banks. Scores of them. The Heartland breach mastermind, Albert Gonzalez has already pled guilty to the crime, but no one is foolish enough to think he acted alone or that his prosecution will deter future crimes. But we can hope ... and protect.
- Better Red Flags Compliance - It's been a full year now since banking institutions have been examined for compliance with the ID Theft Red Flags Rule, yet both the FDIC and NCUA report instances of common deficiencies among banks and credit unions whose ID theft prevention efforts aren't quite up to snuff. This is an area that requires priority handling. At a time, after all, when customer confidence has been tested more than at any other time in recent memory, institutions must redouble their efforts to protect financial and informational assets.
- And that Goes for Non-Banks, too - So far, non-banking institutions that fall under the watch of the Federal Trade Commission (FTC) have not faced Red Flags enforcement. The deadline now has been extended for a fourth time to June of this year. Enough already. We keep hearing about how medical ID theft is a growing crime, so let's quickly make sure that healthcare organizations - and others that process vital personal data - are held to the same exacting standards as banking institutions. No further delays, please.
- An End to Phishing Season - Whether you know it as phishing, vishing or smishing, a socially-engineered breach of personal or business data is still a potentially devastating crime that often can be prevented by a bit of common sense. The end of 2009 saw a wave of attacks against banking institutions and their customers, and phishing attacks were up over 600% for the year, according to experts. "The internet has never been more dangerous," warns Dave Jevans of the Anti-Phishing Working Group. But that doesn't mean users can't get a whole lot smarter about how they use it. Awareness and training are key.
- Regulatory Reform: Get 'er Done - Geithner, Obama, the House, Senate - it seems everybody had a banking regulatory reform plan in 2009, but the only one that gained any traction was the House bill, which would shuffle the existing agencies and create a new consumer protection group. No one, it seems, really doubts the need for regulatory reform in the wake of the Crash of 2008. It's the who and how that are stopping everyone. That and the shift of legislative focus from finance to healthcare. While the urgency to reshape financial regulation may have diminished in some eyes, the need has not. Legislative leaders have an historic opportunity to reshape yesterday's banking rules to fit today's reality. Here's hoping they don't let the chance pass because they're distracted elsewhere.
- Smart Social Networking - You started to see this midway through 2009 - a surge in banking institutions and employees dabbling in social networking sites such as Facebook, LinkedIn and Twitter. This number is only going to grow - and exponentially - and smart banking/security leaders will be working now to ensure the proper policies are in place to help control internal and external use. As Matt Speare of M&T Bank says: It isn't a matter of 'will your institutions leverage social networking?' You're there now or will be soon. Check out Matt's social networking webinar for more info.
OK, I'll stop here. What are your banking/security resolutions for 2010?