Founders Bank & Trust — a five-branch bank based in Grand Rapids, Mich. – faced the same challenges in keeping customer data secure as larger financial institutions in compliance with regulations. Network Administrator Tom Vanden Bosch talks about software he deployed that encrypts data and locks down laptops in the event of theft in this Q&A with IncTechnology Editor Elizabeth Wasserman.
Elizabeth Wasserman: What is the greatest IT security threat facing the bank today?
Tom Vanden Bosch: I would say that is a breach of customer information. That would be our number one concern. There are so many different avenues where customer data is manipulated that we just don’t necessarily always have a good handle on how that information is being transmitted. Online banking does contribute to that liability. But, in the financial world, we’re held to a much higher set of standards because of regulatory objectives we have, as well as Sarbanes-Oxley requirements. Those two items are primarily the driving force.
Wasserman: How do you protect customer data?
Vanden Bosch: Basically you want to seal off areas that you have the least amount of control over. Securing laptops is one of the top three items that IT security auditors are pushing for in our industry. They say we need to be making sure those devices are encrypted. That laptop is a mobile data base of customer data. Obviously, securing company laptops was our primary objective when we started dealing with this issue. Naturally we wanted to extend that protection to flash drives, MP3 devices, and anything else that attaches to our bank equipment. We went with GuardianEdge, which has a full suite of products for device control, hard disk encryption and endpoint encryption. That means we can encrypt our data and prevent or restrict activity on our network that has the potential to generate liability for us. Another nice feature is the auditing piece that tells us who is connecting what to what device and what data they’re moving back and forth across those devices.
Wasserman: How does the software help you prevent data breaches?
Vanden Bosch: We can lock down a device so that the CD Rom drive or USB port becomes untouchable. If a laptop is lost or stolen and does not communicate with the encryption server for a certain amount of time it becomes unusable, and this time frame is customizable. Once a device is locked out, the only way to unlock it is to go through IT administration or format the hard drive.
We’re not just relying on the software to keep us safe. In addition, we’re also in the middle of a project to reclassify our data on the network to establish policies to restrict data on the network based on who has permission. Our employees have to be educated to understand the risks that they could expose us to. That’s a major part of the equation, too.