For Financial institutions that manage our money and our valuable personal information, data security has become a critical concern amid increasing incidents of identity theft, and growing apprehensions about business continuity in the event of terrorist acts and national disasters.

These concerns, and federal legislation such as the Gramm-Leach-Bliley Act (GLBA), also called the Financial Services Modernization Bill, have forced financial companies to rethink their security measures. Most banks have assembled their own internal task forces to address data security and are investing regularly in new technology systems, training employees and educating their customers.

“I think people’s awareness of identity theft has been growing,” says Cindy Tetrault, vice president and manager of Web Services for Commerce Bank. “Our customers have been latching on to the information we provide and taking it very seriously.”

Testing for Security and Continuity 

Depending on a bank’s charter, it may be regulated by the Federal Reserve Bank, OCC, FDIC or the by state in which it operates. Jackie Nugent, Assistant Examiner for the Federal Reserve Bank, helps conduct annual GLBA compliance and risk assessment testing of banks.

“We look to see that the bank conducts tests and that they are compliant with Gramm-Leach-Bliley and are protecting customer information,” says Nugent. “We also look to see that they are doing background checks on employees and third-party vendors who are privy to customer information.”

Examiners from the Fed will also walk around the bank building to be sure that customer information is being physically protected, says Nugent. This may include making sure that the computer room is locked, that computers are password-protected and locked when not being used, that employees do not have customer passwords or allow customer information to lay about on their desks, and that there are proper procedures in place for locking and shredding paper documents.

While ratings from these audits are not public information, they can impact a bank’s overall rating. Even more importantly, Nugent says, banks recognize that their reputations are at stake if a data security breach occurs.

Secured Technology LLC, headquartered in Stillwell, Kan., works with about 80 banks in six states conducting penetration tests, internal vulnerability tests, and other tests to help banks improve their data security measures and keep them up to par. Founder and Managing Director John Block saw a business opportunity with the passage of GLBA in 1999 and put his background in bank liability management and public accounting to work in order to create the company.

“Regulations are expanding due to the treachery in the environment. All big banks have been affected by penetration and phishing attempts—it’s exploded,” says Block.

Block suggests that an epidemic of data theft and misuse—which he says may have started out with highly trained individuals attempting to hack large organizations’ computer systems as a test of skill—has now become a criminal enterprise in which thieves sell identities and penetrate banks in order to run transactions for profit.

Penetration tests gauge the effectiveness of a bank’s security system by attempting to gain access from computer systems from outside the system. Block will also run tests that try to crack passwords—typically, he can get 85 percent of passwords in less than two minutes. And he looks for all of a bank’s software to be up-to-date with the latest security patches. Through these tests, weaknesses in a bank’s systems are identified. Secured Technology then provides suggestions for improving data security functions.

In addition to the focus on data security for the purpose of protecting customers’ personal information, there is an increased focus on what those in the industry call “business continuity disaster recovery.” This push stems from events such as September 11 and Hurricane Katrina, in which the interruption in the flow of business for financial organizations negatively impacted the entire national economy.