18 Jul Banking on security
As a prime industry for potential criminal activities, the banking scene demands an incredibly high security and scrutiny over its assets, says Martin Woodhouse, Head of Traka APACMEA.
When it comes to threats to financial institutions, while the more obvious ones are observed to be external threats – thefts or intrusions by outsiders – it is the internal vulnerabilities that are most easily overlooked by many bank operators. These elements of unintentional mismanagement by employee include unreliable manual logging of key usage, erroneously providing unauthorised access to rooms, or even a mistake as simple yet serious as misplacement of physical keys. To maintain a secure environment among employees and external vendors, there is a need for banks to practice tight security operations and update existing infrastructures on an ongoing basis.
The role of branch managers
It often falls upon the branch managers to account for security management of the bank. But, with different hats to wear, including management of employees, meeting branch targets, operations management and more, it’s natural for these internal vulnerabilities – already easily overlooked – to sometimes fall out of sight.
As a branch manager, you are in charge of setting security access levels to vaults, letterboxes, technical rooms, and more, among the employees and external parties such as asset management advisors. You need to not just define who gets access to the physical and digital keys, but also ensure that your keys and security IT infrastructures are up-to-date for protection against threats that may appear.
So, to ease the load of branch managers and their teams, there is a need to employ external help to tighten security and provide comprehensive reports with audit trail of keys usage. In this way, tracing for incident-tracking or reporting for any overdue use of keys becomes much more manageable.
Technology delivers peace of mind
Thinking about how to start tackling internal vulnerabilities can be overwhelming, especially for banks with many branches and multiple levels of internal and external access. Fortunately, there are technologies available that could help.
Many banks have made it mandatory for two users to physically unlock safes using vault pairing features. This technology involves two-person authentication – having two separate, authorised staff verify and each ‘unlock’ a digital key to the safe.
Separately, there are also smart key cabinets that store physical keys using biometric, card reader or PIN-code technology. These security systems can run 24/7, even after operating hours or during public holidays, and reliably so during a power failure. For banks that depend heavily on such key cabinets, it’s essential to also integrate silent alarms or other remote lockdown features. In the event that an alarm gets activated, whether due to internal or external factors, the cabinets will go into lockdown mode until it has been deactivated. These lockdown features can also be integrated with fire alarms or access controls, seamlessly enhancing the security of a bank.
Securing digital assets
As for securing your digital assets, it’s recommended to conduct penetration tests for any IT infrastructures in place, ensuring Information Security Management Systems are regularly updated and aligned with the ISO 27001 requirements. Penetration tests exploit vulnerabilities in the bank’s InfoSec, offering a clearer view of potential threats that could arise even from leaving IT infrastructures not updated.
Finally, for banks with multiple branches around the region, it’s even more crucial to achieve extensive operational transparency across the board. This can also potentially lead to higher return of investments and increased efficiency.
Holistic security measures
A good place to start evaluating your security levels and assess suitable solutions is to seek your employees’ thoughts on current measures in place. Knowing the challenges that staff face in managing security requirements, such as their physical and digital keys, will help to shape the necessary next steps.
Branch managers can then work with solutions providers to review security systems from a more holistic perspective. Besides adopting the recommended technology that fits your bank’s set-up, it’s also beneficial to opt for employee training and ongoing assurances to ensure long-term security. These measures will work together to help you cover all bases, especially the internal vulnerabilities that are often overlooked.