Many industry personnel are not assigned unique login and password details resulting in the risk of customer’s personal and financial data. Thirty seven percent of finance personnel don’t possess unique user logins leaving their organisation open to insider trading.
A new research report from IS Decisions,‘Financial services: access security compliance’, shows that over one quarter (26 percent) of finance personnel are not required to log on to their company’s network to access information even though it is a requirement of basically all rules that surround security.
Even though the FCA is in favour of new employees having access to training on financial crime risks, half of personnel did not receive the training when they began working for their organisations. An alarming 37 percent of businesses provided continuing training sessions to adhere to a decent level of security education regardless of UK compliance requirements.
Seventy six percent of employees can log in to multiple machines at the same time. The research also showed that almost half (48 percent) of organisations don’t immediately rescind access by an employee when they leave the company. This leaves the opportunity for ex-employees to steal sensitive company information.
François Amigorena, CEO of IS Decisions said: “Sensitive information should be restricted to only those who need it in order to minimise any risk of a breach or possible misuse. Identifying and implementing access control policies are requirements of the financial regulators, but it seems many UK financial organisations are not compliant with these security basics.”
SOURCE: Danielle Correa | scmagazine.com