A Research Project Presentation
Online Policies for Enabling Financial Companies to Manage Privacy Issues
NAME:
Course:
1
Introduction
Companies in the financial sector handle data that are a priority for hackers.
Organizations invest in vast technologies for protecting the data from unauthorized access.
However, they do not adequately invest in behavioral measures for safeguarding the data.
Companies in the financial sector face numerous attempts by the cybercriminals who target stealing data stored in the systems. The corporations handle confidential data that could be used for committing crimes, such as impersonation and illegal transfer of money (Noor & Hassan, 2019). It is a major concern whether financial institutions have effective policies that ensure the data are properly secured from both internal and external threats. Financial companies, especially those that spread across the country have always focused on investing in technologies that promote the privacy of the data and the systems. They are deploying technologies, such as cloud computing, which promote the privacy of the data. Also, they use Bcrypt technologies to encrypt data via algorithms that will take hackers decades to decrypt a single password. Though they invest in such technologies that cost millions of dollars, there are questions whether they invest in behavioral measures to protect the data systems (Noor & Hassan, 2019). Such measures require the use of online policies that will ensure that internal and the external users can adhere to best practices that make them less vulnerable to attacks, especially the social engineering attacks that target unsuspecting users.
2
Literature Review
Financial companies have implemented policies for promoting desirable user behaviors.
They provide guidelines on how to use the networks.
They do not require the users to follow strict rules, which indicates the inefficiency of the policies.
Financial companies have implemented policies on how customers access their data remotely. Such policies outline the standards that customers must follow such as the multi-factor authentication, which aims at ensuring that no unauthorized users access the data (Suchitra &Vandana, 2016). The policies are communicated to the customers when they provide their data. It is an effective approach that mainly ensures that customer must follow certain guidelines that promote the overall security of the data. However, Timothy Toohey (2014) questions whether the policies apply to the side of the users who are very likely to exhibit behaviors that expose data to threats. For instance, the customers may use devices that have weak antimalware tools. Such devices create an avenue that a hacker can use and access the system.
3
Research Method
The researcher will employ a case-study design.
It means that the researcher will focus on individual cases and analyze them.
Interviews and observation will be the primary tools of data.
The data will be analyzed while paying to attention to every organization.
The study will employ a case study design. The goal of the researcher is to find out the effectiveness of the user and online policies that financial organizations put in place. It will investigate whether the enforceability of the policies has a direct impact on the security of the networks. The approach is a multiple-case design that will utilize longitudinal examination of the selected case studies, which are financial organizations that have implemented online policies to safeguard data. The analysis will tell whether the policies help lower the levels of vulnerability. The researcher will access explanatory case studies and examine the data closely at both deep and surface levels. To gather the required data, interviews and observations will be conducted. The interviews will involve IT experts and professionals who have been in the industry in the last three to five years. Structured interviews will be scheduled and will be requested to provide data on the vulnerability of the systems in relation to the online policies that have been put in place. To avoid and suppress the presenting confounding variables, the researcher will structure the interview questions in a manner that will only provide information on the networks. The questions will avoid any personal information as it might introduce bias. Also, the interviews will centralize the data and privacy position of the system and ask questions that closely relate with it.
4
Results
The table outlines the various types of policies that are put in place by the financial institutions with the aim of controlling user behaviors. Only 78% of the current financial institutions fully implemented most or all of the policies outlined above. 48% of the organizations implemented three or less, which indicates that the organizations prefer the use of technical controls more than the behavioral controls (Zachosova & Babina, 2018).
5
Discussion
Efficiency is high if enforceability is also high.
Organizations are unable to enforce all the policies, hence the varying levels of efficiency.
They should pay attention to policies they can enforce, such as Acceptable Use Policies.
It is clear that the efficiency of the policies is high if there is a high level of enforceability. It is likely for an organization to realize better outcomes from the policies if they can enforce and require all users, customers and workers to follow certain guidelines. Most of the users are reluctant because they do not consider themselves vulnerable to cyber-attacks. As such, they exhibit behaviors, such as the use of devices without effective and updated malware tools. To enforce the policy, the organization should have recent technologies that can detect such systems and block their access to the system. Such technologies are expensive to purchase and maintain, hence not a priority for most organizations. It is imperative to note that enforceability is easier for the internal parties, such as workers and the corporate personnel. Most financial institutions have IT teams of professionals that are required to make follow-ups, evaluate, and compile reports regarding the behaviors of the workers. Also, they are required to offer training classes for all the workers, hence are frequently able to identify undesirable user behaviors, which are then addressed.
6
Conclusion
Financial companies should not only focus on the technical controls but also the behavioral controls.
Policies with high levels of enforceability produce better results.
Acceptable user policies, information security policies, and access control policies have a higher level of enforceability, hence should be emphasized.
The user policies are essential elements in the promotion of data privacy and security for the financial organizations. The institutions should not focus only on the data security technologies, but should also invest in promotion of positive user behaviors through formulating enforceable policies at both the internal and external levels. The project has shown that the enforceability of the user policies directly impact the vulnerabilities in the system. The preliminary data indicates that not all the policies put in place will have a positive impact on the information security system. Acceptable user policies, information security policies, and access control policies have a higher level of enforceability, hence financial institutions should mainly focus on them. They should be designed in a manner that is not only simple and clear but also practical. It will be easier for the needed follow-ups to be made and promote the overall positive behaviors, especially from the external parties that do not regard information security as essential.
7
References
Noor, M. M., & Hassan, W. H. (2019). Current research on Internet of Things (IoT) security: A survey. Computer Networks 148(15), 283-294.
Suchitra, C., & Vandana , C. P. (2016). Internet of Things and Security Issues. International Journal of Computer Science and Mobile Computing 5(1), 133-139.
Toohey, T. J. (2014). Understanding Privacy and Data Protection. New York, NY: Thomson Reuters.
Zachosova, N., & Babina, N. (2018). Identification Of Threats To Financial Institutions’ Economic Security As An Element Of The State Financial Security Regulation. Baltic Journal of Economic Studies 4(3), 80-87.