finance

Mass Notification for Financial Services

Intelligent Notification | MIR3

Financial institutions are subject to stringent regulations and rules of transparency. How do such institutions use Intelligent Notification to communicate effectively while scrupulously guarding the privacy of clients?

Here are just a few examples of notification in action for finance:

A savings and loan institution suffers a power outage and systems are down; IT personnel must be alerted and mobilized immediately

A construction crew cuts the fiber optic cable to a credit union; extra staff must be notified to come in and manually tend to customers

The CSO of a large bank receives information that effects company policy; key decision makers must be called together quickly

A bank’s website experiences a breach and data may have been compromised; IT must be notified to prevent further security breaches

A large bank needs to notify people in their call center; security is rock-solid so phone and email is restricted

An opportunity is presented in the stock market; potential investors must be alerted to take full advantage

How Intelligent Notificationworks in finance

Effective notification involves more than just sending a one-way alert. You must be able to quickly determine who needs to know what, and your message must be adapted as your contacts respond, all while maintaining strict security. Intelligent Notification technology handles this complex task, rapidly launching a message to groups of any size, whether in one location or spread all over the world. It uses MIR3 data management expertise and tools to pull information from various contact databases to make sure you’re always using the latest contact information.

Intelligent Notification is used by financial institutions for business continuity and disaster recovery (BC/DR), for emergency alerting, and by IT departments to keep systems up and running.

MIR3, Inc. is the leading developer of Intelligent Notification and response software, helping organizations enhance communication, protect assets and increase efficiency.

Download Data sheet for mass notification in the Finance sector

Intelligent Notification | MIR3


Auditing the Business Continuity Process

A view on SOX and the BC Process

In a recent interesting piece by Dr Eric Schmidt of TDS Inc. he explores some of the background of the Sarbanes Oxley and looks at the implications it has for Organisations affected and specifically the impact on Business Continuity Practitioners. He argues persuasively that regulatory initiatives and world events are driving the convergence of business continuity, security and information management under the umbrella of enterprise risk management, sometimes referred to as global assurance.

US Treasury Secretary concerned over Wall St infrastructure preparedness

SecTreas investigates Wall Street preparations 


Hank Paulson, the newly appointed US Treasury Secretary, has said that he will launch a further review of Wall Streets ability to cope with another terrorist attack or a natural disaster amid concerns that power and telecommunications resilience has improved little since September 11, 2001.

On the fifth anniversary of the 9/11 terrorist attack, the Financial Times has reported that the US Treasury has asked the President's working group on financial markets to produce a report detailing the progress made on disaster preparedness in the past five years.

Online service foils ransom plot

Extortionists attack business through DoS 

It has become common practise for extortionists to target net firms and threaten to cripple their websites with deluges of data unless they pay a ransom. Not all the e-criminals are able to follow through on their threats but when the Nochex site went down at 8pm it was time to sit up and take notice.

"We get quite a few, maybe once a month so we don't always take it too seriously," he said.

In this instance though Mr Malik did contact his service provider Pipex. "They told us we were being flooded by a zombie attack," he said.

Security fears at Indian Call Centre

Information  could have been used to clone credit cards

Police are investigating reports that an Indian call centre worker sold the bank account details of 1,000 UK customers to an undercover reporter.
The Sun claims one of its journalists bought the personal details from an IT worker in Delhi for £4.25 each.

They included account holders' secret passwords, addresses, phone numbers and passport details, it reports.

City of London Police has begun an investigation after being handed a dossier by the newspaper.

While the allegations made in the dossier are very serious, City of London Police would like to remind people that incidents of this kind are still relatively rare City of London Police

The centre worker reportedly told the Sun he could sell up to 200,000 account details each month.

Details handed to the reporter had been examined by a security expert who had indicated they were genuine, the paper said.

The information passed on could have been used to raid the accounts of victims or to clone credit cards.

'Reflect on decision'

More than one bank is thought to be involved in the fraud.

A police spokeswoman said officers were not yet aware of "the breadth of what we are going to be investigating".

"While the allegations made in the dossier are very serious, City of London Police would like to remind people that incidents of this kind are still relatively rare," she said.

The Amicus union said it had warned of the "data protection implications" of offshoring financial services.

"Companies that have offshore jobs need to reflect on their decision and the assumption that cost savings benefiting them and their shareholders outweigh consumer confidentiality and confidence," senior finance officer Dave Fleming said.

Continuity Forum Comment

In the past few months we have seen an increased media focus on the security of Electronic Banking Systems with both TV and Print news sources citing alarming lapses in the procedures followed.

While technology can go a long way to 'secure' information there remains for many the issue of the 'insider'.

Whilst a lot of time and money is spent combating external Security threats it appears as though there is still some way to go to protect the organisation and its stakeholders from the actions of someone on the 'inside'. Whatever the motivation, Greed or Revenge, the threat posed can be far greater both in financial terms and in damage to the Reputation of the organisation.

To help you consider the risks to your organisation we have listed below some of the common characteristics of the 'insider' below:

Insider Characteristics

The majority of the insiders were former employees.

• At the time of the incident, 59% of the insiders were former employees or contractors of the affected organizations and 41% were current employees or contractors.

• The former employees or contractors left their positions for a variety of reasons. These included the insiders being fired (48%), resigning (38%), and being laid off (7%). Most insiders were either previously or currently employed full-time in a technical position within the organization.

• Most of the insiders (77%) were full-time employees of the affected organizations, either before or during the incidents. Eight percent of the insiders worked part-time, and an additional 8% had been hired as contractors or consultants. Two (4%) of the insiders worked as temporary employees, and one (2%) was hired as a subcontractor.

• Eighty-six percent of the insiders were employed in technical positions, which included system administrators (38%), programmers (21%), engineers (14%), and IT specialists (14%). Of the insiders not holding technical positions, 10% were employed in a professional position, which included, among others, insiders employed as editors, managers, and auditors. An additional two insiders (4%) worked in service positions, both of whom worked as customer service representatives.

Insiders were demographically varied with regard to age, racial and ethnic background, gender, and marital status.

• The insiders ranged in age from 17 to 60 years (mean age = 32 years) and represented a variety of racial and ethnic backgrounds.

• Ninety-six percent of the insiders were male.

• Forty-nine percent of the insiders were married at the time of the incident, while 45% were single, having never married, and 4% were divorced.

• Thirty percent of the insiders had been arrested previously, including arrests for violent offences (18%), alcohol or drug related offences (11%), and nonfinancial/
fraud related theft offences (11%).

Organization Characteristics

The incidents affected organizations in the following critical infrastructure sectors:

• banking and finance (8%)

• continuity of government (16%)

• defence industrial base (2%)

• food (4%)

• information and telecommunications (63%)

• postal and shipping (2%)

• public health (4%)

In all, 82% of the affected organizations were in private industry, while 16% were government entities. Sixty-three percent of the organizations engaged in domestic activity only, 2% engaged in international activity only, and 35% engaged in activity both domestically and internationally.

Below we have outlined some of the effects on the organisation:

Consequences for Targeted Organizations

Key Findings

• Insider activities caused organizations financial losses, negative impacts to their
business operations and damage to their reputations.

• Incidents affected the organizations’ data, systems/networks, and components.

• Various aspects of organizations were targeted for sabotage by the insider.

• In addition to harming the organizations, the insiders caused harm to specific
individuals.

Supporting Data

Eighty-one percent of the organizations experienced a negative financial impact as a
result of the insiders’ activities. The losses ranged from a reported low of $500 to a
reported high of “tens of millions of dollars.” The chart below represents the percentage
of organizations experiencing financial losses within broad categories.
Percentage of Organizations Financial Loss

Direct Financial Loss   Percentage
$1 - $20,000   42
$20,001 - $50,000   9
$50,001 - $100,000   11
$100,001 - $200,000   11
$200,001 - $999,999   7
$1,000,001 - $5,000,000   9
Greater than $10,000,000   2

For the full 45 page Report or to comment on this piece please mail us HERE! or call Russell Price directly on +44 (0) 208 993 1599.

 

Trojan holds PC files for ransom

A unique new kind of malicious threat which locks up files on a PC then demands money in return for unlocking them has been identified. The program, Trojan.Pgpcoder, installs itself on a vulnerable computer after users visit certain websites and then turns files into gobbledegook, holding them to "ransom"

Basel Committee issues updated guidance on the compliance function in banks

This update provides basic guidance for banks and sets out banking supervisors’ views on compliance in banking organisations.


Using a framework of principles, the latest update illustrates how compliance with the laws, rules and standards that govern banking activities helps to maintain a bank’s reputation with its shareholders, customers, employees and the markets. At the same time, the paper incorporates sound practice guidance to assist banks in designing, implementing and operating an effective compliance function. To optimise its usefulness to all banks, they stress that a single framework of principles for effective compliance risk management does not restrict individual banks to a single organisational or operational approach. However, each bank must be prepared to demonstrate that the approach adopted is effective in dealing with the bank’s unique compliance risk challenges.

Syndicate content

Business Continuity Forum creating Resilince and security

Creating Continuity... Building Resilience...