Take our FREE 30-Day Trial with no obligation required.

Experience for yourself why MaaS360 is a leader in MDM Solutions.

Divider

Fill out your information below to start.

Your email and personal information are confidential, and will not be sold or rented. See our Privacy Policy for more information.

Loading...
Loading...
Click here to hide

MaaS360 by Fiberlink

Financial Industry Compliance: Part 3, the FSA Data Security Report

Financial Industry Compliance: Part 3, the FSA Data Security Report

by MaaS360 staff | July 15, 2010

In our previous posts we surveyed regulations and standards with provisions that apply specifically to endpoints, and looked at the Information Security Handbook from the Federal Financial Institutions Examination Council (FFIEC) for guidance on best practices.

Here we will look at another excellent set of guidelines for financial firms, the Data Security in Financial Services report from the Financial Services Authority (FSA) of the UK. This report provides detailed recommendations on how firms can comply with The Data Protection Act 1998 (DPA), which “gives legal rights to individuals in respect of personal data processed about them by others.”

This report can be downloaded at:

http://www.fsa.gov.uk/pubs/other/data_security.pdf

Inventory and Anti-Spyware

The FSA report highlights the risk that key-logging devices and malware can capture log-on credentials and facilitate unauthorized access to personal information. Best practices to prevent this include “use of software to determine whether unusual or prohibited types of hardware have been attached to employees’ computers,” and “anti-spyware software and firewalls etc in place and kept up to date.”

Control of Laptops and Data on Devices

The report strongly recommends “The encryption of laptops and other portable devices containing customer data” and “Maintaining an accurate register of laptops issued to staff.”

Control of USB Devices

FSA authors also point to the risks inherent in the widespread use of portable USB devices. They cite as best practices in this area “The use of software to prevent and/or detect individuals using personal USB devices” and “The automatic encryption of portable media attached to firms’ computers.”

In short, in the area of controlling confidential data on endpoints, the Data Security in Financial Services report recommends encrypting data on laptops, encrypting USB devices, and implementing tools to ensure that up-to-date security features are in place on laptops and other portable devices. In fact, the FSA has fined financial firms for not effectively following these recommendations.

, , , , , , ,

Post a Comment

No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments

Get Involved!

Sign in using one of your existing social accounts.

...or manually register for a new account here.

@MaaS360 on Twitter more...

Most Active Users

vhetrick
2014_08_14
jharrington
Joe Pappano
bcampbell
KaylaBittne...
Donna Lima
jwittkopp
manthony
Kumar A
Sobek
Fov
TRUSTe European Safe Harbor certification TruSaaS
© Fiberlink Communications Corp. All rights reserved. Privacy Policy
All brands and their products, featured or referred to within this site, are trademarks or registered trademarks of their respective holders and should be noted as such.