Financial Co’s: Don’t Cheap-Out on InfoSec

February 8, 2009 by ADMIN

Share |

By Laura Wilson, Information-Security-Resources.com Corporate Liability Editor

The following information was sent to me for analysis. According to the quote, one of the global financial companies is now doing now doing layoffs - no surprise there. (Disclosure: I do not know whether the information, which purports to be from an insider, is accurate.)

The larger issue is the frightening, industry-wide, and cross-industry propensity to try to cut costs by cheaping out on protecting sensitive information and systems. This description of the financial company’s layoffs makes me blanch: “…The departments most affected by the coming cuts will be Technology, Internal Audit, Info Sec, and huge chunks at marketing…”

My colleagues and I continue to educate about the homeland security threat inherent in failing to protect sensitive information and systems. “The current threat environment, which includes terrorism, organized theft of individual and corporate financial assets, and just-for-fun hackers, makes new security, due diligence, and risk management demands of financial services companies.”

The many stakeholders interested in protecting information are at last grasping the enormity of the threat when compromised information falls into the hands of terrorists and other criminals. The many corporate interests are starting to wake up to the organizational and individual, civil and criminal, exposure that they risk when companies fail to adequately protect this sensitive information.

Even in a business environment that demands drastic cost-cutting, lets require companies to make these hard decisions in a smart way. Put earlier and stronger controls in place. Ensure that the control teams are properly trained. Identify the existing gaps in supplier relationships.

Getting a handle on vendors and suppliers who have access to sensitive data, and bringing them ‘up to code’, is not a unsolvable problem - I’ve done it.

In slashing costs and attempting to get control of a runaway business model, it is imperative that companies not cheap out on information security.

Laura is a business consultant and an advocate for information security, consumer protection, long-term shareholder value, and better management decisions. Her specialty is finding and fixing risks and threats to sensitive data. Her experience includes international banking, credit card, and mortgage companies, venture capital portfolio companies, and software and technology providers. She practiced law in Silicon Valley during the tech boom and meltdown, handling corporate governance and information protection.

Stay Informed With RSS Feeds or Email Alerts Here: