In recent times, the Financial Services Authority (FSA) has issued numerous seven-figure fines for information security failures, all of which have received wide-ranging coverage in the national press. It’s not just the threat of financial penalties that should be considered however. The damage in bad PR and loss of faith can be considerable, resulting in the need for extra investment in marketing and resources to counteract the impact of the negative publicity that inevitably comes with a security breach.
Companies suffering from a breach are scrutinised over how secure the information was and how it was breached. Questions will be asked regarding the adequacy of encryption, firewalls, the training of staff and, in some cases, why the information was public facing. Could you answer these questions in a positive light if it was your company?
There are many FSA rules and regulations businesses in the financial services sector must abide by, but when it comes to securing customer data the very minimum should be perimeter safeguards to prevent Internet-based data security compromises. In the event that your company were to suffer a security breach resulting in the loss of customer data, would you be able to demonstrate that the necessary steps had been taken to minimise this risk, therefore presenting this as part of a case that you should not be liable to a fine?
If you’re a US organisation, subsidiary or have commercial operations in the US, you will most likely be required to have annual independent security testing to follow information assurance and governance guidelines for Sarbanes-Oxley (SOX) compliance, to ensure Section 404 is being adhered to and sensitive user information is secure.
Regular security testing performed by NTA has become an established feature of best practice, audit and risk management procedures for many companies in the financial sector, and will assist you with demonstrating that due care and diligence has been taken.
One of the team is always willing to discuss any specific requirements or questions you might have so feel free to contact us.
I wish to highlight the outstanding work that your consultant undertook whilst doing the ICT Health Check for the Council.
Particularly notable was the level of technical knowledge displayed by NTA’s consultants, and we were also impressed that they were willing to share this knowledge with the network team.
We have found NTA to be an excellent supplier, offering a very good service at a competitive price. A key differentiator is that they are happy to answer any questions...
I have found NTA to be an approachable knowledgeable partner, and have no hesitation in recommending their services.
The quality of both the initial work and follow-up advice and guidance was excellent, and NTA provided full lifecycle support to the development and delivery of our Online Services portfolio.
On one occasion our third-party did not believe the vulnerability was an issue - having had their software tested by another well-known security testing company - and NTA Monitor were...
NTA Monitor are very supportive, especially regarding general questions about Information Security issues such as hacking and vulnerabilities.