Name: Konrad Martin
Title: CEO, Tech Advisors
Industry experience: 20 years
Konrad Martin is the CEO of the IT and cybersecurity firm Tech Advisors, which has offices in Medfield and Boston. The company provides businesses of all sizes with a range of services including network security, converting information to the cloud and disaster recovery. The company has developed its own cloud platform, which sets it apart from many of its competitors. Nearly half of Tech Advisors’ clients are financial institutions and the company recently conducted a cybersecurity seminar in conjunction with Webster Bank, aimed at helping their clients be more cyber aware. Banker & Tradesman caught up with Martin to discuss common threats financial institutions face and how they can prevent hacks.
Q: What is your cloud platform? How is the cloud in general better for financial institutions, with regards to protection of information?
A: Our platform is a tier 4 data center, which is the highest rating available. Externally, the structure is virtually impenetrable. It is built with 18-inch concrete walls, which are wind and hurricane tested, capable of withstanding winds up to 400 miles per hour. There is top notch security and redundant backup to other locations and 24/7 monitoring.
Second, from an operational standpoint, being in a secure cloud platform assures a financial institution that its information is backed up and protected. For anyone entrusted with the protection of customer financial information, good isn’t enough. Great is what you need. With cloud protection, if a financial officer’s machine becomes compromised, we can isolate it almost immediately, can shut it down while saving all of the information and prevent the machine from infecting other machines. Seconds count in a cybersecurity breach. With the more traditional, non-cloud method, it involves having a technician either go to the location or perform the maintenance and repair online. The traditional method requires more time and allows more opportunity for infection of data.
Q: How common are hacking attacks at financial institutions and how can a financial institution best protect itself against a hack from outside forces?
A: Hacking attacks are more common than many believe – and there are many additional attempts that fail. Financial institutions are a prime target of hackers because of the volumes of information they hold on customers is all great fodder for identity theft should the information fall into the wrong hands. Every financial institution should absolutely be protected with a cloud data center, which provides the highest level of security because there are people watching to see if anyone is trying to infiltrate. But before getting to that level, an institution can best protect itself with a comprehensive training of the people who work there. Most states have personal data breach laws, which require some type of written information security program which identifies the security policies of the firm.
President Ronald Reagan once said “Trust but verify” in speaking of dealing with foreign nations, and that advice holds true for anyone working at a financial institution when it comes to emails and links on computers. If you see something suspicious, verify it before opening. Don’t get tricked! If your CEO asks you to send them the W2s for 10 employees, call first to make sure it was really the CEO who made the request and not someone who infiltrated the system. The same goes for wiring funds for a customer into an account. Today’s hackers are very sophisticated. They can make something look very convincing and if you open a link that is intended to let a hacker into the bank’s system, there’s a world of trouble about to follow.
One of the best investments any financial institution can make is in training and follow-up for its employees. What emails should you open? What is suspicious? Training should cover both what to look for and just as important, what to avoid, as well as what happens when sensitive information falls into the wrong hands.
Q: What are some of the common scams that phishers attempt in order to infiltrate a network?
A: There is the brute force attack, going after several machines when they are dormant in an attempt to bring down the network, which is becoming less common. The more common are the phishing excursions, where people are tricked into giving away access to the system. It can be a UPS tracking order or a request from a CEO asking for W2 information, or an outside offer to click on this link.
Common sense should tell people that if it looks suspicious, it probably is. It was easier previously to detect outside hacking attempts because often the communications were grammatically awkward. Once someone gets into the system, they can put a key logger on and then everything you type on your keyboard will be sent to the criminals. The safest assumption is that everything should be verified.
Q: What are the pitfalls and damages that a financial institution could be liable for if sensitive information falls into the wrong hands because an institution is not up to date on its protections?
A: In addition to the state and federal laws already on the books here to ensure compliance, one to watch on the international front is the European Union General Data Protection Regulation. This applies to all data controllers and processors established in the European Union and organizations that target EU citizens. Their regulations are stringent, and the fines are even more so – up to 4 percent of gross product or a $25 million fine, whichever is higher for violations. We are changing the written information security plans, which we write for our clients to be certain that they are aware of this new regulation. For most financial institutions, the repercussions of a data hack go far beyond the extensive and considerable fines. It also goes to reputation, credibility and trust. When most of us hear of a widespread data breach, it makes us uneasy in dealing with that entity. It’s much better to do everything you can first to avoid being in that situation.
Martin’s Five Ways FIs Can Minimize the Risk of Being Hacked:
- Conduct rigorous, regular training for all employees on what to look for.
- Don’t allow employee to use personal devices for any business uses.
- Don’t allow employees to connect to outside websites or links not business related.
- Insist all employees verify suspicious emails involving financial information.
- Partner with a knowledgeable IT team.