In the financial sector, data security is everything. This has never been truer than it is now in 2018--financial venues have found themselves under duress from an increasing number of threats over the past year. Ransom attacks, data hacks, and internal data left have brought millions in legal fees and damages to financial firms, troubles that have presented existential threats to the industry as we know it.
Nowhere in the financial industry is there data more sensitive or more valuable than the information stored and transferred by brokerages. Client email addresses, phone numbers, financial information, and other pieces of data are extremely valuable--not only to hackers but to malicious internal actors who want to get their hands on Leads . Presently, there is no recognized solution for protection against internal data theft has been present on the market.
At the same time, governments around the world are stepping up regulations when it comes to data security. The EU’s General Data Protection Regulation (GDPR), which is scheduled for implementation later this year, presents a new set of challenges for companies when it comes to how personal data is collected and used.
Leads Protection Systems (LPS), powered by payment technology provider Payneteasy, is the first to tackle the issues of internal data theft and GDPR compliance head-on with Leads Protection Systems. LPS is a customizable solution that uses alias identities and high levels of encryption to protect customer information from everyone, including in-house employees who may wish to sell leads data to competing companies for personal profit.
Recently, Finance Magnates spoke with cybersecurity expert and CEO at Payneteasy Boaz Gam about evolving cybersecurity threats, Europe’s upcoming implementation of GDPR, and how financial services companies can keep their data, their leads, and their profits safe from malicious actors.
Data Theft Isn’t Just an External Threat
Boaz said that data theft is a huge problem for several reasons. First of all, “everybody wants to protect the private data of his customers so that his competitors will not go after them.” If leads data is stolen and sold to competitors, those competitors will have the information they need to try and “seduce” customers into switching service providers. “This could cause huge damage,” said Boaz.
“Second,” he said, “if [a company] has invested a lot of money in a marketing campaign, and people register and are interested to get the service, the last thing you want to have is that your competitors will get these leads and convert them as well.” He explained that this was important for any industry with valuable data--”automotive, pharmaceuticals, healthcare, insurance,” you name it.
The third part of this issue is compliance with regulation--specifically, GDPR.
New Regulations, New Challenges
“There are lots of companies investing in a lot of measures to protect data” under the new regulations, explained Boaz. However, “as long as a database includes both business and private data,” thieves still have the opportunity to damage an organization or even hold the data ransom.
Because GDPR includes a $25 million fine for leaked customer data, malicious actors who gain access to data can demand large sums of money in exchange for not releasing sensitive data to the public.
“This is similar to what happened with Uber a few months ago, when the database was hacked, and [the company] had to pay a huge ransom to get it back,” he said. Before the hack, Uber held its customers’ business data in the same servers where their private data was held. “This was a disaster waiting to happen,” said Boaz.
“This could be done by hackers, or by IT people within an organization who might get tempted,” explained Boaz. “If you’re an IT person or a CTO or somebody else who has access to this data, you could sell it to someone who could blackmail the company.”
“It’s a huge problem,” he said. These days, internal data flow is often the weakest-protected point of entry when it comes to data theft.
“LPS is Just a Middleman”--Only the Business Owner Holds the Encryption Key
LPS aims to solve this problem with minimal interruption to employees’ communication with customers. Using LPS, employees will be able to contact customers as usual--however, certain pieces of sensitive data are protected.
For example, employees making phone calls to customers will be able to see the customer’s name and country, but the customer’s phone number itself is hidden. LPS also allows email addresses to be protected with aliases. All of LPS’s services are accessible through simple, user-friendly interfaces.
Essentially, “LPS is a middleman,” explained Boaz. The service acts as a buffer between employees and sensitive customer data.
Not even LPS has access to the data that it encrypts. “Because this data is so sensitive, and everybody is trying to steal it, the idea is that everyone is a potential suspect--including us,” Boaz said.
Therefore, the CEO or business owner is the only person who has access to the encryption key. Even if LPS does maintenance on the software a particular firm is using, the data will still only be accessible by the holder of the encryption key.
LPS presents a unique set of solutions to a widespread problem, a problem that is becoming more serious as the world of cybersecurity threats continues to evolve. One thing is clear: in a changing landscape with a growing number of threats and obstacles, data security has never been more important.