Information technology on its own has no financial risk attached to it but if used wrongly can magnify the risk involved in finance. Take banks as an example. Prior to the time of the deployment of information technology infrastructure in banks, the level of financial losses directly linked to operational efficiency was relatively low compared to what it is now.
In those days, banks only worry about the risk associated with internal controls. But today, they also face external risk that is directly linked to the deployment of IT infrastructures. The in-house thieves are always on the look out to advantage of known vulnerabilities that exist in the banks IT while the external thieves are constantly looking for ways to break into the database of banks and other financial institutions.
Looking at all these, one may think that all hope is lost as the offensive guys are constantly modifying and perfecting their evil strategies to beat all countermeasures. In this article are loads of useful tips that financial institutions can use to manage their IT related financial risk.
REDUCING INTERNAL RISK
- Fortification of internal control. The most effective way to mitigate against internal financial risk is to have a strong internal control in place. A well implemented internal control is half the battle of risk associated to internal factors. Job rotation and mandatory vacation works as added tonic to the effectiveness of good internal control
- Workers incentives. It is often said that your control is as good as the motive of those that implement it. You may have the best control in place, but without the presence of properly motivated and encouraged workers, the intended benefits of these controls will all hit the rock.
- Education of staff. Educating your staff on the inherent risk of information technology gadgets goes a long way in reducing the stress associated with financial risk in information technology gadgets.
REDUCING EXTERNAL RISK
- Use of tested, trusted and reliable IT solution providers. Companies should avoid going for ‘cheap articles’ that has no quality. Cheap articles cost more in the long-run. The extra monies that would be spent on fixing known vulnerabilities might exceed the initial extra cost that would have been made on the original equipment.
- Use of “honey pots” and “honey nets”. These are terms used to describe attempts made by companies, especially banks and other financial institutions to lure hackers into firing their shots on a simulated corporate network. This works well for security purpose as it will help company’s security professionals analyse hackers new tricks from it. The only downside of this is that it may send the wrong signal to stakeholders (especially shareholders that will be thinking that their investments are no longer safe). They may not be well informed and will assume that the company’s real network is that porous.
- Educating their customers on how to use their facilities- especially online users. Often time, customers tend to sue companies and claim huge amount of money in the form of compensation. Companies that make it part of their policy to educate all their customers on any new information technology gadget acquired always save a lot of money that would otherwise be spent in legal tussles. This education can be as simple as sending out newsletter to all their customers periodically.
The tips you get from this article and the ones you got from other information security related articles will help beef-up your IT security base. So fell free to read up other articles in the financial information security section of this site.