Two recent headlines caught my attention:
In both of these cases, banks are being sued for not taking adequate precautions that could have prevented cyber thieves from stealing money from the customers’ accounts. The customers claim that the banks did not offer two-factor authentication and also failed to notice suspicious and anomalous behavior. Therefore, the customers are claiming that the banks breached their duty to protect account holder information.
These lawsuits could have significant ramifications and I will be curious to see the final outcome. Should a bank be held liable in the breach of their customers’ online accounts?
As Cyber Criminals continue to develop more sophisticated attacks and are constantly finding new ways to target financial accounts, financial organizations will need to show due diligence and work continuously to secure their networks and data with up to date data protection measures. Organizations that can’t prove they took adequate measures to protect data will find themselves exposed to additional legal liabilities and reputational damages.
Financial organizations may also need to educate their customers about their efforts to ensure customer data is protected and secured. By maintaining ONGOING compliance with regulations like FFIEC, PCI-DSS, GLBA, FACTA Red Flags, etc., organizations can improve their reputation and develop a culture of trust with their customers. Organizations may also want to make a proactive effort to educate their customers on the latest risks and threats and how to implement security best practices. If customers understand the importance of strong passwords, how to recognize a phishing attempt, how to use e-mail securely, etc. they can become a layer of defense rather than a weak link.