Banks Stink at Cybersecurity, but why?

 Banks typically stink at protecting YOUR data; they know it; and they know better. Why is this? The main reason: GREED. They are cheap when it comes to cybersecurity because it allows them to pay their executives more. Oh...they like to blame lawyers and regulators, but that's all talk. It rings hollow. What’s that Bob Dylan says about money not talking? And swearing instead?

The banks "doth protest too much." 

Donate through Venmo

Donate through PayPal

Their bellyaching is meant to blind you to what they do, which is almost nothing. Banks are supposed to be secure. They aren't and likely won't be anytime soon. 

What that saying about _____ flowing down hill? You are at the bottom of that hill.

 Here are some ways banks screw up (almost all the time): 

1. Weak Cybersecurity Measures: Insufficient cybersecurity measures, such as outdated software or lack of regular security audits, can make banks vulnerable to hacking and data breaches. Just look at Wells Fargo, which CNN reports "has been plagued by scandal." Consumer deposits just disappeared back in March. This should come as no surprise since Wells Fargo settled a lawsuit for $3 billion back in 2020 over fake accounts; that’s not the only lawsuit they’ve settled in the last few years. They are serial defendants. One of the funniest and most absurd things I ever heard came from a lawyer who used to work for a large bank (it wasn't Wells Fargo), and he claimed the bank he worked for then cared about the people whose mortgages the banks held. I swear I think the dude was wearing an ascot as he said this.

Fortunately I wasn't near the guy because I spit out my coffee in shock over this absurd statement. Big. Banks. Do. Not. Care. They don't care. They have never cared. And they never will care. 

But…you need to care…a lot. And I care about what happens to you, dear reader, as we are all in this muck together.

2. Inadequate Data Encryption: If sensitive personal data is not properly encrypted, it can be easily accessed by unauthorized individuals during data transmission or storage.

3. Improper Data Handling: Banks might mishandle data by sharing it with third parties without consent or keeping it longer than necessary, increasing the risk of unauthorized access. In other words, they sell your data to third-parties, some of whom are not exactly above board.

4. Weak Authentication: Banks sometimes use weak authentication methods, like simple passwords or outdated security questions, making it easier for attackers to gain unauthorized access to accounts.

5. Lack of Employee Training: Without proper training, bank employees might inadvertently mishandle data, fall victim to social engineering attacks, or fail to recognize suspicious activities. People are the biggest problem with 91% of cybersecurity incidents coming from human error. 

6. Insufficient Access Controls: Poor access controls can allow unauthorized personnel to access sensitive customer information, increasing the risk of data breaches.

7. Inadequate Incident Response Plans: Without a robust plan in place, banks might struggle to respond effectively to data breaches, leading to prolonged exposure of sensitive information.

8. Ignoring Regulatory Compliance: Failure to comply with data protection regulations like GDPR or CCPA can result in legal consequences and damage to the bank's reputation. Reputation, of course, implies they have one that is worth damaging.

9. Overlooking Physical Security: Focusing solely on digital security while neglecting physical security measures can expose sensitive data to theft or unauthorized access.

10. Vendor Management Issues: Banks that work with third-party vendors must ensure these partners also adhere to stringent data protection practices, as vendor breaches can impact the bank's customers.

To mitigate these mistakes, banks need to invest in robust cybersecurity measures, implement strong encryption protocols, train employees on data privacy, regularly update their systems, and establish effective incident response plans. Additionally, staying informed about evolving cybersecurity threats and compliance requirements are essential to maintaining the security and trust of their customers. Of course, this would require caring about their customers, which they may not always do. In fact, I suspect they rarely care. If they did, they would protect their customers.

Thanks for reading. Feel free to email me at michaelwuva78@gmail.com or michael@wellslaw.us. I use both.