- Article
Organizations are inundated with cybersecurity tips- but what are the most important ones you can tackle immediately? Here are the top 9 cybersecurity tips for your employees.
In the regular course of business, organizations collecting consumers’ financial information will often share it with their affiliates and other companies. Doing this legally and responsibly means following GLBA requirements. Achieving GLBA compliance requires employee training.
Safeguarding this sensitive information from cyber and other threats brings us to the Gramm-Leach-Bliley Act (GLBA). Congress passed the GLBA to protect consumers in this equation by requiring companies to safeguard their data. Â Gramm-Leach-Bliley Act (GLBA) to protect consumers in this equation.. The GBLA requires companies providing financial services to safeguard customer information.
The GLBA is one of the most popular regulatory compliances governing the financial services sector. And if you’re involved in offering customers financial products and utilizing third-party vendors’ services, the GLBA is something you need to be aware of. The key to GLBA compliance is employee training
This guide discusses GLBA in detail, including the GLBA Safeguards Rule and compliance requirements. We also give insights into why employee training is critical for organizations seeking to remain GLBA compliant.
GLBA is the short form of the Gramm-Leach-Bliley Act, which regulates how financial institutions collect and manage customers’ confidential data. In short, the GLBA ensures that financial institutions safeguard the confidentiality of personally identifiable information (pii) gathered from customer records.
The act prohibits financial institutions from disclosing such information to non-affiliated third parties unless and until they fulfill a set of requirements. It mandates that affected companies comply with strict laws governing data security.
To become GLBA compliant, institutions must inform their customers how they plan to share sensitive data and provide customers a way to opt-out.
The GLBA Safeguards Rule requires that financial institutions adopt strategies upholding the security and confidentiality of nonpublic personal information obtained while offering financial services to customers.Â
The rule mandates financial institutions develop and implement a written information plan outlining how the company plans to continue protecting customers’ confidential data. This plan must include:
In addition, GLBA mandates financial institutions undertake affirmative actions to bar unauthorized data collection, usage, and disclosure.Â
While the Federal Trade Commission (FTC) has issued a set of recommendations for the safeguards rule, institutions may also implement safeguards relevant to their circumstances while addressing risks unique to their business operations.
In other words, the Safeguards Rule ensures organizations complying with GLBA have the means to protect confidential information.
A key part of GLBA compliance requires companies employ administrative and physical safeguards to safeguard confidential consumer data. In this regard, the key to achieving GLBA compliance is employee training.
GLBA compliance requirements can be divided into three main sections: Financial privacy, safeguards rule, and pretexting provisions.
The financial privacy rule regulates how customers’ private information is gathered and disclosed. Under the financial privacy rule, financial institutions are required to explain their information-sharing process to customers.Â
The institutions should inform customers about the information they collect and the third parties they share it with. The customers should be free to opt-out if they want to stop disclosing to certain third parties.
The Safeguards Rule mandates financial institutions install programs aimed at protecting nonpublic customer information. These institutions must ensure these protocols address their clients’ needs while protecting their nonpublic data.
Financial institutions should also designate and train staff responsible for upholding the institution’s security programs. Organizations must periodically conduct assessments to identify internal and external risks that can threaten data security.
Pretexting provision forbids accessing confidential information falsely and helps to prevent unauthorized access to sensitive customer information.
Institutions looking forward to preparing for GLBA compliance should check out the following aspects to confirm adherence to the act.
Understanding the GLBA is the first step in the path to compliance.
Financial institutions should critically review the GLBA to see where they stand when it comes to compliance. A company can decide to hire a lawyer or an external examiner to review the regulation against the institution and pinpoint GLBA weaknesses.
The GLBA safeguards rule requires financial institutions to designate at least one employee to manage the safeguards. To ensure compliance, appoint one IT personnel to develop and maintain your information security program.
Analyze the institutional systems dealing with nonpublic personal information to identify weaknesses and vulnerabilities that need action. An external assessor is the best for providing valuable input after carefully analyzing the existing system.
Insider threats are often ignored but are the most common in the financial sector.
Strict penalties should be inscribed in employment contracts to ensure employees don’t misuse their privileges. An astute move would be restricting access to sensitive data to only specific employees. Getting a third-party network scan tool is an excellent way to evaluate the effectiveness of your insider threat controls.
If the financial company involves third parties to process or safeguard nonpublic customer information, they should be GLBA compliant. Do not assume that the service providers are compliant. They should go through the compliance checklist and show proof of compliance.
Every financial institution should issue customers an updated privacy notice on the information being collected and the purpose of collection.
Financial institutions should always stay GLBA compliant to lessen the risk of penalties and reputational damages caused by sharing or losing customer data.Â
Employees in financial institutions are responsible for implementing the regulation, which means that the security program’s effectiveness is hinged on them. The employees should therefore be trained to identify impending risks through training programs and refreshers.
Â
For more information on ThriveDX’s enterprise security training programs, please visit us at https://thrivedx.com/for-enterprise.
Christopher Dale is the content marketing manager for ThriveDX’s Enterprise Division. He has worked in the cybersecurity field for almost 14 years in PR, social media and content development roles for a range of companies including ESET, Forcepoint, Cylance (Blackberry) and Proofpoint. He holds Bachelor of Arts degrees in Political Science and Rhetoric & Communication from the University of California, Davis.Â
Sign up for ThriveDX's quarterly newsletter to receive information on the latest cybersecurity trends, expert takes, security news, and free resources.
If you are looking to connect with someone from our team on-site, please leave your contact information here and we will connect with you directly during the conference.