How to gain and keep the digital trust of your clients

Share this post:

If you managed a restaurant, would you eat there if you knew the staff dropped food on the floor?

Many times, security professionals working in the financial sector find themselves in the same situation. They can manage environments and keep them up to regulatory needs, but they aren’t always capable of finding highly motivated bad guys. This inadequacy puts client’s money at risk. If they use their own company’s services, then they’re eating their own “dirty food.”

If it was as easy as implementing the tools, people and processes to fix the gaps, I believe every organization would do it. Except, it’s not that easy.

To conduct business, financial organizations must adhere to strict regulations about how to handle personal information and transactions. For multi-national businesses, the number of regulations can increase exponentially. This increase can often be a full-time job for a typical security staff. It will rapidly consume budget and resources, and because it’s a tangible measure that is checked regularly it’s always being monitored.

The organic growth of a business has also created barriers. Silos of teams, divided by job function or product offering can exacerbate the situation. Every team has their own political and data boundaries. Creating a single, unified view of threats and how to defeat them across those lines can sometimes be very difficult.

What is needed is a method to organize information, teams and cybersecurity practices in a way that aligns them with critical business priorities while still creating a place that’s safe. That is the core of digital trust.

Digital trust is not a method, product or service. It’s a philosophy that acknowledges why financial sector businesses stay in business; their clients trust them.

That trust is challenged – constantly – and it’s up to cybersecurity professionals to maintain it. The best way to maintain it is with the persistent visibility of a client’s movement. Every login, balance check, policy update, transaction or claim. And these checks must happen regardless of which business units the movement touches.

It doesn’t stop there.

It must also include all the systems that support the client’s movement, and the people who have access to those systems.

In short, if you can maximize the protection of the client’s movement through the organization, you’re inherently better able to protect the organization.

To adopt a digital trust model, organizations should look at five key areas.

  1. How the leadership is measured and compensated
  2. Whether the organization might identify insider threats and conspiracies
  3. What protections are needed to monitor a client’s transactions and help avoid fraud
  4. When to integrate more advanced capabilities into the risk management and compliance model
  5. How to handle the public announcement of a breach by quickly finding the cause and spread

Each of these key areas has a critical role to play in the overall theme of digital trust. An omission of any of these areas might create a negative impact to the business. Digital trust is a complex journey. Many already have the people, but not the tools. Some have the tools. Very few have the comprehensive process to put it all together.

No matter how you interact with a client’s interests, the only way to stay in business is maintaining the trust of the client that you’re protecting their interests.

Contact IBM to assess your security readiness for digital transformation.

Learn how IBM can help secure your business.

Leader, Security Orchestration, Automation, and Response for Financial Markets - US

More Banking stories

The challenge of managing hundreds of daily GRC alerts

Today we are inundated with alerts, breaking news, celebrity scandals and what their neighbor had for lunch.  The feeds are not limited to one medium; your computer, your television, your phone, your tablet and now even the watch you wear on your wrist. The flood of data that comes in can bury a person. How […]

Continue reading

GRC is everyone’s business

In my May 2019 blog, “Has GRC Reached Its Tipping Point? Observations From The Front Lines”, I described a set of common patterns that are driving business initiatives in Governance, Risk & Compliance. These highlighted that: Organizations are transforming their GRC frameworks, They are driving to realize greater benefits from already significant GRC investments, and […]

Continue reading

Ask the expert: 20 questions fraud fighters want to know

In our webinar yesterday, the first in the series AI Fraud Detection — Beyond the Textbooks, we ran out of time and weren’t able to address some great questions we had from the audience. Instead of waiting until the next episode, I hope these brief answers will be of help and interest to both those […]

Continue reading