Banks and financial institutions are required to maintain large databases of customer information to provide various services such as bank accounts, credit cards and personal loan as well as to comply with various regulatory requirements. As such, protection of sensitive customer information is one of the major challenges faced by banks. The databases stored in computer systems and laptops are vulnerable to hacking, unauthorized access, insider theft and other threats in the IT environment. Recently, Sovereign banks alerted fifty customers of suspected data breach. Usually, computer forensics is used to establish the crime trail. In this case, the alert was issued after investigations identified Key logger program on a bank’s laptop, which allowed a computer to establish connection with an external IP address.
A similar incident was reported by Pentagon Federal Credit Union, wherein criminals hacked one of the bank’s laptop. The affected device was then used to gain unauthorized access to a database containing confidential information related to customers such as social security numbers, credit card numbers and mailing addresses. The Credit Union had to reissue over 500 new credit cards in just one city of New Hampshire due to suspected data breach.
Attackers often install key loggers and other malicious programs on computer systems to gain access to confidential customer and business information. The irony is that in many cases, it is difficult to discover whether customer information has been compromised. Crime can be detected by using the evidence on the affected systems. However, lack of awareness among employees on regulatory requirements and computer forensics may lead to destruction of evidence as they may restart or format the affected computer wiping out the traces of crime. Legally acceptable evidence is crucial for banks to establish criminal act as well to defend themselves in case of litigation by customers. Professionals can take advantage of the distance learning programs to update their technical skills and know-how.
Organizations must have an incident response team in place to manage computer related crime. The affected computer systems and devices must be quarantined to protect evidence. Organizations must also create awareness among employees through computer forensics training programs. Employees would also benefitted by workshops on the response and reporting procedures to be followed in the event of data breach or compromise of a computer system.