We assume that if a website has a security certificate—indicated by an address that begins with “https” and (typically) that little padlock icon next to it—then the website is safe. It isn’t potentially malicious or trying to install malware or steal personal information. Until recently, if a site didn’t have a security certificate it was a red flag. But now hackers are using that very security certificate to trick users into thinking a malicious website is safe—and they’re specifically targeting the finance industry.
Demands for a more efficient, but still secure and compliant, way to communicate while on the go have sparked many discussions for banks, financial advisors and the like. With the need for secure, real-time communications growing, financial institutions of all types are turning to secure messaging solutions.
In March 2017 the nation’s first cybersecurity regulation became law imposing strict cybersecurity measures on financial institutions operating in New York. The new rules specify everything from naming a Chief Information Security Officer, to risk assessments, event notification, encryption, penetration and vulnerability testing, training and monitoring and audit logs.