The Federal Deposit Insurance Corporation (FDIC) is taking a new approach to cybersecurity.
The banking regulator announced on Tuesday (Aug. 9) that it plans to take on a slew of new steps that it said will help to enhance the security of the information it is responsible for holding.
In a press release, the FDIC outlined the following efforts it has made over the last several months as part of its focus on information security:
- expanded our use of multi-factor authentication for securely downloading assessment invoices and official FDIC correspondence and performing other secure file exchanges;
- discontinued individuals' ability to copy information to removable media, such as CDs, DVDs, external hard drives and thumb drives;
- signed a memorandum of understanding to migrate to an intrusion prevention, detection and monitoring system from the Department of Homeland Security that will help detect and block outside cyberthreats;
- implemented new controls to limit printing of sensitive information and better monitor information printed in the highest risk areas; and
- engaged an independent, third-party firm to conduct an end-to-end assessment of the FDIC IT security and privacy programs. UPDATE: The assessment began in early August.
The FDIC said the actions noted above were done in conjunction with some of the other measures it already has in place, such as data encryption, device encryption (laptop hard drives) and a Data Loss Prevention program that monitors information being sent via email and websites, as well as information that is printed out.
“Information security is critical to the FDIC's ability to carry out its mission of maintaining stability and public confidence in the nation's financial system,” the organization said. “The FDIC will remain alert and continue to adjust our security controls in light of the changing threat landscape.”
Earlier this year, the FDIC’s cybersecurity practices were called into question by House lawmakers due to its handling of notifications following a string of data breaches.
An investigation led by House lawmakers uncovered “significant shortfalls” in the FDIC’s cybersecurity policies, which may have left it vulnerable to hackers gaining access to private information and regulatory data.
Two incidents that took place around May involved 10,000 sensitive and private data records to be downloaded by workers onto storage devices before they left the agency.
Upon learning of the breaches, the FDIC also discovered that there were five other incidents where this same behavior had occurred, according to Rep. Barry Loudermilk (R-GA), who is the chair of the House of Representatives subcommittee on oversight.
Altogether, this led to the personal data of more than 160,000 people being impacted, according to a Reuters report.