- July 21, 2020
- Posted by: Pat Riot
- Categories: CyberSecurity, Finance, Security Operations
The Gramm-Leach Bliley Act (GLBA) was enacted in 1999 as the Financial Modernization Act. It is a U.S. Federal law that requires all financial services to be completely transparent with their clients on how they are sharing and protecting their data. Within this act, there is a written set of Safeguard Rules stating that financial institutions must provide documentation of an Information Security Plan describing how that organization is protecting their client’s data. This includes: Ensuring all client non-public personal information is secure & confidential from all other unrelated entities, assessing & identifying risk, and adapting to any evolving circumstances. Protecting consumer financial & non-public personal information such as credit card information, social security numbers, income history, address, phone numbers, and names, is the main goal of the GLBA.
Being GLBA compliant is beneficial for both a financial organization and client using their services. From a company perspective they will lower the risk for cyber-attacks or liabilities that could bankrupt or damage the company reputation. From a client perspective knowing your data is private and protected at all times, gives reassurance that the organization you’re doing business with is reliable and trustworthy. A company that is dedicated to protecting client information will be able to build profound relationships with their clients creating high reputation and reoccurring business.
Failure to follow GLBA protocols can have catastrophic outcomes for a company. Fines up to $100,000 can be placed on a company per violation and a $10,000 fine on an individual employee per violation. With the worst the harshest outcome being a 5-year prison sentence. These rules are harsh because protecting private personal information is a necessity and following security protocols should be a standard. In order to help guide organizations through regulation processes the Federal Financial Institution Examination Council (FFIEC) created guidelines suggesting industries to: Document network configurations &changes, complete penetration & vulnerability scans, use encrypted files & strengthen access controls, and have an incident response plan.
At Steel Patriot Partners we have a specialized team of Security Engineers who work around the clock, all year long, with next-gen software tailored to any companies existing network. Our team utilizes a Virtual Systems Information & Event Management software (VSIEM) enabling us to help you gain full visibility & control over your network. Allowing you to make sure employees are only collecting the data they need to collect, keep that data secure, and eliminate cyber threats, as recommended by the Federal Trad Commision (FTC).
For more information on how you can secure your company’s network and stay GLBA compliant please contact us [email protected] or give us a call at 855.578.7272 and we would love to talk!