By Ron Daly, President/CEO
Virtual StrongBox, Inc.


There are some categories where no company wants a first-place ranking: number of defective product recalls, number of malpractice suits and number of data breaches, to name a few. (That last title, most breaches and records stolen (40 million), went to, a Florida-based online relationship service.)

Globally, data collected by the Breach Level Index shows 974 reported data breaches over the first half of 2016, for a total of 554.5 million records. The 2015 Index puts the total of stolen records at 707.5 million records in 2015. Breaking it out, you’re looking at 1.9 million records compromised every day, or 22 every second. Malicious outsiders accounted for more than half of last year’s breaches, while about a fifth were inside jobs.

Reaching for your Excedrin yet?

Data breaches are major headaches for high-security-risk organizations, like financial institutions, healthcare providers and wealth managers, not to mention exposure of consumers’ personally identifiable information. Moreover, it’s expensive. In its 2016 Cost of Data Breach Study: Global Analysis, the Ponemon Institute found the average total cost of a breach is between $3.8 million and $4 million.

Beyond cost, hacking incidents cause severe side effects, like reputation damage, loss of trust and diminishing customer base. Factoring in reparations, potential fines and likely stiffer regulation, and it’s clear that following best practices for preventing a breach is better than the cost and grief of recovery.

Global cloud IT traffic is expected to account for more than 90% of total data-center traffic by 2020, reaching 14.1 zetta bytes, up from 3.9 zetta bytes/year in 2015. This trend won’t reverse; the need for and advantages of digital technology and ready access to information far outweigh the drawbacks. We can’t limit it, so banks must know the risks in their systems and ensure strong security practices.

With the growth of digital banking and the use of business analytics, as well as people’s reliance on digital shopping and ordering, we’ll see an explosion in the amount of sensitive data flowing around the world. Below are a few of the trends predicted by Experian’s 2017 Data Breach Industry Forecast:


“Aftershock” password breaches – Companies will face recurring impacts from past breaches, as cyberthieves stagger the sale of passwords.

Nation-state cyberattacks – Experian predicts more attacks between countries that could cause general outages or huge PII exposures.

Payment attacks – These breaches will grow due to uneven EMV use, new crime tactics and thieves hitting smaller retailers and institutions.



Require multi-factor passwords and force periodic changes. Consider biometrics and text alerts, and provide ongoing customer/employee education.

Be alert to possible data exposures, ensure adequate insurance and partner with a firm that offers security at the Enterprise IT-ready level.

Speed up EMV Chip and PIN adoption, follow security best practices and pay attention to weak spots like POS skimming.

What can you do now?

Virtual StrongBox incorporates rigorous and comprehensive security practices to protect banks’ data and their customers’ PII. Consider these security protocols from our expertise and years of helping financial institution safeguard sensitive information:

  • Safeguard all data no matter where it is in your system.
    Of the 707.5 million hacked records in 2015, most of the stolen data was useless because it was secured by encryption technology. At Virtual StrongBox, our patented end-to-end security protect banks’ data and that of their customers at all times.
  • Restrict downloads and external transfer of data. Your information is vulnerable when files are copied to flash drives, insecure software is downloaded, or being sent via Bluetooth connections, as these all have areas of exposure. Rather than sending sensitive information via email, “snail mail,” fax or other weak channels, choose a Secure file-exchange platform. Virtual StrongBox provides clients and their customers convenient, immediate access to their files and documents, while the data remains encrypted on our server
  • Protect every computer and mobile device. Make sure your bank has appropriate security for all desktops, laptops, tablets, cell phones and company servers. Use strong antivirus software, internet firewalls, and security suites, and continuously track who has access to the equipment, regularly updating and testing security protections.
  • Enforce a “strong password” policy and eliminate auto logins. Require various character types and force periodic password updates. Set restrictions on reusing old passwords or the same ones for multiple programs. Don’t allow employees to automatically log into websites and email systems unless they are secure, certified sites or computers.
  • Educate employees and customers on fraud prevention. Set up automatic reminders to not open emails or download attachments from unknown senders or unfamiliar addresses. Urge them to never provide usernames, passwords, account numbers or any other PII in an email message or pop-up window. Email is not safe! Also, require staff to “log off” after using secure service sites.

Breaches aren’t going away. Cybercrime is a lucrative business and hackers will continue creating new schemes to get at your data. Fight back through constant vigilance, updating your software as new versions are available and using security best practices including data-encryption. Financial institutions are prime targets for cybercriminals, and your customers trust you to safeguard their private information; make it a top goal.