Grand theft data

Mohammad Al Awadhi, managing director of First Information Security, explains how firms and financial institutions could be doing more to protect their data.

  • E-Mail
By  Daniel Stanton Published  May 17, 2008

Mohammad Al Awadhi, managing director of First Information Security, explains how firms and financial institutions could be doing more to protect their data.

What services do you offer?

First Security Group, the parent company, is mostly into physical security. It has been set up by the 10 men responsible for setting up the whole law enforcement and security infrastructure of the Dubai government itself. We've set up First Information Security (FIS) to focus on the data security aspects.

Information security is no longer optional for running a business.

What kinds of security technology will you provide?

In the past couple of months we've signed up strategically with a US company called Tumbleweed Communications. They are the leaders in email encryption and email security.

This company has 50% of the Fortune 100 companies as customers. It has seven of the top US banks and some of the world's largest Central Banks. It provides secure methods of emailing as well as file transfer.

We will also be partnering with a few educational institutes overseas to bring about the technology.

What are the main challenges in data security today?

Information security is no longer optional for running a business, and enterprises need to factor in their security measures. You first of all need to set up your security policies, and put guidelines and good policies in place.

Above all, people are a major element for the success in implementation of any security measures. Appropriate training and periodic reminder are required to promote staff awareness on the importance of data protection in their organisation.

In this day and age, information is being posted all over the web.

A lot of people today do blogging, and they do social networking like Facebook. I believe at the last count Facebook had about 67 million users. A lot of people go and post personal information, their contacts, telephone number, all that.

That's a risk. I do understand the world is becoming smaller, and I have a Facebook account myself, but at some point you need to factor in the risk. You need to be a little bit conscious of what information you are putting out onto the web.

Are banks taking security seriously in their online services?

They do send out circulars - I frequently get emails reminding me not to disclose my personal information online and to keep my password a secret. However, few banks have implemented dual-factor authentication.

There are institutions today using token technology and one of the other products we're going to be marketing is a soft-token technology from Diversinet.

Soft tokens, also called ‘virtual tokens,' are designed to be flexible. Unlike physical tokens, you would simply install the soft token on your mobile or BlackBerry device and generate your six-digit number instantly.

A lot of banks and corporations might see soft tokens as a more financially feasible option. You do need to be security conscious. The more facilities you put online, the more scrutiny you need to put on your system.

Are there any pitfalls that financial institutions need to avoid?

Financial institutions need to have a Disaster Recovery (DR) plan in place and tested on a regular basis. I recommend switching between DR sites at least once a quarter. A lot of things can happen.

Business owners in the banking sector need to be aware that it's their business that's going to be affected and ensure that the IT section and the security aspects are in place.

I know that some businesses want to deliver a product to the market as soon as possible and they try to bypass some security measures. In the short term you might benefit financially, but in the long term there is a good chance you might be financially at risk.

That's where it's not just about IT - the business owners need to take responsibility as well. Ensuring business continuity will become an increasing challenge for corporate governance.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code