Basic data security isn’t rocket science, even for heavily regulated financial services providers and vendors, say two Minneapolis-based information security experts. IT teams and operations managers can dramatically improve threat readiness simply by following basic information security protocols to the letter.  

That means using difficult-to-crack authentication tokens instead of passwords, eliminating or strictly controlling administrator privileges, maintaining and promptly updating security patches, installing anti-malware on every device in your digital ecosystem, and continuously monitoring your servers and networks for threats.  

“Do these things well and you’ve removed 90 percent of your surface area of risk,” said Jason Witty, senior vice president and chief information security officer at U.S. Bank.  

That’s not the end of the information security story, of course. This is an arms race; white hat security experts can barely keep pace with multiplying, metastasizing digital threats spread by black hat opportunistic lone wolves, organized crime outfits and military intelligence.  

Last May, the WannaCry ransomware cryptoworm infected more than 200,000 machines across the world, likely at the North Korean regime’s initiation, temporarily bringing the U.K.’s National Health Service to its knees. Lower-profile attacks succeed daily, often by exploiting the very traits that make us human. So, Witty tells finance decision-makers to address four additional security domains: designating a point person for information security; keeping management and IT staff up to speed on threats; educating end-users about day-to-day data hygiene; and “war-gaming” incident response with senior management.