Despite bank policies, training, computer warning banners, governing laws and banking regulations, bank employees still take bank or customer data as their employment ends. They take potential or current customer lists, transactional data and supporting customer files, procedural manuals, or other confidential or proprietary information including data protected here in Arkansas by the Personal Information Protection Act or federally by the Gramm-Leach-Bliley Act and its ensuing regulation. Here are ways to manage data theft by bank employees.
Policies should be set in place. Employee access to data should be limited to only that data needed to perform daily duties, and controls should be put into place to monitor and protect against credential sharing and inappropriate access to data. Make sure your policy forbids the removal of confidential data, including personal financial information and state protected information, from bank systems to personal devices or personal email addresses. Consider the use of formal confidentiality and nondisclosure agreements.
Actively monitor and keep logs of network, device and computer activity. Consider preserving an image of the former…
