body-container-line-1
22.05.2012 Business & Finance

Banks must tighten IT platforms - Says Dorothy Gordon

By Lloyd Evans and Charles Benoni Okine - Daily Graphic
Dorothy Gordon, Director-General of Kofi Annan ICT CentreDorothy Gordon, Director-General of Kofi Annan ICT Centre
22.05.2012 LISTEN

Banks and financial institutions have been tasked to seriously secure their IT platforms to prevent hackers from hitting into their systems to defraud them.

The Chief Executive Officer of the Kofi Annan ICT Centre, Dorothy Gordon, who gave the advice in an exclusive interview with the Graphic Business in Accra said “there are very professional hackers in the sub-region who are only waiting for the banks and financial institutions to open up the use of their IT platforms for more enhanced transactions for them to strike at their systems”.

Dorothy Gordon admitted that though the banks have put in some level of security measures in their IT operations she noted that there was still more room for improvement and urged the banks to ensure that they create a clear distinction between their security personnal from IT team.

The Bank of Ghana and the National Communications Authority (NCA) are presently taking pragmatic steps to finalise regulations that will govern the use of mobile money to the levels that can be comparable to what pertains in areas such as Kenya.

Although the process has taken off with a couple of mobile phone companies and the banks undertaking mobile money operations, there is the need for them to come up with strong regulations that will strength the system and make the operations very safe and secured.

But Dorothy Gordon fears that, if the right security systems are not put in place, the full roll of mobile money in the country will expose users of that platform to serious risk because the hackers will be at their best.

“Mobile phones including the smart phones we have today can easily be hacked into by these persons and all the information one has can be stolen”, she said.

PROTECTING AGAINST HACKERS
When a website or network is attacked, the blame falls on the owners. It is their responsibility to ensure that any service or application that they are running is protected against any form of vulnerability.

To protect customers and employees from having their financial or private information from being stolen, both industry and the government have to implement regulations with the intent of securing against common hacking attacks.

To combat credit card fraud, the Payment Card Industry created the Data Security Standard that requires merchants who process credit cards to take specific measures that help protect against hacking attacks.

The European Union, United Kingdom, United States, and Canada for instance, have all instituted privacy acts meant to regulate how businesses should protect their customer and data of employees.

In addition to the fees and legal ramifications that can come as a result of failing to comply with the various forms of regulations, hacking attacks can also damage a company’s reputation to the point that they can lose their customers and revenue.

Dorothy Gordon identified the lack of continuous training to equip other managers including the Human Resource Managers of the banks with IT knowledge to be able to work hand in hand with those who have been engaged by to work in the IT departments.

Graphic Business checks from the Police revealed alarming proportions of fraudulent activities involving some staff of t banks mostly from the IT department who manipulate the system to defraud their customers of millions of dollars.

THE WAY FORWARD.
Dorothy Gordon called for what she described as a systematic training for all staff, irrespective of the department .

She said as people progress in a bank, there should be systematic training on some aspects of IT issues.

“Basically what we need to know is for management to understand what they should be looking in terms of their IT people. We also have to educate the HR managers to know how to recruit the right kind of IT personal” she added.

Again, she strongly advocated the need to create a data bank of all the personal who work on financial systems in the country with a good check on their background given their importance to the economic wellbeing of the country she said.

Dorothy Gordon noted that “If you are sitting on any sensitive or financial sensitive system you should have gone through some security clearances. If there is any issue, all players should be informed so that nobody hires anybody who has gone to do something wrong in another place from simple ignorance and not sharing information.”

“We understand all over the world, banks do not actually like to take employees who have engaged in such things to court because banking is based on trust” but pointed out that banks should be in a position to share information in the interest of the banking industry.

Dorothy Gordon said; “We understand that they would keep things quite but they need to have some systems among themselves so that they check and ensure that the personal who have done negative things are known by other banks..

body-container-line