Breach, Data Security, Incident Response, TDR

Financial industry “fire sale” economy: Protecting data during M&A

Today's financial climate is fueling a wave of mergers and acquisitions, particularly among financial institutions. With an infusion of fresh cash from the federal government, we are likely to see an increase of weaker banks acquired by larger institutions. This “fire sale” economy, with purchases on the cheap, provides little time for due diligence and difficulty for the acquiring company to control and take an inventory of physical assets as well as understand and protect the sensitive data on multiple systems.

Financial organizations use and retain a massive amount of regulated and sensitive data that can sit on a file server, a laptop or other device. In order to secure their investment, purchasing organizations must quickly take inventory of the acquired company's information assets, gain visibility into where these assets are stored, who has access to them, and make sure they are secure.

There are several steps financial institutions can take to protect their newly acquired data:

  • Monitor business communications for sensitive data – This should be a first step following an acquisition. In an M&A situation, a lot of confidential data is exchanged between law firms, auditors and human resources. Furthermore, fear and uncertainty can lead to good employees making bad decisions. From the onset, organizations need to monitor the communication channels to see what data is being sent, where it's going and who is sending it.
  • Discover information assets – Data discovery provides an inventory of the data stored and can alert managers to data that is “at risk” of being lost. When data is discovered, you gain visibility into the organizations assets (M&A documents, source code and patent information) and ability to classify them.
  • Implement policy controls to secure sensitive data – Setting policy controls around data, employees and communication channels allows organizations to send data wherever it needs to go, safely, while enabling business. For example, in a legal situation, policies could be set to automatically encrypt emails between each organization's lawyer. Setting these controls can manage who can send what data, where they can send it and how.
David Meizlik is a senior manager for data security solutions at Websense, a security software company. Find out more on his data protection blog.


Related

Over 5.5M impacted by Yale New Haven Health breach

Major Connecticut-based nonprofit healthcare network Yale New Haven Health has confirmed having data from more than 5.5 million individuals compromised following a network intrusion last month, making the incident the largest health data breach so far this year, The Register reports.

Data breach victimization in the US escalates

More than 91.3 million individuals across the U.S. have been impacted by data breaches during the first quarter of 2025, which is 26% higher than the same period last year, even though breach incidents slightly declined year-over-year, according to Infosecurity Magazine.

Over 260K compromised in Kelly Benefits breach

Kelly Benefits, a Maryland-based benefits administration and payroll solutions provider, has confirmed that almost 264,000 individuals served by its customers Amergis, CareFirst, Beam Benefits, Intercon Truck of Baltimore, Beltway Companies, The Guardian Life Insurance Company of America, Transforming Lives, and Publications Circulation Fulfilment had their data compromised following a cyberattack in December, SecurityWeek reports.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Attack VectorBotnetByteChecksumCiphertextCovert ChannelsCryptographic Hash FunctionsDarknetData WarehousingDecryption

You can skip this ad in 5 seconds