JP Morgan Hack in 2014

JP Morgan Chase is a bank in the United States that became vulnerable to hacking in 2014 (Silver-Greenberg, Goldstein & Perlroth 2014). The increased focus on the growth of its client base and lack of adequate investment on a digital security enabled the hackers to access the personal information of its clients. Its computer networks and servers were also compromised. The bank, however, improves its digital security, for instance, by creating “The Chief Information Security Officer (CISO)” office in order to regain the trust from its clients who were affected by cybercrime (Kasanoff 2014). 

JP Morgan Chase Cyber Attack in 2014

The JP Morgan Chase Bank was hacked by in 2014 and accounts of about 76 million people were compromised (Silver-Greenberg, Goldstein & Perlroth 2014). This revelation contrasted earlier estimations by the bank that just a million accounts had been hacked. The data breach also affected 7 million small enterprises. The data breach affected the bank’s headquarters in Manhattan and it was only detected a month later after the hack.

The motive of hacking largely remains unknown since no money was stolen from the bank accounts. The hackers did not take passwords or commit any other type of fraud (Silver-Greenberg, Goldstein & Perlroth 2014). However, it is clear the hackers did not harbor good intentions since they were able to access personal information such as phone number and emails of the account holders.

The hackers were able to penetrate deeper into computer networks of JP Morgan enabling them to have access to at least 90 computer servers (Silver-Greenberg, Goldstein & Perlroth 2014). The incidence has motivated JP Morgan to set aside $250 million per year to improve its digital security.

The process of communicating JP Morgan hack

JP Morgan hacks affected stakeholders especially shareholders and account holders. To reach out to millions of clients, shareholders and small businesses that were affected by the hack, an annual letter could be used as a means of communication (Silver-Greenberg, Goldstein & Perlroth 2014). Use of annual letters can be an easier method of communication for JP Morgan which has a remarkable presence in the United States.

Steps to prevent hacking in the future at JP Morgan

The bank should come up with preventive measures that will deny the hackers another chance to hack into the bank accounts of its clients (JP Morgan Chase 2018). The following steps will play a crucial role in yielding remarkable results:

The bank can introduce Single-Use Accounts to minimize fraud that targets electronic credit cards of clients which are used as checks (JP Morgan Chase 2018). The credit cards use 16-digit numbers whenever payment is made.

The clients can also receive training that will be useful in educating them about their responsibilities that will help them to lower their vulnerability to malicious activities of the hackers (JP Morgan Chase 2018). The clients should strictly adhere to IT standards and policies that can be used in risk management.

The clients should utilize passwords that are secure. The passwords used should be long, complex, and use phrases as opposed to words (JP Morgan Chase 2018). These passwords will hamper the plans of hackers to compromise the accounts owned by clients.

The bank should use ciphers that make it impossible for encrypted information to be readable or accessible (JP Morgan Chase 2018). Only the people who have access to the keys that can decipher the encryption should access the accounts. In addition, the bank should constantly monitor the computer networks and servers to hamper any data breach.

Intended audience

The audience targeted includes the account holders of JP Morgan as well as shareholders who have invested in the bank (JP Morgan Chase 2018). The messages communicated should aim at informing the shareholders and clients about the constantly evolving sophistication in cyber attacks. The clients should be vigilant by ensuring that they don’t compromise the personal information. They should take into account risk management practices in IT.

Cleaning up the image and regaining the trust

Cybercrimes can originate from diverse sources and affect companies in different ways (Cyber Risk Network 2014). The reputation of a company can be at risk after a data breach. The hacking that took place at JP Morgan affected many stakeholders who are internal and external audiences of the bank. Nevertheless, the bank can redeem its image or reputation by adopting various measures:

Establish effective communication with the internal and external audiences affected by the problem (Cyber Risk Network 2014). The communication should be precise and well thought.

JP Morgan should be well prepared to respond to another hacking process in the future (Cyber Risk Network 2014). This entails coming up with tabletop exercises meant to prepare in advance to a prospective hacking scenario through simulations. In addition, an incident plan should be introduced to quickly address the problem before it causes serious damage.

Remaining observant and becoming abreast to new threats as well as gaining exposure that may help to prevent the repetition of cybercrime in the future (Cyber Risk Network 2014). Routine security awareness should be conducted in order to contain a hacking attempt event that interferes with the security protocol.

JP Morgan can clean its reputation by taking full responsibility instead of blaming others (Cyber Risk Network 2014). This will enable them to thrive by turning a negative event into a positive one. After owning up its mistakes, the bank should formulate and implement an action plan that rectifies the issue.

Recommendation

Prior to the cyber attack, JP Morgan was mainly focused on attracting and retaining clients (Kasanoff 2014). The bank failed to recognize the importance of employees who would ensure the safety of sensitive and personal information. It also failed to retain top talents in the field of digital security despite promising to invest $250 million per year on that cause (Kasanoff 2014). These employees began to move to other banks.

JP Morgan, however, can introduce a new post to be used in the management of risk and security programs. JP Morgan, for instance, can introduce the post of ”The Chief Information Security Officer (CISO)” (Kasanoff 2014). Having such a post will motivate the cyber security employees to become attracted to the bank. This will help to retain top talent while encouraging prospective and previous employees to reconsider joining JP Morgan. Once the online security improves, the clients including those that left the bank will be able to regain the lost trust. The clients will be able to embrace the new strategy adopted by JP Morgan of investing in people especially its security staff.

Recovery steps that JP Morgan and its clients should embrace

There are various steps that can be used to reduce susceptibility to cyber crimes. These measures are discussed below:

Recovery measures that should be adopted by JP Morgan

Termination of any compromised account (JP Morgan Chase & Co. 2017). The clients of JP Morgan should close down their accounts once they have been infiltrated by hackers. Once they close down vulnerable accounts, they should go ahead and open new accounts.

JP Morgan should also block any access to debit, checks and credit cards through online means in case the digital profile of the client has become susceptible to cyber attack (JP Morgan Chase & Co. 2017).

The bank can also introduce a fraud alert (JP Morgan Chase & Co. 2017). The alert is placed on the account of the customers in order to prevent any loss.

Recovery measures that should be adopted by clients

A client who has a bank account should constantly monitor any sensitive information such as online profiles and personal data (JP Morgan Chase & Co. 2017). The clients should also ask for their credit reports in order to establish whether there are suspicious activities that have affected their accounts.

Account holders have a responsibility to ensure that no one can access their accounts remotely or accept to share personal information in response to a phone call or email (JP Morgan Chase & Co. 2017).  The client should also desist from exposing receipts containing their identification.

An account holder should first determine whether the websites they are using to log into their accounts are authentic or not (JP Morgan Chase & Co. 2017). This is essential since it can help them to avoid online transactions through dubious websites.

Conclusion

Digital security has become an area of great interest for banks due to increased cyber attack. The financial institutions should employ digital security experts to help them to prevent hackers from accessing sensitive information that may compromise the online transactions carried out by account holders. In addition, the client should avoid sharing sensitive information or using dubious websites that can allow hackers to access their personal information and online profiles.

References

Cyber Risk Network. Reputational risk-does it have a bad reputation? A study of cyber reputational risk (2014). Retrieved from: https://www.advisenltd.com/wp-content/uploads/2014/11/reputational-risk-does-it-have-a-bad-reputation-white-paper-2014-11-10.pdf

JP Morgan Chase & Co. (2017). Protecting against and recovering from fraud and identity theft. Retrieved from https://www.jpmorgan.com/jpmpdf/1320744734084.pdf

JP Morgan Chase (2018). Treasury Services. Retrieved from: https://www.jpmorgan.com/cm/BlobServer/Payments_Fraud_The_Battle_Continues.pdf?blobkey=id&blobwhere=1320564148884&blobheader=application/pdf&blobheadername1=Cache-Control&blobheadervalue1=private&blobcol=urldata&blobtable=MungoBlobs

Kasanoff B. (2014). JP Morgan Chase Breach Reveals A Dire Talent Emergency. Forbes. Retrieved from: https://www.google.com/amp/s/www.forbes.com/sites/brucekasanoff/2014/10/03/jpmorgan-chase-breach-reveals-a-dire-talent-emergency/amp/

Silver-Greenberg, J., Goldstein, M., & Perlroth, N. (2014). JPMorgan chase hack affects 76 million households. New York Times, 2. Retrieved from: https://www.countrywideppls.com/docs/pmorgan.pdf