Tell us
what you think
Our Sponsors
 |
Our Sponsors
|
Personal Computer SECURITY
With over 90% of our financial institutions using PCs, it becomes imperative to take a look at the security measures that are (or are not!) in place in that area. PCs are no longer used for just trivial things. There may be a considerable amount of stored data in PCs that is vital to the operation of the financial institution.
In a study done by the 3M Company it was determined that over four million dollars a year is lost as the result of data failures on PCs. And over half of those reporting losses admit they still have no security concept, even though the cost for reconstruction of the data may cost between $10,000 and $100,000.
The complete reconstruction of data often is not possible, because we have already learned to depend on computer stored information. In many cases there are no hard copy file backups.
Causes of data loss
Data loss can have many causes-mistakes and negligence of the user being the most common. But there are others, such as technical defects, power surges, computer viruses (see "Alert" on page 6), acts of God, malicious acts by employees or outsiders, and deliberate manipulation by hackers, spies, and persons bent on sabotage.
Carl Carter, past president of ASIS and now a security management consultant in Detroit was the author of a previous article in the BANKERS' HOTLINE dealing with the subject of "Violence in the Workplace." Carl had some additional thoughts on the possibility of sabotage.
He said, "PCs are everywhere in a banking office environment. Sabotage is a very real threat, but far more likely as a result of a spur-of-the-moment temptation and opportunity than as a pre-meditated act. The same motivations that sometimes lead to violence in the workplace can prompt a little sabotage."
"Nothing accomplished so quickly and with little chance of detection creates so much havoc!
"The disgruntled employee or other hostile party can cripple your entire operation with a simple virus infection in your PCs. A "little" date deletion, a "little" bouncing of your hard drive while the computer is on will do the trick. I have seen the latter take place with no discernible motivation and a long after-the-fact detection.
"Erased data may be accidental or on purpose. In all likelihood you will never know if it was out-and-out sabotage or not.
"Viruses, on the other hand, are usually originally an intentional act. They may, however, be innocently transmitted to your PC by a user who has no knowledge that he or she is a carrier.
"The other more common and quite simple acts relate to copying disks or information. These actions are usually not viewed as criminal by those committing them. In fact they are often not even seen as wrong. Just as copying licensed programs are not viewed as wrong by many.
"The solutions are constant vigilance and simple, physical security and access control. These are necessary elements. Anti-virus programs can be helpful. An education program designed to elicit the cooperation of PC users throughout the financial institution can pay dividends. What is needed is awareness and a lot of good motivated users and observers."
Controls built in centers
Large computer centers have systems controlling temperature, humidity, fire detection and protection and other damage control devices. The same safeguards are often not in place out in the banking office where the PC is located.
Imagine what a flood would do to your PC, and to the data stored in it. Or suppose you drove to your office tomorrow to discover it had burned to the ground. Where is your backup?
Backup can be as simple as copying the information on the hard drive onto diskettes and storing them in a safe place-for instance in the vault, or off-site. But this procedure is time-consuming, and will probably involve several diskettes.
There are several methods and hardware solutions for successful backup, but no matter which you choose, it is no good unless the procedure is followed faithfully.
In case of fire, check the fire extinguishers in your office. Is the one near the PCs a type of foam suitable for EDP equipment? Power surges can be controlled by the use of an interruption-free power supply unit that switches on automatically in the event of extreme fluctuations of power. It also filters the voltage from the power socket and compensates whenever necessary. There are now fairly inexpensive versions available even for individual PCs. Over-voltages, such as those caused by lightning, can easily be handled by retrofitted filters.
Insurance may be desired
No matter what method you choose to protect your data, you should also consider a comprehensive electronics insurance for additional protection. At least the direct costs of data loss could be covered. Software insurance is also available which covers the costs of data re-input after virus damages are covered or lost profits replaced.
But there is no insurance for the loss of image your financial institution could incur by any delay caused by data loss.
In a survey by Ernst and Young, 60% of financial institutions responding said they considered "information and data security" extremely important. And 75% said risks in this area have "increased substantially" over the last five years.
The job and responsibility of the security officer has expanded considerably since the new security regulations were issued over a year ago. PC security adds still another important dimension to the job.
Copyright © 1993 Bankers' Hotline. Originally appeared in Bankers' Hotline, Vol. 4, No. 6, 12/93
Rate This Article
Current Rating For the Feature:
| Personal Computer SECURITY |
| Total Ratings for this Feature: 0 |
|