Click to return to BOL home page
Banker Store eCard Exchange Vendor Connect Career Connect Learning Connect Bankers Information Network
Home Compliance Lending Operations Security Marketing Technology/eBanking
Top Stories Bankers' Threads BOL Conferences CrimeDex Em@il Education FREE Briefings Record Retention

   

















    Site Map

    Our Sponsors

    Home



Print Friendly! Email This Article! Discuss NOW!


PREPARE FOR ATTACK!
(YOU WILL BE ATTACKED)

The following information was submitted to BankersOnline.com by Special Agent David Zimmerman and Special Agent Matthew Harper, who are the Cybercrime and Infragard points of contact at the Oklahoma City Division of the FBI, in response to a request from BOL. If your financial institution is not currently involved in INFRAGARD, you are missing out on an important resource.

 For a financial institution to prepare for a cyberattack:
  1. Train employees!
    For example…
    -- don't open email executable files (dancing babies, electronic holiday cards)
    -- log off of computer when you are finished
    -- make passwords difficult. Include numbers, letters, and characters

  2. Establish policy
    - change password every 90 days
    - do employees have a right to privacy or can their Internet traffic be monitored by employer?
    - have employees sign the policy

  3. Enforce the policy!

  4. Establish clear banners saying who should be on the network/repercussions of trespassers

    - for each workstation
    - for remote access, such as telnet or ftp

  5. Ensure virus protection is current
    - this is one of the top reasons that computer networks are compromised

  6. Ensure patches/service packs are installed on operating system(s)

    - this is the other top reason

  7. Ensure access is limited to those who need it
    - decide who has administrator privileges and only provide those people with such access

  8. Secure servers in locked storage area
    - physical access to your key systems is access to your network

  9. Use software firewalls

  10. Use hardware firewalls (routers, bastion hosts)

  11. Use encryption

  12. Ensure audit trails and logging are turned on

  13. Ensure backups are created regularly

  14. Create a Cyber Incident Response Team
    - have a plan
    -- do we call law enforcement or handle this administratively?
    -- who in the organization will handle the evidence/logs/backup of system? (the financial institution's computer network system administrator or someone else?)
    -- is it necessary to notify customers?
    --- check with your legal department on the legality of when to notify customers
    ---- was customer proprietary or account information stolen or viewed?

  15. Establish liaison with law enforcement, both local and federal
    - your local FBI should have a computer intrusion investigator (check your phone book for the nearest FBI office)
    - many local police departments have established a cybercrime unit
HOW DOES YOUR COMPANY KNOW IT IS A VICTIM?
  • Network is slow
  • E-mail outbox is full of pending messages to be sent
  • Network goes down
  • Files are altered or deleted
  • New files are located
  • New or modified accounts exist
  • Commands do not work
OK, THEY GOT ME. NOW WHAT?
Use your response team and implement your plan
- if you're going to contact law enforcement, do so quickly

Do not tamper with network if unsure what to do
Identify systems involved and how they were accessed

Calculate the impact of the compromise
- how much damage was incurred?
-- how many man-hours did it take to discover network compromise and fix it?
- is your network secure yet?

Make sure logging/auditing/caller id is activated
Make a back up of the system
Do Not Contact the Suspect

! WHY A VICTIM COMPANY WANTS TO MINIMIZE DAMAGE
Loss of proprietary information
Competitor benefits
Loss of money/cash
Business ceases while network is fixed
Loss of consumer confidence
Shareholder lawsuits
Stock decreases in value

WHERE CAN I GO FOR HELP?
INFRAGARD!
- joining is free
- it's a cooperative effort between government and industry
- the FBI started InfraGard, private industry runs InfraGard
- local chapters meet regularly
- training is offered free of charge
- it's a trusted environment
- there is a secure web site for sharing information
- the FBI provides security bulletins/threat information to members


First published on BankersOnline.com 6/28/02.


Home | Compliance | Lending | Operations | Security | Marketing | Technology | eBanking
BOL Archives    Privacy Policy    Important Disclaimer   Recommend This Site !   Contact Us


BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.