The following information was submitted to BankersOnline.com by Special Agent David Zimmerman and
Special Agent Matthew Harper, who are the Cybercrime and Infragard points of contact at the Oklahoma City Division of the FBI, in response to a request from BOL. If your financial institution is not currently involved in INFRAGARD, you are missing out on an important resource.
For a financial institution to prepare for a cyberattack:
Train employees!
For example…
-- don't open email executable files (dancing babies, electronic holiday cards)
-- log off of computer when you are finished
-- make passwords difficult. Include numbers, letters, and characters
Establish policy
- change password every 90 days
- do employees have a right to privacy or can their Internet traffic be monitored by employer?
- have employees sign the policy
Enforce the policy!
Establish clear banners saying who should be on the network/repercussions of trespassers
- for each workstation
- for remote access, such as telnet or ftp
Ensure virus protection is current
- this is one of the top reasons that computer networks are compromised
Ensure patches/service packs are installed on operating system(s)
- this is the other top reason
Ensure access is limited to those who need it
- decide who has administrator privileges and only provide those people with such access
Secure servers in locked storage area
- physical access to your key systems is access to your network
Use software firewalls
Use hardware firewalls (routers, bastion hosts)
Use encryption
Ensure audit trails and logging are turned on
Ensure backups are created regularly
Create a Cyber Incident Response Team
- have a plan
-- do we call law enforcement or handle this administratively?
-- who in the organization will handle the evidence/logs/backup of system? (the financial institution's computer network system administrator or someone else?)
-- is it necessary to notify customers?
--- check with your legal department on the legality of when to notify customers
---- was customer proprietary or account information stolen or viewed?
Establish liaison with law enforcement, both local and federal
- your local FBI should have a computer intrusion investigator (check your phone book for the nearest FBI office)
- many local police departments have established a cybercrime unit
HOW DOES YOUR COMPANY KNOW IT IS A VICTIM?
Network is slow
E-mail outbox is full of pending messages to be sent
Network goes down
Files are altered or deleted
New files are located
New or modified accounts exist
Commands do not work
OK, THEY GOT ME. NOW WHAT?
Use your response team and implement your plan
- if you're going to contact law enforcement, do so quickly
Do not tamper with network if unsure what to do
Identify systems involved and how they were accessed
Calculate the impact of the compromise
- how much damage was incurred?
-- how many man-hours did it take to discover network compromise and fix it?
- is your network secure yet?
Make sure logging/auditing/caller id is activated
Make a back up of the system
Do Not Contact the Suspect
!
WHY A VICTIM COMPANY WANTS TO MINIMIZE DAMAGE
Loss of proprietary information
Competitor benefits
Loss of money/cash
Business ceases while network is fixed
Loss of consumer confidence
Shareholder lawsuits
Stock decreases in value
WHERE CAN I GO FOR HELP?
INFRAGARD!
- joining is free
- it's a cooperative effort between government and industry
- the FBI started InfraGard, private industry runs InfraGard
- local chapters meet regularly
- training is offered free of charge
- it's a trusted environment
- there is a secure web site for sharing information
- the FBI provides security bulletins/threat information to members
BankersOnline is a free service made possible by the generous support of our
advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all
banking professionals. Support our advertisers and sponsors by clicking
through to learn more about their products and services.
Print Friendly!
Email This Article!
Discuss NOW!
