Click to return to BOL home page
Banker Store Read A Reg Vendor Connect Career Connect Learning Connect Bankers Information Network
Home Compliance Lending Operations Security Marketing Technology/eBanking
Top Stories Bankers' Threads Background Checks BOL Conferences CrimeDex FREE Briefings Banker Tools

   

















    Site Map

    Our Sponsors

    Home


Print Friendly! Email This Article! Discuss NOW!

Follow Simple Steps to Boost Internet Security
InFinet Resources

Explore ways to further safeguard your customer’s information

The growth of electronic commerce in a networked computer age raises new security dilemmas for financial institutions. Customers want round-the-clock Internet access to accounts, but they also demand more privacy and confidentiality of financial records.

These demands seem to conflict, because 24/7 Internet access opens new portals for serious security breeches. Consider the facts:
  • Recent FBI investigations revealed several organized hacker groups from Eastern Europe had penetrated U.S. e-commerce computer systems to download proprietary information, customer databases, and credit card information. In some cases, the information is sold to organized crime groups.


  • The Computer Emergency Response Team at Carnegie Mellon University reports an estimated 21,000 attacks on Web sites last year, a tenfold increase in just three years. Many intrusions are internal. A survey conducted by the Computer Security Institute and the FBI reported 71% of respondents detected unauthorized access to computer networks by their own employees.
Information is goal
Hackers, internal or external, rarely try to alter records. They’re after confidential financial infor-mation, such as credit card numbers, account numbers, personal information, and financial worth.

Consumers know the value of personal information, and they want it protected. Congress responded with the Gramm-Leach-Bliley Act of 1999 (GLBA). GLBA outlines procedures designed to help you protect the security of customers’ financial information. This involves more than disclosing your privacy policy to customers annually and offering an opt-out option. It involves an integrated information security program in your institution and recommends using an independent third party to test key controls within the information security system before your next regulatory examination.

In short, do everything necessary to secure customer information from loss through theft, accident, acts of God, lax procedures, inattention to detail, entrusting it to the care of untrained personnel, leaving it unguarded, neglecting to account for it, forgetting where you put it and allowing unauthorized access to it.

Most hacks are preventable
Most security breaches are preventable with simple precautions. Industry experts estimate as many as 80% of successful hacker attacks could have been prevented through these simple steps:

STEP #1: FREE PATCHES SLOW HACKERS
When hackers detect vulnerability in corporate software, they share the information among themselves, usually via the Internet. Software suppliers develop upgrades to patch these weaknesses. Licensed users of their programs can download these patches, posted on the Internet, free. Users often neglect to follow the postings and don’t download the patches.

It is your system administrator’s responsibility to keep your software including the firewall upgraded. This requires proactive daily checking for system patches. Depending on the number of software programs running in your system, it’s not uncommon to have several patches a week to download and install.

Hackers are up to date. Your institution should be, too.

STEP #2: PASSWORD PROTOCOLS
Security surrounding passwords is often lax. Passwords should combine numbers and letters. Employees should memorize these and not share them with coworkers.

Password infractions commonly reported in security audits include:
  • Systems that don’t deny access when a user enters the wrong password three times. Hacker software will test every word in the dictionary as a password until one works. Passwords combining numbers and letters also will deny access to these hackers.
  • Failure by the system administrator to change the default password on new network and/or firewall software. Hackers know the default passwords, too.
Path of least resistance You could spend millions beefing up your security system. Still, a resourceful hacker can probably penetrate it. Luckily, though, most hackers take the path of least resistance. If it’s too much bother to penetrate your system, they’ll move on to an easier target.

You probably can’t outsmart the hackers, but you can outsmart other institutions so the hackers won’t bother you.

So, what’s the solution?
In the battle against unauthorized computer access, we are on your side. Through our alliance with Brintech, we have solutions to strengthen your Internet security. Contact us for information on how we can help reduce your system’s threats and vulnerabilities.

First published on BankersOnline.com 4/8/02


Home | Compliance | Lending | Operations | Security | Marketing | Technology | eBanking
BOL Archives    Privacy Policy    Important Disclaimer   Recommend This Site !   Contact Us


BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.