Skip to content

Follow Simple Steps to Boost Internet Security

by InFinet Resources

Explore ways to further safeguard your customer?s information

The growth of electronic commerce in a networked computer age raises new security dilemmas for financial institutions. Customers want round-the-clock Internet access to accounts, but they also demand more privacy and confidentiality of financial records.

These demands seem to conflict, because 24/7 Internet access opens new portals for serious security breeches.

Consider the facts:

  • Recent FBI investigations revealed several organized hacker groups from Eastern Europe had penetrated U.S. e-commerce computer systems to download proprietary information, customer databases, and credit card information. In some cases, the information is sold to organized crime groups.
  • The Computer Emergency Response Team at Carnegie Mellon University reports an estimated 21,000 attacks on Web sites last year, a tenfold increase in just three years.

Many intrusions are internal. A survey conducted by the Computer Security Institute and the FBI reported 71% of respondents detected unauthorized access to computer networks by their own employees.

Information is goal
Hackers, internal or external, rarely try to alter records. They?re after confidential financial information, such as credit card numbers, account numbers, personal information, and financial worth.

Consumers know the value of personal information, and they want it protected. Congress responded with the Gramm-Leach-Bliley Act of 1999 (GLBA). GLBA outlines procedures designed to help you protect the security of customers? financial information. This involves more than disclosing your privacy policy to customers annually and offering an opt-out option. It involves an integrated information security program in your institution and recommends using an independent third party to test key controls within the information security system before your next regulatory examination.

In short, do everything necessary to secure customer information from loss through theft, accident, acts of God, lax procedures, inattention to detail, entrusting it to the care of untrained personnel, leaving it unguarded, neglecting to account for it, forgetting where you put it and allowing unauthorized access to it.

Most hacks are preventable
Most security breaches are preventable with simple precautions. Industry experts estimate as many as 80% of successful hacker attacks could have been prevented through these simple steps:

STEP #1: FREE PATCHES SLOW HACKERS
When hackers detect vulnerability in corporate software, they share the information among themselves, usually via the Internet. Software suppliers develop upgrades to patch these weaknesses. Licensed users of their programs can download these patches, posted on the Internet, free. Users often neglect to follow the postings and don?t download the patches.

It is your system administrator?s responsibility to keep your software including the firewall upgraded. This requires proactive daily checking for system patches. Depending on the number of software programs running in your system, it?s not uncommon to have several patches a week to download and install. Hackers are up to date. Your institution should be, too.

STEP #2: PASSWORD PROTOCOLS
Security surrounding passwords is often lax. Passwords should combine numbers and letters. Employees should memorize these and not share them with coworkers.

Password infractions commonly reported in security audits include:

  • Systems that don?t deny access when a user enters the wrong password three times. Hacker software will test every word in the dictionary as a password until one works. Passwords combining numbers and letters also will deny access to these hackers.
  • Failure by the system administrator to change the default password on new network and/or firewall software. Hackers know the default passwords, too.

Path of least resistance
You could spend millions beefing up your security system. Still, a resourceful hacker can probably penetrate it. Luckily, though, most hackers take the path of least resistance. If it?s too much bother to penetrate your system, they?ll move on to an easier target. You probably can?t outsmart the hackers, but you can outsmart other institutions so the hackers won?t bother you.

First published on BankersOnline.com 4/22/02

First published on 04/22/2002

Filed under: 
Filed under security as: 

Search Topics