Banking Technology Solutions
Home Company Information News Products & Services Success Stories White Papers Partners Career Opportunities
 

White Papers

 
 

Business Strategies

Risk Strategies

White Papers


Gifts for the Security Minded

By Matt Lidestri, CISSP


It’s that time of year when we try to deliver thoughtful gifts to our family, friends and customers or members. For security-minded bankers, there’s no substitute for new tools to protect consumers and institutions from online crime.

Fortunately, there are a wealth of security solutions available, many of them free of charge to end consumers. That’s a good thing for everyone, since secure consumers significantly improve security for Internet banking as a whole. Here is my security shopping list for post holiday giving:

Your Firewall
Many home banking users connect directly to the Internet through a cable modem or DSL. Even more believe their Internet Service Provider (ISP) protects them from criminal exploits. Unfortunately, that’s only partially true. If a user responds to a phishing link or gets infected by a malicious PDF/Flash file, program, or web site, all bets are off.

Fortunately, Comodo (http://personalfirewall.comodo.com) offers a free and very solid firewall for home use. For anyone who doubts whether they need a firewall, let me be quite clear – you do. The average time to compromise an unprotected, unpatched PC on the Internet is under five minutes. You don’t want to contribute to that statistic.

The Comodo firewall filters both inbound and outbound Internet traffic, which is critical for security. Obviously, you want to block any inbound criminal attacks. But if your computer does get infected, you definitely want to prevent the live virus from ‘phoning home’ (outbound) to its criminal masters.  Its interface is relatively simple for both power users and less tech-savvy individuals as well. Consider encouraging your customers to get Comodo Firewall for home use if they don’t already have a firewall solution.

Your Antivirus/Anti-malware
Most PC vendors automatically install an antivirus application on new PCs with a one year license, but users may allow the AV package to expire without renewing the license.  Malware is constantly evolving, and thus the most recent malware signatures are essential for protection.  Rather than running on an unlicensed antivirus program with outdated signatures, consumers should consider a free alternative.  Microsoft Security Essentials provides decent anti-malware and anti-spyware functionality, and is free for home use.  Avast also provides a free version of their Antivirus solution which works quite well.

Microsoft Security Essentials - http://www.microsoft.com/security/products/mse.aspx Avast Free Antivirus - http://www.avast.com/free-antivirus-download

Your Passwords
Yes, we have too many user IDs and passwords, and yes, we have to change them too often for our time-starved minds to remember. But we understand that the inconvenience of strong ID and password security keeps our information safer – much like the inconvenience of enhanced airport security.

Password Safe (http://passwordsafe.sourceforge.net) was invented to solve the problem of ID/password inflation. Password Safe was developed and open-sourced by CounterPane BT and their founder, world-renowned cryptographer Bruce Schneier.  Password Safe acts as an encrypted ‘master vault’ for all your software keys, website logins, pin numbers, and email logins. Basically, you can condense them all into one ID/ password combination for the wonderful price of $0. One word of caution – make your ID/Password combination to Password Safe very strong!

Your Software
Just about all cyber criminal attacks exploit weaknesses in software already installed on the target computer. Windows and Internet Explorer have long been favorite targets of cyber crime, and Microsoft has stepped up admirably with timely software updates, also known as ‘patches.’  Their newer software (Windows 7, IE8) has also been developed with better security, further protecting end users.

Unfortunately, the criminals have found software holes in other common applications to exploit, particularly in Adobe products, FireFox, Java, and Quicktime. Patch Management solutions such as Secunia PSI (http://secunia.com/vulnerability_scanning/personal/) can help you detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks.

More importantly, Secunia PSI finds the patches available from the software vendors – a tedious and time consuming task if you were doing it yourself. Secunia PSI automates this process and alerts you when your programs and plug-ins need to be patched. Best of all, the Secunia solution and the patches are offered free-of-charge. 

Your Data
Do you keep sensitive data on your home computer or laptop? Of course you do. Electronic bank statements, 401k statements, tax returns – they’re all stored there. If a criminal were to gain access to your computer, chances are high that he would find these files pretty quickly.

One solution to the sensitive data problem is to create an encrypted drive in Windows for all these documents. TrueCrypt (www.truecrypt.org), an open-source encryption tool, enables you to do just that, keeping the documents in incomprehensible form until you access them with the appropriate encryption key.


One word of advice – don’t write the key down on a yellow sticky and put it inside your laptop!

Your Challenge
With all these great, free solutions available to consumers, you might think the world would be quite safe. But bankers know the ultimate challenge is getting consumers to use the solutions available to them. Solving that challenge will go a long way toward improving Internet banking security for everyone.