Investigator's Notebook: The Doâ€™s and Donâ€™ts
To safeguard digital customer files and stymie potential identity thieves, Brintech’s Chris Koger has a quick list of tips for bank officers. They’re based on the most common errors that risk assessors come across.
1. Stay on Top of Vendors -- Often vendor managed systems are the ones that are maintained most sloppily - terrible passwords, multiple critical patches missing, etc. If need be, change the administration password when they are done working on it, and isolate it from the network via a firewall to avoid exposed vulnerabilities.
2. Be Password Wise -- Remember that the longer and more complex passwords are, the harder they are to crack. Using phrases with a mix of substituted characters like numbers, special characters, upper and lower case, etc. helps greatly. In particular, spaces - spaces have a tendency to throw off password cracking software. Lastly, don't use the ALT+255 character. It's an old trick and well known at this point.
3. Mind Your Patches -- Don't forget that almost all software will have a security patch or update at some point, so don't just rely on Microsoft patches. Check with each software vendor to see if there are updates for the other systems on a regular basis. To make it easy, most vendors have a mailing list that will alert you if there is a patch or update that should be applied.
4. Clear Your Cache -- Web browsers maintain temporary files in what is called "cache.” These files can contain a multitude of customer information, so implement a policy to regularly clear the cache on users’ machines to avoid possible privacy violation risks.
5. Restrict Internet Use -- Banks are one of those environments that have no good need for its users to have unrestricted access to the Internet. Use your firewall to restrict access to only the services that are truly needed, and shut down the rest.
6. Don’t be Fooled By Appearances -- Try to remember that you can never really know what someone is thinking. The aside "Oh, he would never do something like that" often turns into "I would never thought that he was capable of something like that."