Cybersecurity and Banking
Cybersecurity in banking and financial institutions has never been more important. The cyber crimes committed by hackers grow in complexity every year in an eternal game of cat-and-mouse as countermeasures are devised, subverted, improved, and subverted once again. Banks, credit unions, and other financial institutions enjoy enormous trust from the public with regards to how they safeguard financial data and this is a trust that needs to be maintained as much as possible. Data security is not just a matter of protecting members and assets, but of preserving the faith of the people.
Consequences of Cyber Crime
Most cyber crimes can be categorized as either data breaches or sabotage. Breaches are relatively straightforward in the sense that they involve breaking through existing cybersecurity measures and harvesting financial data, client details, and other important forms of information. Sabotage is anything that is meant to impair or cripple operations such as denial-of-service attacks, releasing disabling viruses, or otherwise disrupting systems and infrastructure. Regardless of which type of attack is experienced, any or all the following consequences are possible, among others.
The financial and personal information of members and clients can be used to steal identities and cause further monetary and personal damage to the victims as their lives are turned upside-down.
When data theft and fraudulent activity happens, half of the banks affected receive less than a penny per dollar in reimbursement on the stolen funds. When combined with the money needed to repay customers and replace things like credit and debit cards, there is no way to ignore the financial impact a failure in cybersecurity can cause.
Protection cannot begin without a proper understanding of what exactly needs protecting and why. Any financial institution should have a risk assessment process in place that can classify various types of data and information by how damaging its loss or exposure would be to critical operations, business partners, members, etc. Once this is done, the next step is to identify any vulnerabilities that may exist. This can be complicated where cybersecurity and banking is concerned since, while a hole in a fence is obvious, a hole in a network protocol can be less intuitive. Fortunately, specialized firms exist that can provide vulnerability assessment services and help recognize vulnerabilities that need acting on.
Maximizing Protection of Financial Data
Things like risk assessments and vulnerability detection are important, system-level procedures for enhancing cybersecurity. However, there are also steps that can be taken on a more individual basis. Employees and members alike can benefit from employing the following tips to keep themselves smart and secure online.
Check Links Before Clicking
The link on a website or email is not necessarily the one you will be directed to. Hover the mouse (without clicking!) over the link and see where the destination URL appears. Make sure that it says the correct destination. If the link is to a web site you already know and use, you can also simply try typing the URL you know into the address bar rather than clicking on an unsolicited link. There are also checkers, such as VirusTotal, which can be used to verify suspected links.
Use Secure Websites for Financial Transactions
Any time a website wants to conduct a financial exchange is one that warrants a high level of scrutiny. The most immediate and prudent thing you should do is make sure the website is actually secure. Look to the left side of the address bar for a padlock icon to indicate that the site is encrypted and its security is verified. Also make sure that the address begins with “https://”, which indicates that the site encrypts the data it receives and sends.
Use Official Banking Apps
Most banks, credit unions, or other financial institutions will offer specialized apps that let you conduct remote banking activities from a mobile device. Acquiring these apps from the official site removes the risk of inadvertently giving details to an imposter through your phone.
Use Two-Level Authentication
One of the strongest ways to protect access to an account is to use two-level authentication. When employed, entering the username and password is only the first step in logging in. A one-time code will then be sent to your phone and must be entered quickly in order to proceed further. Two-level authentication can be set on a per-computer basis, meaning that the code will be required if someone tries logging in from any other terminal. Even if your password is stolen, the account will remain secure.
Set Strong Passwords
A strong password is one that is about 20 characters long, mixes uppercase and lowercase letters, symbols, numbers, is unique to the account, and is changed at least once every 30 days. This results in a password that is both difficult to guess or crack and, even if one account becomes compromised, the unique nature means none of your other accounts are in danger.
Whenever you finish using an electronic banking platform, log out directly rather than closing the window. It will take time for your session to time out and this window can be harnessed in order to get access to sensitive financial data. Private browsing sessions can also be used to stop your browser from recording your web history, login credentials, and any cookies the site may have employed.
Don’t Reply or Act on Unknown E-mails
A classic phishing scheme is to send out an official-looking e-mail that uses a threat or alleged emergency to get you to click on a link and log in to your account. The link, however, takes you to a look-alike web page that will steal your information. Alternatively, the e-mail may have an attachment that it wants you to download or open, releasing malware or viruses into the system. Do not click on links or attachments from any unsolicited e-mail that you receive. If you are unsure whether an e-mail is legitimate, call your bank or financial institution instead.
Get a Good Antivirus Program and Keep It Updated
Research and acquire an effective antivirus program rather than rely on the default one your computer came with (i.e.: McAfee). Make sure to update it regularly since this is how the software gets new virus and malware IDs that it uses to spot and dispose of threats. Keeping up-to-date with software versions also goes for things like Adobe, Java, and your web browser of choice.
Contact us for more information on how to stay safe and secure.