Bank Security Tips

  • May 01, 2007
Jim Stickley from TraceSecurity recommends if banks adhere to the following simple best practices, officials can reduce identity theft risk by up to 80 percent:
  • Shred bins should be conveniently located near all bank employees.
  • Logged in computers should not be left logged in and unattended under any circumstances.
  • Sensitive data, including computer backup tapes, should be encrypted
  • To prevent phishing, e-mails sent from upper management should be verified for authenticity.
  • All bank employees must be trained on proper policies and procedures and never leave visitors unattended in non general public areas.

Shred bins. Many banks use paper shredders, but unless shredders are conveniently located near all branch personnel, they don't get used properly. Stickley has found that unless the shred bins are within a few feet of employees, many documents will simply find their way into the trash bin, unshredded, and ready to be discovered by Stickley's dumpster diving team.

Unattended computers. Most banks concentrate their security at the entry to the facility or branch. Beyond the initial greeting area, Stickley finds that security becomes more lax. Bank employees, assuming anything on their desk is safe because they are located away from the front area, often leave sensitive paperwork on their desks, or leave Post-It notes on computer monitors listing log-on IDs and passwords. This is a major mistake because visitors, maintenance and other individuals often receive access to this area. In addition, computers should not remain logged in while employees are away at lunch or after they've gone home for the day. Unattended computers put a bank's information systems at a much higher risk.

Encrypt all sensitive data. Confidential data should be encrypted at all times when not being used. This includes information stored on workstations and laptops. There are a number of applications available that will encrypt sensitive documents on the hard drive, so if a laptop or workstation is accessed or stolen, the data that has been encrypted will be protected from identity thieves. Additionally, all backup tapes must be encrypted and stored securely off-site. There are a number of storage security appliances that encrypt the data as it is stored to the tapes. This will reduce the risks associated with tapes being lost or stolen. According to Stickley, on numerous occasions he has stolen unencrypted backup tapes that were sitting on shelves in plain view. These tapes, often as small as a pack of cigarettes, have contained account information for thousands of customers.

E-mail verification. Bank's customers aren't the only people vulnerable to phishing attacks. Stickley and his team often use phishing tactics to extract critical information from bank employees prior to visiting a branch for an undercover social engineering audit. Employees need to understand e-mail that appears to come from another employee or legitimate source could be forged.

If a manager requests confidential information from an employee via email, the employee should always contact the manager via the phone for verification. Stickley's team will also employ e-mail spoofing and domain hijacking to trick the employee into releasing sensitive information. For example, if a bank's name is Pond Bank, and their domain name is pondbank.com , Stickley will register a fake domain name that replaces the letter "o" in Pond with the numeral "zero," and then send spoofed e-mails to bank employees asking for sensitive information. Banks should also consider adding cryptographic signatures to enable authenticated e-mail messages that can prevent forgeries.

Policy enforcement and employee training. Employee awareness training and strict policy enforcement are the most important methods to protect an organization from identity thieves. Monthly meetings should be scheduled to review security policies. For example, employees must understand that bank visitors must be accompanied at all times, and that unoccupied desks should be free of confidential information, and filing cabinets should locked when unattended.

Additionally, policy management software should be an essential component of any security program to ensure that employees are contacted when policy and procedure changes occur.

Featured

  • Data Driven, Proactive Response

    As cities face rising demands for smarter policing and faster emergency response, Real Time Crime Centers (RTCCs) are emerging as essential hubs for data-driven public safety. In this interview, two experts with deep field experience — Ross Bourgeois of New Orleans and Dean Cunningham of Axis Communications — draw on decades of operational, leadership and technology expertise to share how RTCCs are transforming public safety through innovation, interagency collaboration and a relentless focus on community impact. Read Now

  • Integration Imagination: The Future of Connected Operations

    Security teams that collaborate cross-functionally and apply imagination and creativity to envision and design their ideal integrated ecosystem will have the biggest upside to corporate security and operational benefits. Read Now

  • Smarter Access Starts with Flexibility

    Today’s workplaces are undergoing a rapid evolution, driven by hybrid work models, emerging smart technologies, and flexible work schedules. To keep pace with growing workplace demands, buildings are becoming more dynamic – capable of adapting to how people move, work, and interact in real-time. Read Now

  • Trends Keeping an Eye on Business Decisions

    Today, AI continues to transform the way data is used to make important business decisions. AI and the cloud together are redefining how video surveillance systems are being used to simulate human intelligence by combining data analysis, prediction, and process automation with minimal human intervention. Many organizations are upgrading their surveillance systems to reap the benefits of technologies like AI and cloud applications. Read Now

  • Right-Wing Activist Charlie Kirk Dies After Utah Valley University Shooting

    Charlie Kirk, a popular conservative activist and founder of Turning Point USA, died Wednesday after being shot during an on-campus event at Utah Valley University in Orem, Utah Read Now

Most   Popular

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.