Pub. 10 2020-2021 Issue 4

O V E R A C E N T U R Y : B U I L D I N G B E T T E R B A N K S — H E L P I N G C O L O R A D A N S R E A L I Z E D R E A M S www.coloradobankers.org 18 2. Secure Browsing Pay attention to the letter “S.” That simple letter makes all the difference when it comes to secure web browsing. “Http” stands for hypertext transfer protocol, while the “s” at the end stands for — you guessed it — secure. It’s essen - tial to ensure “https” is displayed in the URL you visit, as it shows the authentic - ity of the security certificate of that web - page. If you access a webpage without a certificate or with an expired one, there is a chance you are visiting a webpage that could contain viruses, malware andmore. 3. Cautious Surfing Don’t surf the internet if you are us - ing an account that has administrator privileges. If you pick up malware us - ing a computer with these privileges, you have given the malware the same administrator rights you have on your user account. Also, consider the Wi-Fi network you are using. Make sure it is secured and password protected. 4. Strong Passwords While having a password of “123456” or “password” may be easy to remem - ber, having more complex passwords can make a huge difference in protecting your data and your financial institution. Strong passwords should: • Contain at least 12 characters, includ - ing upper- and lowercase letters, num- bers and special characters • Be unique to the user—never share them • Not be reused on multiple accounts • Change every 60 to 90 days Physical Device Best Practices The actions of your everyday staff, whether they are on-site or working from home, are critical keys to a ro - bust cybersecurity program. Here are some best practices related to your staff and their devices that can help prevent any attacks. 1. Lock It Up Every time you step away from your computer, lock it up. While it may seem like a trivial practice, you would be sur - prised at how often it is not done. Com- puters contain sensitive information and processes and when left unlocked, there is a possibility that a hacker could have access to the system. To avoid possible information leaks, remember to always lock your computer when leaving your desk. A quick tip: Press the Windows Key + L to lock your screen quickly. 2. Protect Your Device Patching and repairing operating systems and applications is another important security practice. Although these patches and updates are released regularly from Microsoft and Adobe, there are times when patches are sent out off schedule to defend against oth - er threats. As time passes and new threats are discovered, system updat - ing and patching will be a constant se- curity measure. This is especially true as employees are working remotely and may require additional programs and security systems. 3. The Importance of Education Ensuring all employees are trained in the basics of network, system and in - formation security is a massive piece of your financial institution’s cybersecuri - ty plan. Having a basic understanding of security or identifying a potential threat can make an employee less likely to be a victim. Employees should be trained on security policies and their role in pro - tecting information. They should also be aware of the expectations when it comes to personal use of company-provided equipment. This may include social me - dia use and web browsing. You will also want to train your employees on social engineering and identifying these at - tacks, which come in the form of phish- ing emails, fake calls and more. 4. Back it Up Disasters don’t usually come with much warning. Businesses often aren’t fully prepared for floods, fires, power outages or malicious programs. In these cases, it is possible for businesses to lose information and data stored on devices. The best way to ensure this data is safe is to automatically back up all data daily and store the backups in a secure, off- site location. 5. Be Smart with Your Smartphone Smartphones are another ave - nue hackers may use to access sensi - tive data. In the financial institution world, bankers may often be traveling and communicating with clients while on the go using their smartphone. Re- member to avoid connecting to unse- cured Wi-Fi, use strong passwords, and turn off Bluetooth when you ar - en’t using it. Watch for Common IT Problems Many banks rely on a third party for their IT services. However, financial institutions need to know how to check on that third party’s work. Common Scenarios A financial institution that has gone through a replacement of its security systems, such as security cameras and access systems, may have a potential threat. Many times, those cameras or locks are easily accessed by unautho - rized people. This happens when system vendors create user logins for the bank to use but leave the administrator accounts at default or leave the passwords blank. Software patching continues to be a problem for financial institutions, es - pecially when a third party is responsi - ble for it. These problems may exist in Microsoft apps, Java, Adobe and many other applications. The vulnerabilities in these apps have been discovered in some substantial breaches, which have occurred worldwide. Other systems at risk for security breaches include scanners, phone sys - tems, storage systems, routers and net - work switches, among others. A person can access these using vendor default credentials, which gives them the power to delete the financial institution’s data storage. Smart TVs and electronic signs are also easily hacked, and the hacker may display malicious content and lock the owner out. Peace of mind begins with under- standing the risk and how to make a strategic plan for prevention, detection and resolution. We’ve created a guide to give you tips to weather the cybersecu - rity storm. Utilize HR to Prevent Fraud Human resources are usually brought into the picture after the act has been discovered. However, having a solid HR plan from the start can minimize the chances of fraud occurring and less se- vere effects if fraud does occur. Begin fraud prevention, starting with the hiring process. Background checks on new hires can help your institution continued from the previous page