18 Hoosier Banker August 2014 DIRECTORS / SENIOR MANAGEMENT it is the truly “old school” security protections that may be the hardest change in our everyday work environment. Changing old habits is invariably harder to accomplish than learning new concepts. Physical security begins with securing the building in which NPI is stored. Old-school precautions such as a lock and burglar alarm are a good starting point. Most people already employ these trusted precautions. The next step is implementing a “clean desk policy.” Simply put, a clean desk policy is securing documents containing NPI such as open files, closed files, bank statements, applications, unrecorded loan documents, mail and basically any printed material concerning a transaction whether it is located on the desk, in the file, on the printer or even in the trash can. One point about “physical” security that may often get confused with “digital” security is the physical custody of computer equipment. It is of utmost importance to make sure that your server, backup data, laptops, smartphones and all other forms of portable media containing NPI are secure. Keeping information secure on the device is digital security. If someone loses their laptop, no matter how password-protected or encrypted the data may be, a cyber-criminal – given enough time – will be able to get to the NPI. e. Digital and electronic security, a.k.a. network security. As mentioned previously, digital security refers to keeping the NPI safe on the digital or electronic device. The first and easiest protection is to password protect data on all digital devices. Every password should be “complex.” The acceptable standard for complex passwords is that they are at least eight characters long, contain upper- and lower-case letters, at least one numeral, and are changed at least every 90 days. Additional efforts to digitally protect NPI include having an upto-date virus protection program that updates at least every day. The network should be located behind a digital firewall that protects the network from outside threats. Digital storage and transmission of NPI should be encrypted. This includes email. All email should be a hosted or internal solution that is domain specific. The use of free email accounts (such as Gmail, AOL, Yahoo or Hotmail) may not provide the security Finally, when employees leave your employ, their access to the office and the computer should be terminated immediately. In the old days, we would simply ask for the key to be returned. Today, we need to collect that key, but also terminate the employee’s passwords and change the alarm code. d. Physical security. While we may think that the entire cyber world is harder to understand and conquer, Michael A. Renninger Principal (317) 695‐7939 mrenninger@renningerllc.com Securities offered through Ausdal Financial Partners, Inc., 5187 Utica Ridge Road Davenport, IA, 52807 (563)326‐2064 Member: FINRA, SIPC. Renninger & Associates, LLC and Ausdal Financial Partners, Inc. are independently owned and operated. www.renningerllc.com "For an ObjecƟve Assessment of Your Challenges and Professional ExecuƟon of Your OpportuniƟes" Buy‐Side and Sell‐side Representa�on involving whole banks, branches, and non‐bank affiliates Stock Liquidity, Capital Development, and Strategic Planning Stock Valua�ons and Fairness Opinions CPA‐trained and CFO‐experienced Indiana professionals serving Indiana banks. Our services include: Continued from page 17.
RkJQdWJsaXNoZXIy MTg3NDExNQ==