Business Computers and Networks
Information Security for Commercial Banking Clients
Maintaining a Secure Business Computer – What precautions can you take?
Your computer is part of a vast electronic information highway where data moves through complex networks, making our daily communications happen quickly and easily. With that convenience comes the need to protect that valuable and private information along the way. Although your business’ information security needs may require very specific solutions, much of what we do every day on our laptops or desktops is protected by following some relatively simple steps.
Use a modern operating system – The most current operating systems (OS) provide substantial security enhancements over earlier versions.
Set the OS to check for and install updates automatically. Also keep your other peripheral devices, such as tablet computers and smart phones up-to-date as well.
Install a comprehensive security suite that supports anti-virus, anti-spyware, anti-phishing, safe browsing, and firewall capabilities. Remember to enable any automated updated service within the suite.
Limit use of the administrator account. The initial account that is typically created when configuring a computer for the first time is the local administrator account. This account should be used only to install updates or software, and reconfigure the computer as needed. Browsing the web or reading email should not be done using this account. A non-privileged “user” account should be created and used for these other day-to-day activities.
Migrate to the most recent application versions, and maintain updates as needed.
If using third party web browsers, install script disabling software to prevent execution of scripts. Allow trusted sites to execute scripts as necessary.
Use file or full disk encryption to protect laptops and other mobile devices. These computers are easily lost and stolen, and encryption is the only reliable protective security measure once a criminal has your computer.
Use a security cable to lock the laptop to furniture when in public. A laptop can be stolen in moments, especially at a school or library.
Maintaining a Secure Business Network – What precautions can you take?
Use a separate personally-owned router with firewall capabilities to connect to the ISP provided
router/cable modem. This gives you the control of routing and wireless capabilities and will block
outsiders from accessing your network. A wireless network should be protected using Wi-Fi Protected Access 2 (WPA2) instead of Wired Equivalent Privacy(WEP). WEP encryption can be broken by an attacker.
Implement strong passwords on network devices. Choose a long, complex password (at least15
characters) for your administrative login to your router and your WPA2 encryption key. Write them down in your device manual, as they will be needed to make future changes to the device.
When is it a good time to perform a “risk-assessment” of your company’s security?
Why not right now? Attached as page 3 is a simple and quick questionnaire, containing 10 questions to help determine the adequacy of your company’s security.
Where can I go for additional resources and information?
For more information on securing your on-line information refer to the following:
Free Anti-virus software is available at the following addresses:
Concerned that your business has been targeted by online fraud?
Tell us at once if you notice suspicious account activity or experience an information security event. Contact us at: 706.236.2123 / 706.236.3556 / 706.236.3552 or by email at email@example.com
WHAT ARE YOU DOING TO MITIGATE THE RISKS TO YOUR BUSINESS
1. Are passwords required to access your company workstations?
2. How complex are the passwords required to access your company workstations?
3. Do you currently have anti-virus programs installed on your company workstations / network?
4. Do you take advantage of the patches and upgrades available from software providers?
5. What security measures are in place for the wireless devices used by your company / employees? (Have you ever heard of “Smishing”?)
6. Do you have segregation of daily duties? (e.g.: Are specific people granted access to the banking information? Are there specific duties assigned to specific employees?)
7. Do you perform background checks when hiring new employees?
8. What processes do you currently have in place to ensure the security of your business and related information? (e.g.: Do employees have access to the office after-hours? If so, how many and what is the deciding criteria to grant access?)
9. Who has access to download or install information on company workstations? (Are you only allowed to download or install programs if you are the administrator?)
10. If you have online banking for your business, do you monitor your accounts daily? Verifying balances and checking transactions?