By Matt Lidestri
While the annual gift-giving feast has come and gone, a thoughtful gift to our customers to help protect them from online crime is always appreciated.
There is a wealth of security solutions available, many of them free of charge to customers. That’s a good thing for everyone, since secure customers significantly improve security for Internet banking as a whole. Here is my security shopping list for bank customers:
Many home banking users connect directly to the Internet through a cable modem or DSL. Even more believe their Internet Service Provider (ISP) protects them from criminal exploits. Unfortunately, that’s only partially true. If a user responds to a phishing link or is infected by malicious file, program or website, all bets are off.
Fortunately, Comodo (http://personalfirewall.comodo.com) offers a free and very solid firewall for home use. For anyone who doubts whether they need a firewall, let me be quite clear – you do. The average time to compromise an unprotected, unpatched PC on the Internet is under five minutes. You don’t want to contribute to that statistic.
The Comodo firewall filters both inbound and outbound Internet traffic, which is critical for security. Obviously, you want to block any inbound criminal attacks. But if your computer does get infected, you definitely want to prevent the live virus from “phoning home” (outbound) to its criminal masters. Its interface is relatively simple for both power users and less tech-savvy individuals as well. Consider encouraging your customers to get Comodo Firewall for home use if they don’t already have a firewall solution.
Most PC vendors automatically install an antivirus application on new PCs with a one year license, but users may allow the package to expire without renewing the license. Malware is constantly evolving, and thus the most recent malware signatures are essential for protection. Rather than running on an unlicensed antivirus program with outdated signatures, consumers should consider a free alternative. Microsoft Security Essentials provides decent anti-malware and anti-spyware functionality, and is free for home use. Avast also provides a free version of their antivirus solution which works quite well.
Microsoft Security Essentials are available at www.microsoft.com/security/products/mse.aspx, and Avast is available at www.avast.com/free-antivirus-download.
Yes, we have too many user IDs and passwords, and yes, we have to change them too often for our time-starved minds to remember. But we understand that the inconvenience of strong ID and password security keeps our information safer – much like the inconvenience of enhanced airport security.
Password Safe (http://passwordsafe.sourceforge.net) was invented to solve the problem of ID/password inflation. Password Safe was developed and open-sourced by CounterPane BT and their founder, world-renowned cryptographer Bruce Schneier. Password Safe acts as an encrypted “master vault” for all your software keys, website logins, personal identification numbers and e-mail logins. Basically, you can condense them all into one ID/ password combination for the wonderful price of [Article]. One word of caution –
make your ID/password combination to Password Safe very strong!
Almost all cyber criminal attacks exploit weaknesses in software already installed on the target computer. Windows and Internet Explorer have long been favorite targets of cyber crime, and Microsoft has stepped up admirably with timely software updates, also known as “patches.” Their newer software (Windows 7, IE8) has also been developed with better security, further protecting users.
Unfortunately, the criminals have found software holes in other common applications to exploit, particularly in Adobe products, FireFox, Java, and Quicktime. Patch Management solutions such as Secunia PSI (http://secunia.com/vulnerability_scanning/personal/) can help you detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks.
More importantly, Secunia PSI finds the patches available from the software vendors – a tedious and time consuming task if you were doing it yourself. Secunia PSI automates this process and alerts you when your programs and plug-ins need to be patched. Best of all, the Secunia solution and the patches are offered free-of-charge.
Do you keep sensitive data on your home computer or laptop? Of course you do. Electronic bank statements, 401k statements, tax returns – they’re all stored there. If a criminal were to gain access to your computer, chances are high that he would find these files pretty quickly.
One solution to the sensitive data problem is to create an encrypted drive in Windows for all these documents. TrueCrypt (www.truecrypt.org), an open-source encryption tool, enables you to do just that, keeping the documents in incomprehensible form until you access them with the appropriate encryption key.
One word of advice – don’t write the key down on a yellow sticky and put it inside your laptop!
With all these great, free solutions available to your customers, you might think the world would be quite safe. But bankers know the ultimate challenge is getting customers to use the solutions available to them. Solving that challenge will go a long way toward improving Internet banking security for everyone.
Matt Lidestri, CISSP, manages security and internet products for COCC, Inc.