Information Security Blog

Online Banking: American Bankers Association Cries “Caveat Emptor”

Lost in the glow of Operation Aurora was the American Bankers Association (ABA) recommendation “that small to midsized businesses only conduct online banking on dedicated work-stations”. On first blush, sounds like sound information security advice; so why is it that I find this so significant?

Because the banking industry finally “gets it”.

When the ABA (dedicated to enhancing the competitiveness of the nation’s banking industry and strengthening America’s economy) suddenly throws a wet blanket onto online banking we have reason to be concerned. In short, what they are saying is that online banking is only as secure as the end-point that it is conducted on and that the viruses, spyware, Trojans and identity-stealing key-loggers that regularly infect computers are something they no longer can pretend they can control.

They finally get that HTTPS, strong passwords, and two-factor authentication can’t keep us safe from ourselves and the increasing risk posed by organized crime.

Unfortunately, the proposed solution, while it may be the best we have, is insufficient. Even a dedicated workstation is vulnerable to malware infection, even if “safe” web practices are followed (comically, AVG just reported that I happened upon a malware loading site following a link on organized crime and online banking while researching this post). What we need is a trusted, fully immutable, computing device – I have to think someone really smart is working on this right now.

In the meantime, I’m not worried enough to give up on online banking. However, I won’t do it from a windows machine any longer. Right now, I’m only using my iMac, but plan on moving to either a dedicated Ubuntu machine or a bootable USB Linux.

I thought this blog post on “more secure” options for online banking was well done.

Free Whitepaper: Stop Wasting Money on Penetration Testing

Penetration Testing is most frequently performed to:

Substantiate the net effectiveness of a mature control environment
Prove to a third party that an environment is secure/trustworthy
Quickly assess the security of a less mature control environment (in a sense a technical risk assessment)
To validate that significant changes did not have unanticipated results

Free Download: ISO 27001 Implementation Roadmap

Have no fear – our “roadmap” will guide you, step by step, through the entire ISO 27001 process.

Getting to ISO 27001 certification is a process made up of things you already know – and things you may already be doing!

Download: Information Security Attestation Guide

A Best-Practices Guide to Information Security Attestation

Download our proven Information Security Guide to simplify the process of protecting your data, proving you’re secure and growing your business.

Free Whitepaper: Five Best Practices for SIEM

The promise of SIEM is the consolidation of all relevant Security Event Logs from disparate sources into a single unified and normalized data store.

Simplify compliance monitoring/reporting
Vastly improve Incident Detection & Incident Response
Contextualize event information with other business relevant information

Best Practices for Firing A Network Security Administrator

Want to know how to fire a Network Admin? Need to know what precautions to take? Firing any employee can be a stressful event. Firing one who has significant knowledge of and privileged access to your Information Technology/Security infrastructure is even more stressful, as the risks are so notable.

Free Download: A Best Practices Guide to Database Security

Because data is only as secure as the systems & processes it relies on – a holistic approach to data security is essential. This roadmap is not meant to be exhaustive but rather to stimulate the necessary thought process to put you on the path to good data security.