This week Brian Krebs published a list of online banking best practices for businesses. While there is nothing earth-shattering in this list, it serves as a reminder that the basics matter and that it's important to think about the security aspects of online transactions.
Reviewing this article got me to thinking about what I would put into such a list for the individual versus a business. Clearly most of Brian's recommendations remain applicable, but there are a few more things that I would focus on for the individual consumer of online banking services:
- Passwords Matter. I understand the concerns consumers have over a multitude of passwords and the desire to use just one password for everything, but this makes it easier for the bad guys to get to your money. If they compromise your email password, for example, they now are one step closer to accessing your banking information if your passwords are the same. Your banking password should always be unique, should be complex (letters, numbers, and at least one special character) and you should change that password one a somewhat regular basis (90 days is preferred, but at least once a year). Note, if you are concerned about remembering multiple passwords in general there are several good password storage programs out there that are easy to use and highly mobile. KeePass is my personal favorite.
- Know Your Network. WiFi availability has become ubiquitous in our society; secure WiFi has not. Bad actors routinely place themselves on open networks in an attempt to capture your data; worse, many bad actors set up "free" networks with names similar to those you might be used to/searching for in an attempt to deceive you into granting them access to your system. As a general rule, do your online banking at home on your own (secure! :) ) network. If you find yourself on the road regularly or simply desire more mobility when you bank, invest in a MiFi device and the appropriate service (one which allows your to password protect the MiFi network) from your chosen carrier.
- Talk To Your Bank. Online banking is not just a convenience for you; it's a convenience for the banks as well. If a financial institution can drive more transactions and interactions to a self-services platform such as their online presence, the less overhead they need to carry in the form of branches and tellers. In exchange for this convenience, you should feel comfortable in asking some questions of your bank regarding their online banking security. Simple questions such as where they host their online presence; how they protect the online transaction data; how often they patch their systems and/or update their applications; and what they do to test their online applications, mobile apps, and their online presence overall are not unreasonable questions and should result in informed answered from your financial institution. If they don't consider finding another institution. As an example: my institution hosts its application internally; placed its online presence in beta for over a year to ensure the security is rock solid; tests its online presences quarterly for security; patches immediately for high-risk security patches; and tests its code annually as well as whenever updates are made for security issues and holes.
When approaching online banking it is important to remember that being an informed and diligent consumer is an essential step in protecting your assets. Ask questions...and remember the basics :)
No comments:
Post a Comment