According to a recent report by Accenture, over the past 12 months, banks experienced an average of 85 serious breach attempts, with as many as 36% of banks revealing that data had been stolen. To make matters even worse, banks took an average of 59 days to spot an attack. Naturally, banks are a prime target for cyber-criminals because they offer the greatest financial reward. Below is a simple checklist which can be used by financial intuitions to help prevent cyber-attacks.
1. Make sure devices are locked down if they have been idle for given length of time
Should a staff member leave their desk unattended for any length of time, a rogue insider could easily gain access to their data.
2. Make sure that operating systems are kept up-to-date
Operating systems should be set to download and install updates automatically. This includes smartphones, tablets, and other mobile devices.
3. Make sure you have a strong password policy
- Do not use the same credentials (like text passwords) for multiple accounts/devices.
- Passwords be should at least 16 characters, and include numbers, letters (both uppercase and lowercase), and special characters.
- Avoid using words that can identify you in some way; your pet’s name, postcode, social security number and other PII (Personally Identifiable Information).
- Avoid storing passwords in your web browser, as they can be easily revealed should an attacker gain access to your device.
- Avoid logging to important accounts on the other people’s computers or public WI-FI hotspots
- Change your passwords regularly (approximately 4 or 5 times a year). You might want to consider using a solution such as LepideAuditor, which enables you to automate the process of reminding users to reset passwords.
- Do not store unencrypted passwords on your device or in the cloud
- Use two-factor authentication whenever possible
- Avoid sharing your passwords with other members of staff, even if it makes life easier
4. Keep antivirus software up-to-date
Automatic updates should be enabled, and devices should regularly be scanned for viruses.
5. Dispose of all data and equipment properly
When disposing of hardware that contains sensitive information, make sure that devices are properly reformatted, destroyed or both. Likewise, paper documents will need to be shredded.
6. Make sure that staff members are well trained in cyber-security
Insider threats account for 43% of data loss, according to Infosecurity Group. It is therefore very important to keep your staff well trained – especially with regards to Phishing attacks.
7. Make sure you have a backup and recovery plan in place
You should also carry out dry-runs to ensure that you can successfully restore the backup – quickly and efficiently.
8. Make sure your employee know whom to call in the event of a suspected security incident
Place the support number somewhere that is obvious and accessible to everyone.
9. Use technology to help you detect, alert and respond to anomalous events
Again, LepideAuditor enables you to monitor access privileges, detect suspicious file and folder activity, manage inactive user accounts, track privileged mailbox access, and more. Additionally, such solutions can automatically generate alerts and reports, which can help satisfy regulatory compliance requirements.