Resources Personal Security

Minnwest has a strong commitment to help you protect yourself from the relentless fraudsters and scammers.  Our goal is to provide you the awareness of the threats and challenges presented by being connected to the internet so you can take appropriate actions to help keep your personal and financial information safe.

Most of our information sharing will be delivered through emails sent only from info@email.minnwestbankgroup.com.  We will also be adding new and relevant content to the Security Resources on our website. 

The online banking and electronic commerce environments do pose many threats to us and our personal and financial information; however, being armed with information allows us to minimize the dangers and take advantage of the many benefits that come with online services.

Computer and Network Security

It is highly recommended to dedicate one computer for doing your online banking activities and not use that same computer for email and general Internet surfing.  Also, the following tips will help reduce the risk of malicious software getting onto your systems.

  • Make sure the software running on your computers is up to date and supported. Never use software that is no longer supported as it can be much more vulnerable to security weaknesses.
  • Ensure you use and keep current on anti-virus software to help identify malicious software that may get installed on your computer.
  • Make sure you use and keep a current firewall to protect your computer and network. This could be a separate firewall device or the software firewall that comes with many computer operating systems.
  • Disable admin accounts on all computers if possible; at the very least change the default passwords.
  • If you use a wireless network (wi-fi) make sure you have secured it as much as possible.
  • Use URL and Email filtering to lessen the chance of going to malicious sites.

Additional resources

Meltdown and Spectre Security Issues

Well, welcome to 2018 and what is the first of the big security issues.  You may have already seen news about the Meltdown and Spectre security flaws that were just discovered and the information below is to help you understand what these issues are and how they can you at your business as well as at home.

The Security Flaw

Computer researchers have recently found out that the main chip in most modern computers—the CPU—has a hardware bug. It's really a design flaw in the hardware that has been there for years. This is a big deal because it affects almost every computer on our network, including your workstation and all our servers.

This hardware bug allows malicious programs to steal data that is being processed in your computer memory. Normally, applications are not able to do that because they are isolated from each other and the operating system. This hardware bug breaks that isolation.

So, if the bad guys are able to get malicious software running on your computer, they can get access to your passwords stored in a password manager or browser, your emails, instant messages and even business-critical documents. Not good.

What To Do?

Determine the make and model of the CPU in your home computer(s) and reach out to the manufacturer for information about the security patch.

Also, make sure you have a licensed and updated anti-virus solution running on your home computer(s).  This is a first line of defense, but always be cautious of emails you open, attachments you open, and links you follow. 

Link to Manufacture Updates

The following table contains links to patch information published in response to the vulnerabilities.

Link to Vendor Patch Information

Date Added

Amazon

January 4, 2018

AMD

January 4, 2018

Android

January 4, 2018

ARM

January 4, 2018

CentOS

January 4, 2018

Chromium

January 4, 2018

Citrix

January 4, 2018

F5

January 4, 2018

Google

January 4, 2018

Huawei

January 4, 2018

IBM

January 4, 2018

Intel

January 4, 2018

Lenovo

January 4, 2018

Linux

January 4, 2018

Microsoft Azure

January 4, 2018

Microsoft Windows

January 4, 2018

NVIDIA

January 4, 2018

OpenSuSE

January 4, 2018

Red Hat

January 4, 2018

SuSE

January 4, 2018

Trend Micro

January 4, 2018

VMware

January 4, 2018

Xen

January 4, 2018

Online Banking

Online banking is a very flexible way for you to complete banking transactions on your schedule.  It also provides a great way for you to detect fraud early.  By regularly monitoring your accounts online you can quickly identify fraudulent transactions.

  • Change the passwords for your online banking and email accounts at a maximum of every 90 days.
  • If you suspect your password to any online account (email, bank, Amazon) was compromised, change it immediately on that system as well as your other online accounts.

Minnwest monitors all online banking transactions for anomalous behavior and will notify you if we see something suspicious.

Protecting Passwords

You probably use a number of personal identification numbers (PINs), passwords, and passphrases every day: from getting money from the ATM or using your debit card in a store, to logging in to your email or into an online retailer. Keeping track of all of the number, letter, and word combinations may be frustrating at times, but you’ve seen enough news coverage to know that hackers represent a real threat to your information. Often, an attack is not specifically about your account, but about using the access to your information to launch a larger attack.

One of the best ways to protect information or physical property is to ensure that only authorized people have access to it. Verifying that those requesting access are the people they claim to be is the next step. This authentication process is more important and more difficult in the cyber world. Passwords are the most common means of authentication, but only work if they are complex and confidential. Many systems and services have been successfully breached because of insecure and inadequate passwords. Once a system is compromised, it’s open to exploitation by other unwanted sources

How to choose good passwords

Avoid common mistakes

Most people use passwords that are based on personal information and are easy to remember. However, that also makes it easier for an attacker to crack them. Consider a four-digit PIN. Is yours a combination of the month, day, or year of your birthday? Does it contain your address or phone number? Think about how easy it is to find someone’s birthday or similar information. What about your email password—is it a word that can be found in the dictionary? If so, it may be susceptible to dictionary attacks, which attempt to guess passwords based on common words or phrases.

Although intentionally misspelling a word ("daytt" instead of "date") may offer some protection against dictionary attacks, an even better method is to rely on a series of words and use memory techniques, or mnemonics, to help you remember how to decode it. For example, instead of the password "hoops," use "IlTpbb" for "[I] [l]ike [T]o [p]lay [b]asket[b]all." Using both lowercase and capital letters adds another layer of obscurity. Changing the same example used above to "Il!2pBb." creates a password very different from any dictionary word.

Length and complexity

The National Institute of Standards and Technology (NIST) has developed specific guidelines for strong passwords. According to NIST guidance, you should  consider using the longest password or passphrase permissible (16–64 characters) when you can. For example, "Pattern2baseball#4mYmiemale!" would be a strong password because it has 28 characters. It also includes the upper and lowercase letters, numbers, and special characters. You may need to try different variations of a passphrase—some applications limit the length of passwords, some do not accept spaces or certain special characters. Avoid common phrases, famous quotations, and song lyrics.

For more information on how you can protect your information click here.

Mobile devices

Treat your mobile devices the same way you do a desktop or laptop computer.  These devices allow you the same access to the Internet and can also expose your information if not treated correctly.

  • Enable strong password protection.
  • Enable an automatic screen lock after a length of inactivity (recommend 1 minute).
  • If available, implement anti-malware tools.
Physical Security

One of the most overlooked areas of information security is the protection of physical documents and electronic storage devices (flash drives, external hard drives).  Below are several ideas to help protect your physical information.

  • Shred papers that contain financial or personal information.
  • Wipe the contents from the hard drives of computers versus just using a delete command. Delete leaves the actual data accessible whereas a true wipe disk utility completely removes the data.  Do a Google search for Disk Wipe to find a solution that works best for you.
  • Wipe the contents from printer and copier hard drives as these contain the data that has passed through them.