Minnwest has a strong commitment to help you protect your business and you from the relentless fraudsters and scammers. Our goal is to provide you the awareness of the threats and challenges presented by being connected to the internet so you can take appropriate actions to help keep your company and personal and financial information safe.
Most of our information sharing will be delivered through this website or through emails sent only from [email protected].
The online banking and electronic commerce environments do pose many threats to you and your personal and financial information; however, being armed with information allows you to minimize the dangers and take advantage of the many benefits that come with online services.
Corporate account takeover (CATO) is a fast growing threat against businesses. Corporate account takeover is a type of fraud where thieves gain access to a business’s finances to make unauthorized transactions, including transferring funds from the company, creating and adding new fake employees to payroll, and stealing sensitive customer information that may not be recoverable.
Computer and Network Security
It is highly recommended to dedicate one computer for doing your online banking activities and not use that same computer for email and general Internet surfing. Also, the following tips will help reduce the risk of malicious software getting onto your systems.
- Make sure the software running on your computers is up to date and supported. Never use software that is no longer supported as it can be much more vulnerable to security weaknesses.
- Ensure you use and keep current on anti-virus software to help identify malicious software that may get installed on your computer.
- Make sure you use and keep a current firewall to protect your computer and network. This could be a separate firewall device or the software firewall that comes with many computer operating systems.
- Disable admin accounts on all computers if possible; at the very least change the default passwords.
- If you have more than one employee using your computers make sure each employee has their own unique and separate user account.
- Ensure everyone uses strong passwords.
- If you use a wireless network (wi-fi) make sure you have secured it as much as possible.
- Use URL and Email filtering to lessen the chance of going to malicious sites.
Make sure that all employees receive education about Internet and computer use and how they can protect your company and themselves. Share with all employees the security information Minnwest provides.
Below are some good general security resources that you can use to help build your own computer security program and also provide helpful information to your employees.
Meltdown and Spectre Security Issues
Well, welcome to 2018 and what is the first of the big security issues. You may have already seen news about the Meltdown and Spectre security flaws that were just discovered and the information below is to help you understand what these issues are and how they can you at your business as well as at home.
The Security Flaw
Computer researchers have recently found out that the main chip in most modern computers—the CPU—has a hardware bug. It's really a design flaw in the hardware that has been there for years. This is a big deal because it affects almost every computer on our network, including your workstation and all our servers.
This hardware bug allows malicious programs to steal data that is being processed in your computer memory. Normally, applications are not able to do that because they are isolated from each other and the operating system. This hardware bug breaks that isolation.
So, if the bad guys are able to get malicious software running on your computer, they can get access to your passwords stored in a password manager or browser, your emails, instant messages and even business-critical documents. Not good.
What To Do?
Determine the make and model of the CPU in your home computer(s) and reach out to the manufacturer for information about the security patch.
Also, make sure you have a licensed and updated anti-virus solution running on your home computer(s). This is a first line of defense, but always be cautious of emails you open, attachments you open, and links you follow.
Link to Manufacture Updates
The following table contains links to patch information published in response to the vulnerabilities.
|Link to Vendor Patch Information||Date Added|
|Amazon||January 4, 2018|
|AMD||January 4, 2018|
|Android||January 4, 2018|
|ARM||January 4, 2018|
|CentOS||January 4, 2018|
|Chromium||January 4, 2018|
|Citrix||January 4, 2018|
|F5||January 4, 2018|
|January 4, 2018|
|Huawei||January 4, 2018|
|IBM||January 4, 2018|
|Intel||January 4, 2018|
|Lenovo||January 4, 2018|
|Linux||January 4, 2018|
|Microsoft Azure||January 4, 2018|
|Microsoft Windows||January 4, 2018|
|NVIDIA||January 4, 2018|
|OpenSuSE||January 4, 2018|
|Red Hat||January 4, 2018|
|SuSE||January 4, 2018|
|Trend Micro||January 4, 2018|
|VMware||January 4, 2018|
|Xen||January 4, 2018|
Online banking is a very flexible way for you to complete banking transactions on your schedule. It also provides a great way for you to detect fraud early. By regularly monitoring your accounts online you can quickly identify fraudulent transactions.
- Change the passwords for your online banking and email accounts at a maximum of every 90 days.
- If you suspect your password to any online account (email, bank, Amazon) was compromised, change it immediately on that system as well as your other online accounts.
Minnwest provides several tools that can help you make your online banking even more secure.
- We monitor all transactions for anomalous behavior and will notify you if we see something suspicious.
- We offer Positive Pay as a means to detect fraudulent checks.
- We provide Security Tokens for an extra level of security to make money movement transactions.
Email is the most prominent means of communication in use today. Email is also the most prominent means for malicious users to try and gain access to our information. The most common attack is the use of “phishing” emails; emails that are designed to take advantage of our helpful, trusting and curious nature.
- Be wary of emails from people or companies you do not know and are not expecting.
- Be cautious of clicking on any links or opening any attachments.
- No business or bank should ever ask you to provide user credentials or personal information in response to an email.
- Keep business and personal email separate; on separate computers if possible.
You probably use a number of personal identification numbers (PINs), passwords, and passphrases every day: from getting money from the ATM or using your debit card in a store, to logging in to your email or into an online retailer. Keeping track of all of the number, letter, and word combinations may be frustrating at times, but you’ve seen enough news coverage to know that hackers represent a real threat to your information. Often, an attack is not specifically about your account, but about using the access to your information to launch a larger attack.
One of the best ways to protect information or physical property is to ensure that only authorized people have access to it. Verifying that those requesting access are the people they claim to be is the next step. This authentication process is more important and more difficult in the cyber world. Passwords are the most common means of authentication, but only work if they are complex and confidential. Many systems and services have been successfully breached because of insecure and inadequate passwords. Once a system is compromised, it’s open to exploitation by other unwanted sources
How to choose good passwords
Avoid common mistakes
Most people use passwords that are based on personal information and are easy to remember. However, that also makes it easier for an attacker to crack them. Consider a four-digit PIN. Is yours a combination of the month, day, or year of your birthday? Does it contain your address or phone number? Think about how easy it is to find someone’s birthday or similar information. What about your email password—is it a word that can be found in the dictionary? If so, it may be susceptible to dictionary attacks, which attempt to guess passwords based on common words or phrases.
Although intentionally misspelling a word ("daytt" instead of "date") may offer some protection against dictionary attacks, an even better method is to rely on a series of words and use memory techniques, or mnemonics, to help you remember how to decode it. For example, instead of the password "hoops," use "IlTpbb" for "[I] [l]ike [T]o [p]lay [b]asket[b]all." Using both lowercase and capital letters adds another layer of obscurity. Changing the same example used above to "Il!2pBb." creates a password very different from any dictionary word.
Length and complexity
The National Institute of Standards and Technology (NIST) has developed specific guidelines for strong passwords. According to NIST guidance, you should consider using the longest password or passphrase permissible (16–64 characters) when you can. For example, "Pattern2baseball#4mYmiemale!" would be a strong password because it has 28 characters. It also includes the upper and lowercase letters, numbers, and special characters. You may need to try different variations of a passphrase—some applications limit the length of passwords, some do not accept spaces or certain special characters. Avoid common phrases, famous quotations, and song lyrics.
For more information on how you can protect your information click here.
Treat your mobile devices the same way you do a desktop or laptop computer. These devices allow you the same access to the Internet and can also expose your information if not treated correctly.
- Enable strong password protection.
- Enable an automatic screen lock after a length of inactivity (recommend 1 minute).
- If available, implement anti-malware tools.
One of the most overlooked areas of information security is the protection of physical documents and electronic storage devices (flash drives, external hard drives). Below are several ideas to help protect your physical information.
- Shred papers that contain company, financial or personal information.
- Wipe the contents from the hard drives of computers versus just using a delete command. Delete leaves the actual data accessible whereas a true wipe disk utility completely removes the data. Do a Google search for Disk Wipe to find a solution that works best for you.
- Wipe the contents from printer and copier hard drives as these contain the data that has passed through them.