It is highly recommended to dedicate one computer for doing your online banking activities and not use that same computer for email and general Internet surfing. Also, the following tips will help reduce the risk of malicious software getting onto your systems.
- Make sure the software running on your computers is up to date and supported. Never use software that is no longer supported as it can be much more vulnerable to security weaknesses.
- Ensure you use and keep current on anti-virus software to help identify malicious software that may get installed on your computer.
- Make sure you use and keep a current firewall to protect your computer and network. This could be a separate firewall device or the software firewall that comes with many computer operating systems.
- Disable admin accounts on all computers if possible; at the very least change the default passwords.
- If you use a wireless network (wi-fi) make sure you have secured it as much as possible.
- Use URL and Email filtering to lessen the chance of going to malicious sites.
Meltdown and Spectre Security Issues
Well, welcome to 2018 and what is the first of the big security issues. You may have already seen news about the Meltdown and Spectre security flaws that were just discovered and the information below is to help you understand what these issues are and how they can you at your business as well as at home.
The Security Flaw
Computer researchers have recently found out that the main chip in most modern computers—the CPU—has a hardware bug. It's really a design flaw in the hardware that has been there for years. This is a big deal because it affects almost every computer on our network, including your workstation and all our servers.
This hardware bug allows malicious programs to steal data that is being processed in your computer memory. Normally, applications are not able to do that because they are isolated from each other and the operating system. This hardware bug breaks that isolation.
So, if the bad guys are able to get malicious software running on your computer, they can get access to your passwords stored in a password manager or browser, your emails, instant messages and even business-critical documents. Not good.
What To Do?
Determine the make and model of the CPU in your home computer(s) and reach out to the manufacturer for information about the security patch.
Also, make sure you have a licensed and updated anti-virus solution running on your home computer(s). This is a first line of defense, but always be cautious of emails you open, attachments you open, and links you follow.
Link to Manufacture Updates
The following table contains links to patch information published in response to the vulnerabilities.
Link to Vendor Patch Information Date Added Amazon January 4, 2018 AMD January 4, 2018 Android January 4, 2018 ARM January 4, 2018 CentOS January 4, 2018 Chromium January 4, 2018 Citrix January 4, 2018 F5 January 4, 2018 January 4, 2018 Huawei January 4, 2018 IBM January 4, 2018 Intel January 4, 2018 Lenovo January 4, 2018 Linux January 4, 2018 Microsoft Azure January 4, 2018 Microsoft Windows January 4, 2018 NVIDIA January 4, 2018 OpenSuSE January 4, 2018 Red Hat January 4, 2018 SuSE January 4, 2018 Trend Micro January 4, 2018 VMware January 4, 2018 Xen January 4, 2018
Online banking is a very flexible way for you to complete banking transactions on your schedule. It also provides a great way for you to detect fraud early. By regularly monitoring your accounts online you can quickly identify fraudulent transactions.
- Change the passwords for your online banking and email accounts at a maximum of every 90 days.
- If you suspect your password to any online account (email, bank, Amazon) was compromised, change it immediately on that system as well as your other online accounts.
Minnwest monitors all online banking transactions for anomalous behavior and will notify you if we see something suspicious.
Email is the most prominent means of communication in use today. Email is also the most prominent means for malicious users to try and gain access to our information. The most common attack is the use of “phishing” emails; emails that are designed to take advantage of our helpful, trusting and curious nature.
- Be wary of emails from people or companies you do not know and are not expecting.
- Be cautious of clicking on any links or opening any attachments.
- No business or bank should ever ask you to provide user credentials or personal information in response to an email.
You probably use a number of personal identification numbers (PINs), passwords, and passphrases every day: from getting money from the ATM or using your debit card in a store, to logging in to your email or into an online retailer. Keeping track of all of the number, letter, and word combinations may be frustrating at times, but you’ve seen enough news coverage to know that hackers represent a real threat to your information. Often, an attack is not specifically about your account, but about using the access to your information to launch a larger attack.
One of the best ways to protect information or physical property is to ensure that only authorized people have access to it. Verifying that those requesting access are the people they claim to be is the next step. This authentication process is more important and more difficult in the cyber world. Passwords are the most common means of authentication, but only work if they are complex and confidential. Many systems and services have been successfully breached because of insecure and inadequate passwords. Once a system is compromised, it’s open to exploitation by other unwanted sources
How to choose good passwords
Avoid common mistakes
Most people use passwords that are based on personal information and are easy to remember. However, that also makes it easier for an attacker to crack them. Consider a four-digit PIN. Is yours a combination of the month, day, or year of your birthday? Does it contain your address or phone number? Think about how easy it is to find someone’s birthday or similar information. What about your email password—is it a word that can be found in the dictionary? If so, it may be susceptible to dictionary attacks, which attempt to guess passwords based on common words or phrases.
Although intentionally misspelling a word ("daytt" instead of "date") may offer some protection against dictionary attacks, an even better method is to rely on a series of words and use memory techniques, or mnemonics, to help you remember how to decode it. For example, instead of the password "hoops," use "IlTpbb" for "[I] [l]ike [T]o [p]lay [b]asket[b]all." Using both lowercase and capital letters adds another layer of obscurity. Changing the same example used above to "Il!2pBb." creates a password very different from any dictionary word.
Length and complexity
The National Institute of Standards and Technology (NIST) has developed specific guidelines for strong passwords. According to NIST guidance, you should consider using the longest password or passphrase permissible (16–64 characters) when you can. For example, "Pattern2baseball#4mYmiemale!" would be a strong password because it has 28 characters. It also includes the upper and lowercase letters, numbers, and special characters. You may need to try different variations of a passphrase—some applications limit the length of passwords, some do not accept spaces or certain special characters. Avoid common phrases, famous quotations, and song lyrics.
For more information on how you can protect your information click here.
Treat your mobile devices the same way you do a desktop or laptop computer. These devices allow you the same access to the Internet and can also expose your information if not treated correctly.
- Enable strong password protection.
- Enable an automatic screen lock after a length of inactivity (recommend 1 minute).
- If available, implement anti-malware tools.
One of the most overlooked areas of information security is the protection of physical documents and electronic storage devices (flash drives, external hard drives). Below are several ideas to help protect your physical information.
- Shred papers that contain financial or personal information.
- Wipe the contents from the hard drives of computers versus just using a delete command. Delete leaves the actual data accessible whereas a true wipe disk utility completely removes the data. Do a Google search for Disk Wipe to find a solution that works best for you.
- Wipe the contents from printer and copier hard drives as these contain the data that has passed through them.