7 Tips for Secure Transactions
To help avoid malware-enabled wire and ACH fraud, here are seven tips for financial institutions to share with their customers:
- Use a Dedicated Machine Then Monitor Closely
Computers are relatively inexpensive; use a separate dedicated machine for all of your online financial transactions. If multiple people need transaction access, each person must have an additional, separate computer - or leverage terminal services to create a system of clients and dumb terminals.
- Segregate it from the Network
This dedicated machine must not be part of a Windows domain. Utilize a Local Administrator account that can operate on the account access information. This avoids the "Clampi effect" of one compromised machine leading to a fully infiltrated network where miscreants can more easily steal sensitive account information.
- Turn off Computer When Not in Use
As trivial as this sounds, shut the machine down when it is not in use; this can limit your exposure - many of the modern worms/trojans exploit vulnerabilities in the Windows Operating System, and contrary to popular belief do not require the user to have taken any actions such as opening emails or visiting malicious websites.
- Monitor Traffic
Implement firewall/proxy instrumentation on both your ingress and egress points, monitoring and logging all traffic to/from your machine to ensure unauthorized access is denied no matter from what point it is initiated. The machine should be used for financial transactions only; all non-business essential network traffic should be denied to/from this machine.
- Regulate Changes
Implement a change management process for any work that is to be done on machines performing financial transactions (this should include any changes to proxy or firewall settings that could impact these machines). Changes must require multiple party approvals. Convenience is not an acceptable reason to open access.
- Think Virtual
Virtualized environments are another option employees can leverage; the solution can work for multiple employees, or employees who travel and who need to perform financial functions on the road. Again, computers are cheap; use a netbook or comparable alternative dedicated exclusively to financial transactions.
- Mind Your Media
Leverage dedicated, bootable media (CD/DVD/USB...) when performing financial transactions. One could even go a step further and remove the ability to write to the hard drive, so that nothing can actually be stored on the machine, other than the core operating system and key applications.
Source: Rodney Joffe, Senior Technologist at Neustar, Inc., a Sterling, VA-based security firm.