the technology partner for financial institutions end user best practices presented by:
TRANSCRIPT
The Technology Partner for Financial Institutions
End User Best Practices
Presented By:
The Technology Partner for Financial InstitutionsThe Technology Partner for Financial Institutions
Best Practices
• Layered security• Keep software up-to-date• Firewalls• Internet browsing• Email• Passwords• Social networks/social media
The Technology Partner for Financial InstitutionsThe Technology Partner for Financial Institutions
Layered Security
The Technology Partner for Financial InstitutionsThe Technology Partner for Financial Institutions
Keep Software Up-to-Date
• Windows Patch Management• Internet Explorer
IE 6.0 example• Antivirus/Anti-Malware
The Technology Partner for Financial InstitutionsThe Technology Partner for Financial Institutions
Patch Management
• Windows updates are constantly released Typically on Tuesdays Critical and security updates should always be
installed• Unless business reason not to
Larger offices and companies should consider a patch management solution like WSUS or HFNetChk• Smaller office might want to enable automatic updates
by following the screenshots below
The Technology Partner for Financial InstitutionsThe Technology Partner for Financial Institutions
Patch ManagementOpen Internet Explorer and click Tools-Windows Update to update computer
The Technology Partner for Financial InstitutionsThe Technology Partner for Financial Institutions
The Technology Partner for Financial InstitutionsThe Technology Partner for Financial Institutions
The Technology Partner for Financial InstitutionsThe Technology Partner for Financial Institutions
Accept Any License Terms
The Technology Partner for Financial InstitutionsThe Technology Partner for Financial Institutions
Restart machine when install finishes
The Technology Partner for Financial InstitutionsThe Technology Partner for Financial Institutions
Patch ManagementOnce machine is up-to-date, you should enable automatic update to keep it updated
The Technology Partner for Financial InstitutionsThe Technology Partner for Financial Institutions
Reboot
• For patch management to be completely successful reboots are most likely required
• Have users turn their computer off or restart at least weekly Green advantages to turning off nightly if this
doesn’t interfere with business needs
The Technology Partner for Financial InstitutionsThe Technology Partner for Financial Institutions
Malware
• Antivirus/Malware Both can cause production downtime Both can spread to other machines Both can be used to gather information to gain
access to nonpublic information creating financial loss or reputation issues
The Technology Partner for Financial InstitutionsThe Technology Partner for Financial Institutions
Antivirus Options
• avast! – Price range: $40.00-$60.00 - http://www.avast.com/index• AVG – Price range: $34.00-$44.00 - http://free.avg.com/us-en/226284?
cmpid=fs_hp_testa_226284• Kaspersky – Price range: $30.00-$60.00 - http://www.kaspersky.com/• McAfee – Price range: $40.00-$50.00 -
http://home.mcafee.com/Store/Store7.aspx?cid=60460• Microsoft Forefront -
http://www.microsoft.com/forefront/clientsecurity/en/us/default.aspx• Symantec – Price range: $24.00-$37.00 -
http://www.symantec.com/business/products/purchasing.jsp?pcid=pcat_security&pvid=endpt_prot_sbe_1
• Trend Micro – Price range: $27.00-$60.00 - http://buyonline.trendmicro.com/store/trendsb/en_US/home
The Technology Partner for Financial InstitutionsThe Technology Partner for Financial Institutions
Anti-Malware option
• Along with antivirus solutions consider a separate anti-malware solution. Even if your antivirus solution includes anti-malware you will often have better luck installing a separate program for malware. One of the best programs on the market today for malware is Malwarebytes.
• Malwarebytes – Price range: $25.00 onetime fee - http://www.malwarebytes.org/mbam.php
The Technology Partner for Financial InstitutionsThe Technology Partner for Financial Institutions
Key to Antivirus and Anti-Malware
Programs• You must keep both programs updated• Review update options in settings of each
program• Set to update at least daily• Schedule to scan a machine at least weekly
Even if it contains an “active scan” option
The Technology Partner for Financial InstitutionsThe Technology Partner for Financial Institutions
Firewalls
• Hardware firewall Preferred
• Software firewall Minimum level of security Free
The Technology Partner for Financial InstitutionsThe Technology Partner for Financial Institutions
Windows Firewall
• Windows Firewall included in Windows XP Service Pack 2 and later Blocks unsolicited Internet traffic to your
computer• Still should consider a hardware firewall
Windows Firewall should be enabled unless you are using a hardware firewall• If unsure, turn Windows firewall on
• Follow screenshots below for enabling Windows firewall
The Technology Partner for Financial InstitutionsThe Technology Partner for Financial Institutions
Enable Windows Firewall
The Technology Partner for Financial InstitutionsThe Technology Partner for Financial Institutions
The Technology Partner for Financial InstitutionsThe Technology Partner for Financial Institutions
The Technology Partner for Financial InstitutionsThe Technology Partner for Financial Institutions
Email Best Practices
• Never respond to unsolicited emails or instant messages requesting sensitive information
• Be wary of links or attachments in emails Even from people you know Hover mouse over links to see if link name matches
website address• Be cautions of emails with grammatical errors or
misspellings especially if they contain threats, prizes, or request personal information
The Technology Partner for Financial InstitutionsThe Technology Partner for Financial Institutions
Internet Browsing Best Practices
• Minimize personal web browsing on machines used for business or banking purposes (including online banking)
• Avoid clicking on links in pop-up windows• Look for “https” in URL bar when entering
sensitive information. A “closed” lock may appear in the URL bar also
The Technology Partner for Financial InstitutionsThe Technology Partner for Financial Institutions
Passwords
• Passwords are key to security success Weak or shared passwords open up vulnerabilities Grant access to computers and programs• Can not be shared, written down, sitting out
The Technology Partner for Financial InstitutionsThe Technology Partner for Financial Institutions
Poor Passwords
• Contain less than 8 characters• Word found in the dictionary• Names of pets, family, friends, characters• Birthdays or other personal dates• Phone numbers• Addresses• Any of the above spelled backwards or
preceded/followed by a digit
The Technology Partner for Financial InstitutionsThe Technology Partner for Financial Institutions
Good Passwords
• Contain upper and lower case character• Contain digits and punctuation characters• Have no personal information (family/pets/etc.)• Should change on regular basis (e.g. 60 days)• Not be a word, slang, or jargon
The Technology Partner for Financial InstitutionsThe Technology Partner for Financial Institutions
Other Considerations
• Do not use same password for personal and business applications
• When possible do not use the same password for multiple sites, applications, programs, etc.
• Do not share with secretary, family members, friends
The Technology Partner for Financial InstitutionsThe Technology Partner for Financial Institutions
Password Don’ts
• Don't reveal a password over the phone to ANYONE • Don't reveal a password in an email message • Don't reveal a password to the boss • Don't talk about a password in front of others • Don't hint at the format of a password (e.g. "my family
name") • Don't reveal a password on questionnaires or security forms • Don't share a password with family members • Don't reveal a password to co-workers while on vacation
The Technology Partner for Financial InstitutionsThe Technology Partner for Financial Institutions
Passphrases
• Consider using passphrases Good because contain several words with usually
a high number of characters, upper/lower case and punctuation.
• Sample Passphrase "TheTrafficOnThe101InTheMorningIsBad!" “I’mAlwaysLateToWork!”
The Technology Partner for Financial InstitutionsThe Technology Partner for Financial Institutions
Letter Substitution
• Another good option is letter substitutionL=1o=0 Or O=()S=5 Or S=$E=3a=@i=! Or I=1t=+
The Technology Partner for Financial InstitutionsThe Technology Partner for Financial Institutions
Letter Substitution
• JohnySmith = J()hny$m!+h
• Combine a passphrase with letter substitution for a really strong password
• ILoveMyBoss becomes !10v3MyB()$$ Which do you think is harder to break?
The Technology Partner for Financial InstitutionsThe Technology Partner for Financial Institutions
Password Safe
• Consider a password management program• Find one that encrypts passwords and is
trusted• One free program is Password Safe
http://passwordsafe.sourceforge.net/
The Technology Partner for Financial InstitutionsThe Technology Partner for Financial Institutions
Social Media
• Be careful what information you share• Check security settings under “Settings” or
“Options” menus to limit access to personal information
The Technology Partner for Financial InstitutionsThe Technology Partner for Financial Institutions
Other Resources
• http://www.ftc.gov/bcp/edu/multimedia/interactive/infosecurity/index.html
The Technology Partner for Financial InstitutionsThe Technology Partner for Financial Institutions
Questions