News & Commentary

09:43 AM
Chris Banta, Safe Systems
Chris Banta, Safe Systems
Commentary
50%
50%

10 Components of a Comprehensive IT Security Foundation

A financial institution’s digital assets are every bit as valuable as the money in the vault.

The business of financial services has undergone a tremendous amount of change in the last decade with the advancement of networking technology, online services and the growing demand from customers to provide 24/7 access to their financial lives. Running a financial institution is not simply a matter of managing money and providing loans. It’s about managing data and networks, too.

Because of this technological shift in the industry, network administrators and information technology officers now play a crucial part in ensuring the financial institution’s network and data are protected from viruses, malware and electronic attacks from would-be digital robbers. It’s not an easy job.

There are a number of tools and procedures available that will help any bank or credit union to advance in the online age with a greater degree of confidence. On their own, some of these simple steps such as software patching and firewalls may seem like obvious security techniques. However, in combination, the deployment of a layered approach is the first step in building a strong security foundation.

Employing these 10 techniques will help provide your institution the additional peace of mind that comes through sound, comprehensive IT security:

  • Employ a firewall and/or intrusion prevention system (IPS) solution
  • This system often act as a first line of defense for your network by controlling what data enters or leaves your network and helping to monitor, log and report malicious activity. Setting institution-specific rules and monitoring activity for attacks and usage will help maintain a secure firewall. Network intrusion prevention services help block attacks while allowing authorized traffic to flow freely. No matter how good the technology deployed, monitoring firewall logs is a key step in detecting malicious activity.

  • Keep your Microsoft systems patched with the latest bug fixes and security updates
  • Hackers constantly search for loopholes and weaknesses they can exploit to infiltrate systems, steal data or generally wreak havoc. As the creator of some of the world’s most widely used operating system, productivity software and network tools, Microsoft tends to be a popular target for these attacks. The software giant helps remediate vulnerabilities by regularly releasing bug fixes and security patches for its products. Keeping up to date with these updates will ensure your institution has the latest protection from vulnerabilities. An automated patch management system can help do this efficiently and with minimal disruption to day-to-day operations.

  • Maintain up-to-date virus security software and definitions
  • Information security is constantly evolving. Just as soon as vulnerabilities get patched or a virus is identified and stopped, bad guys look for new ways to infiltrate your systems. Keeping your antivirus software up to date helps ensure your workstations and devices are protected from the latest known malware

  • Establish a process for critical server vulnerability scanning
  • Scanning for vulnerabilities is a great way to identify vulnerabilities. Making this process into a regularly scheduled – or automated – process within your security program will pay dividends. It can determine if critical patches or network hardening is needed to further protect your systems.

  • Patch ubiquitous third-party applications, such as Adobe, Java and Flash
  • As with Microsoft systems and software, third-party applications such as Acrobat, Java and Flash are susceptible to attack. Keeping up with vendors’ updates and patches will help counter these risks by ensuring software installed on your machines is up to date with known vulnerabilities. Uninstalling legacy versions of third-party applications on workstations and servers is equally important when reducing your attack surface area. This is a process that can be automated through a patch management system, thus mitigating the time consuming and labor intensive nature of this process.

  • Have an ongoing server hardening solution to remove common and critical vulnerabilities
  • Server hardening is the process of reducing the number of avenues from which your systems can be attacked. By keeping servers clean from outdated or unnecessary software, services, configurations and users, it gives bad guys fewer ways to infiltrate your IT. This is another process that can be automated and regularly scheduled to ensure consistency with institution policies.

  • Use a hosted DNS solution to protect against malware downloads
  • A Domain Name System (DNS) security solution can help limit the risk of unauthorized entry by proactively blocking the resolution of known bad domains. It is particularly useful in preventing malware from inadvertently downloading during web surfing. Tracking the domain resolution can also provide early warning signs to help determine whether a machine has already been compromised.

  • Train your employees on information security and best practices
  • You can’t expect everyone in your institution – from tellers and loan officers to executives and the board – to understand information security from day one. But you can teach it to them. Providing a little training in IT security can go a long way to preventing information from falling into the wrong hands.

  • Install a server security solution to monitor activity and help prevent attacks
  • Just like antivirus programs on a PC, server security solutions can help to identify and eliminate malware, infected files and unauthorized software from your servers. Server intrusion prevention and event log analysis, for instance can block attacks such as buffer overflows, Trojan horses and worms from entering your servers. These tools can help monitor for and prevent the installation of malicious software and detect anomalous activity before it becomes a much larger problem.

  • Have a comprehensive reporting solution for both network management and security review
  • Keeping track of critical patches, antivirus updates, DNS, servers and other vulnerabilities can be a lot of work. A centralized, comprehensive reporting solution can bring all of these disparate security functions in one place to keep you up to date on all of your hardware and systems.

[Related Content: 7 Security Predictions for 2014 from Booz Allen Hamilton]

These 10 components go a long way toward building a comprehensive security program that will help protect your institution and its assets from many malicious attacks.

Chris Banta is Manager of Managed Services for Safe Systems

Comment  | 
Print  | 
More Insights
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology - August 2014
Modern core systems are emerging as the foundations of effective channel integration and customer engagement initiatives.
Slideshows
Video