ACB Internet security study highlights need for due diligence

ACB Internet security study highlights need for due diligence

Threats to Internet security are on the rise and without proper protection community banks may be vulnerable, according to a study released by America’s Community Bankers subsidiary, ACB Partners Inc., in January.

The study-conducted by SecurePipe Inc., an Internet security service provider endorsed by ACB Partners-analyzed a number of member banks’ Web sites and networks for exposure to viruses and hackers. It found that participants were not well prepared for many outside attacks.

“There are real threats coming at community banks,” said Lawrence T. Levine, managing director for SecurePipe. “If they are not continually monitoring those threats and understanding them in ways that allow them to react efficiently, then they will not be in a position to defend themselves.”

The survey performed multiple scans of the external networks, comparing them against a database of known vulnerabilities. Analysts then manually reviewed results in an effort to reduce false positives. External network segments were also analyzed for common misconfigurations of network devices and firewalls.

All banks included in the study uncovered vulnerabilities that were previously unknown to them.

Study participants ranged in size from $35 million to more than $1 billion in assets, with computer networks varying widely in complexity. Staff sizes ranged from approximately 25 to 600 employees. The study found “a fairly even distribution of online attacks across geography and temporal boundaries, and across institution sizes,” Levine said.

The key to successful Internet security is diligence, Levine said. “Diligence is a process. Security is something that you have to be doing constantly.” The threats change constantly, and “the only way to react is to be constantly changing yourself,” he added.

The study suggests five things for community bankers to keep in mind when reviewing online security arrangements:

* Periodically scan your internal network to detect 11 rogue,” or unauthorized, services and other security risks;

* Institute a process for daily auditing of security logs for security devices and networked information services, such as network file systems, processing servers and databases;

* Make sure that any host or externally linked device is thoroughly scanned and evaluated to ensure that it is secure, that default passwords are changed and that unnecessary services are turned off;

* Stay current on fixes and/or workarounds released by software firms;

* Continually check to make sure that all technology has been properly installed and configured.

While the networks analyzed during the study showed varying levels of vulnerability, most of the problems can be corrected easily and cost-effectively.

Through an alliance with ACB Partners, SecurePipe is offering vulnerability assessments and other services to ACB members at a significant discount. Contact SecurePipe at (608) 294-6940 for details.

ACB Partners has scheduled four free conference call programs to give ACB members more information about the study results. The calls are scheduled for 2 p.m. Eastern Standard Time on Feb. 14, Feb. 21, Feb. 28 and March 7. For more information or to register for a “Internet Security for Community Banks-Threats, Trends and Solutions” sessions, call (202) 857-5575.

more info

Copyright America’s Community Bankers Feb 2002

Provided by ProQuest Information and Learning Company. All rights Reserved