I'm responsible for holding corporate information security training at our company, and, considering the recent...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
scourge of banking Trojans that started with the Zeus botnet and is still going strong, I'm wondering what you would recommend I tell them about online banking: Should it be allowed on the corporate network? Should I recommend our users just not bank online at all?
Zeus and other malware attacking online banking have been covered in many previous questions, but the question of if it should be allowed on the enterprise network is indeed an interesting one.
From the perspective of an organization and how the organization’s network is used for personal online banking, review your acceptable use policy for personal use restrictions to see if personal online banking is allowed, but ultimately it may be difficult to block personal online banking given the number of different potential methods to bypass proxies blocking Web access.
A better approach may be to educate users about the numerous online banking security issues that may result from careless or insecure use. Consider augmenting your security awareness training with information about the dangers of online banking to help your users understand the tradeoffs they are making by banking online; ultimately the convenience it offers does expose users to varying degrees of risk. The additional security risks to your enterprise’s systems from users conducting personal online banking are minimal if they are already allowed to browse the Web.
Your organization may be more concerned about using online banking for managing its financial accounts. The financial protections in place for online banking for businesses are not as strong as for consumer accounts. Many business online financial accounts do use two-factor authentication and other strong authentication mechanisms, but malware already targets many online financial accounts using strong authentication. You could block access to your organization’s online financial accounts from all except for secure, approved systems. This could potentially limit the risk to your online financial accounts from being abused while still providing authorized, convenient access to corporate online banking resources.
Dig Deeper on Security Awareness Training and Internal Threats
Related Q&A from Nick Lewis
An HTTPS session with a reused nonce is vulnerable to the Forbidden attack. Expert Nick Lewis explains how the attack works, and how to properly ...continue reading
The Irongate malware has been discovered to have similar functionality to Stuxnet. Expert Nick Lewis explains how enterprises can protect their ICS ...continue reading
APT groups have been continuously exploiting a flaw in Microsoft Office, despite it having been patched. Expert Nick Lewis explains how these attacks...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.