I'm responsible for holding corporate information security training at our company, and, considering the recent...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
scourge of banking Trojans that started with the Zeus botnet and is still going strong, I'm wondering what you would recommend I tell them about online banking: Should it be allowed on the corporate network? Should I recommend our users just not bank online at all?
Zeus and other malware attacking online banking have been covered in many previous questions, but the question of if it should be allowed on the enterprise network is indeed an interesting one.
From the perspective of an organization and how the organization’s network is used for personal online banking, review your acceptable use policy for personal use restrictions to see if personal online banking is allowed, but ultimately it may be difficult to block personal online banking given the number of different potential methods to bypass proxies blocking Web access.
A better approach may be to educate users about the numerous online banking security issues that may result from careless or insecure use. Consider augmenting your security awareness training with information about the dangers of online banking to help your users understand the tradeoffs they are making by banking online; ultimately the convenience it offers does expose users to varying degrees of risk. The additional security risks to your enterprise’s systems from users conducting personal online banking are minimal if they are already allowed to browse the Web.
Your organization may be more concerned about using online banking for managing its financial accounts. The financial protections in place for online banking for businesses are not as strong as for consumer accounts. Many business online financial accounts do use two-factor authentication and other strong authentication mechanisms, but malware already targets many online financial accounts using strong authentication. You could block access to your organization’s online financial accounts from all except for secure, approved systems. This could potentially limit the risk to your online financial accounts from being abused while still providing authorized, convenient access to corporate online banking resources.
Related Q&A from Nick Lewis
As the Angler exploit kit evolves and adopts new functionality, it's becoming harder to detect and defend against. Enterprise threats expert Nick ...continue reading
A proof-of-concept attack on Apple's Siri allowed researchers to steal data from iOS. Learn more about the iStegSiri attack and how to defend against...continue reading
A new global email scam has cost enterprises millions. Expert Nick Lewis explains how to defend against man-in-the-email attacks with proper training...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.