I'm responsible for holding corporate information security training at our company, and, considering the recent...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
scourge of banking Trojans that started with the Zeus botnet and is still going strong, I'm wondering what you would recommend I tell them about online banking: Should it be allowed on the corporate network? Should I recommend our users just not bank online at all?
Zeus and other malware attacking online banking have been covered in many previous questions, but the question of if it should be allowed on the enterprise network is indeed an interesting one.
From the perspective of an organization and how the organization’s network is used for personal online banking, review your acceptable use policy for personal use restrictions to see if personal online banking is allowed, but ultimately it may be difficult to block personal online banking given the number of different potential methods to bypass proxies blocking Web access.
A better approach may be to educate users about the numerous online banking security issues that may result from careless or insecure use. Consider augmenting your security awareness training with information about the dangers of online banking to help your users understand the tradeoffs they are making by banking online; ultimately the convenience it offers does expose users to varying degrees of risk. The additional security risks to your enterprise’s systems from users conducting personal online banking are minimal if they are already allowed to browse the Web.
Your organization may be more concerned about using online banking for managing its financial accounts. The financial protections in place for online banking for businesses are not as strong as for consumer accounts. Many business online financial accounts do use two-factor authentication and other strong authentication mechanisms, but malware already targets many online financial accounts using strong authentication. You could block access to your organization’s online financial accounts from all except for secure, approved systems. This could potentially limit the risk to your online financial accounts from being abused while still providing authorized, convenient access to corporate online banking resources.
Dig Deeper on Security Awareness Training and Internal Threats
Related Q&A from Nick Lewis
A malware tool that helped to compile the Zeus Trojan has been leaked on the Web. Expert Nick Lewis explains what this means for enterprise security ...continue reading
When it comes to state-sponsored attacks infecting mobile devices, do users have any chance of tracing the attack? Expert Nick Lewis offers some ...continue reading
Microsoft won't patch certain ASLR bypass flaws, but enterprises still need to protect against them. Expert Nick Lewis explains the threat and how to...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.