Safety of Internet banking on a company LAN

Safety of Internet banking on a company LAN

In my office, I have a PC that connects to the company's local area network. I have access to the Internet via the LAN. If I do Internet banking with the PC, will my user ID and/or my PIN be known by somebody else that has the LAN access?

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

This looks like a simple yes or no question, but my answer is maybe. Let me explain.

First, as an employee, you have absolutely no right to privacy on your company's network. If your company does not have some sort of formal policy and/or login banner stating that they have the right to monitor you, they probably should. Most companies have some sort of monitoring software in place at the Internet gateway. Some will even use software that restirct what sites you are able to view.

As for online banking, hopefully it is done via SSL-protected Web pages. If so, the communications between your computer and the bank's computer are encrypted. If your company only has basic monitoring programs, then anything sent SSL cannot be read by admin staff. However, there are products, such as NetIntercept that can even decrypt SSL communications. Thus, even your "secure" transactions may not be secure.

Your admins can also install keystroke monitors on your own machine, that in all likelihood, you will not be able to detect or remove.

So, the bottom line is that regular users on your network should not be able to see your banking transactions, but if your admin staff really wants to see what you are doing, they can. The good news for you is that most admins will not go to those lengths unless they suspect you are doing something illegal or against company policy. They are generally far too busy to monitor each individual that closely.

As a final point, more reasonable companies have policies that permit a certain amount of personal use of the Internet, on the theory that it is no different than making a personal phone call. You should definitely know what the policy is for your company.

For more information on this topic, visit these other SearchSecurity.com resources:
Best Web Links: Security Policy and Infrastructure
Best Web Links: Employer/Employee Privacy Issues


This was first published in August 2002