Ask the Expert

Safety of Internet banking on a company LAN

In my office, I have a PC that connects to the company's local area network. I have access to the Internet via the LAN. If I do Internet banking with the PC, will my user ID and/or my PIN be known by somebody else that has the LAN access?

    Requires Free Membership to View

This looks like a simple yes or no question, but my answer is maybe. Let me explain.

First, as an employee, you have absolutely no right to privacy on your company's network. If your company does not have some sort of formal policy and/or login banner stating that they have the right to monitor you, they probably should. Most companies have some sort of monitoring software in place at the Internet gateway. Some will even use software that restirct what sites you are able to view.

As for online banking, hopefully it is done via SSL-protected Web pages. If so, the communications between your computer and the bank's computer are encrypted. If your company only has basic monitoring programs, then anything sent SSL cannot be read by admin staff. However, there are products, such as NetIntercept that can even decrypt SSL communications. Thus, even your "secure" transactions may not be secure.

Your admins can also install keystroke monitors on your own machine, that in all likelihood, you will not be able to detect or remove.

So, the bottom line is that regular users on your network should not be able to see your banking transactions, but if your admin staff really wants to see what you are doing, they can. The good news for you is that most admins will not go to those lengths unless they suspect you are doing something illegal or against company policy. They are generally far too busy to monitor each individual that closely.

As a final point, more reasonable companies have policies that permit a certain amount of personal use of the Internet, on the theory that it is no different than making a personal phone call. You should definitely know what the policy is for your company.


For more information on this topic, visit these other SearchSecurity.com resources:
Best Web Links: Security Policy and Infrastructure
Best Web Links: Employer/Employee Privacy Issues


This was first published in August 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: