Cyber attacks. They dominate many of the headlines and we read and hear about them almost daily. Many of us have been the targets of such attacks.
Each day the stark reality of a data breach remains a sobering thought for businesses of all sizes. Government officials, the media and business leaders repeat that cyber attacks are not a matter of if, but when, and the apparent efforts to defend against them seem to be a step behind the cyber criminals. Unfortunately, most organizations will not discover they have been hacked until after the damage is done.
As data breaches and cybersecurity incidents continue to grow in size, frequency and cost, relying upon internal security measures are not an option for small- to medium-sized businesses. Being prepared to defend takes a collective effort and collective accountability. The government, consumers, financial institutions, businesses and regulators must make cybersecurity a top priority to create a safer environment.
Outdated Banking Policies that Put your Data at Risk
This leads us to a look at banking policies that have not kept up with the increasingly sophisticated methods of attack. Most Americans keep their money in financial institutions for safety and security. However, they might be surprised to learn that one banking policy in particular which is designed to protect their data and money may actually put their information at risk. This is the minimum password requirements. In fact, most banks have less rigorous password requirements than other industry sectors including social media.
A research group surveyed the password requirements of 17 banks. The survey raised concerns about the password requirements of 6 of these banks: Citibank, Wells Fargo, Chase, Capital One, BB&T, and Webster First Federal Credit Union. These 6 financial institutions had flimsy policies that failed to meet baseline industry standards, and they represent approximately 350 million account holders.
In addition, the survey discovered that these banks did not call for differentiation between lower and upper case letters for account holder passwords. In other words, the policies did not require case-sensitivity for passwords. The failure of financial institutions to support strong passwords is both troubling and surprising. Most people naturally make use of both cases when writing, especially when typing in passwords. However, banks often fail to mandate stronger passwords, thus putting the security of financial data and sensitive personal information at risk.
Another Disturbing Discovery
The survey found another disturbing discovery beyond the issue of case-sensitive passwords. The financial institutions had no established, user-friendly methods for consumers and businesses to report security issues. Many had no email addresses or listed phone numbers to report unauthorized activity. In fact, the researchers had to contact the financial institutions of the weakness by using their phone hotlines. Bank representatives did not seem to understand the survey team’s concerns or the potential for critical security breaches. In addition, they failed to notify their own security or IT departments or seem to understand the important need to do so.
So what do I recommend for businesses trying to keep data safe and secure? Certainly, patronize a financial institution that has at a minimum stringent password requirements and have open channels for businesses and consumers to report problems to the bank.
Aurora Technical Consulting is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks, and news. Contact us at (208) 936-7616 or send us an email at email@example.com for more information.