Weekly Security Tip

Home/Weekly Security Tip

Budge-IT-WST

2020-10-08T18:53:27+00:00

October 8, 2020 Budge-IT - WST It’s October and for many that means it is budget time. Or, did you assume it will just be a part of IT’s budget? According to the FFIEC Cybersecurity Assessment Tool, a “baseline” requirement indicates: “The budgeting process includes information security related expenses and tools. (FFIEC E-Banking Booklet, page 20).”  So be ready to budge – IT and allocate appropriate resources for 2021. Whether you’ve already submitted your 2021 budget or not, you might consider the following items. It may help your planning for 2021, or you may find need to [...]

Budge-IT-WST2020-10-08T18:53:27+00:00

Browser Password Storage Thoughts – WST

2020-10-01T21:14:16+00:00

October 1, 2020 Browser Password Storage Thoughts - WST There is some risk when allowing a user’s browser to remember passwords.  If a bad actor gets access to a machine, they could possibly leverage the passwords stored in the browser to increase access and move to other systems.  It should be noted that there are numerous other ways they can do the same, so blocking browsers from remembering passwords is simply a layer in your overall controls.  All browser vendors allow you to block password storage via Active Directory Group Policy, and a Google search for “browser [...]

Browser Password Storage Thoughts – WST2020-10-01T21:14:16+00:00

Fighting the Good Fight-WST

2020-09-24T20:57:13+00:00

September 24, 2020 Fighting the Good Fight - WST Earlier this month, the Financial Crimes Enforcement Network (FinCEN) put out a cryptic statement regarding the unlawful disclosures of suspicious activity reports (SARs).   According to FinCEN, various media outlets were intending to publish a series of articles based on unlawfully disclosed SARs, as well as other sensitive government documents.  Some of you may have read the Buzzfeed article referenced by FinCEN and may have had the same reaction many of us here at 10-D Security had after reading it – mainly that, as bankers, compliance officers, and auditors, [...]

Fighting the Good Fight-WST2020-09-24T20:57:13+00:00

IT Asset Management – WST

2020-09-17T20:44:18+00:00

September 17, 2020 IT Asset Management-Secure your environment and save money too! - WST Do you keep an accurate and up-to-date inventory of your IT assets?  If not, you may be wasting money and decreasing your overall IT security posture. One of the most important aspects of managing your IT environment is knowing what you have.  Inventory all IT assets: desktops, servers, printers, network attached cameras, routers, switches, firewalls – if it plugs into the network, inventory it.  Use this list to make sure all assets are included in the controls you have in place, such as [...]

IT Asset Management – WST2020-09-17T20:44:18+00:00

Increase in Cybercrime During COVID-19 – WST

2020-09-17T20:04:01+00:00

September 3, 2020 Increase in Cybercrime During COVID-19 - WST Increase in Cybercrime During COVID-19 As the pandemic continues to rage on, we’ve discovered some of the hardest working people during this time are fraudsters and scammers who never seem to be impacted by high unemployment rates.  According to a recent FinCEN Advisory (https://www.fincen.gov/sites/default/files/advisory/2020-07-30/FinCEN Advisory Covid Cybercrime 508 FINAL.pdf) cybercriminals and malicious state actors are setting their sights on financial institutions and their customers by enabling more malware and phishing schemes, extortion, business email compromise (BEC) fraud, and exploitation of remote applications. Targeting and Exploitation of Remote [...]

Increase in Cybercrime During COVID-19 – WST2020-09-17T20:04:01+00:00

OneDrive and Vulnerability Scans – WST

2020-09-03T22:02:13+00:00

August 27, 2020 Don't Let OneDrive Mess up your Vulnerability Scan! - WST Recently, many of our clients have had significant increases in the number of vulnerabilities found during their Internal Vulnerability Scans.  One of the primary reasons for this is Microsoft OneDrive, and the way it installs on workstations by default. The way most environments install OneDrive, the application will install to the user’s local AppData folder (%localappdata%).  While convenient, this means that each user basically installs their own copy of OneDrive, leading to multiple instances of the application on each system.  The problem becomes evident [...]

OneDrive and Vulnerability Scans – WST2020-09-03T22:02:13+00:00

Admin Privileges – WST

2020-09-03T21:56:58+00:00

August 13, 2020 Admin Privileges - WST Are your employees using administrator level accounts for general daily activities?   If so, your institution is quite vulnerable to malware and other targeted attacks. No daily user accounts should ever have administrative rights to their local workstations.  Full stop.  You may have software that a vendor says, “it needs admin-rights to work,” but the simple fact is that there are so many workarounds for this problem in modern operating systems there just isn’t any excuse anymore.  It should also be noted that Microsoft has considered requiring users have local administrative [...]

Admin Privileges – WST2020-09-03T21:56:58+00:00

Don’t Suffer from Alert Fatigue-WST

2020-09-03T21:52:15+00:00

August 20, 2020 Don’t Suffer from Alert Fatigue - WST We live in a busy, and often stressful world.  With most of us carrying around at least one always-connected device, we are constantly bombarded with notifications, reminders, and pop-ups from apps trying to get our attention.  It can quickly become overwhelming, resulting in us either quickly dismissing notifications without looking twice, or just ignoring them completely until we get in and clear them out. For those poor souls out there responsible for maintaining or securing servers and networks, you have even more alerts to watch and worry [...]

Don’t Suffer from Alert Fatigue-WST2020-09-03T21:52:15+00:00

DMZ-WST

2020-08-07T14:52:47+00:00

August 6, 2020 DMZ (Demilitarized Zone) - WST Much like the contested area that separates two foreign powers that do not trust each other, a network DMZ is a place where you stick things to don’t fully trust - like public facing servers, or even your service providers.  Yes, you have properly vetted them as part of your vendor management program, but depending on the relationship, you do not necessarily trust them with your institution’s network or all of your data.  For example, why would you want someone at your ATM service provider to have full access to [...]

DMZ-WST2020-08-07T14:52:47+00:00

Adobe Flash is almost done

2020-07-28T16:42:41+00:00

July 23, 2020 Adobe Flash is almost done - time to purge! - WST Adobe will stop distributing and updating Flash Player after December 31, 2020.  We shouldn’t be surprised by this news; Adobe gave us three years notice, and browsers have been yelling at us forever that Flash is nearing end of support and has been disabled by default. There’s been little need to download and install Flash for a long time, as Microsoft built it into Internet Explorer and Edge for years, and Google Chrome and Mozilla Firefox have as well.  Microsoft states that “Flash will [...]

Adobe Flash is almost done2020-07-28T16:42:41+00:00
Go to Top