Preventing Cyber Frauds at Banks
A cyber fraud causes immense financial losses to Banks. Moreover, the ‘loss of reputation’ and ‘loss of confidence’ caused by a cyber-fraud takes a long time to heal.
Today due to customer service demands, competition and regulatory compliance, many small & mid-size banks have to start the multiple delivery channels and expose their CBS systems to outside world. A lot more detailed analysis and compliance is required to have full proof IT systems to prevent cyber frauds, but below basic measures can substantially reduce risks of getting easy entry to intruder / hacker into the Bank’s IT System.
Measures for Staying Safe (Bank Perspective):
- Wherever internet available in branch, Firewall has to be there.
- Firewalls with centralised Rules/Policy Configuration for branch firewalls.
- Banks can have two WAN Zones i.e. CBS WAN Zone, Internet WAN Zone.
- Controlled External Devices Access, Website Access thro’ Firewalls or Antivirus Consoles.
- Remote Desktops Connections should be from a decided computer and should be monitored by the bank representative.
- Only authorised users should be given access to Bank DB and that too with their separate user logins with specific user rights for DB Access.
- Other access control measures like Biometric Control, CC TV etc.
- Internal Staff Psychological Factors (with example of deletion, revenge etc.)
- Hire a good cyber security expert; pay him more; hire an ethical hacker; don’t go for only compliance.
- Board Policy; Management Education on Cyber Security.
- Regularly Update OS, DB, Antivirus at Data Center as well as on Desktop PC’s in Bank.
- Regularly update the OS at the ATM machines / Kiosks.
- VAPT Audit of Application Software & Other Banking Apps used by Banks and offered by Bank to its Customers (For TrustBanksCBS Core Banking Software and Mobile Apps offered, regular VAPT Audits are conducted every six months. Similarly we recommend the customers to regularly conduct VAPT Audit of their Application Instances).
Cyber Hygiene (Customer / Account Holder Perspective):
- Install the right protection software.
- Create unique, strong passwords.
- Be wary of downloading free apps, files, programs, software or screensavers.
- Familiarise yourself with your devices’ legitimate warning or security alert messages.
- Protect your home network.
- Keep your operating system up-to-date.
- Schedule regular back-ups of your data .
- Be cautious when using WiFi .
- Clear your cache.
- Disable file sharing networks.