Cyber Security for Investment Banks & Accountants: both bankers and accountants spend a lot of time looking at screens. The last thing you would want to do is spend an equal amount of time looking at your cyber security vulnerabilities. Still, it would to know the fundamentals of cyber security for investment bankers and accountants. After all, it could save your hard work from being stolen by a hacker. Here are 15 of our most useful tips.
1. Keep your passwords secure and safe
Having long complex passwords seems ever present nowadays. Using a combination of numbers, lowercase letters, uppercase letters and symbols is a common requirement on almost all websites because of their complexity requirements. The challenge now, is remembering them. An IT professional will stress the importance of using unique passwords for all websites. Meaning if one set of credentials is stolen, the rest of your accounts on different websites aren’t. Limiting the damage an attacker can do. So it might be worth considering investing (your time and/or money) in a password manager to help you store them.
Password managers will keep all of your passwords safe, and in one place. All you need to remember is one ‘master’ password to access your password manager. Most will allow you to use your fingerprint/face ID to authenticate on your phone. You can copy/paste or even get your password manager to auto-fill the username and password as soon as you access a login screen that you have credentials stored in the password manager.
A popular and free password manager utilised by Security professionals across the world is MyKi Password Manager.
MyKi could be classed as a non-traditional password manager, as it doesn’t store any of your passwords in the cloud. Instead, it lets the user store an encrypted database of their credentials on their mobile devices or computers. This reduces the risk of their ‘cloud’ becoming compromised, or any downtime related to internet connectivity.
2. Our antivirus top picks
Everybody knows they need antivirus software installed on their computer. But many do not proactively check this. It is recommended that you research the best suited antivirus for your needs. However, if you’re unsure on what might be good, we recommend the following products;
McAfee Total Protection: starting from £30 – Windows® | macOS® | Android™ | iOS®
Sophos Home Premium: starting from £49.95 – Windows® | macOS®
Kaspersky Total Security: starting from £24.99 – Windows® | macOS® | Android™ | iOS®
You should install antivirus on all of your devices. Windows utilises it’s built-in Windows Defender antivirus – which is a good option if you don’t want to invest another antivirus. However, in our opinion, a paid for version is currently the best option for home users.
3. Encrypt sensitive documents
Any document that contains your bank or financial information should be encrypted. This is because, if the document is stolen, the attacker will need to try and decrypt the document. Encryption leaves the document content unreadable, without a decryption key. There are many encryption tools and techniques you can use. From built-in free ones to more sophisticated ones that cost money. The best thing to do is find one that works for you. Try them all out until you find one that is best suited to you.
We have a blog with the steps on how to encrypt your files for free for Mac and Windows – click here to see it.
4. Don’t use public computers to do anything sensitive
There are very few places that a banker will be in where they won’t have access to their own laptop or smartphone. So if you are in a library or an internet cafe, do not log into any websites, whether you think they hold any important information or not.
Internet cafe’s often have their WiFi (Wireless Internet) ‘open’, meaning anyone can connect to the network, and/or ‘sniff’ it. What this means, is that if someone is ‘sniffing’ the network, they are capturing all the packets of data transmitted across the network, they are then able to order the packets and look at the contents of those packets. This could be as simple as seeing what image you just clicked on Google Images, or the pin and security question answers you just entered to log into your bank account. It’s a simple attack, yet, potentially devastating consequences.
This YouTube clip explains just how easy it is to do this.
5. Don’t click on links that look fishy or odd
Don’t open attachments or links from people you don’t know. If they come from somebody you know, but you’re not expecting an email, then message or call them to ask what it is. Best practice is to treat all emails as if the sender has been hacked. It’s easy for a hacker to create an email account using someone else’s name. They can then send malicious emails purportedly from them.
6. Use strong security questions
You never know what information hackers are going to go after when they break into your account. In fact, some of the most common breaches occur because people have weak security questions. For example, MILLIONS people use answers like “cat” or “dog” for their security questions. Change your security question answer to something that a hacker can’t easily figure out. To go one step further, if you choose ‘Mother’s Maiden Name’, ensure the answer isn’t available on Facebook or other social media platforms. Choose a security answer only you know the answer to, it doesn’t even have to be related to the security question.
For example, “What is your Mother’s Maiden Name”, use an answer completely unrelated, “SpaceX”.
7. Keep your security updates up to date
Many banking programs are patched regularly. But sometimes people don’t go through the update process properly and leave their computers vulnerable. Be careful of this because you never know when the next big cyber attack will happen, leaving your computer and it’s contents vulnerable.
It is important for bankers, and everyone else, to keep their computers up-to-date, so they minimise exposure to exploitation. If your programs are out of date, then consider updating them by going onto the manufacturer website and downloading the updated versions of whatever software you currently use. Many times when a new patch is released by manufacturers, it means that there are security issues which you should be aware of.
8. Don’t be an easy target on social media
We have all seen the advertisements from banks that hope to reach out to you through Twitter, Facebook and LinkedIn. But these are also places that hackers can use to check if people might have banking information accessible to them. Be very careful what you say about yourself online. If you don’t want to be an easy target, do your banking on your computer or mobile device, not social media platforms. Things like telling the world where you are going on vacation are also not the kind of subjects you want to announce online, you’re effectively telling people that you’ve left your house for the next 2 weeks, effectively telling people that they’ve got 2 weeks to burgle your house with nobody there.
9. Report any suspicious activity immediately
Your bank won’t appreciate waiting to be surprised that money transfers have disappeared into the ether. They want to know as soon as things go missing. When you notice anything suspicious or alarming, report it right away.
It is the banks duty to protect your assets, as they are effectively the banks’ assets when your store them with them. So they will want to help you as much as they possibly can.
This will save the bank from worrying about investigating later and gives you some peace of mind in knowing that the issue has been taken care of by a professional.
10. Put your mobile device through a regular security audit process
Most people have no idea how to do this, but it only takes a few minutes to make sure that your phone has no vulnerabilities. If you can’t figure out how to do it, take the device in for repair and ask the people there to help you do it. They can usually walk you through the process either by looking online or by walking you though specific steps on your particular phone.
11. Don’t give out any security information about yourself over the phone that isn’t necessary
When it comes to your banking, there will always be a time when someone will call and ask for personal information. Make sure, though, that you know who the caller is, and that you also know whether or not they actually need personal information from you. For example, if a company calls to tell you that there has been suspicious activity in your account, it might be legit. But someone just calling to ask for your banking password probably isn’t legit at all. Don’t give out any information over the phone unless you are 100% sure of who is calling and why.
Banks will never ask for your password, they may ask for the 4th, 7th and 12th character, but never an entire password. They may however ask for your security question answers. Be cautious and if you are still not convinced, go in store.
12. Check your bank statements regularly
While it’s important to put a stop on any suspicious activity as soon as possible, checking and double-checking your bank statement every month or so is also a good idea for keeping aware of what is going on with your money. A regular audit of your account can help you keep track of what is coming in and out and where it is going so that you can avoid any mistakes or suspicious activity.
13. Keep your financial information organised
Making sure that you have all of your banking documents on hand is a good way to make sure that you’ll be able to pay off any loans or debts you might incur easily. You want to make sure that you have information on your accounts, including everything from account numbers and banking passwords to contact information for the banks. These are all things you want to keep track of and organized so that you can easily find them when you need them.
14. Turn off your computer when you aren’t using it, or at least lock your screen
When it’s not in use, turn off your computer. Obviously, just closing the lid to put it to sleep isn’t enough – you want to make sure that if anyone else uses the machine that they won’t be able to access any sensitive information or documents relating to your job. Additionally, you want to close all applications and ensure you are have logged off. It would be useful to set a screen time lock so your computer locks itself when you forget.
15. Outsource cyber security and get expert help
If you’re not sure about something, or if you would like a second opinion on a particular topic, don’t be afraid to call in an expert. Whether it’s hiring someone else to do the work for you or asking a friend or colleague for advice, making sure that cyber security is always at the top of your list is essential in making sure that your information is secure.
For more information on what Cyber Security services Viewdeck can offer you, please click the following here.
And if you want to get in touch with us, please don’t hesitate in sending us a message through our website.