Use These Tips to Improve Mobile Banking Security

Modern bank customers rarely think twice about logging into a mobile device to check accounts and schedule transactions. Mobile apps are convenient and user friendly. According to a Federal Reserve report, over half of smartphone users with bank accounts used mobile banking in 2015. Online banking via a mobile device also represents a security risk. Cybercriminals use a variety of techniques to gain entrance to individual user accounts and bank information.

Both Customers and Financial Institutions Play a Role in Online Banking Security

Financial institutions and banking customers are responsible for mobile banking security. Both parties must exercise caution and use security best practices to reduce the risk of mobile threats. Customers are responsible for using their devices in a security conscious way. Banks must develop, maintain, and optimize formal applications designed to protect end users.

Banking security breaches can lead to a loss of financial assets, identity theft, and other adverse outcomes. Every business-related security threat can cost organizations millions of dollars in remediation activities and harm institutional credibility. A proactive approach to online banking security effectively reduces the risk of cybersecurity incidents and improves customer confidence in mobile financial activities.

5 Tips Customers Can Use to Improve Mobile Banking Security

Mobile users often take device security for granted. Apple users trust in the company’s security practices. The Android platform carries a potentially higher degree of risk as an open digital ecosystem. When device users presume the safety of apps they download and the security of their devices, they may accidentally open a backdoor to malicious activities. Customers can use these five tips to protect the security of their mobile online banking activities:

  1. Only use official banking apps and secure websites. If you plan to use a mobile device for banking activities, download the official banking app. Look for information on the website to confirm the app’s legitimacy, and avoid using your mobile browser to access your bank account. Some users link their bank accounts to budget apps or other money management apps. Remember that every account you connect to your bank account represents a potential risk. Safeguard your information with official and secure apps.
  2. Double check the security of all third party apps. Cybercriminals may gain access to your device through a third party app not associated with an official banking app. For example, someone could sneak a malware program designed to record keystrokes in with a third party app. Using this type of technology, a criminal could potentially obtain information about your login credentials and online activities.
  3. Avoid using bank-related links. As an end user, you may assume the validity of a link in a text message or email. Unfortunately, some criminals use phishing and spoofing practices to obtain revealing information from seemingly innocent interfaces. Always back out of a message and go through official channels to access your account.
  4. Never check your bank account while using a public network. Public Wi-Fi and other public networks are notoriously insecure. Use cellular network connectivity or a VPN (virtual private network) to protect your activities while in public.
  5. Always lock and keep track of your mobile devices. If you leave your device unlocked on a park bench, a malicious individual could take advantage of the situation. Use the lock functions on smartphones, never save login information on your apps, and try to keep track of all your mobile devices.

The Serious Job of Protecting Client Information

6 Important Small Business Cyber Security Tips

Chances are, you think twice before entering your credit card information online to buy something, watch out for malicious links in emails and keep your PC updated against viruses, spyware and hackers.

However, how much thought do you put into your small business data security and protecting client information?

Hopefully a lot, because according to Microsoft:

• An attacker resides within a network for an average of 146 days before detection

• The average cost of a data breach to a business is $3.8 million

• The total cost of cybercrime to the global community in 2016 was $500 billion

• 63 percent of attacks are the result of compromised user passwords and usernames

As these threats continue to become more sophisticated, legislation must too. ]

In Canada, many government departments such as the Department of Justice, RCMP, Public Safety Canada and Global Affairs Canada work together with international, federal and provincial law enforcement agencies against cybercrime.

That’s great, but you want to stop any potential attacks before your clients’ data security is breached!

And, if you’re thinking that your site is too small to appeal to hackers, think again. Sometimes a cybercriminal’s intention isn’t to gather sensitive content, but to relay spam emails from your server.

Let’s use the example of a membership site for these small business cybersecurity tips.

A membership website has specific resources available for members who generally pay a one-time or recurring fee to get content such as videos, eBooks, articles or tutorials.

Because people are entering sensitive information such as email addresses, passwords and payment information to access my content, we need to be vigilant about how we keep them safe from online threats. (A secure site is also more likely to earn trust, which in turn can increase revenue.)

To help safeguard your clients’ data security, I suggest that you:

1. Choose a reputable web host. Don’t just go for the cheapest! I compiled a list of web hosting providers that I recommend; you can view it here.

2. Install an SSL certificate on your site. This means having HTTPS vs. HTTP in the URL. This is the prefix to your web address, and the SSL provides additional security and makes it harder for hackers to access.

You can often add this service to your web hosting package for free, or for a small cost. An added bonus: a secure site can actually rank higher in Google.

3. As soon as you see a new software update, install it. Many membership sites are built in WordPress, which lets you simply click the ‘Update Now’ button. This helps keep cybercriminals from taking advantage of security flaws in older versions.

Similarly, look for plugins to help manage online security.

4. Enforce complex passwords. Request or even demand that users create passwords with a combo of upper and lowercase letters, symbols and numbers. This will deter people from using ‘12345’ as a password.

You can also install a plugin on your WordPress site that only gives someone a number of tries to log in to before they’re locked out.

5. Approve comments manually. Spammers love unattended comments! They can post links there that a) may drive traffic back to their site and b) may trick Google (however briefly) into thinking that their site has valuable content.

6. Clean up information that’s no longer relevant. Previous members, people who have cancelled, those who have completed your course… get rid of user info and payment info as often as you can.

By following these small business cyber security tips, you can minimize the risk that your website is going to be targeted by scammers or cybercriminals.

Don’t cut corners when it comes to protecting client information, and you can create a safe space for loyal fans who feel comfortable handing over their personal and payment info.

Of course, there are many more components to maintaining a secure website.

10 Tips For Hiring Good Security Guards

If you decide to use contracted security guards to protect your business and people you should use the following tips to ensure that you get the quality you pay for. I will say that it may cost you more to get this quality but if you force the contracted security company to work for lower price they will deliver lower standard guards in some cases, but more importantly, if they accept your low price it means they are saving money elsewhere. These security companies will have lower quality controls and increased number of safety concerns due to poor occupational health and safety systems.

Verbal communication skills

All clients want security guards that can speak English well so their customers can understand directions and instructions clearly. Their verbal skills are also needed to resolve conflicts peacefully.

Observation skills

Security guards main duty is to detect security problems and safety hazards before they become an problem for your business. Most security training courses do not teach observation skills in any form. These training companies believe that people have eyes and have been using them for their entire life so they know how to observe already. Completely wrong. That is like saying that because we have been eating food all our lives we can be food critics and know how to judge a chefs product.

Deterrence of criminal behaviour

Every security company and contracted client states that the most important factor for employing security guards is their ability to deter crime and they don’t want guards to arrest of use reasonable force to control unwanted behaviour.

No security training teaches new guards how to deter criminal behaviour. So is it any reason why everyone automatically assumes that the new security guard can deter crime. I have found some clients still think that size is how guards deter people.

Competence in their performance of security skills

You as the client take it for granted that the security company has actually tested or confirmed the performance ability of all their security guards. Most never conduct performance checks in any form, and the others that do, don’t check actual security skills- they assess the guard based on how many shifts they do for the company and whether they complain about the security company.

Just because some guards have been in the industry for years doesn’t mean that they know how to provide security in your business.

Top 10 Tips

Give the security guard a test in their verbal conflict handling skills be pretending to be a complaining customer. Look for their responses.

Give the guard a written test that consists of security questions and knowledge that a level 2/3 guard must know to get their qualification.

Ask the guard exactly how much experience they have in handling security in a business exactly like yours or very similar. Ask for proof and request they demonstrate their experience in a work trial by explaining to you the most common security problems in your type of business.

Ask when the last time they had a performance assessment done on them and what type of questions did the security manager ask them. What was their performance rating.

Ask them to explain how they plan to deter criminal behaviour to leave your business. Have they thought about it or are they just relying on their size. Trust me on this- size has little impact on deterrence to most real criminals.

Give them a photograph of two people and ask them to look at it for 5 seconds. Then ask them to describe the person that you request. They need to get all the details correct. You do not want security guards that cannot even describe a photographed person. In a real event with darkness and adrenalin going they will make mistakes.

Hold interviews with all your security guards before the security company assign them to protect you. During the interview conduct the mentioned tests and questions but also ask the guard to tell you about a tell he had to deal with an assault and listen to how they dealt with it.

Pay attention to the level of verbal skills used during the interview. Especially the number of incorrect words used and lengthy pauses while they think of the words to use. This type of skills signals poor verbal ability and comprehension during normal conversation they will struggle during security incidents. If they have to repeat themselves to you so you understand what they are saying- don’t use them.

Avoid using any security guards that feel they need to have bald heads or crew cuts because they don’t want their hair grabbed during a fight. They shouldn’t need to fight if they know how to do their job properly. This goes the same for guards that refuse to wear ties in case someone grabs it during a fight. Get elastic or clip on ties. Problem solved. I prefer it if someone wants to grab my tie instead of punching me because they have just wasted the first move and not injured me. Game over.

Ask how long they have worked for this security company. Security companies have high turnover and throw inexperienced guards at clients every month or worse, they use sub-contracted guards that you have no quality control over and the security company doesn’t even know them.

Employee Cyber Security Training Tips

You can tell your employees not to use their cell phones at work, but they are likely using them when you are not looking anyhow. You can instruct them that they should not download anything from an entrusted third party, and yet they are going to see a name they recognize and just go ahead and click anyhow. So what do you do?

Many companies will add a cybersecurity policy into their employee handbook and never speak of it again. That is a huge mistake! Not only should you hold a thorough training on this subject with your employees, but also you should have them attend this training at least twice a year!

Data security training needs to shock the employee enough to realize that human error is one of the leading causes of data breaches. Throw facts and statistics at them. Let them know they play a huge role in the safety of the company and how a large portion of data breaches are completely preventable and have stemmed from user error.

Verizon’s annual Data Breach Investigations Report of 2015 showed that 30% of staff-related e-mail breaches were due to sensitive information being sent to incorrect recipients.

While many prevention tips may seem like common sense to us by now, we tend to get lazy and take shortcuts. Find a way to get your employees to break their bad habits!

  • Educate employees on the types of cyber threats out there so they know the warning signs and how each threat attacks.
  • Never share passwords (even internally) and do not buy one of those internet password notebooks to write in and manage your login information!
  • Never plug in a USB without knowing its origin and expected contents.
  • Lock your computer when you step away from your desk for even a moment.
  • Be cautious what is in view on the monitor before screen sharing in webinars or when anyone else is around.
  • Never share emails that are not related to the work that you are doing as they may contain malicious attachments.
  • Training needs to include the warning signs of a breached system. Why? Once a system is breached, it is critical to remove the threat rapidly to prevent data loss or a follow-up virus or worm.

The crucial take away points are to implement cyber training with ALL employees (C-suite included) right away, and to repeat the training at least twice a year; refreshing the agenda with new cyber threats, statistics and details which have come to light since the previous training.