Use These Tips to Improve Mobile Banking Security

Modern bank customers rarely think twice about logging into a mobile device to check accounts and schedule transactions. Mobile apps are convenient and user friendly. According to a Federal Reserve report, over half of smartphone users with bank accounts used mobile banking in 2015. Online banking via a mobile device also represents a security risk. Cybercriminals use a variety of techniques to gain entrance to individual user accounts and bank information.

Both Customers and Financial Institutions Play a Role in Online Banking Security

Financial institutions and banking customers are responsible for mobile banking security. Both parties must exercise caution and use security best practices to reduce the risk of mobile threats. Customers are responsible for using their devices in a security conscious way. Banks must develop, maintain, and optimize formal applications designed to protect end users.

Banking security breaches can lead to a loss of financial assets, identity theft, and other adverse outcomes. Every business-related security threat can cost organizations millions of dollars in remediation activities and harm institutional credibility. A proactive approach to online banking security effectively reduces the risk of cybersecurity incidents and improves customer confidence in mobile financial activities.

5 Tips Customers Can Use to Improve Mobile Banking Security

Mobile users often take device security for granted. Apple users trust in the company’s security practices. The Android platform carries a potentially higher degree of risk as an open digital ecosystem. When device users presume the safety of apps they download and the security of their devices, they may accidentally open a backdoor to malicious activities. Customers can use these five tips to protect the security of their mobile online banking activities:

  1. Only use official banking apps and secure websites. If you plan to use a mobile device for banking activities, download the official banking app. Look for information on the website to confirm the app’s legitimacy, and avoid using your mobile browser to access your bank account. Some users link their bank accounts to budget apps or other money management apps. Remember that every account you connect to your bank account represents a potential risk. Safeguard your information with official and secure apps.
  2. Double check the security of all third party apps. Cybercriminals may gain access to your device through a third party app not associated with an official banking app. For example, someone could sneak a malware program designed to record keystrokes in with a third party app. Using this type of technology, a criminal could potentially obtain information about your login credentials and online activities.
  3. Avoid using bank-related links. As an end user, you may assume the validity of a link in a text message or email. Unfortunately, some criminals use phishing and spoofing practices to obtain revealing information from seemingly innocent interfaces. Always back out of a message and go through official channels to access your account.
  4. Never check your bank account while using a public network. Public Wi-Fi and other public networks are notoriously insecure. Use cellular network connectivity or a VPN (virtual private network) to protect your activities while in public.
  5. Always lock and keep track of your mobile devices. If you leave your device unlocked on a park bench, a malicious individual could take advantage of the situation. Use the lock functions on smartphones, never save login information on your apps, and try to keep track of all your mobile devices.

10 Tips For Hiring Good Security Guards

If you decide to use contracted security guards to protect your business and people you should use the following tips to ensure that you get the quality you pay for. I will say that it may cost you more to get this quality but if you force the contracted security company to work for lower price they will deliver lower standard guards in some cases, but more importantly, if they accept your low price it means they are saving money elsewhere. These security companies will have lower quality controls and increased number of safety concerns due to poor occupational health and safety systems.

Verbal communication skills

All clients want security guards that can speak English well so their customers can understand directions and instructions clearly. Their verbal skills are also needed to resolve conflicts peacefully.

Observation skills

Security guards main duty is to detect security problems and safety hazards before they become an problem for your business. Most security training courses do not teach observation skills in any form. These training companies believe that people have eyes and have been using them for their entire life so they know how to observe already. Completely wrong. That is like saying that because we have been eating food all our lives we can be food critics and know how to judge a chefs product.

Deterrence of criminal behaviour

Every security company and contracted client states that the most important factor for employing security guards is their ability to deter crime and they don’t want guards to arrest of use reasonable force to control unwanted behaviour.

No security training teaches new guards how to deter criminal behaviour. So is it any reason why everyone automatically assumes that the new security guard can deter crime. I have found some clients still think that size is how guards deter people.

Competence in their performance of security skills

You as the client take it for granted that the security company has actually tested or confirmed the performance ability of all their security guards. Most never conduct performance checks in any form, and the others that do, don’t check actual security skills- they assess the guard based on how many shifts they do for the company and whether they complain about the security company.

Just because some guards have been in the industry for years doesn’t mean that they know how to provide security in your business.

Top 10 Tips

Give the security guard a test in their verbal conflict handling skills be pretending to be a complaining customer. Look for their responses.

Give the guard a written test that consists of security questions and knowledge that a level 2/3 guard must know to get their qualification.

Ask the guard exactly how much experience they have in handling security in a business exactly like yours or very similar. Ask for proof and request they demonstrate their experience in a work trial by explaining to you the most common security problems in your type of business.

Ask when the last time they had a performance assessment done on them and what type of questions did the security manager ask them. What was their performance rating.

Ask them to explain how they plan to deter criminal behaviour to leave your business. Have they thought about it or are they just relying on their size. Trust me on this- size has little impact on deterrence to most real criminals.

Give them a photograph of two people and ask them to look at it for 5 seconds. Then ask them to describe the person that you request. They need to get all the details correct. You do not want security guards that cannot even describe a photographed person. In a real event with darkness and adrenalin going they will make mistakes.

Hold interviews with all your security guards before the security company assign them to protect you. During the interview conduct the mentioned tests and questions but also ask the guard to tell you about a tell he had to deal with an assault and listen to how they dealt with it.

Pay attention to the level of verbal skills used during the interview. Especially the number of incorrect words used and lengthy pauses while they think of the words to use. This type of skills signals poor verbal ability and comprehension during normal conversation they will struggle during security incidents. If they have to repeat themselves to you so you understand what they are saying- don’t use them.

Avoid using any security guards that feel they need to have bald heads or crew cuts because they don’t want their hair grabbed during a fight. They shouldn’t need to fight if they know how to do their job properly. This goes the same for guards that refuse to wear ties in case someone grabs it during a fight. Get elastic or clip on ties. Problem solved. I prefer it if someone wants to grab my tie instead of punching me because they have just wasted the first move and not injured me. Game over.

Ask how long they have worked for this security company. Security companies have high turnover and throw inexperienced guards at clients every month or worse, they use sub-contracted guards that you have no quality control over and the security company doesn’t even know them.

Employee Cyber Security Training Tips

You can tell your employees not to use their cell phones at work, but they are likely using them when you are not looking anyhow. You can instruct them that they should not download anything from an entrusted third party, and yet they are going to see a name they recognize and just go ahead and click anyhow. So what do you do?

Many companies will add a cybersecurity policy into their employee handbook and never speak of it again. That is a huge mistake! Not only should you hold a thorough training on this subject with your employees, but also you should have them attend this training at least twice a year!

Data security training needs to shock the employee enough to realize that human error is one of the leading causes of data breaches. Throw facts and statistics at them. Let them know they play a huge role in the safety of the company and how a large portion of data breaches are completely preventable and have stemmed from user error.

Verizon’s annual Data Breach Investigations Report of 2015 showed that 30% of staff-related e-mail breaches were due to sensitive information being sent to incorrect recipients.

While many prevention tips may seem like common sense to us by now, we tend to get lazy and take shortcuts. Find a way to get your employees to break their bad habits!

  • Educate employees on the types of cyber threats out there so they know the warning signs and how each threat attacks.
  • Never share passwords (even internally) and do not buy one of those internet password notebooks to write in and manage your login information!
  • Never plug in a USB without knowing its origin and expected contents.
  • Lock your computer when you step away from your desk for even a moment.
  • Be cautious what is in view on the monitor before screen sharing in webinars or when anyone else is around.
  • Never share emails that are not related to the work that you are doing as they may contain malicious attachments.
  • Training needs to include the warning signs of a breached system. Why? Once a system is breached, it is critical to remove the threat rapidly to prevent data loss or a follow-up virus or worm.

The crucial take away points are to implement cyber training with ALL employees (C-suite included) right away, and to repeat the training at least twice a year; refreshing the agenda with new cyber threats, statistics and details which have come to light since the previous training.

Office Security – 10 Great Tips For a More Secure Workplace

Today, businesses must address and prepare for security threats that are larger and more varied than ever before. With each technological advancement that allows innovative, effective business strategies, comes a security threat that is equally innovative and equally effective.

Any assessment of an office security system should begin with specific security needs and the impacts they will have on your business as a whole. You may need a facility secure enough for UL 2050 certification or you may simply need to ensure your employees safety before and after business hours. Regardless, here are ten important ways to improve your office security system.

  • Effective Communication: First and foremost is communicating information to and between employees. Many companies use email alerts to warn employees about would-be hackers. Likewise, be certain that employees remain updated on procedures and potential visitors. By letting employees know what and who to expect, they are better equipped to recognize suspicious activities or persons. In order to avoid complacency, try to use a single source of information that becomes part of an employee’s routine. This could be a daily server broadcast or informational email. Whatever the source, it should be brief, practical, and include positive news as well as precautionary information.
  • Key Control: Assign the responsibility of locking or unlocking the office to as few individuals as possible. Eliminating the “first in, last out” method ensures that all access points are secured regularly. Create a procedure for those responsible for opening or closing your office that includes checking washrooms, closets, or anywhere someone might be able to hide. Hard keys should be numbered and assigned to specific individuals. employees assigned keys should periodically be asked to produce their keys to verify a master registry.
  • Site-Wide Policies: Something as simple as a “clean-desk” policy, training all employees to clear and secure their desks of valuable equipment or information before leaving for the day, drastically reduces potential theft. Mandating employees to have and display ID badges or access cards at all times increases the visibility of any unauthorized persons. Don’t include job titles on any directory accessible to the general public as many criminals will use a name and title to justify their presence in restricted areas. Finally, make sure to maintain a “chain of possession.” Any deliveries should be handed to a person and not left in a hallway or on an unattended desk.
  • Small Investments: All computers, laptops especially, should be secured with cable or plate locks to avoid “walk-off.” Docking stations are relatively inexpensive ways to protect electronic devices when not in use. Pay close attention to high-risk targets like state-of-the-art equipment, postage meters, check writers, and company checkbooks. Improve doors by installing peepholes and keypads. Utilize two locked doors surrounding a small lobby or foyer. This type of “airlock” system eliminates piggybacking, a method criminals use to gain entry by catching a locked door as an employee exits.
  • Anti-Virus: While it is extremely unusual for a company not to have anti-virus software in this day and age, it is impossible to overstate its importance. High-end protection from viruses, spyware, malware, Trojans, and worms is one of the shrewdest investments an office can make. This includes firewall protection for your main system, security for your wireless Internet routers, and securing backups of all data, preferably off-site, for recovery in the event of a cyber attack.
  • Lights, Camera, Layout: Be aware of “dark spots” both inside and outside your office. Install adequate lighting in parking lots and outdoor break areas for employee safety, eliminate blind areas in stairwells, and arrange hallways and offices to remove any places where someone could conceal himself or stolen items. Short of CCTV, discussed below, it may be worthwhile to install recording security cameras at key areas like loading bays and access points like after-hours entrances.
  • Reception: Among the more complete solutions is to employ one or more full time receptionists. From a security system standpoint, this person allows for close inspection of credentials and identification and funnels security information through a single point. If it is impractical to have each visitor greeted and checked-in by a person, consider a dedicated phone line in your lobby or at your front door that goes only to a designated receiver. This method, combined with a sign-in station, can be a cost effective strategy for many offices.
  • Access Control System: One of the difficulties with hard keys is reacting when one is lost or stolen. With an access control system, businesses can issue access cards to employees while maintaining complete control over what each card will open. Moreover, access control systems minimize risk by allowing only enough access to complete a job. Thus, employees, contractors, or visitors can be restricted by area or time of day. Two things are critical with access control systems. First, allow “total access” to as few individuals as possible. This will clarify who is authorized to be where and thereby enable employees to recognize and report infractions. Second, monitor the use of each card. By reviewing card activity, you can determine who needs access to where and at which times, streamlining routines and defining access.
  • Closed Circuit Television (CCTV): For higher end security system needs, CCTV is one of the most effective methods of protection. Through limited broadcast, each camera can be monitored through a single interface. Depending on the specifics of the system, footage can be monitored by an employee or digitally recorded. Place cameras strategically to achieve the maximum coverage for a single unit. Likewise, cameras or corresponding signs that are visible to guests and employees can be effective deterrents and create a safe environment. It is important to remember, however, that as effective as CCTV is, it should be used efficiently and in tandem with other measures. For example, installing a unit in an entry with an “airlock” door system allows extended footage of a person(s) entering or exiting the premises.
  • Proper Training: Above all, make sure each of your employees is adequately trained to use security equipment and follow procedures. Investment and planning in the best security system will have little impact if individuals are unclear on precaution and intervention. This may be as simple as making sure employees keep doors and windows secure or protect their personal belongings, but often entails specific training on identifying and responding to suspicious items, persons, or events.