Banks today are pretty careful about shielding their data from unwanted eyes. “Financial institutions have learned from breaches the cost of not protecting customer information,” says Robert Dunlop, security officer for Commerce Bank in Mount Laurel. “Not just the financial cost but also the reputational risk.” Consequently banks usually encrypt their data, scrambling it so that only someone with the correct overrides can see readable data.
Every bank should also have a plan in place in case of a security breach, says Dunlop, ensuring cooperation between information technology, compliance, security, the line of business involved, and the communications people trained to handle customer questions when a breach occurs. And if the worst happens, he says, the bank must identify the scope of the breach and its cause, and take the necessary steps to stop it and ensure that your customers are protected.
But a bank’s biggest security problem is usually not a breach of its own well-protected computers. Rather, it’s when one of the bank’s customers finds their data is at risk (think identity theft) and calls the bank looking for help. Even though businesses and residences are the weakest links, from the security perspective banks are often the ones to suffer financially in closing out old credit cards, issuing new ones, and taking the time to talk customers through their security issues.
Dunlop is one of the speakers at a half-day seminar, “Cyber Security for Bank Security Officers,” on Friday, April 18, at 9 a.m. at the Crowne Plaza in Jamesburg. Sponsored by NJBankers and the New Jersey League of Community Bankers, the seminar will provide security officers with a working knowledge of the IT concerns facing the banking industry and the tools, techniques and resources available to address them. Cost: $125. To register, go to www.njbankers.com.
Encrypt any proprietary customer or transaction information on your hard drives. Software is available to encrypt data, and laptops can be particularly vulnerable, says Dunlop. “Say you’re a merchant, and you have sensitive customer information on a laptop. You run into a store, leave your laptop in the car, and someone sees it, and breaks in.” Then you’re a goner, because a simple password offers no protection in the face of experts.
Set your computer to time out after a couple minutes of being idle. Once the computer times out, a password is necessary to get back in. This offers some protection, for example, in large buildings where data thieves can walk in during lunch, pretend to be vendors or employees, and milk data from an unattended computer.
Use a security cable to attach a laptop to a desk. A thief can also wander into an unsecured building during lunchtime and just walk off with a laptop. If you can’t take it with you, see that no one else can either.
Challenge people in your building who you don’t know. “It is not uncommon for people to come in and steal,” says Dunlop, “but it is very hard for people to challenge someone.” People tend to ignore intruders. But thieves are aware of this valuable piece of human psychology, and they also know that people go out at lunchtime and leave their laptops unattended.
Also, keep your desk clean and make sure to never leave confidential information lying around.
Don’t be careless about giving away your passwords. Sometimes people issue a virtual invitation to potential data thieves by putting passwords for different websites inside their computer cases or on their desks beneath the mouse pad. Or they make the mistake of sharing a password with the wrong person. Don’t give away your password without a compelling reason.
Be wary of calls from people who are not who you think they are. Sometimes people will make calls asking for personal information, pretending to be employees of a bank or even of the company where the person works. In the security business, this is called “social engineering.”
Shred documents. If you have documents with sensitive data, don’t throw them in the trash, where they can be prey to what the experts call “dumpster diving.” Shred them instead.
Don’t put a check in your mailbox with the flag up. This is an invitation to identity thieves who may be trolling your neighborhood. If they get their hands on a check, they will have your signature, the routing number of your bank, and your account number.
Dunlop grew up in Westmont. His father was in the U.S. Navy, and his mother died when he was seven. After serving in Vietnam in the U.S. Army’s 101st Airborne Division, Dunlop went to Richard Stockton College, graduating in 1972 with a degree in law and criminal justice.
After college he joined the New Jersey State Police, retiring six years ago as the executive officer, a lieutenant colonel. In the 1990s he got a master’s degree in education from Seton Hall.
So the word in security matters is — take care. Of course, sometimes there’s little you can do except read your credit card bills carefully each month to make sure all the purchases are yours. When identity thieves get into a store’s computer system and steal credit card numbers, warns Dunlop, it is easy to create bogus credit cards and make purchases.