Question

9. Assume that you have been hired by a bank to harden their defenses. The step are: Determine the types of information a bank has that needs to be protected. Rank the types of information that you have identified from most to least critical and briefly state why they received that ranking. What would you suggest to the bank as ways to protect the online information or mitigate the damage if the information is compromised? What would you suggest to the bank as ways to protect against physical intrusion by robbers or people trying to compromise computer systems?

Answer 1

The types of information a bank has that needs to be protected are:-

1. customer details
2. employee details
3. loan details
4. transaction details

If we have to rank them according to the priority then the ranking is as follows:-

1. Employee details:- It is most important because who ever have the employee details they can easily approach the employees and threaten their lives to make to do whatever they wish to do therefore employee details is the most important.
2. Customer details:- Generally banks have customers with high income as well as low income and both the type of people's data must be secured because of the banks confidentiality policy therefore customers details is the second most important.
3. Transaction details:- Lots of transaction is done in a day by the customers and even by the bank, so the details of that transaction should be secured within the bank security borders.
4. Loan details:- Its another type of transaction done by the bank but have another category to it, same as transaction details this data should be secured within the bank security borders.

Here are some steps to protect online bank information:-

• USE ONLY SECURE WI-FI NETWORKS:- You can't confide in the security of open Wi-Fi systems. Programmers can without much of a stretch take the data from them, as they are not for the most part encoded. Along these lines, limit yourself from signing into your web based financial record over an open system. Do your exchanges just over a safe system like the one secured by a secret key at your home. On the off chance that you have to do exchange outside of your home, utilize your cell organize as it were.

• BANK ON SITES WITH “HTTPS” IN THE ADDRESS:- The encoded locales are the ones that guard your private data on the web. Your financial webpage must be scrambled as of now, however to twofold check it, search for letters "https" toward the beginning of web address and quest for a latch image in your web address bar. You can likewise download https program augmentations that will scramble your web information naturally if the site gives it.

• ENABLE TWO-FACTOR AUTHENTICATION:- 2FA, or two-factor confirmation, includes an extra factor of validation to your ordinary sign in system. Under single-factor verification, you enter your username and secret key, and afterward you are finished. The advantage of 2FA is that it expects you to give an extra confirmation certification before you can access your record.
  The extra verification credential can be any of the following:-
  1.Something you are, like a biometric factor (voice print or a finger print).
  2.Something you have, like a fob, phone, or ATM card.
  3.Something you know, like a pattern, password, or a PIN (personal identification number).

• DISABLE AUTOMATIC LOGIN BEFORE LOGGING IN TO YOUR ACCOUNT:- Guarantee your internet browser isn't putting away any of your web based financial data like the username and secret key. On occasion, your web based financial data is consequently put away by internet browsers. Impair this element before you play out any sort of exchange.

• BEWARE OF PHISHING CALLS, TEXTS AND EMAILS:- You should recollect that nobody will call, email, or text you requesting your web based financial data. On the off chance that you get such a calls, messages or messages from any source, report them promptly to your bank client care. These are known as phishing tricks and should be accounted for to your bank immediately.

• CREATE A STRONG PASSWORD:- Make a solid web based financial secret phrase utilizing upper-and lower-case letters, numbers, and images. You should get a solid inclination that no one but you can envision (and recollect) a secret key this way. Likewise, change your secret word every now and again and forgo utilizing it for different things. To enable you to make, store, refresh and recall a secret word, exploit a secret key chief device.

• USE ANTIMALWARE (OR ANTIVIRUS) SOFTWARE:- Today, use of antivirus programming may appear to be an undeniable choice to make, yet the greater part of the PCs are unprotected today. A decent antivirus arrangement shields your PC by recognizing and expelling vindictive programming. Make sure to keep the product refreshed for new sorts of infections. To do this, empower programmed refreshes for your antivirus programming, with the goal that it gets refreshed when another update shows up.

• USE ONLY OFFICIAL BANKING APPS:- Utilize just your bank's authentic portable application for making exchanges. The explanation is these applications are tried thoroughly and ensure your information is encoded and secure. Limit yourself from utilizing an application that is made by somebody other than your bank, as these projects may take your financial data for fake purposes. The hoodlums today are keen; they can make an application that looks carefully to your bank's authentic application. If at any time in question, consider your bank to confirm that the application is authentic, or simply don't introduce it.

• FIREWALLS:- Firewalls screen information coming all through PC systems, blocking unapproved access and preventing traffic from hazardous web sources.

• SECURESOCKET LAYER (SSL) ENCRYPTION:- SSL encryption makes a safe association with your program when you sign in, round out an application, register for administrations and that's only the tip of the iceberg. What's more, in spite of the fact that the innovation is refined, it's anything but difficult to ensure that SSL encryption is dynamic on the page you're utilizing. Simply search for the lock image at the lower right-hand side of the page or search for "https://" toward the start of the page's URL/web address.

• COOKIES:- By putting a cookie(a bit of text put away on a client's PC by their internet browser) on your PC after your underlying login, banks would then be able to perceive or verify your PC when you sign in to your record once more. In the event that you utilize another PC to sign in to your record—or you eradicate your cookies—you will be required to enter extra data at the hour of your next login.

• AUTOMATIC LOGOUT:- Most banks naturally log you out of your safe meeting after a time of latency to help keep others from seeing or utilizing your online records.

• BIOMETRIC AUTHENTICATION:- Numerous banks have coordinated unique finger impression validation into their versatile banking applications. Different types of biometric safety efforts incorporate "eyeprint" confirmation and facial and voice acknowledgment. These confirmation techniques are anything but difficult to utilize and difficult for lawbreakers to imitate.

Some physical security measures which the bank should take are:-

• With different branches scattered in various topographical areas, and a wide range of employments of the accessible assets, planning isn't simple. The size of the bank, its area and the crime percentage in the territory, the danger of catastrophic events and the size of the accessible spending will at last add to a ultimate choice.
• Various branches require various degrees of security. Directors need to assess the danger levels that are related with each different branch. They have to make standard techniques that will alleviate the dangers and perils.
• At the point when destinations are ordered by danger level, employing security organizations and an approved locksmith administration that handles business clients turns into significantly easier. Master locksmiths can successfully brace security with the assistance of the most exceptional sorts of physical and electronic locks, cautions, and other comparable gadgets.
• Banks can depend on Access Control Units that look like glass-encased vestibules. The thing that matters is that the glass is impenetrable and the locks are programmed. Additional re-appropriating ought to be done so as to physical alert frameworks for banks. The customary law authorization and focal detailing stations ought to be supplanted with particular security organizations.
• Improving efficiencies as far as security tasks is a significant pattern in bigger banks. The re-appropriating of far off video observing administrations that are typically given by master locksmiths empowers banks to have all day, every day inclusion, less the employing of greater security faculty.
• DVRs and system video recorders ought to supplant VCRs.
• Better interior controls likewise need than be incorporated.
• Solid storage spaces are additionally suggested.