[Editor's Note: Businesses face an expanded set of challenges and threats when using online banking. Many of the consumer protection laws that safeguard individuals and limit their liabilities in the event of loss, theft and fraud simply don't apply to businesses and their bank accounts. In many cases, the only protection that a business has is defined by the bank's terms and conditions of use. That means your business may be held responsible for any losses incurred prior to reporting suspicious activity to the bank. A chilling account of how quickly things can go wrong for a business has been reported by security expert Brian Krebs.
Last month we discussed one option for safer online banking that was recommended by the American Bankers Association: using a dedicated computer as your "banking computer." This month we discuss two more options for creating an enhanced-security banking computer. These options require more technical know-how, and may be more suited for business users. We recommend discussing all three options with IT at the office or your computer support provider before you make a decision.]
Boot Linux from a CD
Many Linux distributions, such as Ubuntu, Knoppix and Fedora, can run entirely from a CD or a USB drive on an ordinary PC. Booting from a CD offers an important security advantage that a dedicated PC does not. Each boot represents a "clean start," so any unwanted or malicious changes made to the operating system or to applications are discarded as soon as the computer is turned off.
While Linux software itself is free and easy to implement, allow yourself time to learn the basics of a new operating system unless you are already familiar with it. Keep in mind that booting and rebooting from a CD can take longer than from a hard drive, and that you'll need to update your Linux CD frequently. Finally, check to make sure your bank's online transaction system will work with Firefox or whatever browser is included in the distribution of Linux you are thinking of using.
Boot Linux from a CD
Pros
- No additional software expense
- Little, if any, additional hardware required
- Linux is a smaller "target" for malware and hacking than Windows
- Automatically restarts from a "known good state"
- Updates easily; just download the newest distribution
Cons
- You'll have to learn the basics of a new operating system
- Your choice of browsers may be limited
- Loading Linux requires rebooting your computer
- Linux is updated frequently; you'll need to update (re-burn) your Linux CD often
Use A Virtual Machine
A virtual machine (VM) is like a computer within your computer. In essence, you're running multiple computers which share the hardware resources of your single physical machine, all at the same time. The
VM's and the physical host can run different operating systems, and they generally behave as if they were separate PC's connected by the same local area network.
You'll need some extra memory and disk space to support it, but most systems purchased within the last few years should have enough of both. Many VM's can be placed into a standby mode and "reawakened" rapidly. VM's can be configured easily to reset to their initial "known good state," so any malicious or unwanted changes made to the operating system or to applications are discarded. If you're not sure you are up to creating a VM on your own, you can download a free virtual machine "player," along with a preconfigured virtual "software appliance" for web browsing.
Some caveats. If you use Windows, for example, "inside" your VM, a license for that copy of Windows is required (MS doesn't distinguish between "physical" and "virtual" installations). Just like a "real"
Windows computer, a Windows VM needs regular patching and updating, and good-quality security software is a must.
Use a virtual machine
Pros
- Modest hardware expenses
- Can be configured to automatically restart from a "known good" state
- Faster starts than a normal reboot
- Can be used side-by-side with your "real" machine
Cons
- May involve additional software expense
- Additional patching and updating is required
- Configuring the VM to restart from a "known good state" will remove recent patches and updates
Caution! Whether you choose to use a dedicated computer, the Linux-CD-boot solution or a Virtual Machine:
- Keep your banking computer's operating system and applications patched and updated.
- Install and maintain good-quality antivirus, anti-malware and a two-way software firewall.
- Do not use a banking computer for any purpose other than online banking.
Tips
- Monitor your bank account activity often. Most fraudulent activity is detected by the account holder first, not by the bank.
- Enable activity alerts. Many banks allow you to set up an automatic email that gets sent when a threshold, such as a specific dollar amount or a number of transactions, is exceeded.
- Disable features and services that you don't use. For example, if your business doesn't involve making international wire transfers, ask your bank to remove that capability from your account.
- Maintain proper division of duties and responsibilities. Email alerts and account statements should not be sent to the same person who enters the transactions.
- Know the terms and conditions of use associated with your bank account.
- Review your insurance coverage to determine what losses are covered and not covered.
- Use the advanced security features your bank provides such as requiring multiple approvals for transactions, one-time-use passwords, and anti-spoofing protection.
- If you suspect your bank account has been compromised or spot activity you have not authorized, contact your insurance company, and follow these guidelines from the Federal Trade Commission:
-
- Notify your bank and credit card companies immediately
- Close the affected account(s)
- Notify the major credit reporting agencies
- File a report with the Federal Trade Commission
- File a report with the police.
More information:
ABA Recommends Dedicated PC for Online Banking
VMWare Download Info
VMWare Information
List of Anti-Virus Software
Operating Systems/Applications
Windows & PC Office
Mac Office
OS X
iPhone/iPod
iPod
Windows Adobe Reader
OS X Adobe Reader
Flash Player
Firefox
Safari
Opera
Chrome
Java
Windows iTunes
OSX iTunes
Security Suites
Symantec:
Norton
McAfee
Kaspersky
Sophos
Panda
BitDefender
Microsoft Security Essentials
|
Policies 
