Thursday, May 31, 2012

Survey Monkey Review for Survey Tool

Survey Monkey is unique in that you do not have to be well versed in the realm of programming and web design in order to create your own custom surveys that you want to distribute among your own members on a frequent basis.

Image source: SBC
To get started, just select which type of survey you want to create and Survey Monkey will walk you through the steps.

Would your credit union benefit from member surveys? Read more about Survey Monkey.

Wednesday, May 30, 2012

Eight Out of Ten Mobile Banking Apps are Vulnerable to Hacking

Bank transactions over apps on smartphone and tablet platforms are growing increasingly dangerous as most of them are really weak to fight any hacking attempts, say security experts.

Image source: Article
Identity theft has become a serious menace where it is overtaking all other crimes together.

Advice from the article: online banking customers should keep a cheap netbook exclusively for their online banking activity where emails aren't opened and other free apps aren't run.

Is this advice suitable to your credit union members? Read the full article here.

Tuesday, May 29, 2012

RSA SecurID software token cloning: a new how-to

This attack bypasses protections built in RSA's 2-factor authentication system.

Image source: Article
The RSA seed value is easy to obtain and copy by anyone with access to a computer that's lost, stolen, or has been compromised with a backdoor trojan.

Are you blindly trusting your RSA tokens? Read the article to find out. Or are you using GuardTime keyless signatures to prove they have not been compromised?

Monday, May 28, 2012

How long would it take to crack your password? [VIDEO]

Traditional syntax laws make up the typical password policy creations most organizations use and that many security practitioners preach...and that many hackers know.

Image source: Article
Additionally, regular password changes actually decrease security, for a few reasons: 1) your poor users are going to start using sucky passwords because they're easy to remember and to increment, and 2) doing something security-related on a regular, predictable schedule (quarterly? monthly?) is a gift to hackers.

The idea that passwords are going away is nuts. And if two-factor authentication isn't going to save us, what's the answer?

Go to the article to watch the video and to find out more about passwords and the options credit unions have to protect their valuable assets.

Friday, May 25, 2012

Instant decryption of MS Office 2010 documents now possible

Until now, there had been no solution available commercially to crack MS Office 2007-2010 encryption in predictable time.

Image source: Article
This just changed. The latest version of Passware Kit Forensic includes live memory acquisition over FireWire and subsequent recovery of a file's encryption key – regardless of the password length and complexity.

These new tool enhancements may draw concerns from IT security professionals who wonder what effective encryption methods remain.

Does this create a cause for concern for your credit union? Read the article to learn more about the tool and its uses.

Thursday, May 24, 2012

Are CUs Behind the Tech Evolutionary 8 Ball?

Several interlocking pieces to this puzzle can help CUs get invited rather than be perceived as an afterthought

Image source: Flickr
The dinosaurs didn’t have the brains or the tools to see it coming, but credit unions do. Still, CUs are under a serious threat as financial delivery services evolve rapidly, and some credit unions aren’t even at the table.

As one example, the U.S. in general is behind its global counterparts when it comes to technology such as chip and PIN and mobile banking.

Is your credit union behind the 8 ball? Read more to find out.

Wednesday, May 23, 2012

The Unseen Security Dangers in Financial Web Sites

Millions of identities, credit card numbers and user login credentials are still being compromised every year by hackers getting into web sites we believe are secure.

Image source: Article
Even a so-called brochure web site, the kind customers visit for information, blog entries, CD and Money Market rates but not necessarily personal financial transactions, are at risk; many of these provide links to sites that process actual transactions, which makes them vulnerable.

Make no mistake: If your credit union has a brochure web site, it is very likely a potential security risk.

What makes you think your credit union's web site is truly secure? Read the article to learn more.

OWASP is another fantastic resource for secure web development. Be sure to visit them as well.

Tuesday, May 22, 2012

Understanding the Challenges and Opportunities of Big Data

At its most basic, Big Data is an umbrella term for any pro-active use of available data for the purposes of improving services and member satisfaction.

Image source: Flikr
Many credit unions are finding that a high percentage of BI now resides outside the structured environment.

Assuming the technical challenges can be overcome and the underlying Big Data supporting the credit union's information resource is reliable, then we can start to crunch the available information.

It’s important to understand here that this information is not only useful for understanding the current situation. How well does your credit union grasp its big data?

Monday, May 21, 2012

What Are You Sharing with Dropbox?

Dropbox is a well-known online service which allows you to share files between computers.

Image source: Article
If your files are available via HTTP(S), this means that anybody can access them. We just have to guess valid URLs. Where can we find plenty of existing URLs? In search engines of course!

Keep in mind that shared files can be read by anybody! This feature must be used with due care and attention.

If you really need to share sensitive data, encrypt the files! You should also consider looking at secure cloud file sharing options such as ftopia.

Learn more about the Dropbox reconnaissance performed.

Friday, May 18, 2012

10 Ways to Handle Insider Threats

Close to 50% of all companies have been hit by insider attacks, according to a recent study by Carnegie Mellon’s CERT Insider Threat Center.

Image source: Article
The result of leaner departments means that there are often fewer employees to notice when someone is doing something wrong.

There is no approach that will guarantee a complete defense against insider attacks. But this doesn't mean you shouldn't try.

A good program involves establishing protections beforehand and then implementing Guardtime Keyless Signatures to prove that insider attacks have (or haven't) taken place.

Read the 10 tips to better handle insider threats.

Thursday, May 17, 2012

Member satisfaction surveys: Building a business case

The pressure to improve member satisfaction is as high as ever.

Image source: BWSO
With so much competition for members today, the answer to the question "to survey or not to survey" has to be, "yes." Satisfied members are more loyal, spend more, and cost less to maintain. Post-call surveys represent the most reliable way of assessing real satisfaction, and these survey results will be vital when it comes to making changes to the way companies interact with members.

Does your credit union use surveys to manage member satisfaction? How about your own internal customers from an IT perspective? Read more about using surveys to gauge and improve member satisfaction.

Wednesday, May 16, 2012

How Malicious Code Can Run in Microsoft Office Documents

One of the most effective methods of compromising computer security, especially as part of a targeted attack, involves emailing the victim a malicious Microsoft Office document.

Image source: Article
Common areas of weakness to watch out for include unpatched MS Office vulnerabilities, VBA macros, embedded Flash programs, and embedded JavaScript.

Intruders use the above techniques to execute code in Microsoft Office documents to compromise the system.

Read the article to learn more about the techniques.

Tuesday, May 15, 2012

Are security basics getting lost under the cover of cloud and mobile?

Few would argue that the major themes at the recently wrapped RSA Conference 2012 in San Francisco were cloud, mobile and Big Data.

Image source: imsmartin consulting
This should come as no surprise as they are currently the hottest areas of technology.

Even so, the current vendor messaging begs the question: Are we missing the mark on security basics by focusing so much on emerging technologies?

How well does your credit union follow security basics? Do you do enough?

Technology May Be Home Lending Equalizer

The familiar process of having members fax or otherwise deliver documents to their credit union’s loan officer over a period of days or weeks is no longer acceptable to many consumers.

Image source: Article
Remember, just having the best technology is not going to be enough.

Credit unions that want to remain competitive in housing finance over the next decade will likely have to confront the issue of how to add technology to their mortgage loan origination systems.

How does your credit union stack up?

Monday, May 14, 2012

Hackers break into bitcoin exchange, steal $90,000 in bitcoins

Bitcoin exchange suspended its Bitcoinica site operations after hackers managed to steal 18,547 bitcoins -- valued at about $90,000 -- from its online wallet.

Image source: FreeFoto
Security breaches at bitcoin exchanges don't only affect the users of those exchanges, but the entire bitcoin community, because they negatively affect the value of the virtual currency.

The compromised user information can be used to launch phishing attacks against banking and credit union customers, as has happened in the past after many data breaches that exposed user email addresses.

The article suggests Bitcoin exchanges need code reviews, vulnerability assessments and Web application firewalls. How does your security stack up? Read more to see if you've missed a key security element.

Friday, May 11, 2012

Global Payments Breach Fueled Prepaid Card Fraud

Debit card accounts stolen in a recent hacker break-in at card processor Global Payments have been showing up in fraud incidents.

Image source: Article
Union Savings Bank began seeing an unusual pattern of fraud on a dozen or so debit cards it had issued, noting that most of the cards had recently been used in the same cafe at a nearby private school.

USB officials say the bank has suffered approximately $75,000 in fraudulent charges, and that it has so far spent close to $10,000 reissuing customer cards.

Can crooks encode card numbers and expiration dates onto your CU's cards? Read more to see how they are doing it.

Wednesday, May 9, 2012

Hackers Blackmail Belgian Bank With Threats to Publish Customer Data

What's worse - cybercriminals breaking into your credit union's systems and stealing your members' confidential information, or being told by your attackers that you must cough up €150,000 if you don't want this member data to be published?

Image source: Bergquist
Just this week Belgian credit provider Elantis faced both. Claiming that the compromised data was unencrypted and unsafely stored, the hackers told Elantis that "while this could be called 'blackmail,' we prefer to think of it as an 'idiot tax' for leaving confidential data unprotected on a Web server."

The attack is now being investigated by the Belgian Federal High Tech Crime Unit and the outcome remains to be seen. In the meantime, lesson to be learned. There's no excuse for not properly securing and safeguarding your members' confidential data.

Are your members protected from such a breach? Read more.

Tuesday, May 8, 2012

Commercial enterprises are putting our critical infrastructure at risk

Cybercriminals have already figured out how to hack into enterprise infrastructure, and the critical infrastructure that controls our nation’s supply of money, water, gas, oil and electricity just might be next.

Image source: imsmartin consulting
Each day brings media attention to yet another breach, but it seems we are unable to make headway on the security front.

But what we should be most concerned about is that our two infrastructures — the private/commercial/enterprise infrastructure and the critical/industrial/utility infrastructure — are interconnected in many ways, and security weaknesses within either therefore put both at risk.

We know bad things can happen but we are not doing enough about it. What's your credit union's relationship with other entities? Read the article to learn more.

Monday, May 7, 2012

Emailed my bank saying I find their website very difficult to use. They refuse to fix any problems, but gave me £60.

The general idea behind online banking is convenience, and for most people, this includes ease of use.

Image source: Twitter post
Interestingly, a disappointed online customer sends and email to her bank describing her difficulties in using the bank's web services, and in response to her concerns, rather than hearing about possible solutions, she is instead told that the bank has no plans to upgrade the site and is issued a £60 credit to her account. She is told that this credit should sufficiently compensate her for the troubles she has been experiencing.

Does this sound like customer service to you? While issuing a credit to her account is a nice gesture of course, the obstacles that raised this customer's concerns to begin with are still there, and the prospects for improvement look doubtful thus far.

How user-friendly are your credit-union's services? Learn from this customer's Twitter post what you can do to ensure that your members are happy.

Friday, May 4, 2012

How smartphones and tablets are fueling commerce

Smartphones versus tables: which devices are your members using?

Image source: Article
While both smartphones and tablets are being widely used for both in-store and online commerce, the roles of these two types of mobile devices are fairly distinct. A recent Nielsen survey reveals that Smartphones may be more convenient for certain things, while tablets are likely more suited for others.

Check out the results of the survey to learn more about what your members might prefer for their online banking.

Wednesday, May 2, 2012

Where IT is going: Cloud, mobile, and data

What exactly is "cloud computing"?

Image source: Article
An ambiguous phrase indeed, it has become a catch-all label for a variety of IT trends including mobility, web apps, big data, online collaboration, and so on. For the most part however, "Next Generation IT" approaches cloud computing by breaking it down into three primary categories: cloud, mobile, and data.

Nevertheless, there is no catch-all solution for securing all your systems, processes, and assets when it comes to cloud computing, and similarly, while everything related to cloud computing can pretty much fit into one of these three general categories, the topic of adequate security within each category isn’t so general. The specifics of each technology in use must go into consideration when it comes to defining security standards and practices.

In any case, in order to understand your credit union's security needs for cloud computing, you must first understand the technology you use. Get more insight into the future of IT.