Nearly 200 auditors, bankers, examiners, and credit union professionals gathered in Allen, Texas for the 9th annual CoNetrix KEYS Conference. Designed to provide Knowledge Essential to Your Security (KEYS), the April 2019 event attracted attendees from financial institutions across the United States.

In the course of my work, I find myself visiting several financial institutions throughout the year. Although these institutions vary in size and complexity, many of them share several common deficiencies. Some of the prevalent security mistakes listed in this article may be resolved with relatively simple implementations, but others can take more substantial amounts of time and user training to remediate. Fixing these five deficiencies would greatly help to improve the security of any institution.

Many businesses and financial institutions have seen an increase in the number of employee-owned devices over the past few years. Employees are using these devices to access email, download files, launch a remote desktop, or use a Virtual Private Network (VPN) connection for a remote "on network" experience.

Microsoft has been emphasizing Office 365 subscription services since the public introduction in 2011. As a result, the popularity of these services has grown to over 155 million active users as of October 2018, and is gaining new users at over 3 million seats per month. With this growth, on-going marketing, and the increasing acceptance of public cloud services, many businesses and financial institutions are starting to look at Office 365.

When something really messes up Chrome, being logged into your Google account and having Chrome sync settings makes repairing things pretty painless.  Recently, I couldn't get my LastPass Chrome extension to log into my LastPass account. Since I rely heavily on LastPass to handle various website credentials, I'm handicapped if I can't get it working in the browser extension.

I came across a few customers having trouble opening PDF attachments while in Quickbooks. The following message would be displayed, and sometimes it would be random. "There is a problem with Adobe Acrobat/Reader. If it is running, please exit and try again. (523:523)"

I recently had a patching issue with SQL Server 2014 SP3. When I tried installing the SP3 update it kept failing with error code 0x858C001E. It turns out that this can be caused if the program files directories for SQL Server are compressed.  The folder paths to check are listed below as documented here: https://wiert.me/2017/03/16/fixing-0x858c001e-error-on-sql-server-20122014-updates/ 

We have a customer who is in the process of migrating from one domain ("domain 1") to another so the domain name that will match their current company name ("domain 2"). They have moved a majority of their client PCs from domain 1 to domain 2. The Exchange servers are still in domain 1 and using credentials for domain 1.

Part 1: When installing the Fortigate Single Sign-On Agent you need to configure the service account as a local admin on the server where it's being installed.  Fortinet support states that the account has to be a domain admin, but I have confirmed that it only needs local admin rights, and not domain admin rights. 

In older versions of vCenter (and associated VMware products), installing corporate certificates was a pain. It was an extremely manual process to update each component. Just take a look at https://kb.vmware.com/s/article/2034833 to get an idea.  With vSphere 6.x, certificate replacement is considerably simpler. You still need to have a certificate for each of the components, but VMware has automated a lot of the pain points into a simple certificate wizard. In addition, instead of creating individual certificates for each piece, you simply sign a certificate (created with a special template model), replace the root VMCA certificate with your custom signed one, and regenerate all the subordinate certificates signed by your custom signed root VMCA certificate. 

"But I don't even have an iCloud account!" my aunt said over the phone, as the realization of her fear began to set in. "Is this just a scam?!" At this point, vishing scammers had already installed remote software on her PC and were attempting to have her purchase Google Play Store prepaid cards and send them the codes so the "problem" with her "account" would be "fixed."  In response, the plug was pulled, the hard drive destroyed and passwords were changed. A diploma from the school of close calls was earned that day. If only my aunt knew – if only she had been "patched!"