Personal or confidential information about an individual or organization can be collected and exposed without a person’s prior knowledge or informed consent. This information can be used to compromise a bank's systems or to conduct identity theft. Practices to prevent and detect spyware should be regularly reviewed to ensure that an institution is aware of all risks to its systems and to sensitive customer information.
Tips to Prevent Spyware [more]
http://www.ftc.gov/bcp/conline/pubs/alerts/spywarealrt.htm
- Update your operating system and Web browser software. Your operating system (like Windows or Linux) may offer free software "patches" to close holes in the system that spyware could exploit.
- Download free software only from sites you know and trust. It can be appealing to download free software like games, peer-to-peer file-sharing programs, customized toolbars, or other programs that may change or customize the functioning of your computer. Be aware, however, that some of these free software applications bundle other software, including spyware.
- Don't install any software without knowing exactly what it is. Take the time to read the end-user license agreement (EULA) before downloading any software. If the EULA is hard to find — or difficult to understand — think twice about installing the software.
- Minimize "drive-by" downloads. Make sure your browser security setting is high enough to detect unauthorized downloads, for example, at least the "Medium" setting for Internet Explorer. Keep your browser updated.
- Don't click on any links within pop-up windows. If you do, you may install spyware on your computer. Instead, close pop-up windows by clicking on the "X" icon in the title bar.
- Don't click on links in spam that claim to offer anti-spyware software. Some software offered in spam actually installs spyware.
Install a personal firewall to stop uninvited users from accessing your computer. A firewall blocks unauthorized access to your computer and will alert you if spyware already on your computer is sending information out.
The best prevention is awareness training to help employees adopt the behavior needed to prevent spyware on bank computers and on personal computers that are used to connect to the bank's network. Internet banking customers would also benefit from training. Education should advise of the risks in using public computers – such as those in hotels, libraries, or Internet cafés because of the uncertainty of the spyware which may have been installed on the public equipment.
Detection includes installing client solutions to block spyware. This software should be run on a regular basis to combat spyware infections.
If you could benefit from spyware prevention or detection services or need assistance with technology support, please contact us.
For more information regarding this vulnerability, please visit:
http://www.fdic.gov/news/news/financial/2005/fil6605.html
http://www.cio-today.com/news/Internet-Users-Change-Habits-for-Spyware/story.xhtml?story_id=020000O5OSBS
http://japantoday.com/e/?content=news&cat=2&id=343907
http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1108774,00.html?track=NL-105&ad=523375
http://www.eweek.com/article2/0,1759,1839427,00.asp