Information security awareness for bank employees is very important in maintaining a secure banking institution. I have over five years experience working for a large bank, so I am very familiar with their security policies. I started out working in the fraud department, then moved on to technical support. Whether it is with building security or computer security, banks take these matters very seriously.
Giving someone a job at a bank will provide them with access to some of the most private and personal details regarding the lives of the bank’s customers. For this reason, you want to make sure that you are hiring trustworthy employees that do not have any kind of shady activities in their past. Make sure all references check out and verify previous employment and education mentioned on the prospective employee’s resume, because you never know who might be trying to infiltrate your financial institution.
One of the most important elements of information security awareness for bank employees is the implementation and enforcement of a strong password policy. This entails using alpha numeric standards for passwords that force employees to use passwords that are not easily guessed. It also involves regularly updating passwords for banking systems, preferably on a monthly basis. All it takes is one password to access some systems that could provide a snoop with tons of information on customers or the bank itself, so it is very important to keep things locked down.
You should also make sure your employees are not taking shortcuts by writing passwords on notes and leaving them anywhere near their desk, as this happens often. At the bank where I worked, most people had to manage four different passwords for four different systems. We regularly had to change people’s passwords because they either forgot them or locked themselves out of a system. Although most employees will look upon the frequent password changes as an annoyance, it is an unfortunate necessity in keeping the bank’s systems secure.
Lock Down Workstations
With fake virus scanners and keyloggers being so prevalent on the internet, it is common practice to limit or disable online access to certain computers within the bank system. Because many malware programs are designed to circumvent even the most up to date security software, it is sometimes necessary to cut off internet access altogether for employees like tellers who don’t need online access as part of their job. For those who do have online access, a strict internet usage policy should be enforced.
Another big problem is unattended workstations that are left logged in. A security policy should be enforced that requires users to either log out or lock down their computer while they are away from their desk. This includes bathroom and lunch breaks as well as when the employee leaves at the end of their shift. Leaving a computer logged in is like leaving the front door of your house wide open while you are away.
Know Your Fellow Employees
Passwords and online security policies aren’t the only important factors in raising information security awareness for bank employees. Another big issue is knowing who actually works for the bank. One scenario my bank used in training was where someone would sneak into an office and pose as a member of technical support, then sit down at an empty desk and start digging around in the system.
Bank employees should question any unfamiliar person in their area, or at least make sure someone in management is able to identify who is sitting at a desk. Sometimes all it takes is a nicely dressed person with a toolkit and a fake ID badge to get on a system for a few minutes and breach all kinds of security measures while everyone else around them remains oblivious.