Malware -- software produced for malicious purposes, such as theft of bank account information -- has increased about fortyfold over the past decade, according to AV-Test Institute, an information technology security analysis firm.
This intensifies vulnerability for those conducting financial business on the Internet.
The rise is driven by 3 principal factors:
- The increasing number of people capable of writing software.
- The proliferation of computer users.
- The growing number of software kits that provide malicious software components.
A programmer in a developing country may determine he'll make far more money writing malicious software than by any other occupation. Even organizations with substantial resources are not safe, as evidenced by the frequency of breaches in recent years. Most notable are the November 2014 hack at Sony, in which much of its internal data was aired publicly, and the July 2015 hacking of the U.S. Office of Personnel Management. That breach compromised the privacy of 21.5 million people who had undergone a background check by the federal government.
In most of the recent break-ins, human error appears to have welcomed intruders. Following are some safety tips to enhance your online banking security.
Download only trusted files
There are 2 main ways for someone to gain access to your accounts: through your bank's computers or from your computer. This is almost always done by slipping a piece of software onto your computer, or to an administrative computer at a bank, giving the intruder full access. This access software is usually installed through a link to a malicious file that exists either on a website or in an email directed to you that appears to be safe. This software will typically feature remote access, enabling the criminal to download the files stored on a computer, as well as a keystroke logger, used to capture any login credentials typed but not stored. For this reason, you should never access accounts from a computer you haven't always controlled.
Downloading untrusted software isn't terribly different from providing a complete stranger with a key to your house and hoping he doesn't show up with a moving van.
Install operating system updates
Updates to the software that runs your computer sent directly from Microsoft, Apple or the Linux community are offered regularly and often fix newly found security holes. If a security update is being provided, it means the problem has been around long enough to have a solution. That means you're already at risk and should install the update immediately.
Use password tiers
Hackers count on at least some people using the same passwords for their social media and online shopping accounts as they do for their credit card, checking and work accounts. Sites that don't contain sensitive information are less likely to spend resources protecting themselves from hacks. Therefore, they are more likely to be targeted, and passwords taken from those sites may be used to try to log in to your financial accounts.
Use separate passwords based on account type -- one for social media, one for credit cards, one for online banking security and one primary password for work. Using a limited number of passwords provides the additional security feature of not having to store them in a place where they could be accessed. Use long complex passwords, to the extent that they can be remembered, as they can take longer for hacking software to guess. Also, ensure that the answers to any account security questions that allow for a password reset can't be found by researching your profile online.
In addition to avoiding untrusted files, diligently installing operating system updates and using tiered passwords, inquire whether your banks' employees have all been trained to do the same.
Finally, pass along these Internet safety tips on online banking security to your friends, family and the banks you do business with so they're not left riding a broken mule into the Wild West.