Below are some ‘best practices’ Bank Midwest deploys and for you to consider:
- Back up data regularly.
- Verify backups are working through testing.
- Provide training and education. We are all targets, so everyone needs to be aware of information and data security threats.
- Enable strong spam filters to prevent phishing emails from reaching ends users and authenticate inbound email using technologies.
- Require minimum standards for passwords (length, complexity, history, etc.)
- Leverage next-generation anti-virus technology to inspect files and identify malicious behavior to block malware and malware-less attacks that exploit memory and scripting languages.
- Block ads. Ransomware is often distributed through malicious ads served when visiting sites.
- Patch operating systems, software, and firmware on all technology devices.
- Configure firewalls to block access to known malicious IP addresses.
- Use application whitelisting, which only allows systems to execute programs known and permitted by security policy.
- Conduct an annual penetration test and vulnerability assessment.
– Julie R. Director of Enterprise Risk