By Ranee H. Bahn, Audit and Compliance Officer, Legacy Private Trust Company
October was National Cybersecurity Awareness Month. In this spirit, want to share with you some of the ways Legacy protects client data and provide helpful tips that you can use at home to protect your private information.
Over the past 18 months, our team has been working diligently to address the changing nature of network and information security. We recognized that in today’s world of data breaches, basic security controls are no longer good enough. As a result, Legacy has contracted with the professional services of respected outside organizations to aid in strengthening our security posture. Legacy’s ultimate goal is to protect sensitive client information.
- Our network support services partner, StrataDefense, works exclusively with financial institutions and is in tune with the rapidly changing needs in our industry. We recently implemented a virtual security analyst that monitors our network for indicators of compromise. In real-time, it can isolate a potentially compromised machine and sever its network connectivity. This proactively stops malicious activity in the early stages and prevents the loss of sensitive client information.
- In addition to the virtual security analyst, Legacy has undergone critical network infrastructure reconfiguration that better secures our internal network. As Legacy prepares to move into 2018, we plan to continue the evolution of our network security.
- In addition to the changes to our network infrastructure, we have been working with the team at Wipfli, LLP, to participate in regularly scheduled technology audits, during which Wipfli evaluates and tests our internal technology systems and policies to ensure that we are operating in a safe and secure manner. These tests include internal vulnerability scans to ensure that patching and flaw remediation are properly completed.
- Legacy participated in its first-ever penetration test this fall. For this test, Legacy employed the (simulated) hacking services of SynerComm to break into our network to help expose potential weaknesses that could be exploited by actual hackers. We are happy to report Legacy’s configured defenses stopped the SynerComm hackers at the gate. SynerComm was unable to gain a foothold on our network or “steal” any data.
We encourage all of our clients and friends to take an interest in their personal computer security and offer the following helpful tips:
- Use strong passphrases. Use a phrase that is easy for you to remember and something that only you would know. We suggest between 14 and 25 characters. Anything less is too easy for a hacker to crack. Never use these types of passwords: “Password” or “Winter17”, “Spring18”, etc. An attacker will crack these types of passwords within seconds.
- Be sure to lock the device (smartphone, tablet, etc.) when you are finished using it. This will help keep your information safe from thieves and other prying eyes. Configure the device to automatically lock out after a few minutes of inactivity.
- Install anti-malware software to protect against viruses, key loggers, phishing websites, and other malicious activity. Preferably, use a paid solution rather than a free one.
- Consider using a PIN to secure your device(s) and see if your device(s) will allow number pattern randomization.
- Stay away from using free public Wi-Fi, if possible. Public Wi-Fi can allow hackers easy access to your data.
- Secure your passwords. Do not keep them written down or use the same password for every application. Consider using a password vault application that can secure all of your passwords in one location.
- Subscribe to a credit-monitoring product for yourself, your spouse, and your children.