News & Research from Hill & Usher

Current Articles

"Lions and Tigers and Bears? No, Phishers and Hackers and Scoundrels!"

(Download Full, Interactive Article in PDF)

Sunday, August 16, 2011

PHOENIX (H&U) –

Are you concerned about accidentally clicking on a phishing site, being hacked, having all your keystrokes logged by a surreptitious key logger, or having your identity stolen? All of these things have regularly made the headlines, especially when they've happened in connection with major financial institutions. The embarrassment and loss of customer confidence is costly and the liability is painful. As customers though, we end up feeling violated, helpless, and worried every time we log in.

You're logging into your banks secure website. How can you be more confident that it is your bank's website and that no criminal entities are "watching over your shoulder," so to speak, while you enter your user name and password?

Trusteer

Because banks and other institutions have been faced with attacks, various organizations have arisen to address the problem. One such outfit is Trusteer.

Your bank may have already required you to download and install Trusteer's Rapport software program that must be running and recognized by your bank before your bank will let you log in.

Banks, other financial institutions, and various other websites and companies are employing Trusteer to add another layer of protection throughout the system: from the customer/user to the server and back again.

As of the date of this article, the following organizations are automatically covered by Trusteer's Rapport software:

  1. Alliance Bank of AZ
  2. Alliance & Leicester
  3. Alta Alliance Bank
  4. Amegy Bank
  5. Auto Trader UK
  6. BancFirst
  7. Bangor Savings Bank
  8. BankFIRST
  9. Bank of America
  10. Bank of Cyprus UK
  11. Bank of Montreal
  12. Bank of Nevada
  13. Bank of the West
  14. BBVA Compass
  15. BOK Financial
  16. Boursorama
  17. Cambridge Savings Bank
  18. Cape Cod 5
  19. Carolina First Bank
  20. Central Bank KY
  21. Charter One
  22. CIBC
  23. Clydesdale Bank
  24. CNB Bank
  25. CoBiz Financial
  26. Commerce Bank WA
  27. Co-Operative Bank
  28. Coutts
  29. CoVantage Credit Union
  30. Coventry Building Society
  31. eBay
  32. EECU
  33. Ever Bank
  34. F&M Bank
  35. Fifth Third Bank
  36. first direct
  37. First Independent NV
  38. First Republic Bank
  39. Hancock Bank
  40. Harris Bank
  41. HSBC
  42. Huntington National Bank
  43. IBC Bank
  44. ING DIRECT Canada
  45. ING DIRECT USA
  46. Interbanking
  47. iTransfer
  48. Mercantile Bank
  49. Metro Bank
  50. Mid-Atlantic Corporate
  51. National Bank of Arizona
  52. Nationwide
  53. NatWest
  54. NBC Bank
  55. Nedbank
  56. NEFCU
  57. Nevada State Bank
  58. OceanFirst Bank
  59. Old National Bank
  60. OnVista Bank
  61. PayPal
  62. Peoples Bank OH,WV,KY
  63. Peoples Bank (MO)
  64. President's Choice Financial
  65. PSECU
  66. Renasant Bank
  67. RBS Citizens
  68. Riverview Community Bank
  69. The Royal Bank of Scotland
  70. Santander
  71. Santander Rio
  72. Selfbank
  73. Selftrade
  74. ShareBuilder
  75. SiebertNet
  76. Smile
  77. Somerset Hills Bank
  78. Standard Bank
  79. SunTrust
  80. Synovus
  81. Torrey Pines Bank
  82. Ulster Bank
  83. United Bank
  84. USAmeriBank
  85. Valley National
  86. Vectra Bank
  87. Westfield Bank
  88. Yorkshire Bank
  89. Zions Bank

That's quite a list, and it's constantly growing. If you use any of them but haven't been asked to download and use Trusteer, inquire about it. It may be as simple as clicking a link on your financial institution's website to begin downloading and using Rapport.

Add Sites

When your bank, for instance, makes an arrangement with Trusteer, they establish the number of additional websites you as a customer may select to protect over and above the current, always protected sites, such as your bank.

It is our understanding that the typical number of additional websites that the user may add is 100. That's usually sufficient, but a typical household user may request an additional license (free-of-charge we are told) to add even more additional sites.

Trusteer recommends that the user use Rapport to protect every site where the user is asked to supply a user name and password. You can use it for Twitter, Facebook, Google+, EBay, PayPal, Amazon, and all sorts of sites where you might feel more comfortable with an added layer of protection.

Ease of Use

Our staff at Hill & Usher has tested the software and found that it's fairly easy to use. The help is straight forward. The user interface is about as simple as can be, considering the work the program does in the background while we go about our web surfing.

We recommend that once you've install the program that you go through the whole thing clicking on every menu item to read the various screens.

In terms of adding additional sites to protect, Rapport works with Firefox, Chrome, and IE. It will though protect added sites afterwards even if you use another browser, such as Opera or Safari.

Protects Unsecured Sites

Something we found encouraging is that Rapport will protect the login process even on un-secure sites or where the user can't readily tell whether a popup login-box is secure or not. So, whether the URL says http or https, Rapport will still protect your login info.

In addition, the first time you attempt to log in to one of the protected sites while Rapport is up and running (you can turn it off - just remember to switch it back on before banking, shopping, or otherwise logging in), Rapport will ask you if you want to save the login info. You may opt not to without turning off future such prompts for the particular site, or you may permanently turn off the prompt for that site. It may give you additional peace of mind knowing that your login info is saved outside your browser and/or in addition to it.

Chrome

By the way, now is a good time to remind you, or to inform you if you weren't already aware, that Chrome does not save user names and passwords in a secure fashion. The other two browsers use strong encryption and offer you the ability to enter a strong Master Password to protect all your user names and passwords.

Backups

Naturally, you should backup your user names and passwords to separate storage rather than chancing everything to one drive (hard drive or otherwise). Be sure your other storage medium is encrypted with a strong password.

Malicious Software

In addition to the protections mentioned above, Rapport helps protect against screen captures where a criminal will take a snapshot while you enter info. It also helps protect against password revealers.

There are all sorts of malicious programs out there that can find their way onto your computer unbeknownst to you or even your anti-virus software and firewall. That's why an additional layer of protection, especially when you are doing financial transactions, such as shopping with your credit card, is so important.

It's important to protect against Man-in-the-Browser malware and Man-in-the-Middle attacks along with Trojans such as Zeus, Silon, Torpig, Yaludle, and others.

Enterprise-Level

If you are an organization that employs telecommuter or any sort of virtual private networking, Trusteer offers enterprise-level solutions.

More Than Anti-Virus/Firewall

What does Trusteer say that Rapport does on top of your anti-virus and firewall?

  • Locks down access to financial and private data instead of looking for malware signatures
  • Communicates with your online banking website to provide feedback on security level and report unauthorized access attempts
  • Allows for immediate action to be taken against changes in threat

Download Rapport

You can download the Home User version here: http://www.trusteer.com/webform/download-rapport

For more information, visit http://www.trusteer.com/learn.

Once you download and install Rapport, be sure to visit every site where you log in. Then click the grey Rapport logo in the address field. After a few moments, it will turn green. You might have to click on it or run your mouse over it. You can always refresh the page too.

Of course, you should augment Trusteer's Rapport with proper insurance coverage.

Insurance for Cyber Liability & Attacks

Services such as Trusteer can go a long way in reducing the risks associated with losing your personal- or organizational-login information to banking and other websites. In addition though, the insurance industry is rapidly evolving in response to such technology-related risks.

Commonly, policies protecting insureds (those covered by applicable insurance policies) from data breaches fall under the category of "Cyber Coverage," which includes an array of first- and third-party coverage, such as the following (and more):

  • Identity-Theft Coverage — Indemnity for expenses related to managing and mitigating an identity-theft event for the insured or in some cases, employees of the insured
  • Security-Breach Liability — For neglect or omission by an insured that results in personal information being obtained by unauthorized parties
  • Data and Cyber Extortion — Coverage for the insured's loss when a criminal-hacker threatens to:
    1. Introduce a virus or malicious code
    2. Launch a denial-of-service attack
    3. Disseminate proprietary information of the insured or
    4. Destroy or prevent access to the insured's computer system
  • Security-Breach Expense — Coverage for mitigating expenses derived from a security breach including:
    1. Financial cost of notifying all affected parties
    2. Overtime pay for employees assigned to manage a data-breach event
    3. Fees and expenses for outside firms and consultants acting to field calls and otherwise mitigate damages and
    4. Cost of mandatory credit-monitoring services after a data breach
  • Business-Income for Website Interruption — Coverage for losses resulting in the suspension of website commerce after a covered interruption
  • Website-Phishing Liability — Coverage for 1) unauthorized content posted to insured's website that infringes on copyrights, trademarks, or trade dress or 2) violation of a person's right to privacy due to an error or misleading statement by the insured

The above is only part of the story of the ever-developing risk-exposure on the Internet and unfolding insurance-industry responses.

Contact Hill & Usher now to begin exploring how we may help you develop your Cyber-Risk-Response Plan, including financial support via insurance.

Happy safe-browsing from Hill & Usher.

Share

Customer Care
Online Services
Have Questions?
Need more information about Hill & Usher or one of our programs? Contact one of our licensed insurance professionals by phone or email for assistance.
"At Hill & Usher, we are developing a website that we hope makes doing business with us simple and straightforward. Please visit us regularly to see how Hill & Usher is working to make your time online with us a quality experience."
Richard B. Usher,
Agency Principal
Hill & Usher

Follow Hill & Usher on Twitter

© Hill & Usher, LLC. All Rights Reserved. CA #0C73815
Phone: (602) 956-4220 | Fax: (602) 956-4418