Lions and Tigers and Bears? No, Phishers and Hackers and Scoundrels!
Are you concerned about accidentally clicking on a phishing site, being hacked, having all your keystrokes logged by a surreptitious key logger, or having your identity stolen? All of these things have regularly made the headlines, especially when they’ve happened in connection with major financial institutions. The embarrassment and loss of customer confidence is costly and the liability is painful. As customers though, we end up feeling violated, helpless, and worried every time we log in.
You’re logging into your banks secure website. How can you be more confident that it is your bank’s website and that no criminal entities are “watching over your shoulder,” so to speak, while you enter your user name and password?
Trusteer
Because banks and other institutions have been faced with attacks, various organizations have arisen to address the problem. One such outfit is Trusteer.
Your bank may have already required you to download and install Trusteer’s Rapport software program that must be running and recognized by your bank before your bank will let you log in.
Banks, other financial institutions, and various other websites and companies are employing Trusteer to add another layer of protection throughout the system: from the customer/user to the server and back again.
As of the date of this article, the following organizations are automatically covered by Trusteer’s Rapport software:
- Alliance Bank of AZ
- Alliance & Leicester
- Alta Alliance Bank
- Amegy Bank
- Auto Trader UK
- BancFirst
- Bangor Savings Bank
- BankFIRST
- Bank of America
- Bank of Cyprus UK
- Bank of Montreal
- Bank of Nevada
- Bank of the West
- BBVA Compass
- BOK Financial
- Boursorama
- Cambridge Savings Bank
- Cape Cod 5
- Carolina First Bank
- Central Bank KY
- Charter One
- CIBC
- Clydesdale Bank
- CNB Bank
- CoBiz Financial
- Commerce Bank WA
- Co-Operative Bank
- Coutts
- CoVantage Credit Union
- Coventry Building Society
- eBay
- EECU
- Ever Bank
- F&M Bank
- Fifth Third Bank
- first direct
- First Independent NV
- First Republic Bank
- Hancock Bank
- Harris Bank
- HSBC
- Huntington National Bank
- IBC Bank
- ING DIRECT Canada
- ING DIRECT USA
- Interbanking
- iTransfer
- Mercantile Bank
- Metro Bank
- Mid-Atlantic Corporate
- National Bank of Arizona
- Nationwide
- NatWest
- NBC Bank
- Nedbank
- NEFCU
- Nevada State Bank
- OceanFirst Bank
- Old National Bank
- OnVista Bank
- PayPal
- Peoples Bank OH,WV,KY
- Peoples Bank (MO)
- President’s Choice Financial
- PSECU
- Renasant Bank
- RBS Citizens
- Riverview Community Bank
- The Royal Bank of Scotland
- Santander
- Santander Rio
- Selfbank
- Selftrade
- ShareBuilder
- SiebertNet
- Smile
- Somerset Hills Bank
- Standard Bank
- SunTrust
- Synovus
- Torrey Pines Bank
- Ulster Bank
- United Bank
- USAmeriBank
- Valley National
- Vectra Bank
- Westfield Bank
- Yorkshire Bank
- Zions Bank
That’s quite a list, and it’s constantly growing. If you use any of them but haven’t been asked to download and use Trusteer, inquire about it. It may be as simple as clicking a link on your financial institution’s website to begin downloading and using Rapport.
Add Sites
When your bank, for instance, makes an arrangement with Trusteer, they establish the number of additional websites you as a customer may select to protect over and above the current, always protected sites, such as your bank.
It is our understanding that the typical number of additional websites that the user may add is 100. That’s usually sufficient, but a typical household user may request an additional license (free-of-charge we are told) to add even more additional sites.
Trusteer recommends that the user use Rapport to protect every site where the user is asked to supply a user name and password. You can use it for Twitter, Facebook, Google+, EBay, PayPal, Amazon, and all sorts of sites where you might feel more comfortable with an added layer of protection.
Ease of Use
Our staff at Hill & Usher has tested the software and found that it’s fairly easy to use. The help is straight forward. The user interface is about as simple as can be, considering the work the program does in the background while we go about our web surfing.
We recommend that once you’ve install the program that you go through the whole thing clicking on every menu item to read the various screens.
In terms of adding additional sites to protect, Rapport works with Firefox, Chrome, and IE. It will though protect added sites afterwards even if you use another browser, such as Opera or Safari.
Protects Unsecured Sites
Something we found encouraging is that Rapport will protect the login process even on un-secure sites or where the user can’t readily tell whether a popup login-box is secure or not. So, whether the URL says http or https, Rapport will still protect your login info.
In addition, the first time you attempt to log in to one of the protected sites while Rapport is up and running (you can turn it off – just remember to switch it back on before banking, shopping, or otherwise logging in), Rapport will ask you if you want to save the login info. You may opt not to without turning off future such prompts for the particular site, or you may permanently turn off the prompt for that site. It may give you additional peace of mind knowing that your login info is saved outside your browser and/or in addition to it.
Chrome
By the way, now is a good time to remind you, or to inform you if you weren’t already aware, that Chrome does not save user names and passwords in a secure fashion. The other two browsers use strong encryption and offer you the ability to enter a strong Master Password to protect all your user names and passwords.
Backups
Naturally, you should backup your user names and passwords to separate storage rather than chancing everything to one drive (hard drive or otherwise). Be sure your other storage medium is encrypted with a strong password.
Malicious Software
In addition to the protections mentioned above, Rapport helps protect against screen captures where a criminal will take a snapshot while you enter info. It also helps protect against password revealers.
There are all sorts of malicious programs out there that can find their way onto your computer unbeknownst to you or even your anti-virus software and firewall. That’s why an additional layer of protection, especially when you are doing financial transactions, such as shopping with your credit card, is so important.
It’s important to protect against Man-in-the-Browser malware and Man-in-the-Middle attacks along with Trojans such as Zeus, Silon, Torpig, Yaludle, and others.
Enterprise-Level
If you are an organization that employs telecommuter or any sort of virtual private networking, Trusteer offers enterprise-level solutions.
More Than Anti-Virus/Firewall
What does Trusteer say that Rapport does on top of your anti-virus and firewall?
- Locks down access to financial and private data instead of looking for malware signatures
- Communicates with your online banking website to provide feedback on security level and report unauthorized access attempts
- Allows for immediate action to be taken against changes in threat
For more information, visit http://www.trusteer.com/learn.
Once you download and install Rapport, be sure to visit every site where you log in. Then click the grey Rapport logo in the address field. After a few moments, it will turn green. You might have to click on it or run your mouse over it. You can always refresh the page too.
Of course, you should augment Trusteer’s Rapport with proper insurance coverage.
Insurance for Cyber Liability & Attacks
Services such as Trusteer can go a long way in reducing the risks associated with losing your personal- or organizational-login information to banking and other websites. In addition though, the insurance industry is rapidly evolving in response to such technology-related risks.
Commonly, policies protecting insureds (those covered by applicable insurance policies) from data breaches fall under the category of “Cyber Coverage,” which includes an array of first- and third-party coverage, such as the following (and more):
- Identity-Theft Coverage — Indemnity for expenses related to managing and mitigating an identity-theft event for the insured or in some cases, employees of the insured
- Security-Breach Liability — For neglect or omission by an insured that results in personal information being obtained by unauthorized parties
- Data and Cyber Extortion — Coverage for the insured’s loss when a criminal-hacker threatens to:
- Introduce a virus or malicious code
- Launch a denial-of-service attack
- Disseminate proprietary information of the insured or
- Destroy or prevent access to the insured’s computer system
- Security-Breach Expense — Coverage for mitigating expenses derived from a security breach including:
- Financial cost of notifying all affected parties
- Overtime pay for employees assigned to manage a data-breach event
- Fees and expenses for outside firms and consultants acting to field calls and otherwise mitigate damages and
- Cost of mandatory credit-monitoring services after a data breach
- Business-Income for Website Interruption — Coverage for losses resulting in the suspension of website commerce after a covered interruption
- Website-Phishing Liability — Coverage for 1) unauthorized content posted to insured’s website that infringes on copyrights, trademarks, or trade dress or 2) violation of a person’s right to privacy due to an error or misleading statement by the insured
The above is only part of the story of the ever-developing risk-exposure on the Internet and unfolding insurance-industry responses.
Contact Hill & Usher now to begin exploring how we may help you develop your Cyber-Risk-Response Plan, including financial support via insurance.
Happy safe-browsing from Hill & Usher.
Categories: Blog