1. The Technology Partner for Financial Institutions End User Best Practices Presented By:

2. The Technology Partner for Financial Institutions Best Practices Layered security Keep software up-to-date Firewalls Internet browsing Email Passwords Social networks/social media

3. The Technology Partner for Financial Institutions Layered Security

4. The Technology Partner for Financial Institutions Keep Software Up-to-Date Windows Patch Management Internet Explorer  IE 6.0 example Antivirus/Anti-Malware

5. The Technology Partner for Financial Institutions Patch Management Windows updates are constantly released  Typically on Tuesdays  Critical and security updates should always be installed Unless business reason not to  Larger offices and companies should consider a patch management solution like WSUS or HFNetChk Smaller office might want to enable automatic updates by following the screenshots below

6. The Technology Partner for Financial Institutions Patch Management Open Internet Explorer and click Tools-Windows Update to update computer

7. The Technology Partner for Financial Institutions

9. Accept Any License Terms

10. The Technology Partner for Financial Institutions Restart machine when install finishes

11. The Technology Partner for Financial Institutions Patch Management Once machine is up-to-date, you should enable automatic update to keep it updated

12. The Technology Partner for Financial Institutions Reboot For patch management to be completely successful reboots are most likely required Have users turn their computer off or restart at least weekly  Green advantages to turning off nightly if this doesn’t interfere with business needs

13. The Technology Partner for Financial Institutions Malware Antivirus/Malware  Both can cause production downtime  Both can spread to other machines  Both can be used to gather information to gain access to nonpublic information creating financial loss or reputation issues

14. The Technology Partner for Financial Institutions Antivirus Options avast! – Price range: $40.00-$60.00 - http://www.avast.com/index AVG – Price range: $34.00-$44.00 - http://free.avg.com/us- en/226284?cmpid=fs_hp_testa_226284 Kaspersky – Price range: $30.00-$60.00 - http://www.kaspersky.com/ McAfee – Price range: $40.00-$50.00 - http://home.mcafee.com/Store/Store7.aspx?cid=60460 Microsoft Forefront - http://www.microsoft.com/forefront/clientsecurity/en/us/default.aspx Symantec – Price range: $24.00-$37.00 - http://www.symantec.com/business/products/purchasing.jsp?pcid=pcat_secu rity&pvid=endpt_prot_sbe_1 Trend Micro – Price range: $27.00-$60.00 - http://buyonline.trendmicro.com/store/trendsb/en_US/home

15. The Technology Partner for Financial Institutions Anti-Malware option Along with antivirus solutions consider a separate anti- malware solution. Even if your antivirus solution includes anti-malware you will often have better luck installing a separate program for malware. One of the best programs on the market today for malware is Malwarebytes. Malwarebytes – Price range: $25.00 onetime fee - http://www.malwarebytes.org/mbam.php

16. The Technology Partner for Financial Institutions Key to Antivirus and Anti- Malware Programs You must keep both programs updated Review update options in settings of each program Set to update at least daily Schedule to scan a machine at least weekly  Even if it contains an “active scan” option

17. The Technology Partner for Financial Institutions Firewalls Hardware firewall  Preferred Software firewall  Minimum level of security  Free

18. The Technology Partner for Financial Institutions Windows Firewall Windows Firewall included in Windows XP Service Pack 2 and later  Blocks unsolicited Internet traffic to your computer Still should consider a hardware firewall  Windows Firewall should be enabled unless you are using a hardware firewall If unsure, turn Windows firewall on Follow screenshots below for enabling Windows firewall

19. The Technology Partner for Financial Institutions Enable Windows Firewall

20. The Technology Partner for Financial Institutions

22. Email Best Practices Never respond to unsolicited emails or instant messages requesting sensitive information Be wary of links or attachments in emails  Even from people you know  Hover mouse over links to see if link name matches website address Be cautions of emails with grammatical errors or misspellings especially if they contain threats, prizes, or request personal information

23. The Technology Partner for Financial Institutions Internet Browsing Best Practices Minimize personal web browsing on machines used for business or banking purposes (including online banking) Avoid clicking on links in pop-up windows Look for “https” in URL bar when entering sensitive information. A “closed” lock may appear in the URL bar also

24. The Technology Partner for Financial Institutions Passwords Passwords are key to security success  Weak or shared passwords open up vulnerabilities  Grant access to computers and programs Can not be shared, written down, sitting out

25. The Technology Partner for Financial Institutions Poor Passwords Contain less than 8 characters Word found in the dictionary Names of pets, family, friends, characters Birthdays or other personal dates Phone numbers Addresses Any of the above spelled backwards or preceded/followed by a digit

26. The Technology Partner for Financial Institutions Good Passwords Contain upper and lower case character Contain digits and punctuation characters Have no personal information (family/pets/etc.) Should change on regular basis (e.g. 60 days) Not be a word, slang, or jargon

27. The Technology Partner for Financial Institutions Other Considerations Do not use same password for personal and business applications When possible do not use the same password for multiple sites, applications, programs, etc. Do not share with secretary, family members, friends

28. The Technology Partner for Financial Institutions Password Don’ts Don't reveal a password over the phone to ANYONE Don't reveal a password in an email message Don't reveal a password to the boss Don't talk about a password in front of others Don't hint at the format of a password (e.g. "my family name") Don't reveal a password on questionnaires or security forms Don't share a password with family members Don't reveal a password to co-workers while on vacation

29. The Technology Partner for Financial Institutions Passphrases Consider using passphrases  Good because contain several words with usually a high number of characters, upper/lower case and punctuation. Sample Passphrase  "TheTrafficOnThe101InTheMorningIsBad!"  “I’mAlwaysLateToWork!”

30. The Technology Partner for Financial Institutions Letter Substitution Another good option is letter substitution L=1 o=0Or O=() S=5Or S=$ E=3 a=@ i=!Or I=1 t=+

31. The Technology Partner for Financial Institutions Letter Substitution JohnySmith = J()hny$m!+h Combine a passphrase with letter substitution for a really strong password ILoveMyBoss becomes !10v3MyB()$$  Which do you think is harder to break?

32. The Technology Partner for Financial Institutions Password Safe Consider a password management program Find one that encrypts passwords and is trusted One free program is Password Safe  http://passwordsafe.sourceforge.net/

33. The Technology Partner for Financial Institutions Social Media Be careful what information you share Check security settings under “Settings” or “Options” menus to limit access to personal information

34. The Technology Partner for Financial Institutions Other Resources http://www.ftc.gov/bcp/edu/multimedia/inter active/infosecurity/index.html http://www.ftc.gov/bcp/edu/multimedia/inter active/infosecurity/index.html

35. The Technology Partner for Financial Institutions Questions