Security Precautions to Take Following Citibank’s Second Reported Online Breach

 

Updated Feb. 4, 2012 

Citibank’s acknowledgment that private information of 360,083 North American Citigroup credit card accounts was stolen by hackers, which affected 210,000 customers, serves as a warning for all businesses and consumers to take precautionary steps.

The bank’s May, 2011 security breach wasn’t reported until weeks later. Originally, Citibank said 200,000 accounts were affected.

None of the reports I found pointed out that it was Citibank’s second reported major security issue in just 18 months. Soon after the bank’s first breach was reported, it seemed as though the security issue was buried. There weren’t any follow-up reports.

That’s when I wrote the column, How to Protect Yourself from the Internet Crime Wave, quoting Dr. Stan Stahl, a nationally known security expert based in Los Angeles.

Over the years, Dr. Stahl has been a valuable resource – some of the most-widely read Biz Coach columns have included his expert opinions, especially these three columns:

Our Mobile-Banking Warnings about Security Prove Prophetic

Using Starbucks’ WIFI? Security Pro Issues Warning and Security Checklist

5 Safety Measures to Thwart Mounting Social-Network Attacks

A security expert I’m not, but I’ve learned from Dr. Stahl’s valuable insights.

In addition to the tips in the above columns – whether you’re a Citibank customer or not – I’d suggest immediately taking these defensive computer measures:

1. Change all log-in information. That means all banking, retail credit card and e-mail passwords and information.
2. Make certain that you don’t use the same password twice.
3. Install adequate firewall and anti-virus protection on your computer.
4. To limit your exposure, use the same computer for your financial information. Never use it for social media networking.
5. Review all privacy and policy information.
6. Avoid using your debit card online. At least personal credit cards offer liability protection under federal regulation. But business banking is not federally protected – it’s left up to individual banks, so check your bank’s policies regarding your company’s accounts.
7. Don’t conduct financial transactions over WIFI.
8. Don’t do mobile banking.
9. If you get an e-mail allegedly from your financial institution, act like an all-pro football defensive end. Prevent an end run. Assume it’s a fraud. If you must communicate with your financial institution, make a telephone call or a personal visit.
10. When doing your online banking, be sure to type in the financial institution’s Web address in your browser.
11. Regarding the security questions, be creative and don’t list the right answer, which might be obvious to any hacker who learned about your personal situation.
12. Check your financial accounts daily.
13. If your account is compromised, quickly take appropriate action.

For your company’s management controls, Dr. Stahl has previously recommended taking six precautions:

1. Don’t allow your employees to use your computers in social networking.
2. Establish a list of allowable web-sites.
3. Closely monitor your bank account.
4. Train employees in social engineering awareness.
5. Change the mindset of your managers and employees – if something seems odd, say no and call for Internet security.
6. Strengthen your defenses.

Cybercriminals, I’m sad to say, are here to stay. Do your due diligence.

(Note: Dr. Stahl and I are fellow members of Consultants West, www.consultantswest.com, a roundtable of veteran management consultants.)

From the Coach’s Corner, here’s Dr. Stahl’s cyber security blog and his Web site.

“In a world in which the total of human knowledge is doubling about every ten years, our security can rest only on our ability to learn.”

- Nathaniel Branden

 

__________

Columnist Terry Corbell is also a business-performance consultant and profit professional. Click here to see his management services (many are available online). For a complimentary chat about your business situation or to schedule Terry Corbell as a speaker, why don’t you contact himtoday?