The Bank Tells Us To Disable Security!

by | Feb/13/2014

Ask your IT Professionals, “Has any vendor, even the bank, asked us to reduce security levels on any of our machines or the network?” Counterintuitively, the bank often tells your IT professionals to disable important security protection. This happens when your bank gives you a program or web site in order for your users to make online deposits, pay bills, calculate payroll, or do anything else related to banking.

By the way, here is a short 2 minutes and 40 seconds video that explains this: 

Is the bank kidding? Reduce security? Really? One of the reasons you have security is to protect against attackers gaining access to your online banking!

Often, banks tell IT to disable protections so you don’t experience technical difficulties. If your security measures mistakenly identify the bank as an attacker, the online banking may not work right.

Two key points:

  1. The bank is simply passing along instructions from the company that provides the electronic banking services to the bank. This isn’t the bank’s idea.
  2. It isn’t just banks. Some of our customers have insurance software providers, medical applications, voice enabled tools, etc, telling our customers to reduce security on some of the customer’s machines.

So what do you do when a vendor tells your IT Pros to lower your defenses? You tell your IT person to keep security in place and to open up the bare minimum that the banking functions need in order to operate properly.

Tight restrictions are the key. Your IT Professionals know that they can still protect users when the users visit other web sites, and still set a browser exception just for the bank’s site. Your IT Professionals understand about reducing security only on source and destination locations (in this case, between your network and the bank) in order to provide more leeway during online banking communications but still restrict other communications.

Sometimes banks recommend that you set up a separate computer to use only for banking. See: Should Executives Buy a Second Computer for Banking?

There is a chance your IT Professional may elect to configure a “virtual computer” inside one of the workstations so you don’t need to buy another machine. The same posting, Should Executives Buy a Second Computer for Banking?, includes information about a third strategy too.

In a perfect world, 100% of the companies that provide software applications to banks (and elsewhere) will invest the time to make their applications function properly with strong security still in place.

But vendors are incentivized to produce “inexpensive” software. Things will get better when enough Executives, like you, start understanding this problem, and demanding better service!

If you haven’t already, ask your IT professionals if your banking applications mandated any kind of reduced security settings. Your IT Pros will be happy you started this discussion. They want to keep your network secure and sometimes don’t want to interrupt you and respect your dedication to your own tasks.

Please forward this to your friends and post your comments below…