Latest Entries
Posted by Jason Sherrill
Banks and credit unions should plan ahead for a fast and efficient response if their main website is ever hacked or defaced in any way. One key preparation step is to have a failover or disaster recovery website that is always online, free from infection of any malicious code, and ready to replace the main website temporarily. Unfortunately, not all content management systems or website platforms allow for multi-server web farms or geographically distributed systems. Even when the platform does support it, not all banks and credit unions can afford the costs. Let's look at a way that banks and credit unions can do failover on a budget.
Posted by Jason Sherrill
There are a few terms that people commonly use in corporate America today that make employees feel more like machines than talented souls with the capability to deliver meaningful work and positive customer interactions. Managers often use one of these words frequently and casually without knowing that it invokes cringes and barely discerinble muttering form the most talented people in the room.
Posted by Matt Davis
The latest FFIEC security guidelines recommend that financial institutions add multi-factor authentication (MFA) to all Internet systems, including website content management systems. Most website content management systems do not yet provide multi-factor authentication, but we have a solution for that.
Posted by Jason Sherrill
In this video post, I share advice that is applicable to all websites, but is a topic that we encounter frequently on bank and credit union websites and nearly always have to address. Fixing usually takes just a few minutes and will make your website easier to use and support for your customers.
Posted by Jason Sherrill
It’s 2015 and many banks and credit unions are still spending time and money supporting Internet Explorer 7 and 8 while simultaneously trying to move forward building modern responsive websites optimized to take advantage of current desktop and mobile technologies. How should a bank or credit union determine when to stop officially supporting old browser versions on their websites?
Posted by Jason Sherrill
Certified Public Accountants handle enormous amounts of sensitive data when working with their business and individual clients, but many CPAs are not aware of the risk that they're subjecting their clients to when they send or receive documents through many common sharing methods today. Let’s look at three of the most common methods by which CPAs unwittingly put customer data at risk.
Posted by Jason Sherrill
This is one of those calls that makes the hair stand up on your neck. A customer calls your service center distressed because she is seeing suspicious looking pop-ups for credit reports, free loans, or unseemly products when she visits your site. She is concerned that your website has been hacked. You have followed good security practices and your trusted security partner has said that there is no malicious code on your website. What could be causing your customer to see this unusual pop-ups touting free credit scores or credit card offers only when she visits your website?
Posted by Jason Sherrill
I work with many new banks and credit unions every month to help them launch new websites, migrate websites into new hosting environments, and help put DDoS mitigation and other security protections in place. A surprising number of the financial institutions that come to us for help are in a very precarious position with regard to ownership and access to the control mechanisms critical web properties, including their domain registrar account and DNS administration. When time is of the essence, not knowing who holds the keys to these web properties can create significant delays in getting services transferred or restored. If you’re a bank or credit union executive responsible for managing disaster recovery or information security risks, you should set aside some time today to ensure that you know who manages these three important assets.
Posted by Jason Sherrill
A Delivered Secure user recently asked what the External IP Address and Browser UserAgent String values are that we provided in an email notification when someone picks up a file you’ve sent. These two pieces of information help to form an audit trail and provide the sender of the secure message a level of validation that that person who received the files is intended recipient. Are there any security risks associated with highlighting this already public information? Let’s explore that question further.
Posted by Jason Sherrill
Usually the first question prospective clients hope I can answer quickly is, “How much is this going to cost?” That’s a reasonable question, but unless you know exactly what you want and can provide detailed specifications to your development team, you're not likely to receive an estimate with high degree of accuracy. In most situations, you'll achieve a better outcome by sharing your budget amount with a trustworthy partner and asking, "I have X dollars available for this project. How can I best maximize my value in this project?"
Posted by Jason Sherrill
Banks are naturally concerned when a customer reports that her security software is identifying the bank's website as a potential phishing site. In many cases, these reports are false positives and do not mean that someone has compromised your website, but there are steps that you should take to ensure the safety of your website and to assure your customers that the site is safe.
Posted by Jason Sherrill
Peninsula Bank is nestled in Michigan’s Upper Peninsula, a region where you can still have snowball fights in July, but people are unusually warm & friendly. When the awesome folks there asked us if we could help them modernize their website, we were happy to oblige.
Posted by Jason Sherrill
The Filene Research Institute unveiled its latest cool web app called Mintuition (www.mintuition.org). Mintuition will help students and parents better evaluate college and career choices by helping to quantify the Return on Tuition a student can expect after completing a degree from various colleges. Filene gets all the credit for the data analysis and fancy algorithms driving the web app, but we’re quite proud of the responsive design and slick code driving the app.
Posted by Jason Sherrill
When you upload documents, such as PDFs or Word files, to your website you may be unwittingly divulging information that could prove useful to hackers and other outside parties. If you’ve had any sort of vulnerability assessment performed on your website, you may see a reference to this metadata existing on your website. While it’s a relatively low risk threat, to stay in the good graces of your risk department, you’ll likely want to remove this data from documents before you publish to your website.
Posted by Jason Sherrill
Delivered Secure, our secure messaging and document delivery web app, is getting a handy new feature and some security enhancements. The new Drop Off feature will be especially useful for loan officers in banks and credit unions.
Posted by Jason Sherrill
If your organization provides any computer security training at all then it should be no news to you that long, complex passwords are more difficult to crack than the more simple passwords that most users choose today; however, nearly all people I’ve talked who work in banks don’t realize how fast their passwords can be cracked by today’s modern computers. Many people will be surprised at this chart.
Posted by Jason Sherrill
Email marketers are used to a majority of recipients ignore their email campaigns. After ignoring dozens or more, Stonyfield finally did something yesterday that got me to open one of their campaigns, and I loved it!
Posted by InetSolution STaff
Have you ever mistyped an email address? Ever had someone misspell yours? Email address typos occur all the time, and these misspellings can actually be a very large security concern for your business.
Posted by InetSolution STaff
Passwords, ugh, don't you hate them? Passwords are a shared annoyance and inconvenience for all of us these days. Passwords are our main line of defense to verify we are who we say we are and to protect our identity and data. Since passwords are such a critical component to our daily technology lives we've been forced to make them less "guessable" more cryptic and thus harder to remember. The most common technique for making your password has been to take a word, it is called a pass-WORD after all, and add some capitals, a number and then maybe some funky symbol like #, % or !. This is great, but surprisingly enough, this isn't really as secure as it could be AND it's silly hard to remember. Today the witty folks at xkcd, an online daily comic for techie nerds such as ourselves, posted a great little comic covering this topic.
Posted by InetSolution STaff
Secure File Exchange is one of those apps that we just love to work on because there are so many creative ways our customer's using it. So, we figured we would share a few: