Pub. 6 2017 Issue 7

October/November 2017 33 l e a d i n g a d v o c a t e f o r t h e b a n k i n g i n d u s t r y i n k a n s a s in your association’s trade journal is a solid approach to business development. Business publications are rated the first choice for staying in touch with what’s going on in their sector by 61% of decision makers. 83% of managers would recommend to people starting a career in their sector to read the business publications. If I didn’t read them I wouldn’t know what’s going on. With the information we gather from the publications , we can determine if we are on the right track or if we need to change direction. 71% of decision makers believe that B2B magazines are essential reading. I would be lost without my business publications. Kris@thenewslinkgroup.com | thenewslinkgroup.com | (v)727.475.9827 ADVERTISING in your association’s trade journal is a solid approach to business development. Secondly, restrictions should be in place for connecting to the Internet. This includes not only general ingress (incoming traffic) and egress (outgoing traffic) filtering at the firewall level but also blocking access to sites and site categories that are not necessary for business use. At the firewall level, any known malicious IP addresses should be blacklisted and access to/from any external IP should not be allowed but instead limited to IPs for the core provider, IT vendor, etc. As far as site category blocking goes, a number of categories should be restricted from all employees such as gambling, adult, and file sharing while other categories such as webmail, cloud file storage, and social networking should be restricted from most employees with exceptions granted for legitimate business use only if approved by the board and senior management. It is surprising how often we see a disconnect between the number of security controls in place for company email through Exchange/Outlook and the wide-open access granted for personal email sites. Malicious email is being sent to ALL available email addresses, and personal web based email is possibly even a bigger threat than business email due to the lack of controls in place. Finally, it all comes down to the user, which is both an encouraging and frightening statement. All it takes is one individual to download ransomware or visit a malicious site for company systems to be compromised. Because of this, most businesses take a defense-in- depth approach that includes firewalls, antivirus, effective patch management procedures, email filtering, and various other items but sometimes this approach skimps on training the employee that is actually using company systems and accessing critical data. Hardware and software is important, but there are times when these controls will fail and at that point it is up to the individual employees to maintain effective security. They need to be informed and reminded about acceptable Internet usage and then tested to ensure this knowledge is retained and put into practice. In summary, even though it was created without security in focus, the Internet can be safely surfed if the proper precautions are taken, effective controls are put into place (and tested!), and users are trained to be aware of the sites they visit and the actions they take when connected to the web. Daniel Lindley is a Security and Compliance Consultant for CoNetrix. CoNetrix is a technolo- gy firm dedicated to understanding and assisting with the information and cyber security needs of community banks. Offerings include: information security consulting, IT/GLBA audits, security testing, cloud hosting and recovery solutions, and tandem software, used by over 1400 financial institutions to help manage their information security programs, cybersecurity, and more. Visit our website at www.conetrix.com . 1 https://www.avecto.com/news-and-events/ news/94-of-critical-microsoft-vulnerabilities-miti- gated-by-removing-admin-rights