New Precautions from Banks about Online Banking

It goes without saying that the cybercriminals are getting smarter... a lot smarter, and they're writing more and more sophisticated trojans, viruses, and all forms of other malware to get at your computer and ultimately your data and personal information.

What this has led to is a banking industry group, Financial Services Information Sharing and Analysis Center, to recommend their member banks notify their customers (i.e. businesses who do online banking) to take much more stringent means to ensure secure communications between their business and the banks.

According to the Washington Post's Security Fix blog which has a post, Tighter Security Urged for Businesses Banking Online on this very topic,

"The group recommends that commercial banking customers 'carry out all online banking activity from a standalone, hardened, and locked-down computer from which e-mail and Web browsing is not possible.'"

What this means is: have one computer that does absolutely nothing but talk to the bank, get Windows updates, and (in our view, of course, antivirus updates).

This raises a couple of questions:

1. Is this practical?
2. If it's recommended for businesses, why not for consumers, too?

As to the question of practicality, it may or may not be. For a company where there's more than one person doing the bookkeeping and banking, perhaps a couple of additional computers might be a small cost to absorb.

For a large company, this just isn't practical; however, there may be other alternatives like a Linux "LiveCD"

As for it being practical for consumers, that isn't likely either.

How many people have the space and money to have a computer just for banking--not to mention the time to set it up and keep it updated, though running a good, modern antivirus product can certainly help reduce the likelihood of an infection in the first place.

Lastly, lest it go unsaid, use your head when you're doing online banking! Make sure you're on an https page when you connect, and if you know the website address of your bank, which you should, bookmark the link.

This way you can be much more aware that you're going to the right URL and not accidentally going to a fake (but very real looking!) version of your banks website.