Security Assessment Check For Premier Commercial Bank - Essay Example

? SECURITY ASSESSMENT CHECK FOR PREMIER COMMERCIAL BANK EXECUTIVE SUMMARY I am a senior employee of the Premier Commercial Bank working as an Internal Systems Controller in the IT Department. My major duties involve ensuring that all systems and security measures within the bank are well advanced and kept up to date. I will also liaise with the head office to ensure that any new systematic procedures introduced are also communicated down to our sub-branch to enable effective dealings of the bank operations. About two weeks ago, the Chief Security Analyst of the Premier Bank Head office Branch authorized me to perform a security assessment check on my bank branch so as to determine its vulnerability and its proneness to any major security break down. I performed this security check in collaboration with Securex security firm Premier commercial bank is one of the largest asset financed bank in the region that has a broad customer base across the region. The bank deals in so many transactions and they are as outlined; depository transactions, withdrawal transactions, credit advancement services, Personal and business loan services, mortgages among others. In line with our mission statement, Premier commercial bank seeks to maintain proper custody and care of the client’s money at all times. This is done through ensuring that proper handling and correct security measures are complied with so as no to contradict our goal. Within the Bank there are certain sections that may be prone to security violation and they include: Automated Teller Machines, Mobile banking services, Internet banking, Electronic money transfers, physical building security, safety of cash in transit, Strong money room and the banking hall. All these are areas whose security has to be properly counterchecked at all times. The outlined areas are vulnerable and susceptible to vandalism. Recently there was an anonymous withdrawal at the ATM machines by an unknown persona that involved loss of huge amounts of money. Again many cases of theft of cash in transit to the Central bank were reported. These were also followed by sequence of fraudulent transfers of money to offshore accounts by the bank personnel. This was after a recent bank robbery scare within the branch. As a senior security analyst would be obliged to give the following recommendations so as to minimize if not put to an end to all threats to Premier Bank’s state of security. There should be a web cam at the ATM machine to keep track of all those who come to withdraw money from it. Secondly there should be proper password protection and authorization so as to minimize theft by the bank personnel who deal with electronic transfers of money within and out of the region. Thirdly, the security guards who escort money on transit should have the right facilities so as to sustain security measures. This could involve provision of car trackers that may be monitored incase the vehicle is hijacked. In this view during the escort there should also be some law enforcement like police officers who’ll maintain and propel security measures. Security assessments refer to conducting vulnerability tests and assessments tests on business or any working environment in order to keep its networks protected. This may involve physical security such as guards and use of closed circuit camera systems. A security assessment may be performed by an IT or internal security expert or through the use of hiring security firms to check for any loopholes in the current security procedures. A vulnerability check is designed in a way that enables a firm to know its potential areas of weaknesses and the information obtained may be used to enhance security. The security assessment test of Premier Commercial Bank conducted by me and the help of Securex security firm is geared to produce a conclusive report of the bank’s state of security. Investigations were carried out in all areas of the bank operations through the use of interviews, physical inspection, work experience and the recent breach of security within the bank’s premises and the following report summarizes our findings. Conducted interviews A series of interviews were conducted to get different opinion concerning the state of security of Premier bank. The participants were bank’s personnel plus the bank customers. The bank personnel included; Security guards, ATM controller, the manager service quality and compliance, cash transportation personnel, Electronic funds transfer operator, and casual bank workers. Each of the participants had with them different opinions and concerns regarding the bank’s security system. Looking back to the previous ATM vandalism, the ATM controller said that lots of people are nowadays impacted with IT knowledge to the extent that they can easily forge passwords and secret identification numbers which are electronically generated and thus causing fraud at the ATM machines. He proposed that there should be an installed web cam that would capture any person attempting to withdraw money from some ones account. He further advised that account holders should at all times maintain secrecy of the highest order to prevent a third party from observing their secret identification number. The security guards mentioned that most people entering the banks sometimes refused to undergo a security check and as such most entered the bank with some undetected weapons like guns which are used to perform robbery. The security guards complained that the alarm system should be updated so as to enable quick reaction once it is pressed. This delay in response led to the intense bank robbery previously witnessed at Premier branch. The security guards also proposed that there should be a thorough check at the bank’s entrance and exit to ensure that no one enters or leaves the bank’s premises with people’s belongings. The security guards commended that for efficient bank operations, proper security measures should be adhered to The control operator who monitors activities using the CCTV requested that it should be updated so that it may be able to capture the entire section of the bank instead of partly coverage. This would ensure that all areas are well monitored and observed so as to keep an up close of all the bank operations. A recent report showed that some one entered the bank with a device that made the CCTV images appear blurred but an earlier detection was made before any robbery was done. Bank customers were also interviewed regarding the nature of security at Premier Commercial Bank. They reported their worries concerning the recent robbery but they were assured that their money was in safe hands. Besides that one time incidence they commended the bank’s management efforts in maintaining the general security within the bank. They however said that there should be more policies measures that should be implemented in order to minimize fraud at the ATM machines. Security checks may be viewed as an engaging exercise meant to take up an employee’s productive time especially where no threats been observed and therefore some of them may be unwilling to cooperate in the assessment. The organization may however find this exercise easy and cheap to improve on an existing security as compared to having to implement a new system after the old one is breached. When it comes to the personnel, it was found out that there are certain simple things that they usually do on a normal occasion that they end up putting the bank’s security state at risk. For example, on a normal day some of the employees leave the back door open so as to make it easy for them to leave for their normal cigarette break. They do this on a daily basis subconsciously not knowing that, that could be the time robbery may take place. Though as at yet no robbery has occurred in this manner, but it is presumably thought that robbers could be easily tipped with this information and they may take to their advantage to conduct a robbery. Along the same lines, internal employees may also have an upper hand in violating the entire security system. This happens if there a low number of staff where there is a lot of password and login addresses being shared. To conduct a fraud, one needs to have a motive, opportunity and the means to perform a fraud. If one has all the three keys they can easily conduct a fraud through sending sensitive emails concerning the security vulnerability of the bank or even through sending unsecured email accounts. All these are ways of anonymous tips for a fraud to take place. When there is a heavy workload, an employee may leave the institution yet their passkey or pass card has not been returned. Another employee with a motive to commit a fraud may end up accessing secret credentials and may use to their own advantage. This exposure very crucial in away that theft is committed as an inside job and this may be very difficult to expose since all employees are assumed to be trust worthy full of integrity and business ethics. The Organization Security Requirement As a financial firm, Premier commercial bank ascertains that there should be proper security measures within and out of the bank. The IT and security alert control department has made sure that the bank is well installed with the various security detectors to monitor the bank activities on a daily basis. Among the areas of vulnerable exposure, there are proposals to equip all technical and mechanical devices for an efficient security measure. This includes; good alarm system, a good camera security, computer network security, wireless security camera and a networking security. Among these the bank has managed to secure an alarm system, and a good camera security. The other devices are yet to be purchased though a proposal written for their purchase was already sent to the bank’s treasury office. In promoting physical security of the bank, the security guards should have the necessary training and a proper upgrading of their skills on a constant measure for relevance should any attack occurs. The company has set aside some money to facilitate the training that takes place twice a year. Also the bank’s employees are also given some simple routine tasks that they can conduct during an attack. They are taught on how to use the alarm system, how to behave during a robbery, ways in which they detect fake money and how to use the press button beneath their desks to call for laws enforcement without causing panic to other customers once they suspect the entry of a robber. The employees are constantly reminded by the management to change their passwords occasionally so as to prevent fraud if any of their pass words or login addresses has been compromised. Any one found violating these requirements, necessary measures will be taken against them and faces the law with dire consequences. A good jail term may serve as a punishment for any violator. Threats and Vulnerability The bank is a common place for everyone to enter and that there is no discrimination as per whom enters the premises. In this respect, everyone entering the premise may pose as a potential robber. The staff should always be alert while serving the customers as they could be coming in with a motive to conduct a robbery. Due to the resemblance nature of money, there could be customers that come in to the bank with fake money without good detection the customer my end up getting away with an illegitimate deposit. This is usually a big threat to the banking industry where we have lump sums of fake money. Internet banking is another vulnerable transaction that may be exposed to malpractices. A greater number of citizens around the globe are well versed with internet operations and they easily hack into the systems account. This is done through a code generation process that make it possible for the fraudsters to access individuals account such that money wired to off shore accounts can be tampered with before reaching the destination as a result of online hacking. An example of password hacking is shown in the photo below. Many individuals who are knowledgeable in computer technicalities and software malfunctions can easily perform unauthorized transactions. One of the threats in financial institutions is Cyber Crime. This refers to a criminal activity that is performed using computers and the internet as well. It includes downloading illegal lyrics and music files, stealing billions of shillings from online bank accounts. Internet banking is one of the areas that are prone to this malpractice. Cyber crime also includes non monetary offenses such as creating and distributing computer viruses on people’s and organizations computers or even posting business information that is confidential in nature on the internet. There are various types of cyber crime and a vast one is the identity theft. This is where criminals use information that is very personal to steal or embezzle money and other personal effects from other users. The two most common ways in which this theft is done is Phishing and P harming. Both methods have the effect of luring users into fake websites that may appear legitimate and they are used as key to enter personal information. This may include login information like usernames, passwords, phone numbers addresses, credit cards, bank accounts and any other information that a fraudster may use to perform criminal activities. To curb cyber crime, Premier commercial bank has equipped itself with security systems that are majorly geared towards protecting cyber crime related threats. It is therefore advised that for the personnel performing online transactions, they should make a habit of checking the URL or website addresses of a particular site to make sure it is legitimate before entering any personal information. Computers and internet use may have come to make our lives easier but it is however unfortunate that there are other people who use these technologies to take advantage of others. The graph below shows the amount of cyber crime conducted in a span of 7 years Mobile banking The use of mobile phones for banking transactions is on the rise. Many people would prefer to use their mobile phones to facilitate banking transactions because of their convenience. However they are easily compromised in terms of money transfers and information transfers. There are certain flaws that the mobile money transfer application has faced and as such making them unreliable. These flaws include; Mobile Mal aware and Zeus attacks have been recently been recognized. This happens though the use of mobile internet where certain information can be easily identified and trapped or hacked out of the system. Use of social sites Due to the increasing number of people using social sites like face book and twitter, some people end up revealing confidential information that can be easily compromised and used for fraudulent activities. The use of social sites should be well monitored and people should not give out information that may be used against you. This happens when there is an appearance of fake sites that recommend someone to give out their bank details in pretence of winning certain awards. The same lines social sites may be used by internal employees to give out sensitive data or leaking out sensitive information about the bank’s operations. Premier bank has within its policies that all social sites should be monitored so as to prevent any leaking of sensitive bank information to the public. This may be some how difficult because as time goes by everyone joins face book and twitter and as a result it may be impossible to limit their access. Employees are therefore advised to know what to post in those sites and that posts should not be job related and if they are the posts should not have neither their jobs nor the bank compromised. Phishing This is a way of fraud where fraudsters create certain polished messages that target every detail of the bank. These messages may require a customer to provide certain details about their bank accounts and as a result they end up losing millions of money to a trick message. To fight these threats, customers are educated on how to distinguish genuine messages from the bank and those from tricksters. Inside attacks These are form of frauds where the security infringement comes from within the bank. This is usually performed by employees who end up exposing the bank in one way or another. Another in way in which this can also occur is when an outside employee poses as an insider and has access to confidential information and internal servers or even the systems. When one has his or her pass word compromised serious illegal transactions may occur where illegal transfers and authorizations may take place. ATM Skimming The skimming of ATM’s has been on the rise where cases have been reported of anonymous withdrawals from bank accounts. The criminals usually try and break in to the card system and tap some information where it is easy to read the personal identification numbers of the purported card holder. This happens because most criminals normally rely on wireless information to conduct a fraud. This can be minimized using strong card holder radio frequency identification payments or use of microchips technology. This could be the best way of ending ATM skimming though it may be very costly. CCTV- Closed Circuit Television This refers to the use of video cameras to transmit signals to a specific place on a set of monitors. It is a TV system whereby signals are not distributed publicly but are primarily monitored for surveillance and security purposes. CCTV mainly relies on strategic placement of cameras and observation of cameras and observation of the cameras input on a specific positioned monitors. It is a very important security device in an institution as it gives the general overview of the happenings in all corners of the institution. The main purposes of CCTV include: Maintaining high security in medium to high areas of security through installation. Observing behaviors of incarcerated criminals within a law enforcement area like prison. Obtaining a visual record of the activities of an institution especially in situations where it is necessary to maintain proper security to access like the banks. The use of CCTV system at the Premier commercial Bank has not been efficient enough and therefore the IT department and systems controller should male sure that its proper usage and maintenance is kept abreast with the bank’s daily operation activities. Intrusion Detection System (IDS) An ID is a system that collects information from a variety of systems or networks sources and analyses the information for any signs of an intrusion and any form of misuse. IDS have many benefits to an institution in that earlier detection of crime can easily be sustained before a major downfall occurs. Its benefits include; Monitoring and analysis of user the activities of the computer user Auditing of the vulnerabilities and configurations of the system Assessing the integrity of the data files of the system Recognition of the pattern of activities that may lead to planned attacks Analysis for statistical patterns for any abnormal activity The combination of the above features allows the system administrators to easily and sufficiently handle the monitoring, auditing and assessment of their systems so as to find any signs of external intrusion or local computer misuse. Mechanical or Electronic Security measures Security measures are aimed to protect all the personnel and intellectual property right within a firm. There are different measures beginning with the sophisticated they include; Biometric identification, Metal detectors, video assessment, surveillance systems, armed security personnel and radiation detectors. Technical measures include; Locking all doors and entries that lead to sensitive rooms and controls, lighting parking lots in order to observe if there is any intruder hiding inside. Simple techniques may include; checking one’s identity card comparing photograph and signature to check for resemblance of the transacator. External intrusion detection systems are installed in order to observe any one crossing a boundary of a protected area. Internal intrusion systems on the other hand are meant to prevent penetration and access though perimeter barriers and walls. Other electronic measures that were proposed by Securex security firm include; Structural vibration sensors, glass breakage sensors, passive ultrasonic sensors and video sensors. Among these there are also interior applications that include; alarm assessment, card reader assessment, and emergency exit activation assessment. Video assessment and surveillance systems may be monitored in real time or recorded which can be viewed later. Another measure of curbing security infringement includes; entrance controlled systems where the entrance should have walkthrough detectors to check for any foreign entry material into the bank’s premises. There should also be a guard verifying system that authorizes the entry of a person. This is done through the comparison of one’s photograph and personal traits of the person seeking entrance. Entrance security check can be performed using personal identification number, credentials and other features like finger prints checking. Other important measures include: Vehicle inspection systems for arriving vehicles. Duress alarms installed at fixed locations Mail packaging screening through the use of screening technologies that may detect components of explosive devices Guard force Detection and Delay Role Guard forces with detection or delay role generally monitor operations through the use of video surveillance equipment, check credentials and patrol and they are located in a lobby area or patrol area. In large facilities security guards may be stationed in protected in booths with hardened walls pass tray, access denial system, CCTV monitors, radios and telephones. Delay role come in situations of say delay counter talk where increase duration of an attack can be done by allowing occupants to remain safe and secure until response forces arrive. Also delay can be done through delay at a distance where the guard increases the time that elapses between the detection of a terrorist attack and the real onset of an attack to buy time for the response forces to arrive. Recommendations Among the findings that were obtained through the assessment check, a big number of them require certain attention in order to enhance security at Premier Commercial Bank. To protect the physical security the following was recommended Proper installation of CCTV in the Commercial Bank. There should be a perimeter wall protection to prevent entry of unauthorized people. Installation of burglar alarm systems Ensure that all door locks and cameras are working Ensure that there is a 24 hour guard at the premise To protect cyber crime and internet transactions Carefully usage of log in addresses and creation of passwords. Checking the URL and website addresses before entering any personal information. Use of antivirus and spyware blocking soft ware Scrutinize software which employees may have downloaded from the internet To enhance security of staff workers Continuous training on security matters in the department The above measures are not costly and can be implemented to enhance security at Premier Commercial Bank and if well adhered to they can be of minimize the rate of insecurities in the bank. References Searchet, K. (2011, January 23). My Securities. Retrieved March 22, 2012, from Coping with Malpractices: http://ecommons.txstate.edu/arp/109 Walker, T. (2010). Security Rights. Efficient Banking Security , 34-50. Read More