With the dramatic increase in spyware, the FDIC has issued an updated guidance to financial institutions; recommending an effective spyware prevention and detection program based on an institution's risk profile. This guidance discusses the risks associated with spyware from both a bank and consumer perspective and provides recommendations to mitigate these risks.
Some of the recommended actions to mitigate the risks associated with spyware are:
Maintaining software patches.
Installing and maintaining current versions of anti-virus and anti-spyware programs.
Expanding the risk-assessment process to consider threats from spyware.
Implementing tools to scan e-mail for SPAM and either block the e-mail or designate it as SPAM.
Implementing tools to restrict or prevent pop-up windows.
Reviewing the list of trusted root certificates on a regular basis.
Investigating the implementation of multi-factor authentication methods.
Spyware creates significant risks to financial institutions and its customers. Practices to prevent and detect spyware should be regularly reviewed to ensure that an institution is aware of all risks to its systems and to sensitive customer information. More information on the FDIC's spyware guidance is accessible by utilizing the following link: http://www.fdic.gov/news/news/financial/2005/fil6605a.html.
