Online Security Practices
iStream takes online fraud seriously and works diligently to ensure that we follow best practices to keep your information safe and secure. iStream uses Secure Socket Layer (SSL) technology to encrypt information as it moves over the Internet and multiple security controls to help protect against unauthorized access to or use of your information. Even with such efforts, security is something that needs to be taken very seriously. iStream strongly encourages you to consider the following to further enhance your security best practices.
Passwords
- Select passwords that do not directly stem from commonly known information such as iterations of your name, user ID, birthdate, etc.
- Select passwords that consist of a combination of upper and lower case characters, numbers and special characters
- Heed reminders that prompt regular password changes – – these suggestions are in place to further protect your sensitive and personal information
- Do not share or write down your passwords. Use passphrases or other techniques to remember passwords. Also limiting physical access to computers, such as by logging off when you are away, supports higher levels of security
- Avoid “phishing” scams, which are attempts by others to obtain your personal information, passwords or other sensitive data through illicit means. We will NEVER requests that you verify a password or other sensitive information by email
Anti-Virus Software
- Be sure to install and keep updated an industry leading anti-virus/anti-malware software application. This is a critical step in the overall process of proactively protecting your personal information, as malware is a leading cause of Internet security breaches .
- Do not download any software or open any email attachments that are not from a trusted source. Follow the “sandwich” rule for opening attachments – if you don’t know what it is or where it came from, don’t eat it
- When you do download any software from the Internet, be sure to scan it to check for viruses or other malicious threats before installing it on your computer
- Keep your operating system current by installing relevant patches, service packs or other updates as recommended by the manufacturer
Corporate Considerations
- Be sure to implement and maintain internal control mechanisms, such as segregation of duties. This will work to ensure that those responsible for making payments are not the ones responsible for reconciling them.
- Consider all aspects of risk when looking at your overall policies and procedures. Periodically review user permissions, firewalls, and procedures to ensure the correct level of access or restriction is in place. If roles or duties change within the organization, make appropriate changes as they pertain to risk and security.
- Implement policies that ensure users periodically review and agree to the security procedures in place. Consider policies which require complex passwords (combination of alpha-numeric-character combinations), mandate changing of passwords on a regular basis and prohibit use of previously used passwords.
Suggested Resources
FFIEC Guidance: Authentication in an Internet Banking Environment
FFIEC Supplemental Guidance on Internet Banking Authentication