WGXC-90.7 FM
Coxsackie-Athens rapped for bad banking
Jan 22, 2011 12:52 pm
Coxsackie-Athens Central School District officials have been criticized by state audit officials for not having more safeguards in place for their online banking, according to a report issued this week by the office of state Comptroller Thomas DiNapoli, reported in the Times Union. Comptroller Office auditors are saying they surveyed district financial records from July 2008 and last April and suggested the district build in more layers of computer security defenses for their daily banking practices and establish a written policy for users. The district does online banking with four different banks and auditors selected for review 30 electronic transfers totalling nearly $7 million. They noted that the district should follow federal and state recommendations and set up a dedicated computer just for online banking. District officials in a response letter attached to the report said they plan to implement the recommendations.
''A dedicated computer that is restricted from e-mail applications and any Internet activity other than online banking is less likely to encounter a banking 'Trojan horse' or other malicious software (malware) that could lead to a compromise of data confidentiality,'' the report noted.
Other recommendations included establishing procedures with the online banking computer that prohibit putting banking connections into quick links like stored user names, online favorites, or website links.
The audit also said the district should completely close out the online banking connection after each use and erase it from the web browser cache, temporary Internet files, form data, cookies and Internet history.
They also said the computer should then be completely shut down after use.
''A dedicated computer that is restricted from e-mail applications and any Internet activity other than online banking is less likely to encounter a banking 'Trojan horse' or other malicious software (malware) that could lead to a compromise of data confidentiality,'' the report noted.
Other recommendations included establishing procedures with the online banking computer that prohibit putting banking connections into quick links like stored user names, online favorites, or website links.
The audit also said the district should completely close out the online banking connection after each use and erase it from the web browser cache, temporary Internet files, form data, cookies and Internet history.
They also said the computer should then be completely shut down after use.