Important notice:  For up to date information about the pandemic visit www.who.int 
  • Products and Services
    • Cash Management
    • Trade Finance
    • Forex Trading
    • Investor Services
    • Channel Services
    FX Trading
    Forex (FX) Trading with Business Online
    A real-time tool for companies dealing in foreign exchange.
    International Payments
    Transfer electronic funds reliably
    Process your cross-border payments and transfer funds between your Foreign Currency accounts.
    BOL SA App
    Convenient Banking
    Enjoy simple and convenient banking at your fingertips with the Business Online SA Mobile App
    Trade Finance
    Transact easily
    Trade Finance solution provides Documentary Trade and Open account trade finance (OATF) facilities to our Business Online clients.
  • Security Centre
  • Help and Support
  • About us
Global
Sign in

Be savvy about Online Security

Security breaches constantly make the headlines. That’s why it is critically important to ensure that your data is secure. Always remember that we will never ask you to update personal information like PINs or passwords via an email or over the phone.

ONLINE SECURITY TIPS
  • The basic principle of IT security is to not be impregnable, or to be 100% secure
  • 100% security isn’t something to strive for, nor is it often practical
  • Aim to be better than the next target. Focus not only on preventing cyber-crime but also on being ready to detect it when it takes place and to respond to it when it happens

Awareness

  • People are the weakest link in any organisation
  • Create and enforce awareness programs. Themes should include common threats that are being seen in the wider IT environment:
  • Phishing
  • Malware
  • Mobile security
  • Social engineering

Credential Management

  • Implement 2-Factor Authentication where possible
  • Avoid storing passwords in clear text
  • Implement a password policy that is in line with international best practice
  • Passwords need to be hashed and salted before being stored
  • Enforce the password policy on all systems in your environment
  • Exercise additional controls to protect authentication data
  • Password cracking is real and available; ensure the appropriate flags are raised to protect your organisation from brute force attacks
IMPLEMENT SECURITY POLICIES

Access control

  • Ensure accountability for all accounts to your applications and infrastructure
  • Review all access monthly at a minimum
  • Provision access on a least privileged basis
  • Determine effective access for the systems and infrastructure in your organisation
  • Exercise additional controls over privileged user and system accounts
  • Attacks are traditionally performed on behalf of an authenticated user

Physical security

  • All access to your organisation needs to be authenticated and controlled
  • Ad hoc access needs to be attested to by an accountable permanent employee
  • Staff should display company issued identification
  • Be aware of the level of information that is openly displayed or available
  • Consider the use of additional access control around sensitive environments
  • Social engineering is often the easiest way into any organisation

Network security

  • Protect your payment files from point of origination to point of exit
  • Conduct reviews of your firewalls and external facing systems annually, at a minimum
  • Terminate all external connections within your DMZ
  • Consider the use of a sandboxed environment to scan received files
  • Consider segregating core or critical systems from the rest of your network
  • Standard Bank South Africa provides encrypted communications between your network and ours, but control of the source is within your domain

Operational security

  • Ensure patch levels of systems and infrastructure is at an (n-2) level at a minimum
  • Keep an up-to-date asset register of all hardware and software, including open systems, in your organisation
  • Implement anti-virus on Wintel systems and ensure open systems are kept up-to-date
  • Scan any attachments or files introduced into your environment for malware or viruses before opening them
  • It does not help to update Windows on your laptop without updating Java

Logging

  • Ensure that all these events are logged at a minimum:
  • Authentication and authorisation events
  • Provisioning and de-provisioning of user or system accounts, account locking, unlocking and password resets or changes
  • Granting, modifying, or revoking access rights to a user, file or object
  • Log all privileged user activity on systems and infrastructure
  • Log all system and application configuration changes
  • All logs should be stored remotely from where they are generated, without the capability to overwrite or edit
KEEP SYSTEMS AND SOFTWARE UP TO DATE

Business Continuity Planning (BCP)/Disaster Recovery (DR)

  • Backup your important data to a remote/offsite server
  • Segregate your important backups from the rest of your network
  • Create restore points where applicable
  • Test your DR plan on an annual basis at a minimum
  • Identify and remediate against single points of failure in your systems and in your organisation

Remember that availability and continuity are key pillars of IT security

  • ONLINE SECURITY TIPS
  • IMPLEMENT SECURITY POLICIES
  • KEEP SYSTEMS AND SOFTWARE UP TO DATE
  • The basic principle of IT security is to not be impregnable, or to be 100% secure
  • 100% security isn’t something to strive for, nor is it often practical
  • Aim to be better than the next target. Focus not only on preventing cyber-crime but also on being ready to detect it when it takes place and to respond to it when it happens

Awareness

  • People are the weakest link in any organisation
  • Create and enforce awareness programs. Themes should include common threats that are being seen in the wider IT environment:
  • Phishing
  • Malware
  • Mobile security
  • Social engineering

Credential Management

  • Implement 2-Factor Authentication where possible
  • Avoid storing passwords in clear text
  • Implement a password policy that is in line with international best practice
  • Passwords need to be hashed and salted before being stored
  • Enforce the password policy on all systems in your environment
  • Exercise additional controls to protect authentication data
  • Password cracking is real and available; ensure the appropriate flags are raised to protect your organisation from brute force attacks

Access control

  • Ensure accountability for all accounts to your applications and infrastructure
  • Review all access monthly at a minimum
  • Provision access on a least privileged basis
  • Determine effective access for the systems and infrastructure in your organisation
  • Exercise additional controls over privileged user and system accounts
  • Attacks are traditionally performed on behalf of an authenticated user

Physical security

  • All access to your organisation needs to be authenticated and controlled
  • Ad hoc access needs to be attested to by an accountable permanent employee
  • Staff should display company issued identification
  • Be aware of the level of information that is openly displayed or available
  • Consider the use of additional access control around sensitive environments
  • Social engineering is often the easiest way into any organisation

Network security

  • Protect your payment files from point of origination to point of exit
  • Conduct reviews of your firewalls and external facing systems annually, at a minimum
  • Terminate all external connections within your DMZ
  • Consider the use of a sandboxed environment to scan received files
  • Consider segregating core or critical systems from the rest of your network
  • Standard Bank South Africa provides encrypted communications between your network and ours, but control of the source is within your domain

Operational security

  • Ensure patch levels of systems and infrastructure is at an (n-2) level at a minimum
  • Keep an up-to-date asset register of all hardware and software, including open systems, in your organisation
  • Implement anti-virus on Wintel systems and ensure open systems are kept up-to-date
  • Scan any attachments or files introduced into your environment for malware or viruses before opening them
  • It does not help to update Windows on your laptop without updating Java

Logging

  • Ensure that all these events are logged at a minimum:
  • Authentication and authorisation events
  • Provisioning and de-provisioning of user or system accounts, account locking, unlocking and password resets or changes
  • Granting, modifying, or revoking access rights to a user, file or object
  • Log all privileged user activity on systems and infrastructure
  • Log all system and application configuration changes
  • All logs should be stored remotely from where they are generated, without the capability to overwrite or edit

Business Continuity Planning (BCP)/Disaster Recovery (DR)

  • Backup your important data to a remote/offsite server
  • Segregate your important backups from the rest of your network
  • Create restore points where applicable
  • Test your DR plan on an annual basis at a minimum
  • Identify and remediate against single points of failure in your systems and in your organisation

Remember that availability and continuity are key pillars of IT security