Internet Kiosks For Customers Present 3 Serious Security Risks
How to appeal to customers and mitigate security threats at the same time

Many of your peers are beginning to set up PCs for consumer use, but if you choose to offer this service to your customers without taking security precautions, examiners could nail you. Don't allow your customers to joyride all over the cyber highway: Restrict access to only the Web sites your IT team approves, and consider the following risks before you allow this service.

Risk # 1: If customers can direct the browser anywhere they want, they may inadvertently direct the PC to a site that could exploit vulnerabilities in your browser. In addition, this access could allow the machine to install a key logger or other malicious software that could cause severe damage to your systems without your knowledge. Once a user inadvertently installs a key logger, "you would be 'directing' your customers to enter clearly sensitive data (e.g., loan applications, etc.) on a computer that was capturing this information and passing it on to exactly the wrong element," says Lawrence Levine, co-founder and chairman of managed network security service provider SecurePipe.

Risk # 2: There are major issues surrounding the generalized Internet access approach, including obscene, pornographic or otherwise inappropriate material that customers -- or passersby going to the "wrong" place -- can leave on a screen, notes Levine. "Clearly, generalized access to the Internet cannot be allowed," so you must create a separate connection for Internet access and nothing more, he notes.

Risk # 3: An attacker could uncover sensitive data from your network if a "sniffer" captures network data flow. Hackers can do this via a compromised "customer access" PC that is part of your bank's network, says Levine.