"By any measure, cybersecurity is the biggest common threat organizations face. It is also the one where we see the largest gap between threat and preparedness. While companies are devoting significant resources to the problem, they must recognize that playing catch-up is inherent to tackling the problem." - Fortune.com, 2/17/15
Credit unions are by no means immune to cybersecurity threats and, in fact carry a significantly greater amount of risk associated with cybertheft than most other organizations. It was reported in CU Insight that the financial industry had the second highest per capita data breach cost and racked up more than $11.3 billion in card fraud expenses in 2013 (the last full year data is complete and available).
Here are 3 keys to cybersecurity for Credit Unions to focus on in 2015:
- Prioritize throughout the credit union: According to Fortune's report, "It is not enough for CEOs, CFOs, CIOs, and other key officers and employees to engage; we need boards of directors to do so from a governance perspective. Oversight is always important, but cybersecurity is becoming such a strategic imperative that just as companies seek outside expertise for legal and financial matters, they should now be looking for experts in cybersecurity and data privacy.
From the bottom-up perspective, employee training and awareness are essential because the weakest link is often human error (and understandably so). Companies should invest in employee security-training programs. To keep their data and networks safe, it is essential to arm even the most junior employees with the tools they need to contribute."
- Recognize that security extends beyond technology: Credit union executives are wise to acknowledge that addressing cybersecurity by beefing up the technology behind it is not enough. The most frequent perpetrators in a cyber attack are current or former employees, sometimes maliciously, sometimes by simple human error. Developing clear cut documentation and policies when dealing with the hiring (and firing) of employees, the policies on what devices and personal apps that can be used from within the credit union, and having a communication plan should things go awry are all imperative steps. It is important for credit unions to implement policies for the creation, use, storage, and deletion of information, and extend these policies to all communication with third party vendors as well.
- The private and public sectors must come together and address the cybersecurity challenge: Regulatory compliance alone is not enough to address cybersecurity. For instance, supporting NAFCU is a great first step, as they push the senate for cyber and data security legislation by acting on S. 2588, which would encourage information sharing on cyberthreats among the business community and the government while still ensuring privacy. However, credit unions must keep their processes up to date, train personnel, and use tools to detect, analyze, and respond to incidents, and then inform government organizations of any attempted attacks, so policies and strategies to protect organizations and citizens from hacks and other cyber threats are kept up to date.
Extending your Cybersecurity Measures to New Technologies
Backing up hard drives, installing firewalls on servers, and ensuring Antivirus and Malware software are current are not new measures for credit unions to take in the fight against cyber attacks. But if you are implementing new technology for members, ensure that it is not hastily released without adhering to your security measures. Learn how FLEX Mobile Apps are secure to protect both your credit union and your members.